In Compliance December 2011

inComplianCe COMPLIANCE incompliance
Issue 6 / WInter 2011
q u a r t e r ly j o u r n a l o f t h e I n t e r n at I o n a l C o m p l I a n C e a s s o C I at I o n
risk management: A dynamic environment

Inside this issue: Climate Risk: A growing issue AML and CFT in Malaysia: Aiming high FATCA: Deep impact
new Certificates and professional Qualifications from the iCA

Anti-Money LAundering
international Advanced Certificate in Anti-Money Laundering (uK course also revised) Includes new content on: KYC CDD and Enhanced CDD Sanctions SARs Investigation Process New Typologies Emerging Industry Sectors, e.g. Mobile Money
CoMpLiAnCe
Advanced Certificate in Compliance Automotive industry Includes additional content on: Regulatory Framework Regulation in Practice Role of Compliance Officers Key Compliance Issues Treating Customers Fairly The Insurance Conduct of Business Sourcebook Complaints Handling Rules Distance Selling Regulation
Advanced Certificate in Anti-Money Laundering Capital Markets Includes comprehensive content on: How Capital Markets are used for Money Laundering Purposes AML Risks in Financial Products AML Systems and Controls Customer Due Diligence Suspicious Transaction Reporting
in-house
These new qualifications can be delivered in-house. They are a great way to harmonise knowledge and develop skills amongst your team. Prices per person are reduced and you have the option to include processes and procedures unique to your firm in workshop discussions. For more information email [email protected]
For further details on these new programmes please email [email protected] and quote ICTA267
ICTA267
inCOMPLIANCE Issue 6 Winter 2011 Publisher: International Compliance Association [email protected] editor: James thomas [email protected] Design: DocOrig [email protected] Production: Dorinda Gibbons [email protected] Advertising Queries: Lily Harwood [email protected] Chief executive, International Compliance Association: Bill Howarth [email protected] ICA Membership enquiries: Dorinda Gibbons [email protected] ICA Qualification enquiries: Michelle reece [email protected] Cover Illustration: DocOrig
Measuring progress
It is often argued that the financial crisis was triggered in part by excessive risk-taking brought about by excessive remuneration and incentives. so with the approach of the bonus season, how far has the financial sector come since 2008? the Centre for economics and Business research estimates this years total bonus pool for workers in the City of London at 4.2bn. It should be noted that these sums fall some way short of the pre-recession peak of 11.6bn received by City workers in 2007/08 (and indeed that bonuses have shown a 38% year-onyear decline). However, such arguments will carry little weight with a general public struggling in the face of austerity cuts and a euro crisis whose momentum gathers by the day. Moreover, the headline figures of course overlook the fact that the reduction in bonuses in response to regulatory measures such as the FsAs remuneration Code has been accompanied by a general uprating in baseline salaries. Meanwhile, although the Vickers report will undoubtedly create some considerable risk and compliance challenges (see pp18-19), with implementation having been pushed back until 2019 it is difficult to counter the suggestion that, on the issue of breaking up the banks, the can has been kicked down the road somewhat. Indeed, many would argue that Vickers simply didnt go far enough in the first place. For compliance professionals, the last three years have certainly been busy as firms have confronted the twin challenges of economic downturn and the constantly moving target of regulation. Less certain, perhaps, is whether this regulatory activity has had the desired effect of improving financial stability. time, as ever, will tell, but in the immediate future, at least, the march of regulatory reform looks set to continue.
James thomas editor inCOMPLIAnCe

International Compliance Association CPD - 1 point Advice to readers inCOMPLIAnCe is published four times a year by the International Compliance Association. reproduction, copying, extraction, or redistribution by any means of the whole or part of this publication must not be undertaken without the written permission of the publishers. inCOMPLIAnCe is distributed as a free member benefit to all members of the International Compliance Association. Articles are published in good faith without responsibility on the part of the publishers or authors for loss occasioned to any person acting or refraining from action as a result of any views expressed therein. Opinions expressed in this publication should not be regarded as the official view of the ICA or as the personal views of the editorial Board members of inCOMPLIAnCe. All rights reserved in respect of all articles, drawings, photographs etc published in inCOMPLIAnCe anywhere in the world. reproduction or imitations of these are expressly forbidden without permission of the publishers. Printed in england by Clarke Print Ltd.
COntents
Message from Bill Howarth Opinion: Boardroom Monitoring Opinion: Climate risk Opinion: Plea Bargains Insight: AML and CFt in Malaysia Insight: ringfencing Insight: risk Management Insight: regulation and Compliance risks Insight: FAtCA Insight: social Media 4 6 9 12 15 18 20 23 26 28
Growth and development
inCOMPLIANCE
the ambitions of the ICA to penetrate new sectors, new regions and new markets continue. throughout my editorial I have kept you informed of our activities in forming links with organisations around the world and establishing the ICA qualifications in Malaysia, Australia, russia and the Middle east. Our expansion plans continue to grow with programmes being launched in romania, the seychelles and nigeria. We have strengthened our foothold in Hong Kong where we recently launched a region-specific version of the Diploma in Anti-Money Laundering (AML). In this edition I wanted to tell you about the new qualifications and programmes the ICA has developed. We have created a number of intermediate level programmes in AML, classified as Advanced Certificates. We have uK and International versions and these will be open to delegates in early 2012. At the same academic level we have developed an AML programme specifically for the needs of capital markets practitioners. this has been received very positively with authorities in the Middle east making its completion compulsory. We have created a us specific version of the Diploma in Anti-Money Laundering too and this is expected to be available to study on a distance learning basis early next year. these developments are a direct reflection of the needs of the individuals and firms and of the growing concern surround AML and related issues. the compliance programmes have also expanded. In early spring of next year, the Advanced Certificate in Compliance for the Automotive Industry will be launched. A new sector for the ICA and one in which we are pleased to be working. Later in 2012 will see the launch of new programmes in risk Management and Cybercrime. As a representative body, championing best practice in all areas of risk and compliance, the ICA feels a duty as part of its vision to continue to develop programmes that meet the evolving needs of practitioners today. I am delighted at the positive feedback we have been receiving about inCOMPLIAnCe. Do please keep liaising with the team here at ICA and let us know your views. We would like to invite you to make editorial contributions too. We value highly the views of practitioners and their input into the debate. As we all continue to watch daily the unfolding of the financial crisis, almost as if watching a powerful tV-drama, we can be sure that regulation will continue to evolve presenting new challenges to practitioners. Budgets will be tightened. resource will be limited. enhanced systems and controls will be required. Just as there is a demand for the international community to work together to manage the crisis, so I invite you as an ICA member to get involved with ICA activities, share best practice, contribute to the debates and forums and use the network of contacts we can provide to help you manage your business through these tough times. the ICA is developing platforms via social media to expedite this dialogue so do get involved. Finally, on behalf of the team here at ICA, our best wishes to you, your colleagues, friends and family for the coming festive season.
Bill Howarth Chief executive International Compliance Association
Editorial Board Kathryn Cearns, Herbert smith, [email protected] Jacob Ghanty, Berwin Leighton Paisner, [email protected] Caroline Hayes, APCC, [email protected] rachel Kent, Hogan Lovells, [email protected] Irwin spilka, stonehage, [email protected] David symes, Compliance recruitment [email protected]
CongrAtuLAtions to our suCCessFuL 2011 students & FeLLoWs iCA Annual Award Ceremony 2012
15 March, Middle temple hall, Middle temple Lane, London 6pm 8.30pm
All 2011 successful Diploma students and new Fellow members are invited to attend the ICA Annual Award Ceremony to celebrate their achievement. Once the ceremony has taken place, you can enjoy an informal drinks reception with nibbles and time to chat to your colleagues and tutors. Photos of you receiving your Diploma or Fellowship will be freely available on our new Facebook page after the event. Click here to complete the registration form.
iCA syMposiuM And MeMBers AsseMBLy

15 March 2012, 1.30pm 4.30pm, London
In 2012 we are extending the Members Assembly to include a symposium and have been fortunate in securing guest speaker and HBOS Whistle-blower Paul Moore to come and discuss his experiences. The event will also include an AML, Compliance and Financial Crime Prevention update from the ICT tutors, hot topics from the industry and a question and answer session with a panel of tutors. This event is free to ICA members and for the first time will be available to non-members at a cost of 99. Details on how to register for this event will be on the ICA website and will be sent out to you in early January.
ICTA262
OPInIOn: BOArDrOOM MOnItOrInG
An FsA cuckoo in the boardroom nest?

Peter Wright and James Daughtrey consider whether the FsAs presence in the boardrooms of authorised firms is a welcome development or an initiative we should be cautious of
s widely reported, it appears that the Financial services Authority (FsA) has started attending board meetings of some firms that it considers could pose a risk to financial stability in the uK. the move was described by Hector sants, the Chief executive of the FsA, as an eyeball-to-eyeball approach to regulation. the new approach appears to be part of the regulators reaction to well-founded claims that it had too hands off an approach to regulation in the years leading up to the financial crisis. so what does the new stance mean in practice and what effects are likely to stem from the change in approach?
Management and corporate governance failings

the failing at some large banks and other institutions in the years leading up to the financial crisis were caused by several factors, one of which was the failure by senior management to correctly assess and, where appropriate, reduce the risks of the firms activities on the overall stability of the
institution. It can be argued that these failings arose as a result of the culture that prevailed in these firms and the perception that management favoured the growth of their business in a benign climate at the cost of prudence and appropriate risk management. In order for a firm to operate prudently and effectively it is important that there are effective management and corporate governance structures in place. Dependent on the firm, these structures will include the board (comprising both executive and non-executive directors), asset and liability committees, audit committees and risk committees. However, such structures are only the starting point for effective management and governance. Whilst a firm may have all of the necessary structures in place, it is crucial that those structures work in practice. this is a matter that will very much depend on the action and behaviour of those involved in the board and the other bodies that help govern the firm. In order to obtain an effective line of sight over systemically important firms it appears attractive to the regulator to participate and
monitor such arrangements but what are the ramifications of such an approach? so what are the likely effects of board participation?
Draconian move
When compared with previous practice, the FsAs move to attend board meetings can only be described as a complete change of approach and one which, some might say, is draconian, even in light of the recent turmoil experienced in the uKs financial system and following the mis-selling of financial products.
Preventing debate
One of the concerns is that the FsAs presence at board meetings will stymie open and frank debate at board level. It could be suggested that perhaps directors will end up saying things that they do not really mean, which could cause confusion and mismanagement and ultimately have a negative effect on the outcomes the FsA is trying to achieve. there is also the risk that board meetings
Page 6
inCOMPLIANCE incompliance
could be stage managed for the benefit of the regulator and that the regulators presence may encourage more informal decision taking by executives outside of formal boardroom meetings.
Shadow director
One of the most thought-provoking suggestions is that the FsA may end up becoming a shadow director of firms. this is perhaps overstated. under the Companies Act 2006 there is still no statutory guidance to codify the circumstances in which a person will be found to be a shadow director. What the Companies Act 2006 does provide, however, is that a shadow director is a person in accordance with whose directions or instructions the directors of the company are accustomed to act. to become a shadow director, the FsA representative in attendance at board meetings would need to exercise real influence over the companys affairs and direct the acts of the directors, such that the majority of the board act on such instruction, as a matter of practice, over a relatively long period of time. Whether the FsA (or its representative) will end up being a shadow director is therefore a question of fact. If the FsA representative is merely overseeing proceedings (perhaps merely to provide a report back to the FsA), then the chance of that person being a shadow director is greatly reduced. It would be stretching the imagination of the Courts to conclude that the presence of the FsA representative has,
by virtue of such presence alone, the effect of instructing the directors to comply with FsA regulation, as it could properly be argued that the directors are already required to comply with such regulations, whether or not the FsA representative is present at board meetings. In practice, however, the FsA representative is likely to have a degree of interaction at board meetings. the greater the degree of that interaction, the higher the chances of the FsA being deemed to be a shadow director of the firm concerned. However, whether or not the FsA representative becomes a shadow director is of more concern to the FsA than it is to the firm concerned.
Understanding institutions
One of the benefits of the FsA having a board presence is that the FsA should have a better understanding of institutions. At the very least, if another financial crisis similar to that experienced in 2008-9 were to reoccur, the FsA would have a better handle on the affairs of firms who are caught up in the crisis and it may then be able to respond more effectively (in 2008-9, the FsAs knowledge of these institutions was so lacking that the FsA was in the end sidelined by government departments such as the treasury).
When compared with previous practice, the FSAs move to attend board meetings can only be described as a complete change of approach and one which, some might say, is draconian, even in light of the recent turmoil experienced in the UKs financial system and following the mis-selling of financial products
perhaps in preference to anything else being discussed at the relevant meetings. It must generally be regarded as positive that compliance with regulation is being given greater consideration, as it was relatively ignored in the years leading up to the financial crisis with disastrous consequences. However, the other side of the coin is
Prioritising regulation
It is also probable that FsA presence at directors meetings is likely to ensure that regulation gets moved well up the agenda,
Page 7
It must generally be regarded as positive that compliance with regulation is being given greater consideration, as it was relatively ignored in the years leading up to the financial crisis with disastrous consequences
that the board may now be distracted from giving due care and consideration to other important non-regulatory matters, such as making a profit (the lack of which can, of course, have its own dire consequences for the firms concerned and the overall stability of the financial system in the uK). One other important observation is that the oversight of regulatory compliance is only worthwhile if the regulations themselves promote the right behaviours, which is a complex debate in itself.
Is an FSA presence likely to achieve its aims?

At present, the FsAs presence at board meetings has only extended to financial firms which are the largest and most complex (i.e. most likely banks whose regulation will eventually fall under the remit of the yet-to-be established Prudential regulatory Authority [PrA]). However, it is possible that the FsA will, if it has not already done so, start to adopt a similar approach to firms selling financial products to retail customers who will not fall within the remit of the PrA, but nevertheless have a potentially large risk of causing consumer detriment (i.e. those firms that will ultimately be regulated by the Financial Conduct Authority [FCA]). Despite the risks associated with the FsAs moves, such an approach could be beneficial for banks and other large financial institutions insofar as it seeks to make the financial system more secure. However, even if the FsAs presence on the board brings the need for regulatory compliance to the front of directors minds, it is likely that many of the things that are now happening would be occurring with or without the presence of the FsA at board meetings. regulation has crept up the agenda for good reason and, in the new boardroom and regulatory environment that exists today, directors are already focused on capital ratios, the ratio of deposits to lending and so on (profitability has,
perhaps, been temporarily relegated now that survival itself appears to at risk). As for the FsA, a better understanding of firms (something which was profoundly lacking when the recent financial crisis unfolded) will surely assist in the event of another financial crisis. However, there are considerable downsides to adopting such an approach and, whilst it may be appropriate to intervene in the early stage of the aftermath of the financial crisis, the FsA should continue to monitor, on a firm by firm basis, whether such an approach is warranted and proportionate in the months and years ahead. Peter Wright (pwright@foxwilliams. com) is a Partner and James Daughtrey ([email protected]) an Associate within the Financial Services Sector Group at London law firm Fox Williams LLP.
Page 8
OPInIOn: CLIMAte rIsK
A growing issue
Despite the slow progress of international negotiations on climate change, endorsement of a Green new Deal could accelerate momentum towards a high and stable price for carbon, suggesting that the financial sector should improve its understanding of climate risk. James Thomas examines the issues
s you read this, negotiations in Durban are ongoing as the governments of the world attempt to thrash out a successor to the Kyoto Protocol. Global attention on the subject of climate change perhaps peaked two years ago in Copenhagen but has since subsided somewhat following the damp squib that was the Copenhagen Accord, being overshadowed by the ongoing downturn and, most recently, the euro crisis. nevertheless, the outcome of the Conference of the Parties in Durban, whether it reaches a binding agreement or not, should be on the radar of anyone working in the financial sector.
Two birds, one stone

the global downturn post-financial crisis has arguably further polarized opinion on the issue of climate change. there are those who argue that the only sensible route out of the downturn is a return to business as usual. On the other hand, many see the financial crisis itself as an opportunity to restructure the economy along greener lines; to move away from the short-termism, complexity and poor incentive structures that contributed towards the current malaise. A Green new Deal (GnD) has therefore emerged as something of a catch-all for any proposal which has the twin objectives of stimulating economic recovery while maintaining one eye on climate change. naturally, the appropriate means by which to achieve this vary according to who you ask. For example, thinktank the new economics Foundation (neF) envisages the GnD as a process of re-regulating the domestic financial system to ensure that the creation of money at low rates of interest is consistent with democratic aims, financial stability, social justice and environmental sustainability.1 In neFs view finance will have to be returned to its role as servant, not master, of the global economy, a process which involves not only separating investment banking from utility banking functions, but moreover breaking the resulting institutions into yet smaller entities. Other commentators place less emphasis
Many institutional investors have suffered seriously in this present crisis as result of not having sufficiently understood and managed the various risks facing their portfolios. The risks posed by climate change are another form of risk that is poorly understood and hence mismanaged
Sony Kapoor
on architectural reform and more on the development of policy instruments to incentivise capital flows towards green investments. As a means of killing the two birds of climate change and a dysfunctional finance sector with one stone, the GnD is therefore both wide-ranging and controversial in scope, and naturally entails some profound implications (and uncertainties) for those working in risk and compliance.
Appreciating climate risk

First and foremost, any discussion of a GnD exposes a current shortfall in the understanding of climate risk within the financial sector. As sony Kapoor, Managing Director, re-Define, explains: Lets assume a stress scenario, for example what happens tomorrow if there is a positive decision taken in the eu that there is going to be a carbon tax? Firms have to account for
Page 9
such possibilities and consider what impact they could have on their portfolio. However, as things stand, the basic information infrastructure to undertake this type of risk assessment simply doesnt exist at a firm level. Climate risk can take several forms 2: Physical risk for example, the exposure of investments to risks associated with increases in extreme weather events. Regulatory / policy risk for example, through the banning of certain carbon-intensive activities, the imposition of carbon or other environmental taxes, or the progression towards a higher, more stable price for carbon, all of which might make investments in carbon-intensive industries less attractive. Legal / litigation risk for example, for failure to fulfil fiduciary duties (as Mr Kapoor notes, there have been a small but increasing number of cases of activist investors suing or threatening to sue institutional investors and credit institutions for not examining their carbon risks when making dirty investments). Reputational risk associated with failure to implement environmentally friendly business and investment practices against a background of increasing consumer concern over climate change. Currently, it is rare for, say, asset managers to take full account of this broad range of risks when making investment decisions, or for banks to factor in such considerations when lending. Indeed, such risks are difficult to quantify, even if there were the will to do so. the uncertainty of climate policy (and the resulting volatility of the price of carbon) is a hindrance to such risks being considered, as are ongoing uncertainties regarding the extent and timing of potential climate impacts (which are themselves dependent upon future deviation from or adherence to business as usual paths). such obstacles have contributed towards a lack of collective action. Going forward, however, more resources will need to be directed towards understanding climate risks as the consequences of their underweighting by investors may be significant. As neF points out: no pension fund has yet digested the full implications of the 2007 climate consensus that emissions need to be at least halved by 2050, with upwards of 80% cuts in the industrialised world... avoiding catastrophic climate change will require an unprecedented shift in investment capital by pension funds and other holders of long-term assets. Bearing in mind, for example, the uKs carbon reduction budgets given statutory force by the Climate Change Act this impending requirement for a radical shift in the direction of investment flows is quite real.
The price of carbon

even in those states that have not enacted statutory measures for reducing emissions, a drive towards a higher stable price for carbon seems likely sooner or later. Indeed, the success or failure of a GnD rests upon whether institutional investment can be successfully redirected away from dirty investments and towards cleaner ones. the argument is that the flow of such funds is hindered by current policy barriers which result in investors both overestimating the risk associated with green investments (and underestimating the returns), while at the same time underestimating the risks associated with dirty
Page 10
investments (and thereby overestimating the returns). Hence the establishment of a high and stable price for carbon would redress the balance the externality of emissions associated with dirty enterprises would be internalised. If the main hindrance to investment in green technologies has been the absence of a sufficiently high and stable price for carbon, it would be foolhardy of financial institutions to simply assume that those conditions will persist indefinitely, given the political capital that has been invested internationally whether in the eu, us, China, Australia, Japan or elsewhere in embedding green principles into stimulus packages in some form. Indeed, even in the absence of a binding global deal on emissions cuts, developments in pricing carbon are many and varied and include the recent approval of a carbon tax by the Australian senate; the forthcoming extension of the eu emissions trading scheme to include airline operators from 2012 and a range of other industries from 2013; and the possibility of the eu carbon market being linked with Californias, which opens 1 January 2012. these seem likely in the long run at least to result in a trend towards carbon being increasingly factored into investment decisions. As sony Kapoor explains: no matter who you ask, be they industry professionals, policy makers or investment managers, the vast majority of people expect that the future carbon price will be higher than it is today, so it simply doesnt make sense to not take that into account.
disclose their expected financial risk from climate changes and their management of those risks, imposed by the us national Association of Insurance Commissioners in 2009.
Opportunities
Compliance with such regulatory measures would require an understanding of climate risk that simply isnt currently present within most financial institutions. But whether such policy proposals gain traction or not, there is a further business incentive for firms to get a handle on the issue of climate change. simply put, underweighting climate risk could undermine investment returns, and the corollary is that a fuller understanding of climate change may enable firms to seize potential opportunities. As sony Kapoor explains: there are three elements to this. Firstly, avoiding negative consequences associated with climate change; second, identifying potential opportunities; and third, complying with regulations. there is a crucial role for compliance departments even in the absence or in addition to these proposals making it into regulation. He argues that, say, institutional investors or sovereign wealth funds who are heavily exposed to dirty industries have a strong diversification imperative, which will increase with the price of carbon, meaning that gaining positive exposure to the green sector becomes increasingly attractive. Indeed, with the current drive against short-termism (see inCOMPLIAnCe Autumn 2011) comes a further argument that such investments are in fact a good match for longer term investors. Despite higher upfront costs, it is suggested that green investments could deliver smoother long term returns (for example due to the lower operating costs of, say, renewable energy versus fossil fuel sources) while avoiding volatility associated with the fossil fuel markets. In summary, climate change represents an underappreciated aspect of financial institutions risk spectrum. As sony Kapoor points out: Many institutional investors have suffered seriously in this present crisis as result of not having sufficiently understood and managed the various risks facing their portfolios. the risks posed by climate change are another form of risk that is poorly understood and hence mismanaged. While comprehensive global solutions to climate change remain elusive, the prevailing trend is likely towards a higher carbon price and an increase over time in the physical impacts of global warming. With that in mind, firms would be well advised to place greater emphasis on climate risk in the future.
Regulatory measures?
re-Defines report proposes a range of potential regulatory measures to increase the attention given to climate risk, framed in a language familiar to those in the risk and compliance world. Firstly, it proposes the implementation of carbon stress tests to establish the resilience of financial institutions to sharp increases in the price of carbon. the thinktank argues that these carbon stress tests should apply both at the point of making new financing commitments to energy intensive or carbon exposed industries and to the whole outstanding credit portfolio for banks and credit institutions and the investment portfolio for investors as part of their fiduciary and risk management obligations. those working within the financial industry have long understood the idea of stress tests, but such tests have now caught the popular imagination, including that of politicians, suggests Mr Kapoor. It has become clear that it is prudent to check for hidden risks and to provide against them. We are accustomed to talking about credit risk, market risk and operational risk, and it makes complete sense in my mind to talk about carbon risk, in particular because the magnitude of those risks is so large. this is not a conceptual leap, but a logical extension of the current regulatory framework. A further proposal is for mandatory tracking and disclosure of carbon exposures and risks by investment firms and banks. some progress has already been made towards such an objective, albeit in a piecemeal fashion rather than through joined up mechanisms. re-Define cites the examples of the Carbon Disclosure Project; 2010 guidance issued by the us securities and exchange Commission (seC) on disclosure of business and legal developments related to climate change; and a mandatory requirement on large insurance firms to
1 NEF: A Green New Deal: Joined-up policies to solve the triple crunch of the credit crisis, climate change and high oil prices www.neweconomics.org 2 Re-Define: Funding the Green New Deal: Building a Green Financial System www.re-define.org
Page 11
OPInIOn: PLeA BArGAIns
A plea into the bargain

As the uKs solicitor general ponders the merits of the use of us-style plea bargains in the uK, Dan Hyde considers how these would work, what would be the deterrent effect and whether it is a desirable route for the uK to go down
Page 12
OPInIOn: PLeA BArGAIns
he uK has struggled to keep pace with the us when it comes to tackling corporate corruption and white collar crime. Joint investigations by the Financial services Authority (FsA) and its us counterpart the securities and exchange Commission (seC) have repeatedly demonstrated the much larger range of options and penalties available to the us system with prosecutions being us-led and penalties imposed on that side of the pond dwarfing those, if any, imposed here. the Attorney Generals Office is currently consulting on proposals to introduce us-style plea bargains (deferred plea agreements) to the uK in an attempt to bolster the prosecution of white collar crime and plug a gap that has, of late, become all too apparent.
No power
the inability of the uK to enter in to us-style plea bargain arrangements was crystallised by the cases of Innospec and Dougall. In Innospec, Lord Justice thomas determined that the serious Fraud Office (sFO) or its Director had no power to enter into such arrangements and significantly no such arrangements should be made again. the arrangements in question were the attempt of the sFO to reach agreement (together with their us counterparts the Department of Justice [DOJ]) as to the appropriate penalties in the uK and us. In Lord Justice thomas view it was not open to the sFO to agree a penalty which fell to be determined by a court having first scrutinised the basis of the plea and the extent of the criminal conduct. In the case of Dougall the Lord Chief Justice sir Igor Judge admonished both the sFO and the defence for presenting the court with a suggested sentence as part of an apparent plea bargain. A plea bargain involving agreement on sentence was, in the Lord Chief Justices view, contrary to principle and ... vested exclusively in the sentencing court. Clearly the judiciary were reluctant to allow deals to be struck on sentencing when they, quite properly, regarded sentencing as their exclusive patch and any change in this would have to be effected by legislation.
presence or conduct business here. Whilst the Bribery Act casts it net wider and has more stringent penalties than the us Foreign Corrupt Practices Act the uK has little hope of matching regulation in the us as matters stand. this is due to an entirely different legal landscape in the us where self-reporting or an early admission of fault can result in a plea bargain that suspends any criminal charges in return for a substantial financial penalty. these Deferred Prosecution Agreements (DPA) collect billions of dollars for the us state Department, allow companies to avoid prosecution and continue with their business, and deliver certainty of outcome rather than the uncertainty, cost and risk of a lengthy court trial. Moreover the company must, as part of the agreement, implement specified corporate reform or risk the reinstatement of the prosecution. It now seems to have finally dawned on the uK legal establishment that justice through co-operation is a route that delivers arguably more justice. edward Garnier QC, the solicitor General, now seeks to import DPAs or equivalent instruments to the uK and to re-examine both our approach to economic crime and whether the sentences, when imposed, are sufficient. Whilst some will argue that a us-style system would yield an unwelcome hike in fines for businesses and arguably see senior executives being able to avoid prosecution, the present system is due for an overhaul if corporate regulation is to be effective. Moreover companies can currently enter in to a plea bargain in the us and by virtue of double jeopardy rules be subsequently insulated from further prosecution in the uK. In effect the uK is currently frozen out where there is deal to be struck in the us.
The need for deferred plea agreements has become more pressing with the advent of the Bribery Act 2010. Prosecutors now have the legislation with which to tackle bribery not only in relation to UK companies but also non-UK companies that have a presence or conduct business here
to be fettered. the cases of Innospec and Dougall amply demonstrated the reluctance of uK judges to accept a settlement that purported to set the punishment without reference to the judge. If plea bargains are to be adopted here it will likely involve more judicial input than in the us where judges are used to rubber stamping DOJ settlements with little or no inquiry into their factual and legal basis. the danger is that judicial input brings a degree of uncertainty and, unless there is certainty in the outcome, there is less inducement to admit wrongdoing and enter in to a plea bargain. One approach might be to have a tariff of sentences so that the applicable tariff can be agreed and the resulting fine within a relatively small bracket. It may be yet another Americanisation of our legal system but it is hard to argue that corporate regulation wouldnt be more effective if we could find a way to implement these agreements. us-style plea bargains are the means to an otherwise unachievable regulatory end. Dan Hyde is a Consultant at Cubism Law
A degree of uncertainty
there are of course arguments against the adoption here of deferred prosecution agreements. Chief among them is that they would enable corrupt companies with deep pockets to avoid traditional justice and, conversely, may induce the innocent to sign up and pay up rather than face trial and test their defence. the fines imposed under the agreements would also need to be carefully determined and the agreed corporate reforms monitored to ensure compliance. the crucial difference between the us and uK and perhaps the reason why we havent adopted a DPA approach is that here the judiciary are unused to being and unwilling
Casting the net

the need for deferred plea agreements has become more pressing with the advent of the Bribery Act 2010. Prosecutors now have the legislation with which to tackle bribery not only in relation to uK companies but also non-uK companies that have a
Page 13
Learn.Excel.Lead.
dates for your diary

Free briefing sessions
These sessions provide an opportunity for you to find out more about ICA qualifications and how they can benefit you and your organisation. 10 January 2012 Jersey Pahang & Kota Kinabalu, Malaysia 11 January 2012 Guernsey Kedah & Kuala Lumpur, Malaysia 12 January 2012 Perak & Malacca, Malaysia 18 January 2012 Isle of Man 30 January 2012 Oman 31 January 2012 Singapore Bahrain 1 February 2012 London Qatar 15 February 2012 Live Webinar for UK qualifications 24 April 2012 Dubai
To register for a briefing session or webinar: email [email protected]
Closing enrolment dates

Dont delay send in your application today 30 January 2012 International Diplomas in AML & Compliance (Romania) 9 February 2012 All Malaysia Programmes 13 February 2012 International Diploma in Financial Crime Prevention (Channel Islands and Isle of Man) 20 February 2012 International Advanced Certificate in AML (Channel Islands and Isle of Man) 1 March 2012 International Diploma in Compliance (Channel Islands and Isle of Man) International Advanced Certificate in Compliance (Channel Islands & Isle of Man) 5 March 2012 UK Advanced Certificates in AML & Compliance UK Diploma in AML International Advanced Certificate in Compliance (Romania) 16 March 2012 International Diploma in AML (Qatar) International Diploma in Compliance (Oman, Bahrain, Qatar) 19 March 2012 UK Diploma in Compliance 2 April 2012 International Diploma in Financial Crime Prevention (Romania) UK Diploma in Financial Crime Prevention
15 March 2012 ICA Symposium and Members Assembly, London 1.30pm to 4.30pm ICA Award Ceremony, Middle Temple Hall, London 6pm to 8.30pm
Contact us for more information Telephone: +44 (0) 121 362 7534 | Email: [email protected] | Web: www.int-comp.com
ICTA261
InsIGHt: AML AnD CFt In MALAysIA
Aiming high
A concerted drive is underway in Malaysia towards higher standards in AML and CFt. James Thomas examines the issues
Page 15
oney laundering and terrorist financing are currently hot topics in Malaysia as the country looks increasingly to establish itself as an attractive location for business on the international stage. Moreover, the drive towards improved practice around AML and CFt is being led by both the industry and the regulatory authorities, and the value of professional training and qualifications in meeting these objectives has become ever more apparent. the growing focus on AML and CFt is motivated in part by the current review of the Financial Action task Forces (FAtF) standards, due for completion in February 2012 with the next round of evaluations by the Asia / Pacific Group on Money Laundering (APGML) following in late 2013. Malaysia fared reasonably well in the last APGML mutual evaluation exercise in 2007, although the fact that it scored mostly largely compliant or partially compliant with FAtFs 40+9 recommendations demonstrates that there is some room for improvement. For example, the evaluation found uncertainties about [the] current level of implementation of both customer due diligence measures (recommendation 5) and measures to deal with politically exposed persons (recommendation 6).
As Malaysias AML/CFT regime grows in maturity, the benchmark for compliance by financial institutions will be measured more in terms of its effectiveness in deterring and preventing financial crimes before they occur
Puan nor shamsiah Mohd yunus
she also added that: talent development in this area is becoming increasingly critical. A well-trained workforce is a valuable asset that would contribute to the implementation of an effective compliance framework with impactful results. this can be achieved through the formulation of structured and coordinated capacity development programmes aimed at elevating the level of technical skills, leadership and professionalism. Malaysias Minister of Home Affairs, Datuk seri Hishammuddin tun Hussein, who provided the keynote address at the conference, echoed this view, suggesting that: the financial industry should train more experts in financial investigations and encourage international collaboration between financial regulators and national security agencies... to ensure financial investigations are carried out effectively and standardised across the globe. the ICA launched a new AML / CFt framework for Malaysia - developed at the request of Institute of Bankers Malaysia (IBBM) and the Asian Institute of Finance (AIF) - at the conference, with a view to meeting these needs.
Ensuring effectiveness
Another potential area for development unearthed by the evaluation was compliance with FAtF recommendation 15 (Internal controls, compliance & audit). Malaysia was considered to be largely compliant with this recommendation, which states that: Financial institutions should develop programmes against money laundering and terrorist financing. These programmes should include: a) The development of internal policies, procedures and controls, including appropriate compliance management arrangements, and adequate screening procedures to ensure high standards when hiring employees. b) An ongoing employee training programme. c) An audit function to test the system. notably the evaluation observed uncertainties regarding [the] effectiveness of implementation associated with such programmes. Moreover, the regulators will doubtless be keen to improve compliance with FAtFs recommendation 23 (regulation, supervision and monitoring) after the evaluation found gaps in effectiveness of implementation of AML/CFt monitoring and supervision. Indeed, the regulatory authorities in Malaysia clearly view this issue of effectiveness as a key - and emerging - one. As Puan nor shamsiah Mohd yunus, Deputy Governor Bank negara Malaysia, noted at this years International Conference on Financial Crime and terrorism Financing (IFCtF): A major development in the review of the [FAtF] standards is the higher emphasis that will be placed on assessing the effectiveness of measures implemented to counter the risks of money laundering and terrorist financing, rather than merely looking at technical compliance. In this regard, she suggested that: As Malaysias AML/CFt regime grows in maturity, the benchmark for compliance by financial institutions will be measured more in terms of its effectiveness in deterring and preventing financial crimes before they occur.
Attracting business
the aim of attracting international business to Malaysia is a strong motivation behind the push to raise standards in AML / CFt. As tay Kay Luan, Chief executive Officer, IBBM, explains: Although relatively speaking Malaysia performs better on AML than most states within south east Asia and it is considered top tier in terms of enacting legislation on AML, it is clear that the Central Bank is keen to further develop Malaysias reputation when it comes to AML. We are a trading nation and therefore improving governance measures and legislation is important in the context of global markets for financial services. Others in the region are upping their game - for example Hong Kong is bringing major new AML legislation into force next year - and Malaysia is keen to keep pace with such developments. As sam Gibbins, sales and Marketing Director, International Compliance training Academy, suggests: you dont need to look too far from KL to find jurisdictions - such as Hong Kong and singapore - which are generating huge volumes of international business. While Malaysia is good at attracting business in some fields, such as shariah finance, it clearly wants to attract in other international players too. It is fair to say that Malaysia has suffered in the past
Page 16
- reputationally speaking - through a perception that it has given insufficient attention to tackling corruption. For example, Malaysia scored just 4.4 out of 10 on transparency Internationals 2010 Corruption Perception Index* (down from 4.5 in 2009), and ranked joint 56th out of 178 countries (showing no move from 2009 but down from joint 47th [with a score of 5.1] in 2008). By contrast, singapore was joint first in 2010s index with 9.3, while Hong Kong was 13th with a score of 8.4. Malaysia ranked 11th in the region. the negative potential impact of such perceptions on Malaysias ability to attract business is clear, and similar concerns are a strong motivating factor behind the current push for improved AML / CFt standards. Indeed, speaking at this years IFCtF, Bank negaras Deputy Governor was keen to stress the potential reputational damage associated with money laundering and terrorist financing. While the direct cost of financial crimes to individual financial institutions may be substantial, it pales in comparison to the damage to the overall financial system that can arise from the failure to implement adequate measures to effectively combat financial crimes, in particular those relating to money laundering and terrorist financing, she warned. With the increasing trend by supranational bodies to publicly name jurisdictions that are seen to be uncooperative, and to call on their respective members and the broader international community to implement appropriate countermeasures in dealing with institutions and entities from these jurisdictions, the implications, both financially and socially, can be devastating to the countries concerned.
and foreign), have also contributed to the annual conferences. such developments mean that it is an exciting time to be involved in AML compliance sphere in Malaysia. the country seems determined to raise standards, and the collaboration between industry, regulators and training providers has been a hugely positive factor in this regard. the conditions seem ripe, therefore, for compliance professionals to raise both their own position within firms, and that of the profession more generally. * http://transparency.org/policy_research/surveys_indices/cpi
Regime change?
In securing the desired improvements in standards, Malaysia has eschewed regime change per se in favour of improved education and awareness. the main legislation remains the Anti-Money Laundering and Anti-terrorist Financing Act 2001 (AMLA), with updated guidance issued by Bank negara Malaysia, the securities Commission (sC) and the Labuan Offshore Financial services Authority (LOFsA) in 2006. As sam Gibbins explains: the regime as such hasnt changed much, the regulators are simply trying to make it more prominent, partly through raising awareness, and partly through introducing training standards. Its been interesting to note that a lot of this has been driven by the industry, particularly on the education and training front. the Compliance Officers network Group (COnG), established by IBBM, has been instrumental in this drive, and has worked closely with the IBBM and the ICA in the development of the recently-launched qualifications and training in AML / CFt (see Box for more). For example, COnGs AML committee reviewed and provided feedback on the course material, helping to ensure that the material was as applicable and relevant as possible for the jurisdiction and staff. IBBM has also been active in raising awareness more generally, most notably through the annual IFCtF, now in its third year. the objectives of the conference are twofold, explains tay Kay Luan. One is to provide updates on the latest developments in AML / CFt. the second is to share experiences, which can also include the introduction of new technology by important players within the supply chain. Other stakeholders from government, as well as enforcement agencies (both local
Box: Professional qualifications and training in AML / CFT By Sam Gibbins the qualifications in AML / CFt are tiered at three levels: Intermediate, Advanced, experienced Practitioner (Certified Professional level). the Intermediate level course is aimed at those entering the banking and finance industry. the programme is structured such that, once individuals have completed the Intermediate level, they can move to the Advanced level course and finally to the Certified Professional level. starting with the banking sector, the intention is that the courses will evolve to cover capital markets, insurance and shariah finance. the ICA, together with IBBM and COnG, is considering setting up courses in general compliance that follow the same general framework. the programme has already enjoyed an excellent response from industry. For example, one bank has, at the time of writing, already signed up 21 people (out of 90 staff in this area), to the first course, starting in December. nearly 40 individuals have signed up to the programme to date.
Talent development in this area is becoming increasingly critical. A well-trained workforce is a valuable asset that would contribute to the implementation of an effective compliance framework with impactful results
Puan nor shamsiah Mohd yunus
Page 17
InsIGHt: rInGFenCInG
Preparing for the storm?

the final report of the Independent Commission on Banking may have a significant impact on how compliance functions will need to be organised and structured. Harriet Territt and Liz Saxton consider new compliance challenges in a post-Vickers world
he final report of the uKs Independent Commission on Banking (ICB), chaired by sir John Vickers, was published on 12 september 2011. the report sets out a number of recommendations and reforms aimed at improving stability in the uK banking sector. Key proposals include a requirement to ring-fence uK banks retail operations, enhanced capital adequacy requirements for uK banks, and measures to provide preferential status to depositors insured by the Financial services Compensation scheme (FsCs) on any bank insolvency (currently, all bank depositors rank pari passu with unsecured creditors). the ICBs recommendations are in the form of high-level principles and will require substantial and detailed legislation before they can be put into practice. the Government response to the ICBs final report is likely to be published in December 2011 and will include a suggested timetable for implementation of the recommendations. However, it is already possible to make some assessment of the impact of the proposed reforms on bank compliance functions (or, at least, articulate the issues that will need to be clearly addressed as part of the legislative process).
Ring-fencing
From a bank group compliance perspective, the most significant recommendation is the proposal to set up an operational and legal ring-fence around retail operations. Once implemented, certain mandated services that are essential to a retail banking operation (such as accepting deposits from individuals and sMes) may only be conducted within a separate ring-fenced entity or part of the bank group. In the same way, the ringfenced entity will be prohibited from conducting certain types of business, including proprietary trading and most types of derivative trading. the precise legal mechanism which will be used to effect this separation is being hotly debated (and is beyond the scope of this article). rather, we focus here on the likely practical impact for bank compliance professionals, once the ring-fence is put in place. Whilst the ICB recommendations stop short of suggesting
Page 18
full separation of retail operations, the requirements of the ring-fence proposal are significant. the ICB report makes clear that where a ring-fenced bank is part of a wider corporate group, the authorities must have confidence that it can be isolated from the rest of the group in a matter of days and can continue providing banking services without needing additional solvency support. to meet this high test, the ring-fenced entity will first need to have an independent governance structure, including a separate Board of directors. the ICB report suggests that, in many cases, the majority of these directors will need to be independent non-executives, with limits on when directors of ring-fenced entities can sit on the board of the parent or another part of the bank group. the ring-fenced entity will also need to be legally separate and operationally separable, and will need to transact with the rest of its banking group on an arms-length basis, as if with an unconnected third party. It is clear that, once this recommendation is implemented, ring-fenced operations will need to have a separate, independent compliance function in place. It seems very likely that such a ring-fenced compliance function will need to have separate reporting lines, including a right of direct access to the ring-fenced Board of Directors, in order to meet the requirement of operational separability. An interesting aside from the ICB report suggests the board members of both the ring-fenced bank and its parent company may be placed under a specific duty to maintain the integrity of the ring-fence, and to ensure the ring-fence principles are followed at all times. If this proposal is adopted, it will inevitably affect the approach to risk management and compliance across the group.
Separation anxiety
However, the ring-fenced entity (and its compliance function) also cannot act in total isolation from the wider bank group. this is acknowledged by the ICB report in two ways. Firstly, the ring-fencing requirement does not place any additional restrictions on the sharing of information and expertise within banking groups. Information about individual customers
InsIGHt: rInGFenCInG
(and presumably market information and expertise) can be shared within the bank group. In the same way, compliance professionals will obviously need to share information and adopt common policies and procedures across the bank group, in order to operate effectively and to comply with the uK regulatory framework. In addition, operational infrastructure can be shared, although the ICB report suggests that the wider corporate group should be required to put in place arrangements to ensure that the ring-fenced bank has continuous access to all of the operations, staff, data and services required to continue its activities, irrespective of the financial health of the rest of the group. In practice, allowing the ring-fenced entity to share operational infrastructure and information whilst remaining operationally separable will be a significant challenge. the ring-fenced entity will need an ability to access compliance databases, reporting systems and It infrastructure, even if the wider bank group goes into an insolvency process. It will need to maintain its own separate client records for the same reason. Its employees could also need to be employed directly by the ring-fenced entity, rather than the wider bank group, with separate payroll and Hr systems. Where third party suppliers provide essential services to an entire bank group, contracts may need to be renegotiated to ensure continued provision of services to the ring-fenced entity, even if the wider bank group is in default. the same issues will arise for other parts of the bank group such as operations, payments, treasury, risk and finance. Banks will need to either replicate functions on each side of the ring-fence (which has a clear risk of inconsistent approach and/or confusion), or find a way to organise these functions into a bankruptcy-remote entity within the group.
level, transactions with the rest of the bank group may require independent due diligence and more detailed compliance reviews. More difficult still will be ensuring that the ring-fenced bank is no longer party to agreements which contain crossdefault clauses, or similar arrangements which are triggered by the default of entities in the rest of the bank group. Consideration will also need to be given to use of common terms such as affiliate in any new transaction documents. these practical considerations have led some commentators, such as Lord Myners (the former Financial services secretary) to suggest that total separation of retail banking functions is inevitable in the longer term. However, given the length of time before the ring-fence requirement will come into effect (2019), it seems likely that banks can develop strategies for dealing with the issues identified in this article. What will be critical for affected bank groups going forward is that major legal, operational and risk management decisions from 2012 onwards take proper account of the upcoming ringfence requirement. For example, if a proposed new piece of It infrastructure cannot meet the challenge of operational seperability or a proposed group service contract cannot be extended at the banks option to a particular subsidiary, it may not be in the groups interest to enter into a binding agreement at the present time. In the same way, banks should consider negotiating specific change of law clauses into relevant contracts to give a measure of flexibility for the future. Harriet Territt and Liz Saxton are Of Counsel in the Financial Institutions group at Jones Day in London
Complex issues
the requirement to treat the rest of the bank group as an unconnected third party for the purposes of inter-group transactions will also affect compliance processes. At a basic
Page 19
InsIGHt: rIsK MAnAGeMent
A dynamic environment
understanding the dynamics of the compliance risk environment is an essential, but sometimes overlooked, part of the compliance professionals role. Jonathan Bowdler explains
Page 20
Risk management is about taking as much risk as possible, provided that it is informed and controlled risk and within the firms risk appetite
hether it is included in your role profile or not, all compliance professionals are, to a greater or lesser degree, risk managers. If I am ever asked to summarise in one sentence what the purpose of the compliance function is I usually state that it is to manage the firms compliance risk. risk management is fundamental to what we do and indeed it is beginning to appear more and more in the aforementioned role profiles. However, when I ask delegates at compliance conferences or workshops how many have actually received any form of risk management training the response is always disappointingly low.
worth noting that often mitigating one risk creates others, which then need to enter the cycle at the identification stage. However, the overall aim is to bring as many risks as possible within the firms risk appetite so that associated benefits can be obtained.
Risk dynamism
unfortunately risks themselves are not as simple to present as the risk management process, but Figure 2 (overleaf) and the following explanatory notes should demonstrate the basics: Risks can be moved through specific action For example, know your customer (KyC) procedures could be relaxed for low risk customers, which would have the effect of increasing the likelihood of such as risk occurring. Or insurance could be taken out against unfavourable currency movements, which would have the effect of reducing the impact of this occurrence. Risks can move by themselves An increase or decrease in probability, or an increase or decrease in impact, could be caused due to some external influencing change, such as a change in regulatory approach or a foreign piece of legislation with extraterritorial impact. The firms risk appetite can be moved, either through the strategic choice of the firm or through a response to some external influencer. For example during the credit crisis many financial services firms reduced their risk appetites during the period of uncertainty. so a risk can move from acceptable to unacceptable, and vice versa, through: A change in the likelihood of occurrence A change in the impact of occurrence A change in the firms risk appetite And in each case this change can be driven internally or externally.
The purpose of risk management

One common misconception is that risk management is all about minimising losses when risks materialise. Whilst this is undeniably one of the purposes of risk management it is first and foremost about maximising benefits. We take risk because of the rewards available when we do so. the more risk you can take the more reward you can obtain. therefore risk management is about taking as much risk as possible, provided that it is informed and controlled risk and within the firms risk appetite. this is the prime driver for taking risk and consequently should inform the entire risk management process.
Where risk comes from

to be able to manage compliance risk you must first understand where the risks come from. there are four main drivers: what you do, e.g. what products you sell how you do it, e.g. what delivery channels you use where you do it, e.g. the jurisdictions within which you operate change, e.g. something that happens every day! It does not take long to realise that risks are all around us, and that they change on a constant basis. It is therefore essential that we understand the most effective and efficient ways of managing these risks.
A dynamic process
We are involved in risk management of one form or another most working days. It is a cyclical process that requires constant management. It is a dynamic process and risks can change both internally through planned activity and externally through unexpected occurrences. therefore all compliance professionals should be aware of the risk management process and ensure that it is working effectively for managing compliance risk. In this way compliance risk can be managed as effectively as possible.
The risk management framework

risk management is an ongoing, cyclical process. every firm will have its own variation upon the standard approach, but fundamentally it should look something like Figure 1 (overleaf). It is vital to understand that this process is continuous. For example, once a risk has been identified, assessed and evaluated, the decision might be to accept that risk. But the assessment or evaluation could change, and the result could mean that the decision to accept should also change. It is also
Page 21
Figure 1: The risk management process

RISK MANAGEMENT PROCESS
IDENTIFY
1234
Figure 2: Risk dynamism
IMPACT
ASSESS AND EVALUATE
TAKE ACTION
REVIEW AND REPORT
AND RT
IMPACT
RISK APPETITE INDIVIDUAL RISK
IN
PROBABILITY
RISK APPETITE INDIVIDUAL RISK
RISK APPETITE MOVEMENT INDIVIDUAL RISK MOVEMENT
Jonathan Bowdler is the Course Director responsible for the ICAs Compliance programmes. With nineteen years industry experience, nine of which have been in senior compliance roles including holding Approved Person status, Jonathan has a wealth of practical compliance experience and also holds an MBA from Henley Business School.
Page 22
A universal issue
egulation and compliance risks are the most serious perceived threat to global firms and sit in the centre of the risk radar, according to a recent survey by ernst & young*. this was also the case in 2010. While regulation and compliance risks are of greatest concern to bankers and life scientists, and least to those in retail, in every sector, regulation and compliance ranked among the top four risks. In fact, in four out of the seven sectors surveyed - banking, healthcare, oil and gas, life sciences, power and utilities, public administration, and retail - regulation and compliance risks ranked first. this uniformity is perhaps surprising, in ernst & youngs view, given that sector-specific pressures are the most frequently reported driver of this risk. Both banking and life sciences - the sectors ranking this risk highest today - see risks in this area continuing to rise in the years ahead. One banking CrO reported that: [new regulations] are having a material impact on banks operations - particularly those with large capital market trading books. It will be increasingly difficult for banks to generate the returns on income expected by investors. However, in other sectors, including oil and gas and power and utilities, the survey found that the impact of regulation and compliance risks is expected to fall as 2013 approaches. this view was mirrored among many respondents in most emerging markets
InsIGHt: reGuLAtIOn AnD COMPLIAnCe rIsKs
the financial sector is not alone in placing ever increasing emphasis on regulation and compliance risk, as a recent survey shows. Arthur Piper explains
- including China, India, russia and the Middle east/north Africa (MenA) region. this may be attributable to economic development in these countries that is producing enhanced stability of regulatory regimes, said the report. In fact, regulatory risks are apparently of greatest concern in the us, where the companies interviewed report an exceptionally high perceived impact of regulation and compliance risks; furthermore, they expect risk levels to rise during 2013.
Mitigation strategies
since regulation and compliance has ranked the number one risk in the four out of five years that ernst & young has been conducting the survey, its not surprising that more than 60% of participating organisations say that they have implemented measures to address these risks. Banks are particularly confident in their approach in this area, with more than 70% reporting that a strong risk management function is effective in addressing the threat. (this is perhaps unsurprising, because in banking, the performance of the risk management function is now regulators chief concern.) But some of the banking panellists the firm interviewed were more cautious. regarding the rush to impose new capital adequacy requirements as a means to reduce risk in the banking sector, Avinash Persaud, a
Regulatory risks are apparently of greatest concern in the US, where the companies interviewed report an exceptionally high perceived impact of regulation and compliance risks; furthermore, they expect risk levels to rise during 2013
non-executive Director of the uK treasurys Audit and risk Committee, said: It is not the amount of capital that determines safety, but how risks are allocated, and it is highly likely that we will end up with much more capital but not much more safety. In other sectors, regulation and compliance
Page 23
risks take different forms, and investing in government relations is one of the most frequently reported risk mitigation strategies. In the health care and power and utilities sectors, firms are more likely to report that new legislation and general trends toward regulatory tightening are key challenges. In oil and gas, power and retail, firms tend to report that the broadening of regulation into areas such as corporate social responsibility (Csr) is making this risk difficult to address.
likely to report that measures to respond are needed, though not yet implemented. the impact of this opportunity is uniform, rated highly in all sectors. As might be expected for an opportunity that is operational in nature, on balance, executives tend to see this opportunity as stable, neither rising nor falling when looking forward to 2013.
* Turn risks and opportunities into results: Exploring the top 10 risks and opportunities for global organisations A version of this article by Arthur Piper ([email protected]) first appeared in Internal Auditing magazine published by the Chartered Institute of Internal Auditors (www.iia.org.uk)
Obstacles
the obstacles most frequently reported by executives seeking to improve the execution of strategy across business functions are operational in nature: either their organisation has been unable to execute current efforts effectively, or more often, a strategic alignment process has been started but remains a work in progress. the most frequently cited successful responses to this opportunity are centred around communication of strategy within the organisation. this is particularly true of the us, where nearly 60% of respondents indicate they have adopted this approach. elsewhere only 20% to 30% of respondents did so. Other approaches to addressing this opportunity are more organisationally focused, such as developing an integrated strategic planning function. (Firms from China in particular emphasise the development of a strategic planning function as a key opportunity.) Despite the top rank of this opportunity, a significant number of companies reported that efforts to respond are still a work in progress. In the power and utilities sector, where the importance of improving execution of strategy across business functions is seen to be rising, nearly 50% of respondents nonetheless state that their efforts to respond are not yet effective. In the banking sector the figure is 40%. the survey concludes that such figures demonstrate that maintaining operational effectiveness in the face of organisational and business model change is an ongoing challenge.
Least confident
Looking across the geographies, organisations from russia, sweden and Australia are particularly likely to be confident in their ability to manage this risk, and firms based in Poland least confident (only 40% of respondents from Poland said that their current risk mitigation measures are effective). the challenges faced by companies in Poland could be ascribed to the rapid evolution of regulatory standards associated with eu entry. Indeed, respondents in Poland appear particularly likely to report that they face challenges associated with both new legislation and a generally rapid pace of regulatory tightening. (Organisations in Germany and in France are also more likely to report that new legislation is a particular challenge.) ernst & young says that the strengthening of risk management and government relations functions is the approach favoured by a majority of respondents in nearly all geographies covered, although respondents from China are particularly likely to adopt an approach which seeks to embed suppliers and customers in their regulation and compliance efforts.
It is not the amount of capital that determines safety, but how risks are allocated, and it is highly likely that we will end up with much more capital but not much more safety
Avinash Persaud
Opportunities
If dealing with compliance and regulation is at the top of the corporate worry list, improving execution of strategy across business functions is seen as the prime opportunity for 2012, according to the survey. But this is also an opportunity for which organisations are
Page 24
BOX: Top ten business risks 1. regulation and compliance. unchanged from number one in the 2010 report. In four out of seven sectors surveyed, regulation and compliance risks rank first. 2. Cost cutting. up four places from the 2010 report. Much of the pressure driving the rise of cost cutting appears to originate from government austerity programs. the most frequently reported mitigation strategy is process optimization. 3. Managing talent. up one place from the 2010 report. In almost all sectors, human resources risks rank among the top four challenges. Many of the geographies where the risk is of particular concern are emerging markets. 4. Pricing pressure. up 11 places from the 2010 report. Organisations in many sectors are facing mature markets and slow organic growth rates, and thus pressure on prices. Additionally, like cost cutting, national austerity programs seem to be a driver of this risk. 5. emerging technologies. up eight places from the 2010 report. the most frequently cited drivers of this risk are in developing an innovation culture and uncertainties inherent in untested technologies. 6. Market risks. Market risks are a new entrant to the radar, combining issues such as commodity price shocks and real estate market volatility. Mitigation strategies based on active monitoring are most frequently reported. 7. expansion of governments role. Another new entrant, expanding government ranks among the top four concerns of respondents from the worlds two largest economies, the us and China. 8. slow recovery/double-dip recession. Down five places from the 2010 report. economic risks have fallen, as expectations of recovery have risen. still, 50% of respondents from Germany report concerns, and 50% of us respondents report continued weakness in private demand. 9. social acceptance risk/Csr. unchanged from nine in 2010. Oil and gas, life sciences and public administration respondents are most likely to report a rise in public pressures on their sector. the most frequently reported response is the integration of Csr into strategy. 10. Access to credit. up eight places from the 2010 report. Concerns about access to credit have abated overall. still, one in four organisations worldwide report ongoing struggles to obtain the credit they need. Source: Ernst & Young BOX: Top ten business opportunities 1. Improving execution of strategy across business functions. the most frequently cited successful response to this opportunity is to enhance strategic communication. respondents located in China are more likely to emphasise the development of the strategic planning function as a key to success. 2. Investing in process, tools and training to achieve greater productivity. the sectors vary in the degree to which cost optimisation or staff development are emphasised in seeking productivity. Overall, the banking and public administration sectors report the greatest barriers to productivity improvements. 3. Investing in It. Across europe and the us, investing in It is typically either the top or second-highest priority for executives. In China, russia, and India, however, It tends to rank further down the list. 4. Innovating in products, services and operations. respondents identified four key barriers to innovation and success: lack of focus or investment, excessive conservatism, lack of sufficient expertise, and inflexibility. Life sciences lead the way in incorporating innovation into core strategy. 5. emerging market demand growth. One in five organisations surveyed reported scaling back in Asia, following setbacks there. Initial unrealistic expectations are being replaced by long-term commitments. 6. Investing in cleantech. the opportunity from cleantech tends to vary depending on an organisations country and sector. respondents from China were the most likely to see the need to adapt corporate cultures and strategies to prioritise cleantech in coming years. 7. excellence in investor relations. Although not the number one strategic initiative in any sector, banking and power and utilities respondents give particular priority to investor relations. 8. new marketing channels. new marketing channels include social media, web 2.0, email, mobile marketing, search and apps. these channels are notably of interest to executives in the us, China and russia. 9. Mergers and acquisitions. Lack of experience is the most frequently reported perceived obstacle to success in M&A, while the desire to enter new markets is the strategic goal most frequently pursued via acquisition. 10. Public-private partnership. Increasing government intervention in markets appears not only on our risk radar, but also on our opportunity ladder. this was due in part to significant interest in respondents in the healthcare sector. Source: Ernst & Young
Page 25
InsIGHt: FAtCA
Deep impact
the wide-ranging nature of FAtCA will require considerable changes for non-us financial institutions. Louise Courtman advises firms to act now in preparation for the January 2013 compliance deadline
s more and more financial services organisations begin to prepare for the new us Foreign Account tax Compliance Act (FAtCA), many of them are starting to realise the far-reaching extent of the regulations. FAtCA, part of the Hiring Incentives to restore employment (HIre) Act, is an important development in us efforts to combat tax evasion by us taxpayers with investments in offshore accounts and on us-sourced income. In particular, FAtCA gives the us Internal revenue service (Irs) new powers against offshore non-compliance by taxpayers, dramatically affecting us nationals who hold bank accounts or other assets with institutions outside the us. under the Act, us taxpayers must reveal to the Irs all overseas accounts holding $50,000 or more.
Whereas other regulations have been limited to specific products and jurisdictions, FATCA is global and crossproduct. It will affect all major banking functions
technology and tax. As a result, banks are already finding it difficult to determine the necessary budget that will be required to implement and maintain FAtCA compliance. According to our research, the implementation of FAtCA compliance is expected to cost a large bank in the region of $100-$200m. some banks have already assigned 40% of their entire global operations change budget to meeting the challenges posed by FAtCA. Key challenges for banks will be data integrity, collection, accurate reporting to the Irs and application of correct withholding tax. Firms will be required to have a clear understanding of the make-up of their client base and product offerings to accurately assess the impact of FAtCA on their business.
Extra-territorial effect
the Act also contains what is known as an extra-territorial effect, which means that the us government will require Foreign Financial Institutions (FFIs) to report directly to the Irs information about financial accounts held by us taxpayers or by foreign entities in which us taxpayers hold a substantial ownership interest. FFIs must be compliant with FAtCA identification and verification requirements for all new clients from 1st January 2013. Final guidelines are still to be issued by the Irs, and the most up to date guidelines were due for publication at the end of november 2011. Whilst some ambiguity remains around aspects of the regulation, the likelihood is that FAtCA will come into effect in some form, so firms need to prepare by working with experts who are conversant with the information that has been disclosed to date.
European impact
european banks have raised particular concerns. the head of the european Commissions tax policy office has publicly criticised the disclosure provisions imposed by FAtCA on european banks. In a letter sent to both the us treasury secretary and the Commissioner of the us Internal revenue service, the european tax Commissioner claimed that FAtCA will have a severe impact on the eu financial industry, not only in terms of the cost of compliance, but also in terms of potential penalties for non-compliance. some european banks have already decided not to deal with American clients for this reason. some banks are also continuing to relay their objections to the european Commission in the
Wide scope
Due to the wide scope of the regulation, the changes that will be necessary to comply with FAtCA will be far-reaching across banks, from the front through to the back office. Whereas other regulations have been limited to specific products and jurisdictions, FAtCA is global and cross-product. It will affect all major banking functions, in particular operations (AML/KyC, CrM teams, client reference data and asset servicing),
Page 26
InsIGHt: FAtCA
Some banks have already assigned 40% of their entire global operations change budget to meeting the challenges posed by FATCA
hope that something can be achieved at a political level, since many european firms feel that FAtCAs requirements are too wide-ranging and that the us should introduce exemptions for banks conducting activities on behalf of their us clients where the risk of tax evasion is very low. If the us authorities refuse to make any concessions, a significant number of eu-based financial institutions may be tempted to withdraw from the us market altogether. Banks need to carefully evaluate the business case for and cost of opting in to FAtCA compliance versus opting out and declining business. Banks should seek expert guidance before making a decision as to whether to comply with or opt out of FAtCA.
Multi-territorial compliance
For european banks an additional challenge associated with FAtCA comes in the form of multi-territorial compliance. In some cases the broad FAtCA guidelines may directly contradict european regulations, potentially resulting in a contravention of either local or Irs laws, or both. For instance, FAtCAs provisions may conflict with eu member states internal data protection laws that forbid banks to pass sensitive personal data about individuals to certain non-eu countries, including the us. As a longer-term solution to the problem, some european banks feel that there should be a more general tax co-operation agreement in place between the us and eu. For example, an agreement based on new Irs guidance to us financial institutions on their duty to report interest paid to non-resident individuals and/or on the eu savings Directive. regardless of whether these ideas will be taken forward, the obvious cannot be denied; the first compliance deadlines for FAtCA are looming and banks need to act now.
in readiness for implementing the required changes to their processes and systems in 2012. this objective can be achieved more easily by leveraging existing initiatives and regulatory projects, to deliver FAtCA compliance more cost-effectively. Whilst FAtCA will likely impose some new data requirements, most banks are already collecting a lot of the information required by FAtCA, for instance as part of their existing tax withholding processes. FAtCA simply takes this process to a far broader level. By adopting a structured approach now, banks can ensure that any FAtCA compliance projects are more cost efficient. the ability to deliver cost-effective regulatory change is critical to banks in the current cost-pressured and regulation-focused environment. FAtCA needs to be considered within the context of the wider regulatory change environment rather than in isolation. By adopting a holistic approach now to delivering regulatory change, banks will be able to establish a framework that can be applied not only to FAtCA, but to other regulations impacting the same functions. there is no room for complacency when it comes to FAtCA, as all functions within banks will be affected by these new requirements. the 2012 planning and execution period will be crucial; banks will need to use this time wisely in order to implement changes required to their processes and systems, to ensure that they meet the first FAtCA compliance deadline of 1st January 2013. Louise Courtman is an Associate Partner at Crossbridge, the financial markets consultancy www.crossbridge.co.uk
Need for action

Banks cant afford to play the waiting game. even though the current uncertainty surrounding FAtCA is making it difficult for financial organisations to assess their budgetary requirements and take action, it is imperative that banks start to assess the impact of FAtCA upon their organisation. Most major banks are already reviewing the regulation
Page 27
InsIGHt: sOCIAL MeDIA
An opportunity or a headache?
Mushtaq Dost looks at the emerging compliance issues around the burgeoning sphere of social media, and considers how compliance professionals and firms can stay abreast of the issues in this fast-moving area
ocial media and, more importantly, how social media is regarded by the regulators, is an area of interest and concern for anyone who conducts business in todays financial world. the power of social media rests in public information being shared through communities. It may appear innocent enough, but as social media has grown, the lines between our personal and professional lives have become so blurred that it is increasingly difficult to separate what represents private information anymore. Facebook, Myspace, twitter, and LinkedIn, are now part of the social vernacular and have become powerful tools for many employees, both on a personal and professional level, so much so that a recent article in Forbes magazine, entitled Social Power and the Coming Corporate Revolution, argued that the social media revolution will so empower employees and customers that eventually they will be calling the shots in firms rather than the management. this information power struggle, coupled with the broad adoption of social media in the workplace, is prompting business leaders to contemplate procedures on how best to safeguard both employee and corporate interests. For Compliance, the use of social media in marketing and other corporate communications has become the most perplexing issue, creating the need to understand the unique risk issues involved. How does this new way of connecting with the world fit into the firms strategic risk and growth planning? Most other industries recognize that this medium can provide business benefits by promoting the brand, products and services to both existing, and future customers. However, the highly regulated world of financial services has prevented many from jumping on board.
Despite concerns social media compliance is not nearly as complicated as it seems

Regulations and responsibilities
Despite these concerns social media compliance is not nearly as complicated as it seems. A financial firms main responsibility when it comes to communicating through social media is to be fair, clear and not misleading and also to take responsibility for customer data. this seems simple enough, but firms need to be very careful to avoid bad publicity caused by poor planning. A sense of proportion is highly important. negative comments by disgruntled customers or employees can potentially reach thousands possibly millions if they are a well known blogger or if readers are actively searching for mention of the firm. the digital footprint has suddenly become much more significant and permanent. As social media becomes more pervasive as a method of business communication, Compliance will need to become increasingly tech-savvy and understand the use of each social media platform and device and how they fit in with the firm`s regulatory obligations. some commentators have suggested that regulations as they currently stand are out of alignment with reality, with most regulators trying to fit social media into existing promotions and communication rules. the social media landscape is continually evolving, and it remains to be seen whether current rules
Page 28
over time can cover every social media platform, technology and device. As with any new technology, social media and its practical aspects will be monitored by the regulator for a certain period of time before any meaningful guidance and/or new rules are put in to effect. A case in point is the uK where the Financial services Authority (FsA) regulates the majority of financial communications through its Conduct of Business (COB) rules. the FsA is currently monitoring the effects of social media and compliance against these rules having sent an update notice last year. A review had found that communications through social or new media had lacked compliance with a number of established safeguards.
In the coming year, social media compliance will be one of the major issues and a primary area of review for compliance officers
An important Compliance issue here is that, for the FsA, financial promotion rules are media neutral which means that that they remain the same regardless of whether an advertisement is published in print, a blog or sent through
twitter. Concomitantly, upon assessing any violation of these rules, the FsA is indifferent to whether the communication was made through social media or any other written or personal contact. In its update last year, the FsA noted that a review had found that companies were publishing twitter updates or commenting on discussion threads without the usual disclaimers and risk warnings and engaging in behaviour that acted as promotional activity that went beyond image advertising. Image advertising consists of the firms logo, contact point and reference to the types of regulated activities provided or to its fees and commissions. When a communication goes beyond this, it will need to comply with the relevant communication rule, namely COBs 4 (the rule on communicating with clients). the treatment of image advertising varies depending on the type of product (and therefore on which source book applies) but in many cases image advertising is exempt from most of the financial promotion rules. However, the fair, clear and not misleading rule always applies and any social media promotions and communications must also meet the requirements for standalone compliance. A note published in 2009 by the FsA states that every financial promotion must comply with all relevant financial promotion rules. It is not acceptable, for example, for firms to omit important risk information just because they intend to give it later in the sales process.
Technical controls
For Compliance, finding which particular social media channel is appropriate for what type of communication is an important
Page 29
concern. If the communication is balanced, then the audience should be able to read the item and understand exactly the nature of the product or service, their commitment and associated risks. While Compliance guidance can focus on this outcome, manual procedures and other processes currently used to approve content and mitigate risk, must also be scalable. How can you ensure, for example, that someone in your firm is not accessing a social media site and inadvertently placing information that could be deemed a financial promotion? some firms are implementing technical controls, such as web filtering, that restrict social media sites. Although this may help protect the firm while employees are connected to its network, most technical controls do not address smart phone and other mobile devices, such as laptops, when they leave the firms premises. Having the ability to record activity and content and to monitor employee activity on social media sites is crucial. records related to firm communications are required to be maintained for at least five years. Many firms are turning to outside help from vendors that can provide electronic retention of social media communications. However, firms need to use caution here as the technology to capture and retain messages sent or received via social media sites is still evolving.
technical risks and mitigate them with appropriate It policies and controls. Provide social media training employees need to understand the firms social media policy. training should include examples of appropriate and inappropriate communications and actions, distinguish between positive and negative use, and highlight the threats posed by each different platform. As with other compliance training, training should be a frequent occurrence. Monitor social media platforms Firms also need to monitor the different platforms that have been approved for use. some It solutions by third party vendors can help monitor public channels for social media chatter that could affect the firm. In the coming year, social media compliance will be one of the major issues and a primary area of review for compliance officers. A robust risk management framework coupled with a proper understanding of how to use social media networks may prove to be a tremendous opportunity for many firms. Instead of trying to ban or block social media, firms should embrace the world of social media. However, they must also know the risks and prepare for them.
Policies and procedures

A firm needs to have a clear understanding of its social media compliance obligations. there must be policies and procedures in place that address behaviours that may fall outside normal compliance rules. Compliance needs to be involved at the very beginning when talk of social media begins to emerge. Incorporating a social media risk assessments into the firms overall risk framework will go a long way in prevent compliance related problems. the ABA Banking Journal made the following recommendations: Engage a multidisciplinary team social media affects the whole firm and a range of functions. Any risk mitigation strategy should include representatives from Hr, It, Legal, Marketing, risk Management, Public relations and Compliance. the risk committee should retain ownership and track progress. Document current and intended social media use the team should document how each function uses social media and how it intends to use it in the future. Perform a risk assessment the team must identify and quantify the various risks associated with social media use and put in place safeguards and controls taking into consideration the likelihood and potential damage of a disgruntled customer or employee to the firms reputation, its products and brand. Expand current policies to include social media Once risks have been identified, the firm will need to decide whether any changes to its existing policy need to be made to address these risks. social media guidance can be included is a stand-alone policy or incorporated into existing policies. regardless, the policy needs to be easily accessible to employees and include reference to: appropriate use of social media; Hr policies; It security; marketing and communications policies; and vendor management policies. Implement safeguards A firm will need to consider bespoke It security safeguards and evaluate a new set of
Mushtaq Dost is the Principal / Managing Director of Trafford Consulting SL. He can be contacted at: + 34 93 268 82 82 or [email protected]
1 http://www.informationweek.com/thebrainyard/news/social_ networking_consumer/229402623 2 the full rules can be seen at http://fsahandbook.info/FsA/ html/handbook/COBs/4 3 http://www.fsa.gov.uk/pages/Doing/regulated/Promo/pdf/ new_media.pdf
A financial firms main responsibility when it comes to communicating through social media is to be fair, clear and not misleading and also to take responsibility for customer data
Page 30
ICA goes
get in touch through the channels below, submit ideas or even write a guest blog!
Follow us on twitter @intcompassoc Like our facebook page International Compliance Association Follow our company page on Linkedin International Compliance Association Join our Linkedin group ICA Group Coming soon....iCA Blog Check the ICA website over the next few weeks download the iCA App for iphone (50% introductory discount)
digital!
ICTA266
Head Office Wrens Court | 52-54 Victoria road | sutton Coldfield | Birmingham | B72 1sX | unIteD KInGDOM tel: +44 (0) 121 362 7747 Fax: +44 (0) 121 240 3002 email: [email protected] www.int-comp.org

In Compliance December 2011

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

In Compliance December 2011

Uploaded by

Copyright:

Available Formats

inComplianCe COMPLIANCE incompliance

Issue 6 / WInter 2011

risk management: A dynamic environment

new Certificates and professional Qualifications from the iCA

James thomas editor inCOMPLIAnCe

Growth and development

Bill Howarth Chief executive International Compliance Association

iCA syMposiuM And MeMBers AsseMBLy

OPInIOn: BOArDrOOM MOnItOrInG

An FsA cuckoo in the boardroom nest?

Management and corporate governance failings

OPInIOn: BOArDrOOM MOnItOrInG

OPInIOn: BOArDrOOM MOnItOrInG

Is an FSA presence likely to achieve its aims?

OPInIOn: CLIMAte rIsK

Two birds, one stone

Appreciating climate risk

OPInIOn: CLIMAte rIsK

The price of carbon

OPInIOn: CLIMAte rIsK

OPInIOn: PLeA BArGAIns

A plea into the bargain

OPInIOn: PLeA BArGAIns

Casting the net

dates for your diary

To register for a briefing session or webinar: email [email protected]

Closing enrolment dates

InsIGHt: AML AnD CFt In MALAysIA

InsIGHt: AML AnD CFt In MALAysIA

InsIGHt: AML AnD CFt In MALAysIA

Preparing for the storm?

InsIGHt: rIsK MAnAGeMent

InsIGHt: rIsK MAnAGeMent

The purpose of risk management

Where risk comes from

The risk management framework

InsIGHt: rIsK MAnAGeMent

Figure 1: The risk management process

ASSESS AND EVALUATE

REVIEW AND REPORT

RISK APPETITE INDIVIDUAL RISK

RISK APPETITE INDIVIDUAL RISK

RISK APPETITE MOVEMENT INDIVIDUAL RISK MOVEMENT

InsIGHt: reGuLAtIOn AnD COMPLIAnCe rIsKs

InsIGHt: reGuLAtIOn AnD COMPLIAnCe rIsKs

InsIGHt: reGuLAtIOn AnD COMPLIAnCe rIsKs

Need for action

InsIGHt: sOCIAL MeDIA

Despite concerns social media compliance is not nearly as complicated as it seems

InsIGHt: sOCIAL MeDIA

InsIGHt: sOCIAL MeDIA

Policies and procedures

You might also like