InCOMPLIANCE - Which way next? - p.27 - International Compliance Association
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
inCOMPLIANCE
ISSUE 35
®
YOUR MAGAZINE FROM THE INTERNATIONAL COMPLIANCE ASSOCIATION
Which
way next?
p.12 p.27 p.33
Compliance… #FixFacebook Getting
and beyond personal £4.95 where
sold separately
FREE RISK INSIGHTS MAGAZINE
60+ pages of thought leadership articles, interviews and reports.
APRIL - JUNE 2018
ISSUE SEVEN INCLUDES
AUTHORS FROM:
ISSUE SEVEN
www.risk-insights.com RISK INSIGHTS
Real World Perspective on Financial Risk and Regulation
BankUnited | MUFG | Regions Bank |
Written by the industry, for the industry Bank of America | Fifth Third Bank |
FASB | Lloyds Banking Group | TISA |
Federal Reserve Bank of St. Louis |
Credit Agricole and many more.
KEY TOPICS THAT ARE
ADDRESSED IN ISSUE SEVEN:
EDITOR’S PICKS
CECL | Operational Risk | Fraud
OPERATIONAL RISK
Fixing operational risk capital: Five
CECL
Developing effective forecasts that
TECHNOLOGY & INNOVATION
Reviewing operational requirements for & Financial Crime | Technology &
Innovation | Regulatory Challenges |
challenges for modeling operational risk fulfill requirements PSD2
MUFG PNC TISA
Model Risk | Recovery & Resolution
FRAUD & FINANCIAL CRIME RECOVERY & RESOLUTION
Understanding the interactions between Reviewing the ability to identify
cyber-crime and fraud prevention critical vendors and services
LLOYDS BANKING GROUP CITIZENS BANK
and more.
ACCESS ISSUE SEVEN, PLUS ALL PREVIOUS AND FUTURE ISSUES HERE:
www.cefpro.com/magazine
Ready for GDPR?
James Thomas
Editor
It’s likely that your inbox has recently been inundated with not reviewed their data protection policy and 71% have not
messages from companies (many of which you may not reviewed their privacy policy in preparation for GDPR, whilst
recall providing your details to) asking you to reconfirm your 27% have no data protection policy in place.
subscription to their services (that you possibly don’t recall Similarly, a survey by KPMG International, of senior legal
subscribing to in the first place). For many people this will counsel at 448 institutions, found that 54% felt that their
have been the most visible impact to date of the forthcoming businesses were not prepared for GDPR just one month
General Data Protection Regulation (GDPR). The increasing ahead of the regulations coming into force. Moreover, only
rate at which these emails have flooded into my inbox creates 10% had checked whether third-parties (including companies
the impression of a panic ahead of the implementation of that they outsource their data processing to) are in
GDPR at the end of this month. Several recent studies tend to compliance with GDPR. The coming weeks and months could
support this view. prove challenging.
According to research by ThinkMarble, “73% of UK
businesses remain unaware of the lawful basis for processing
data and 25% still do not know or are unsure of where the
personal data that they are responsible for is currently
held”. The same study found that 79% of businesses have
Editorial Board Advice to Readers
inCOMPLIANCE®
Kathryn Cearns, Independent inCOMPLIANCE® is published six times
Issue 35
Consultant, a year by the International Compliance
Publisher: Association. Reproduction, copying,
kathryn.cearns@brixtonroaduk.com
International Compliance Association extraction, or redistribution by any means
ica@int-comp.org of the whole or part of this publication
Jee Meng Chen, Commerzbank, Editor: James Thomas must not be undertaken without the
jeemeng.chen@commerzbank.com jthomas284@btinternet.com written permission of the publishers.
Design: Design & Document Services inCOMPLIANCE® is distributed as a free
design.enquiries@wilmingtonplc.com member benefit to all members of the
Jacob Ghanty, Kemp Little LLP,
International Compliance Association.
jacob.ghanty@kemplittle.com Production: Dorinda Gibbons & Sophy Lloyd
dgibbons@int-comp.org Articles are published in good faith
sophy.lloyd@int-comp.org without responsibility on the part of the
Tim Porter, Director, TPA publishers or authors for loss occasioned
Advertising Queries: Dorinda Gibbons
(Consulting) Ltd, to any person acting or refraining from
dgibbons@int-comp.org
Tim.Porter@TPACLTD.com action as a result of any views expressed
Executive President, International Compliance therein. Opinions expressed in this
Association: Bill Howarth publication should not be regarded as the
Tom Salmond, Ernst & Young LLP, bhowarth@int-comp.org official view of the ICA or as the personal
tsalmond@uk.ey.com ICA Membership Enquiries: views of the Editorial Board members of
Jo Lewis inCOMPLIANCE®.
membership@int-comp.org All rights reserved in respect of all articles,
David Symes, Compliance
Recruitment, ICA Qualification Enquiries: drawings, photographs etc published in
david@compliancerecruitment.com Debbie Price inCOMPLIANCE® anywhere in the world.
ict@int-comp.com Reproduction or imitations of these are
expressly forbidden without permission of
Article Enquiries
Rachel Waldren, ANZ, the publishers.
contributions@int-comp.org
Rachel.Waldren@anz.com
International Compliance Association Printed in England
CPD - 2 points
inCOMPLIANCE®
3
Contents
REGULAR FEATURES IN THIS ISSUE
3 10 23
Editor’s comment ICA Award Compliance
The advent of the General Data Ceremony after #MeToo
Protection Regulation later What are the implications
this month looks set to catch out the of the recent #MeToo movement for
12
unprepared, writes James Thomas compliance? Vera Cherepanova and
Compliance… and David Symes debate the issue
beyond
6
ICA News How can compliance make
A roundup of the latest news a difference? James Thomas reports
and events from the ICA from the ICA’s annual conference
8
Industry News
A summary of recent
developments affecting PAGE 27
Financial Crime Prevention, GRC,
AML and CDD professionals
PAGE 12
18
SM&CR
Is compliance still the
27
place for a creative and
challenging professional career, or #FixFacebook
will it become just another operations Sites such as Facebook
function? asks David Jackman urgently need to get their
21
act together. The Cambridge Analytica
A holistic view
36
debacle is only the tip of the iceberg
Career Corner Sally Afonso considers and the social media giants, as well as
Keeley Fitzsimmons the dual character of the leading search engine providers,
emphasises the compliance as both a function and a have all built their houses on shaky
importance of training and an organic discipline, and its development in both foundations, writes Mark Johnson
growth model emerging and established sectors and
jurisdictions
inCOMPLIANCE®
4
39
Tales from the Have you thought
crypt
James Emery-Barker
about writing
considers the issues surrounding the an article for
regulation of cryptocurrencies inCOMPLIANCE®?
PAGE 33
41
Writing an article is a great
The chronicles of opportunity to raise your
planet integrity profile within ICA and present
Anastasia Savvateeva a topic of relevance to your
reports on the main highlights of the fellow members. Writing
OECD Global Anti-Corruption & Integrity an article on anti-money
Forum 2018 laundering, compliance,
financial crime or associated
30
disciplines will also earn you
Moving to valuable CPD!
real-time
Banks and financial Visit tinyurl.com/writeanarticle
institutions can enhance the and download our document
effectiveness of their AML processes on Article writing tips and
by using real-time search tools Blogging Best Practice to
to complement their use of static enhance your skills in this area
databases, writes Jane Jee and learn about structure,
themes and writing style.
33
Please note: you don’t have to
Getting be an ICA Member to register
personal your interest in submitting.
Thomas Wan Chee Kien
considers the personal liability of If you are interested in
compliance officers, and offers advice writing an article for
for those looking to protect themselves
inCOMPLIANCE, email us at:
membership@int-comp.org
and remember to include
your full name and your
topic of interest.
PAGE 39
inCOMPLIANCE®
5
Celebrating
Success
Bill Howarth,
City Week 2018
ICA Executive President We attended and exhibited at the City Week 2018,
International Financial Services Forum, in London in
April. The conference sessions, delivered by influential
The ICA held the 21st Award Ceremony for graduating speakers from the world of politics, banking and
Members on 19 April, a ceremony that was attended by economics were topical, challenging and provoked
profound debate amongst the delegates. Our
graduands from 21 different countries. As always, it was a
representatives enjoyed discussing current issues and
great pleasure to officiate at this occasion and to welcome and
challenges with attendees and there was significant
celebrate with the Members and their families and friends.
interest in the role ICA is playing in helping to
The Award Ceremony was preceded by a Members’ professionalise compliance.
Dinner the prior evening and a sell-out ICA Conference,
entitled The Big Compliance Conversation, which
focused upon the compliance engagement ICA is having
with its global community on current issues impacting
ICA Policy Papers
professionals today. I am delighted to report that the ICA ICA will be producing policy papers for submission to
membership has grown significantly following the launch regulators and other stakeholder bodies, with a view
to representing and furthering ICA Members’ interests
of the new Membership Scheme and CPD Portal, and has
within key policy debates. The first of these policy
increased by 8,000 since 2016.
papers will be a response to the UK Financial Conduct
I am looking forward to visiting our Members and
Authority’s recent Discussion Paper DP18/2: Transforming
partners in the Far East in May with events and meetings in Culture in Financial Services.
Malaysia and Singapore scheduled.
Reflecting the diverse views of ICA’s ever-expanding
The newly-constituted ICA Technical Advisory
membership – while offering a positive, coherent and
Board held its second meeting recently and, as part well-informed contribution to such debates – is of
of its feedback, identified the key issues impacting on critical importance to us. In a forthcoming edition of
compliance professionals today. These are: inCOMPLIANCE® we will provide further details about
• Cyber security / cyber-enabled fraud how these policy papers will be produced, the procedures
• Cryptocurrencies through which they will be approved, and the opportunities
• FinTech / RegTech that will exist for Members to engage in the process.
• Artificial intelligence and robots
• Multiple regulation implementation
• Culture
• GDPR
• Establishing cross border competence in global groups
• How to transform risk culture
• CDD in the digital world
• Vendor and third party management
• Bribery and corruption
• Recruitment
There is clearly a lot of work to do. The Big Compliance Conversation
Don’t forget to read the write-up of our 10th Annual
Conference in this issue (p.12) which forms part of the Big
Compliance Conversation, our global initiative to get the
compliance community talking about the issues of today
and tomorrow. #BigCompConvo
Bill Howarth,
Executive President
inCOMPLIANCE®
6
ICA NEWS
Hong Kong Briefing Session Croatia and Slovenia
ICA hosted a briefing session on 1 March 2018 in Hong Kong. The keynote speech, Following on from our news last
by our Regional Director Andrew Glover, highlighted the changing consumer issue about the launch of the suite
perceptions towards banking and financial institutions, and the current fast-paced of ICA Qualifications with our new
regulatory environment. Andrew emphasised the importance of ICA qualifications partner, the European Institute for
and the need for compliance and AML training to bolster individuals’ competence Compliance and Ethics (EICE),
standards and their ability to anticipate and manage future challenges. we ran briefing sessions about
Andrew also moderated a panel discussion centred on Hong Kong’s FATF Mutual ICA qualifications in Zagreb and
Evaluation with three further industry experts: Vincent Tang, Director of Financial Ljubljana in March.
Services of Ernst & Young, Lisa Brander, Regional Head of AML of CLSA and Many attendees have since become
AI Demeter, Managing Director of Bridger Intelligence Limited. The panellists ICA Members and have signed up
highlighted the implications of the National Risk Assessment on money laundering for an ICA qualification. We wish
and terrorist-financing which is an opportunity for senior management and all all students the best of luck with
finance professionals to improve their understanding and assessment of risk their studies and we look forward
control at various levels. to working with EICE to continue
Given the weaknesses identified in the last Mutual Evaluation report in 2012, the developing the ICA community in
panel expected to see changes to some aspects of the Anti-Money Laundering this region.
and Counter-Terrorist Financing (Financial Institutions) Ordinance (AMLO),
including in the areas of new reporting requirements for designated non-financial
businesses and professions (DNFBPs).
To maintain the effectiveness of Hong Kong’s financial system and AML control,
the panel recommended raising the transparency and consistency of AML/KYC
standards, broadening the knowledge and skills in enhancing customer due
diligence (CDD) and ensuring the right level of scrutiny in organisations. They
noted that FinTech, RegTech and information in wire transfer would make data
transaction monitoring, onboarding and CDD process more efficient but give rise
to underlying financial crime risks of technological development that compliance
practitioners must manage to stay ahead of the potential risks and opportunities
for AML/CFT risk management. The audience raised many questions about the
implications of more regulation and its application.
Look out for more hot topic sessions, events and conferences held as part of
the Big Compliance Conversation.
New book by ICA’s
David Jackman
ICA Strategic Adviser, David
Jackman, has published a new
book: Corporate Maturity and
the Authentic Company. The
book introduces the concept of
‘corporate maturity’, which offers
a holistic view of an organisation’s
performance, culture and
resilience. It outlines a model of
corporate maturity applicable to
any sector and demonstrates how
an organisation can enhance its
maturity, particularly through a
focus on ethics, good governance
and community outcomes.
inCOMPLIANCE®
7
INDUSTRY NEWS
Industry News
British Overseas Territories
must publish ownership
registers by 2020
The individuals behind companies established in the
British Overseas Territories must be identified in public
registers, following the UK Government's acceptance
of a cross-party amendment to the Sanctions and
Anti-Money Laundering Bill.
Under the amendment, any British Overseas Territory
that has not already done so will be required to
introduce a public register by 2020. However,
a separate amendment, covering the Crown
Dependencies, was not approved.
The move has been hailed as a major step forward in Cyber attacks growing
the fight against money laundering and tax evasion.
According to Transparency International: “If counted more sophisticated
together, the United Kingdom and its Overseas
Territories and Crown Dependencies would top the Cybercriminals are becoming more methodical and
Financial Secrecy Index, given the staggering scale of organised, according to the tenth annual Trustwave
their undisclosed financial activities.” Global Security Report. The report reveals the top
security threats, breaches by industry, and cybercrime
trends of 2017 and highlights trends witnessed over the
last ten years.
Notably, Trustwave found that there has been a
move by cybercriminals towards more sophisticated
attacks targeting head offices. Half of the incidents
investigated involved corporate and internal networks
(up from 43% in 2016) followed by e-commerce
environments (30%), while incidents impacting point-
of-sale systems decreased by more than a third.
The report also found a large disparity when breaches
are detected internally versus externally. The median
time between intrusion and detection for externally
detected compromises was 83 days in 2017, a stark
increase from 65 days in 2016. Median time between
intrusion and detection for compromises discovered
internally, however, dropped to zero days in 2017 from
16 days in 2016, meaning businesses discovered the
majority of breaches the same day they happened.
https://www2.trustwave.com/GlobalSecurityReport.html
inCOMPLIANCE®®
inCOMPLIANCE
8
INDUSTRY NEWS
FCA Business RegTech MENA 2018 highlights
Plan published potential and challenges of technology
The UK FCA has published its By Tim Porter
Business Plan for 2018/19, including The third RegTech MENA conference was held in Dubai on 23 and 24 April,
seven cross sector priorities: with a broad cross section of speakers and panelists from financial institutions,
• Firms’ culture and governance consultancies and vendors making for an interesting range of ideas and views.
• Financial crime (fraud and Among the prevailing themes were:
scams) and AML • The undoubted potential of RegTech (although speakers emphasised the
• Data security, resilience and need to stay focused on specific use cases rather than thinking RegTech is
outsourcing the answer to all compliance problems)
• Innovation, big data, technology • Local regulators are supportive and positive – the Financial Services
and competition Regulatory Authority of Abu Dhabi encouraged firms to come and talk to
them, and others spoke of the need for collaboration between firms, the
• Treatment of existing customers
regulators and providers. It should be ok to test and learn, and even fail, as a
• Long-term savings and blame culture will stifle innovation
pensions and intergenerational
• Vendors demonstrated the more obvious applications around on-boarding, CDD
differences
and screening, emphasising the potential to process data at speed and scale
• High-cost credit
• However, the challenges surrounding data were highlighted in terms of
The Business Plan also highlights availability, quality and relevance, not to mention the integration challenges
the work being generated by with legacy systems.
Brexit, with the FCA stressing that
RegTech solutions need to be adaptable and flexible in order to keep pace
“our EU withdrawal work outside
with regulatory changes. However, regulators themselves are also becoming
our redeployed resources is £16m”.
users of RegTech to strengthen supervision in areas such as market abuse
detection (for example, the term ‘SupTech’ has been coined by the Monetary
Authority of Singapore). An interesting question was raised around
accountability for decision making underpinned by machine learning, but
a number of speakers reminded us that there remains a human element to
MAS endorses compliance.
Blockchain produced one of the more interesting panel discussions,
updated Wolfsberg with panelists noting that the Dubai government is creating a favourable
environment for the development of blockchain technology, although the
Questionnaire translation from proofs of concept to institutionalisation is a challenge.
https://www.regtechmena.com
The Wolfsberg Group’s updated
Correspondent Banking Due
Diligence Questionnaire (CBDDQ)
IMF steps up engagement on
has been endorsed by the
Monetary Authority of Singapore
corruption and governance
(MAS). Published earlier this year,
the updated questionnaire was
welcomed by the Basel Committee
The International Monetary Fund (IMF) is developing a new framework for
on Banking Supervision, the
“stepping up engagement on governance and corruption”, according to
Committee on Payments and
Christine Lagarde, IMF Managing Director. In a recent paper, the IMF found that,
Markets Infrastructures, the
while the principles underpinning its established governance policy were “the
Financial Action Task Force and
right ones”, implementation “was uneven”. “We did not always hold members
the Financial Stability Board.
to the same standard for similar actions,” she wrote in a blog announcing the
Ms Ho Hern Shin, Assistant framework. “Our analysis too often lacked clarity.” The new framework promises
Managing Director, MAS, said: “more systematic, evenhanded, effective, and candid engagement with member
“The CBDDQ will enhance countries”.
global access to finance and
The framework will also consider the facilitation of corrupt practices by private
promote trade. We urge banks
actors. “To do this, we will be encouraging our member countries to volunteer
in Singapore to incorporate
to have their legal and institutional frameworks assessed by the Fund – to see
the questionnaire into their risk
whether they criminalise and prosecute foreign bribery and have mechanisms
assessment process for setting
to stop the laundering and concealment of dirty money,” Ms Lagarde wrote,
up cross-border correspondent
adding that all of the G7 countries, plus Austria and the Czech Republic, have
banking relationships.”
volunteered for this assessment.
https://wolfsberg-principles.com/
http://www.imf.org/en/Publications/Policy-Papers/Issues/2018/04/20/
wolfsbergcb
pp030918-review-of-1997-guidance-note-on-governance
inCOMPLIANCE®
9
ICA AWARD
ANNUALCEREMONY
CONFERENCE
Award Ceremony
Roll of Honour
I
CA hosted its bi-annual Award Ceremony at the ICA Advanced Certificate in
prestigious Middle Temple in London on 19 April 2018, Anti Money Laundering
where students celebrated their success with friends and
family. Those who had achieved Fellowship and Professional Salma Abdulhakeem Albaghli
Member status were presented with their lapel pins and those Velina Atanasova
who received special achievement awards were recognised. Matthew Beard
Thank you to everyone who attended and we congratulate all Enos Bukuku
our students once again on their fantastic achievements. Sylvia Cowan
John Gillam
Ida Gjestrum
Suresh Vellore Harigopal
Catherine Judd
Nauman Khan
Peter Owusu-Appiah
Sherley Rivero
Kristin Rystad
Patricia San Miguel
Rachel Thompson
Samantha Ward
Vinay Wilfred
ICA Advanced Certificate in
Business Compliance
Victoria Whitby
ICA Advanced Certificate
in Compliance
Massimiliano Bosi
Darrell Carless
Sahar Badreddine Dandan
Chanel Dixson
Stacey Francis
Emma Hart
Shantal Khouri
Amanda Nock
Federica Rosa
Amina Tkhashokova
Julie von Barnekow
Maša Zalar
inCOMPLIANCE®
10ICA AWARD
INDUSTRY
CEREMONY
NEWS
ICA Advanced Certificate in ICA Diploma in ICA Professional
Managing Sanctions Risk Governance, Risk & Postgraduate Diploma
Compliance in Financial Crime
Jennifer Waterhouse Compliance
Joanna Agius
ICA Advanced Certificate in Nadim Awad Gino Camporese
Practical Due Diligence Sian Barker Jean-Phillippe Coste
Palak Bedi Tyrone Griffiths
Astrid Battaini Nicola Childs Jane Ngan
Suganya Culleton Janine Coupe Gloria Perez Torres
Adebayo Daniels Neil Curtis Marta Requeijo
Phil Manwaring Nigel Darby Ilham Tamimi
Aleksei Poboinev Martin De Ville Neil Whiley
Dimitar Dimov Yogita Yadav
ICA Diploma in Emma Gibson
Anti Money Laundering Mark Johnson ICA Professional
Stuart MacBride Postgraduate Diploma
Adetutu Ajayi Andrew Mason in Governance Risk &
Fathiya Al Balushi Donna Moore Compliance
Micin Ali Mary-Ann Ooi Suan Kim
Phil Barrett Amanda Osuagwu Doris Bajah
Lawrence S Buka Bibi Pearce Johnson Simon Boyle
Aurangzeb Chaudhry Sonata Petniunaite Samantha Dewhurst
Ingema Edholm Yanan Qiu Christopher Dimbylow
Ephraim Ehrhardt Nadesu Ramesh Mark Everard
James Emery-Barker Antonia Rontogianni Vladimir Gromov
Sydney Ferreira Adrian Rutter Esperanza Hernandez
Audrin Francis Stephan Schaefer Bahare Heywood
Roberto Freiwald Valada Tsoukia Robert Kurau
Jemma Gibbons Peter Yates Darren McInnes
Pedro Giraldo Sian Wright
Paul Goldsmith ICA Diploma in
Fatima Gray Financial Crime Prevention ICA Fellows
Clarinda Grundy
Rachel Haywood Salim Al Mushaifri Osa Aiwerioghene
Ian Hutton Halima Balushi Samantha Dewhurst
Doug Ing Sean Beer Mark Everard
Manpreet Kaur Tim Bescoby Vladimir Gromov
Luke Lavender Tracey Carty Bahare Heywood
Lauren Lee Esther Chukwuocha Marta Requeijo
Christopher Lindsay Carmen Garcia-Nieto Ilham Tamimi
Kelley MacNab Peter Hackney Neil Whiley
Andy Mulley Louise Harper Yogita Yadav
Mark Rilwan Onafeku-Badmus Yulia Logue
Riitta Seppälä Adele Schirinzi
Mithil Shah Kim Sparks
Parminder Turna Amanda Toop
Kay Whitewood
Outstanding Achievement Awards
Matthew Beard Jennifer Waterhouse Phil Barrett Stuart MacBride Louise Harper
ICA Advanced ICA Advanced ICA Diploma in Anti ICA Diploma in ICA Diploma in
Certificate in Anti Certificate in Money Laundering Governance Risk and Financial Crime
Money Laundering Managing Sanctions Compliance Prevention
inCOMPLIANCE®
11ICA ANNUAL CONFERENCE
Compliance…
and beyond
How can compliance make a difference?
James Thomas reports from the ICA’s annual conference
C
onversations about compliance – big and small – often Conversation and community
focus on its current challenges and future role, and on The concept of ‘working beyond organisational
the opportunities that exist for compliance to establish boundaries’ recurred throughout the day, in various
itself as a key strategic adviser to the business, whether guises. As Bill Howarth, ICA Executive President,
through supporting a culture that ensures the ‘right’ outcomes explained in opening the event, the ICA is building
for customers, through minimising regulatory sanctions and towards its 2020 vision, “taking stock of where
the associated reputational damage, or through otherwise compliance is and where it’s going” and, having added
leveraging competitive business advantage. many new members over the last 12 months, a big part of
The ICA’s 10th annual conference – The Big Compliance that vision and strategy involves “building communities”.
Conversation, which took place on 19th April – invited Picking up on the theme, keynote speaker, Tom
delegates to expand the discussion still further, to look Cardamone, Managing Director of Global Financial Integrity,
beyond the boundaries of their organisations at the broader asked the audience: “How can we look beyond the rules and
contribution that the profession can make to society, regulations to ensure global financial integrity?” The problem
for example through raising awareness of key issues and of illicit financial flows is showing little sign of abating, he
through sharing information with other organisations and argued. “We are surrounded by illicit money and most people
regulatory authorities. don’t recognise it, and when they do it’s often met with a
Cardamone: Consider being advocates within your institutions to try to get them to be more active in this area, to try to
address the opacity in the global financial system
inCOMPLIANCE®
12ICA ANNUAL CONFERENCE
Box 1: How can technology help compliance?
The impact of rapid technological developments upon the role of compliance has been a key consideration within the Big
Compliance Conversation to date. A panel session followed the keynote presentation, which examined the question: “How
can technology help compliance?”
Chairing the panel, Pekka Dare, Director, International Compliance Training (ICT), Learning and Development, asked
the panel for their views on the impact of RegTech and FinTech, whether it would result in a “bloodbath” of compliance
practitioners, or whether it would enable the profession to work better and combat financial crime more effectively in the
future.
The panel – which included individuals from both a practitioner and a vendor background – offered a range of
perspectives. According to Justin Hunt, Digital Leadership Forum, RegTech and FinTech represent an “incredible
opportunity” for individuals in compliance to shape the future of innovation. However, he did concede that the complexity
of such technologies nevertheless presents obstacles. A fundamental question is whether it will be possible to understand
how and why such systems arrive at the decisions they reach. “The technology itself is very difficult to understand, and it’s
going to be challenging to understand why AI makes particular decisions to help you fight financial crime,” he said, adding
that “Organisations will be looking to ‘best of breed’ third party providers for AI services, but the difficulty is that there are
bound to be situations where the complexity of the AI decisionmaking will not be easy to interpret. It won’t be completely
possible to understand why the machines are making the decisions that they are making.”
Such concerns prompted a question from the floor, from Kevin Parle: if nobody actually understands how the technology
is working, is that compatible with accountability requirements under the Senior Managers and Certification Regime? The
answer is, as yet, not completely clear, not least because the regulators themselves are also playing ‘catch up’ in terms of
developing an understanding of these technologies (although, as Mark Dunn, Head of Entity Due Diligence and Monitoring,
Lexis Nexis, suggested, initiatives such as the FCA’s regulatory sandbox and Innovate project show that the regulators are
starting to educate themselves).
From a practitioner perspective, the associated absence of regulatory ‘soft’ endorsement of new technologies creates a further
potential disincentive to their adoption, on top of any uncertainties surrounding both the capabilities of these technologies and
their functioning. According to Vivek Padmanabhan FICA, Head of Compliance, Transaction Banking, AME, Standard Chartered:
“Five or ten years ago when banks were using, say, LexisNexis or WorldCheck to do their screening, the regulator wouldn’t
ask us to understand the mechanics of how those systems worked. Vendors would create systems that regulators would have
confidence in.” However, as Mr Hunt remarked, regulators “will not approve a single ‘best of breed’ provider because the risk of
having one algorithm serving the whole system is too great. There needs to be a diversity of suppliers.”
A further challenge with technologies involving machine learning revolves in part around that recurring theme of the
conference: 'sharing'. According to Mr Hunt: “Software used to run on the fact that it just followed orders. The big difference
with machine learning is that the programmes learn from the data that you provide them with, so they need ‘test and learn’
environments, piloting, and proofs of concept.” Because those in the financial sector are accustomed to keeping data to
themselves, this may prove hugely challenging to achieve in practice, holding back the development and diffusion of these
technologies.
Greater collaboration, between vendors and practitioners, will also be needed, to ensure that vendors create systems that
are both fit for purpose, and that can be readily understood and accessed. Preferably, systems should provide a holistic
solution. According to Mr Padmanabhan the compliance function has reached a “crunch point”. “Traditional models have
really been challenged since the financial crisis, and the people cost of compliance has really increased,” he said, “but there
have been very limited benefits to existing cost reduction strategies. A lot of us have siloed, single purpose systems, and this
is a problem I have seen with a lot of the vendors too. Can vendors offer us more integrated solutions?” Mr Hunt suggested
that “vendors need to make sure that what they deliver is friendly and easy to use, and the compliance community must
push back and make this clear to the vendors”. This problem remains some way from being solved, suggested Neil Marshall,
Data & Screening Specialist, Finscan: “The systems we put in place ten or fifteen years ago, while starting out with the best
of intentions, were not necessarily the answer. We have ended up with ‘remediation factories’. We’ve still got the same
problems, we’re just throwing more people at it.”
And what of the feared “bloodbath”? On that issue the panel was unanimous. As Mark Dunn explained: “The role of
compliance is here to stay, because no matter how clever the machine is, you will have to have somebody driving it.”
shrug,” he suggested. “Even those of us with a professional an anonymous shell company,” he said. “We have created
involvement in financial crime prevention can become this. But I have yet to see a convincing argument as to
immune due to the constant ‘drip, drip, drip’ of news.” why somebody would need to have an anonymous shell
Global Financial Integrity estimates that volumes of illicit company. ‘Offshore’ has become a euphemism for opacity,
money coming out of developing countries have increased and it is that opacity that I believe is the great scourge of
by approximately 6% per annum on average since 2008. the financial system.”
Significantly, he suggested, this has been facilitated by He outlined the scale of the task of reversing this trend,
the financial system. “It is legal in most countries to have suggesting that “since the financial crisis, anonymous
inCOMPLIANCE®
13ICA ANNUAL CONFERENCE
Cardamone. “My bank account is private. But it’s not secret.
Privacy is a good thing. But we have seen over and over the
harm that secrecy does.”
Who shares wins?
The theme of information sharing carried across into ICA
Fellow Dr Steve Strickland’s presentation, “Is it time to
‘Go Beyond Compliance’?” Explaining his decision to join
Deutsche Bank as Director of Anti-Financial Crime, he
suggested “the bigger the problem, the more motivated
I am”, and throughout his talk he highlighted how his
background at the City of London Police has influenced
his approach to his subsequent career in industry, both at
Barclays and within his current job.
Strickland: If you don’t share information you are not
preventing criminal activity, you’re just displacing it “Do we consider our role as being to protect our
organisations, or is it something different?” he challenged
the audience. “Who would describe their role as being a key
shell companies have boomed… perhaps the crisis provided component of the criminal justice system? I was when I was
an impetus for people to move their money offshore”. He a police officer, and I would say the same now. And that is
added that, even where steps have been made to improve fundamental to what I do and how I look at the challenge. If
transparency, implementing such measures has, in practice, you’re only looking at it through the lens of protecting your
fallen short. While praising the UK for leading the way organisation, you are not going to make a difference.”
in developing public beneficial ownership registries, he The Joint Money Laundering Intelligence Taskforce (JMLIT)
reminded the audience that 4,000 toddlers are currently provides a prime example of “going beyond compliance”,
listed as UK business owners. “It’s wonderful to have a he suggested. “It’s a voluntary public-private sector
registry, but if it’s not accurate and you can game the system initiative, and membership is not mandated by regulation or
fairly easily, then it’s not effective,” he remarked. legislation,” he said. “It’s a time commitment, so why would
you do it? Because you want to make a difference. I have
people dedicated full-time to JMLIT. It’s our commitment to
making a difference. It’s how we take an active part in the
criminal justice system.”
Holding open town halls provides a further example
of Deutsche Bank’s commitment to sharing information
with other banks. “If you don’t share this information you
are not preventing criminal activity, you’re just displacing
it,” he argued. Such activities may go against traditional
commercial objectives, and a question from the floor asked
how compliance can achieve buy-in for them. Mr Strickland
suggested that past failures provide an opportunity to
emphasise the value-add of compliance. “I’m lucky, because
Deutsche Bank is one of those banks that is in spotlight,” he
said, “and any bank that has problems will be more prepared
Sadler: Compliance and confidence go hand in hand to listen. When your management board see nothing but bad
press, good news carries huge weight.”
Mr Cardamone called on delegates to “consider being Communication and culture
advocates within your institutions to try to get them to be more The challenge of influencing the business formed a
active in this area, to try to address the opacity in the global centrepiece of the next presentation – How can you work with
financial system”. This, he suggested, requires action at the the business to develop a compliance culture? – delivered by
local, regional and global level. Notably, at the regional level, ICA Fellow Julie Sadler, Managing Director, Bankhall.
he urged financial institutions to engage in greater information “Compliance as an influencer is down to you,” she said.
sharing, and in better communication between industry and “There are probably no tangible outputs you can provide
government. He also suggested that compliance practitioners other than your board reports, so it is a tough role.” She
can help to create the political will to drive change. emphasised the importance of communication and confidence
Finally, a question from the floor highlighted the competing as two ingredients essential to influencing compliance culture.
demands that compliance professionals must currently In terms of the former, she stressed the importance of quality
juggle, namely how to balance the transparency initiative written work, as well as of verbal skills. “A lot of how you
against the right to privacy (to the forefront of many peoples’ embed compliance within your business depends on the
minds, given the GDPR). “I’m all for privacy,” replied Mr meetings and conversations that you have,” she said,
inCOMPLIANCE®
14ICA ANNUAL CONFERENCE
“Give your team training on how to communicate better with Good communication requires confidence, which is also
others.” Good communication is not only about what you say, fundamental to managing stakeholders and retaining your
it is also about how you say it. “How easy is it for you to feel independence. “Compliance and confidence go hand in
your blood pressure going up when you can see something hand,” she explained, adding that compliance officers need
is not right and nobody is listening to you?” she asked. the confidence to flag up culture problems where they
“Always be non-emotional when you’re working with the have tangible evidence of them. “It’s tough in compliance,
business and providing feedback.” because you’re managing so many relationships,” she
When communicating the importance of a compliance continued. “Decisions are made by people that have got the
culture, the word ‘compliance’ may itself be a hindrance. right level of influence but also the right level of credibility
“What is a ‘compliance culture’?” she asked. “The ideal within their business. You must make sure you have clear
position is where the word ‘compliance’ never needs to stakeholder management with the right personnel within
be said, because the ethos and trading of your business is your business. Be seen at the right meetings, be a leader,
built around wanting to do the right thing and delivering and have courage.”
the right outcomes. I think the word compliance is seen to
be a negative, and that’s historic. But if you replaced it with A high risk environment
‘doing the right thing’ business leaders might be pleasantly The role and value of the financial sector was again to the
surprised. When we say ‘you need to comply’ that can get forefront within ICA Fellow Brendan Leddy’s presentation:
Strickland: Who would describe their role as being a key component of the criminal justice system?
people defensive right away.” Burden vs benefit? Doing business with high-risk jurisdictions.
Box 2: Further discussion
Following the panel session, the conversation continued within a range of concurrent breakout sessions. Paul Asare-
Archer FICA, Head of Compliance, Telefonica UK (02) described the characteristics of a high performing compliance
team and explained how to build one. Cherise Cox-Nottage FICA, Executive Director, Head of Legal and Compliance
Departments, UBS Trustees (Bahamas) Ltd, reflected on the on the fallout from the Panama/Paradise Papers and sought
to challenge erroneous and anachronistic perceptions of the Caribbean, such as: "Your AML/CFT Regimes are not up to
'our' legal and regulatory standards"; "There's all sorts of illicit cash and crime proceeds awash in your nations"; and "You
all look alike to me". To demonstrate her point she compared a 2017 OECD Peer Review Report on Germany, against one
for the Cayman Islands.
David McClean, Joint Deputy Head of Enforcement and Engagement, OFSI HM Treasury, offered an overview of OFSI
developments over the last 12 months in the areas of implementation, outreach, compliance and licencing, before providing
a deeper dive into the sanctions regime against Iran and North Korea. He invited the audience to consider how they would
respond to a range of scenarios, and gave advice regarding high risk indicators and behaviours, and approaches.
Adrian Burton FICA, Channels Business Risk Director, Community Banking Business Risk, Lloyds Banking Group, gave
a presentation on execution risk, or “the risk that a company’s plans will not work… [which] usually applies at a time of
change, for example, when introducing new systems or entering a new market” – concerns that will be to the forefront of
practitioners’ minds in the current fast-changing operating environment. He offered advice on factors that risk teams should
consider with regards to implementation planning, customer impact, colleague impact, external influences, and monitoring.
Summing up, he urged delegates to:
• Define your change risk appetite and risk monitoring
• Establish appropriate governance
• Achieve clarity around the role of the accountable executive
• Plan around resource capacity and capabilities
• Create robust monitoring and measuring tools to assess post-implementation
David Brain, Head of Financial Crime, Bovill, provided guidance on regulatory reviews, with the overriding message that
“prevention is better than cure”. He urged firms that are subject to reviews to be well prepared, open and honest, and
to engage with the regulators with genuine interest. Finally, Gary Brown, GDPR UK Programme Director, Santander UK,
suggested a list of 10 things that an organisation should have in place prior to implementing GDPR:
• Create staff awareness
• Identify where personal data is stored
• Appoint a DPO
• Identify and assess suppliers
• Locate your data entry points
• Formalise processes to uphold rights
• Formalise your data breach process
• Review and update policies
• Identify key products, processes and services
• Delete data no longer used
inCOMPLIANCE®
15ICA ANNUAL CONFERENCE
“Give your team training on how to communicate better with financial inclusion. “Do these risks mean that you shouldn’t do
others.” Good communication is not only about what you say, business in these countries?” he asked. “Even if a jurisdiction is
it is also about how you say it. “How easy is it for you to feel high risk that does not mean that you can’t do business in that
your blood pressure going up when you can see something is jurisdiction. The idea is to mitigate risk rather than completely
not right and nobody is listening to you?” she asked. “Always eliminate it. Frameworks should not be preventative, but
be non-emotional when you’re working with the business and should be for assisting due diligence.”
providing feedback.” Operating within such jurisdictions emphasises the
importance of the bank’s risk appetite. “The risk appetite
statement should be continually reviewed,” he explained.
“It should be known within the bank, and particularly by
the commercially-minded within the bank. In our bank risk
appetite is determined at the most senior level.” BACB’s high
risk appetite resulted in a regulatory visit following their
submission to the Financial Conduct Authority’s (FCA) REP-
CRIM report. The experience was challenging, but valuable,
he recalled: “The visit demonstrated the importance of an
audit trail: all of your thinking should be consigned to paper.
You should welcome a review… it’s like a free audit!”
Such a challenging environment offers professional
Leddy: The idea is to mitigate risk rather than completely
rewards, however. “You need resources to identify risk,” he
eliminate it
continued. “There needs to be appreciation of the level of risk
associated with the jurisdiction and the entity. You need to
When communicating the importance of a compliance take a view as to whether or not reputational damage might
culture, the word ‘compliance’ may itself be a hindrance. “What be the end result of a decision you take. But this is where the
is a ‘compliance culture’?” she asked. “The ideal position is head of compliance can earn their bread and butter.”
where the word ‘compliance’ never needs to be said, because
the ethos and trading of your business is built around wanting
to do the right thing and delivering the right outcomes. I
think the word compliance is seen to be a negative, and that’s
historic. But if you replaced it with ‘doing the right thing’
business leaders might be pleasantly surprised. When we
say ‘you need to comply’ that can get people defensive right
away.”
Good communication requires confidence, which is also
fundamental to managing stakeholders and retaining your
independence. “Compliance and confidence go hand in
hand,” she explained, adding that compliance officers need
the confidence to flag up culture problems where they have
tangible evidence of them. “It’s tough in compliance, because
you’re managing so many relationships,” she continued.
“Decisions are made by people that have got the right level Dearnley: We cannot prevent unless we share
of influence but also the right level of credibility within their
business. You must make sure you have clear stakeholder
management with the right personnel within your business. Be Winning the fight
seen at the right meetings, be a leader, and have courage.” Closing the conference, Ruth Dearnley, CEO, Stop the Traffik,
provided a sobering NGO perspective on the potential of
A high risk environment compliance to influence change beyond organisational
The role and value of the financial sector was again to the boundaries. “The buying and selling of people is the fastest
forefront within ICA Fellow Brendan Leddy’s presentation: growing crime today,” she explained. “The skillset of the
Burden vs benefit? Doing business with high-risk jurisdictions. people in this room is key to stopping trafficking.”
Mr Leddy described his experience of high-risk jurisdictions Again, information sharing was regarded as being of
as Head of Compliance and MLRO at British Arab Commercial fundamental importance. “We will not rescue our way out of
Bank (BACB). this crime,” she suggested. “For every rescue there is a vacancy.
“At BACB we get to experience the consequences of de- We will not prosecute our way out of this crime, although we
risking,” he said, reminding the audience that, according to the do need successful prosecutions. There is no solution that is just
World Bank, half the global population doesn’t have access to ‘there’. We are having to learn and discover, and I have learned
a bank account. While some jurisdictions bring higher risk of that we will not do this unless we are intelligence led.”
illicit cash flows, bribery, corruption and the weak rule of law, In what could have been a slogan for the conference, she
the policy of ‘de-risking’ has serious global implications for concluded: “we cannot prevent unless we share”.
inCOMPLIANCE®
16TECHNOLOGY
CORPORATE GOVERNANCE RECRUITMENT
We provide the highest level of integrity, commitment, results
and delivery from our team. Building long-term sustainable
relationships are at the heart of what we do.
INTEGRITY TO THE CORE
Broadgate Search are a specialist recruitment company who OUR ACADEMIC PARTNER
concentrate on placing governance professionals at a mid to senior
level. This would include all areas of compliance, risk and audit.
We work from our offices in London, Manchester and Dublin,
operating globally.
OUR DIVISIONS
Focusing on the market’s distinct verticals means we consistently
deliver exceptional results across the financial spectrum.
COM RIS AUD ACT FIN TRA
COMPLIANCE RISK AUDIT ACTUARIAL FINANCE TRANSFORMATION
& CHANGE
FOR MORE INFORMATION: Visit www.broadgatesearch.com or email enquiries@broadgatesearch.com
LONDON: +44 (0) 203 817 9757 DUBLIN: +353 (1) 6087748 MANCHESTER: +44 (0) 161 509 5481
inCOMPLIANCE®
17SM&CR Which way next? Is compliance still the place for a creative and challenging professional career, or will it become just another operations function? asks David Jackman inCOMPLIANCE® 18
SM&CR
I
t’s over. Job done. Retail compliance has reached its high watermark and the
major strategic call has been achieved. Quietly, with little fuss, the first bank –
Barclays – carried out its ring-fencing operation over the Easter holiday, in fact
on 1 April. You would hardly have known (unless, presumably, you are that bank’s
customer) that anything had changed. I was relaxing after a special anniversary
meal in a local restaurant, gazing over the watery fells, and just happened to glance
at an article in an abandoned newspaper when I noticed the news. If I think back
to all the commotion and objection that greeted the proposals for ring-fencing
following the Independent Commission on Banking report on the 2008 crash, how
small the actual event seems now.
This is the ultimate piece of consumer protection. Drastic, some might argue,
strategic, striking right at the core of the banking system and almost returning us to
an earlier age of high street banking as a form of utility. We remember the purpose
is to separate everyday personal and business banking from the riskier (“casino”)
investment banking, so that losses in one do not bring down the other. The changes
necessary have cost the largest banks many millions of pounds. All the other
“large banks” will follow after court hearings this year, and the splits will have to be
completed by 1 January 2019.
What now?
What more is compliance to achieve? Retail banking compliance will be
straightforward consumer protection along the familiar lines of KYC, suitability,
protecting client money, responsible marketing, sound T&Cs etc. Investment
banking compliance may become much less pivotal because the strategic risk is
lower, and regulators have the scope to allow, potentially, a lighter touch regime –
especially in the UK if they choose to use the newly-won Brexit freedoms.
What else is there to do? Ring-fencing is enough strategic change for a
generation. Of course, there will still be over-pricing in some (credit and insurance)
sectors to smooth out, RegTech sandboxing, data security to manage and the
vulnerable customer agenda to expand, but these paths are now well worn and
initiatives will be increasingly international and beyond our influence.
So what is the future compliance, at least in the UK? Is it still the place for
a creative and challenging professional career, or will it become just another
operations function? I am in the process of recruiting a new Head of Risk and
Compliance – what sort of skillset should I be looking for, and what sort of job will it
be in the future? This is an important question for me but also, perhaps, the central
question for the ICA, and all ICA Members.
There is no alternative for the profession
but to embrace this fundamental change
in focus from technical to strategic, from
process to culture
The answer
The answer, conceptually and philosophically as well as practically, comes partly
from the Senior Management and Certification Regime (SM&CR). For regulators, I
sense, this is something of an unknown… not a gamble by any means, but I am not
sure anyone is certain how it will work out. So we should factor this in if we are to
have a “big” compliance conversation.
SM&CR is meant to shift responsibility away from compliance and onto the
shoulders of individual line managers and directors. Anyone external to the
business might argue that this is a good thing in terms of consumer protection,
but it is obviously a significant challenge to the existing role and status of
compliance departments and officers. As the Financial Conduct Authority (FCA)
moves itsoffices out to Stratford in 2018, a step away from the main centres of
activity, is this a metaphor for compliance’s role becoming more arms length:
inCOMPLIANCE®
19SM&CR
Outcomes Review. I suspect that wide range of soft skills necessary
The greatest SM&CR has got to be made to to introduce and then maintain
challenge is work, much in the same way as TCF this kind of ‘strong but subtle’ ‘soft
(treating customers fairly) had to be engineering’.
educating made to work, even after some poor There is no alternative for the
colleagues to industry take-up and a series of false profession but to embrace this
understand what is starts. In a series of articles in this
magazine, we considered some of the
fundamental change in focus from
technical to strategic, from process
required and to practical issues around implementing to culture. This is a step up which
accept that SM&CR in all firms. These are worth
referring back to if you are unclear. A
is entirely feasible but the greatest
challenge in my view is educating
compliance has a comprehensive and holistic approach colleagues to understand what is
far more wide- is needed. required and to accept that compliance
reaching role, Change in focus
has a far more wide-reaching role,
higher up the production chain and,
higher up the The real regulatory test for any firm crucially, in the boardroom. This is
production chain will become a test of corporate
attitude and ethics, what I refer to
a project that the ICA can help with
considerably and does require co-
and, crucially, in elsewhere as corporate maturity.1 ordinated and concerted action. Even
the boardroom The FCA plan says: “we seek to form in a ring-fenced world there is a lot
judgements as to whether the drivers to be done to progress the quality of
of behaviour we are interested in as corporate culture, markets integrity
to crunch the data, map and facilitate a regulator are driving appropriate and consumer protection. The task
the responsibilities of others, meekly behaviours which are unlikely to starts now.
advise or enable others to take the cause harm”.2 Regulatory tolerance
real decisions, interpret the regulatory for low-level poor behaviour, feeble David Jackman is
utterances and, of course, train? excuses, trying to avoid responsibility, Chairman of, or co-
Or is the FCA’s move the portent unnecessary delays and tactical chairs, three financial
of a bright, progressive new future inaction will have to be near to zero. services companies
with compliance able to be ahead There can be neither the resources, and was formerly
of the game, strategic, leading nor the ‘political’ capital to spend head of training and
change, taking on responsibilities for time on what is increasingly seen competence, and business ethics at
enterprise and the creation of new as ‘immature’ behaviour, especially the FSA (now FCA). He is a tutor for
markets? How will this all work out? when the key accountability of the ICA and a strategic advisor. He as
We need to know. regulators is tied up with leaving the recently published a second textbook
Looking for signs, it is interesting EU. on compliance entitled Corporate
that the first priority for the FCA So who is best placed to ensure Maturity and the Authentic Company.
Business plan 2018/19 – the first that SM&CR embeds successfully? It
published under new Chairman, has to be compliance, and if the key
Charles Randell – is firms’ culture
and governance, which should drive
behaviours and produce outcomes Get more on the CPD Portal
likely to benefit consumers and • Maintaining competitiveness under the SM&CR
markets. This is the SM&CR’s central https://www.int-comp.org/cpd/maintainingSMCR
aim and the rules will be published • Culture and individual responsibility: checklist for firms in the new SMCR
finally in summer 2018. But I notice https://www.int-comp.org/cpd/checklistSMR
the caution of the word ‘should’. • Extension of the SMCR to all FSMA authorised firms
Does the FCA have some doubt that https://www.int-comp.org/cpd/SMCRextension
SM&CR will deliver the promised
land? Not a member?
It is possible that pension For access to the ICA CPD Portal, among other benefits, become a member today:
transfers, particularly defined www.int-comp.org/membership/why-become-a-member
benefit schemes, will be the first
test of the effectiveness of devolved
responsibility. This will be bolstered by
a welcome return to focusing on T&C to1.managing
Jackman,regulatory
D. (2018) Corporate Maturity and the Authentic Company,
risk is ‘good’
and interventional charging structures Business
attitudes, Expert
values, goodPress, New York
governance
– a consultation paper is due out 2. FCA and
practices Business Plan 2018/18
role disciplines, pp21-22
then
soon as part of the wider Retirement it is compliance that has to have the
inCOMPLIANCE®
20You can also read
