FINANCIAL REGULATION - Nelson Mullins · ANNUAL REVIEW • FINANCIAL REGULATION ANNUAL REVIEW • FINANCIAL REGULATION JULY 2015 • FINANCIER WORLDWIDE • 9 8 UNITED STATES •

FINANCIAL REGULATION

A N N UA L R E V I E W 2 0 1 5

Published by

Financier Worldwide

23rd Floor, Alpha Tower

Suffolk Street, Queensway

Birmingham B1 1TT

United Kingdom

Telephone: +44 (0)845 345 0456

Fax: +44 (0)121 600 5911

Email: [email protected]

www.financierworldwide.com

Copyright © 2015 Financier Worldwide

All rights reserved.

Annual Review • July 2015

Financial regulation

No part of this publication may be copied, reproduced, transmitted or held in a

retrievable system without the written permission of the publishers.

Whilst every effort is made to ensure the accuracy of all material published in

Financier Worldwide, the publishers accept no responsibility for any errors or

omissions, nor for any claims made as a result of such errors or omissions.

Views expressed by contributors are not necessarily those of the publisher.

Any statements expressed by professionals in this publication are understood to

be general opinions and should not be relied upon as legal or financial advice.

Opinions expressed herein do not necessarily represent the views of the author’s

firm or clients or of any organisations of which the author is a member.

Financial RegulationJ U LY 2 0 1 5 • A N N U A L R E V I E W

F i n a n c i e r Wo r l d w i d e c a n v a s s e s t h e o p i n i o n s o f l e a d i n g p r o f e s s i o n a l s a r o u n d t h e w o r l d o n t h e l a t e s t t r e n d s i n f i n a n c i a l r e g u l a t i o n .


UNITED STATES ..................................................... 08Dwight Smith NELSON MULLINS RILEY & SCARBOROUGH LLP

CANADA ............................................................... 12Nancy J. Carroll MCCARTHY TÉTRAULT LLP

ARGENTINA .......................................................... 16Gabriel Matarasso MARVAL O’FARRELL & MAIRAL

COLOMBIA ............................................................ 20Andrea Fradique-Méndez GÓMEZ-PINZÓN ZULETA ABOGADOS S.A.S.

CAYMAN ISLANDS ................................................ 24Simone Proctor SOLOMON HARRIS

UNITED KINGDOM ................................................ 28John C. Ahern JONES DAY

IRELAND ............................................................... 32Andrew Bates DILLON EUSTACE

GERMANY ............................................................. 36Dr Kirsten Donner KIRKLAND & ELLIS INTERNATIONAL LLP

Contents


www.financierworldwide.com


NETHERLANDS ...................................................... 40Paul Rothwell DELOITTE

PORTUGAL ............................................................ 44Pedro Ferreira Malaquias URÍA MENÉNDEZ-PROENÇA DE CARVALHO

SWEDEN ............................................................... 48Dan Hanqvist ROSCHIER ADVOKATBYRÅ AB

RUSSIA ................................................................. 52Grigory Marinichev MORGAN LEWIS

SINGAPORE .......................................................... 56Antony Eldridge PWC SINGAPORE

VIETNAM .............................................................. 60Kent Wong VCI LEGAL

Contents

A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N 2 0 1 5

INTRODUCTIONFinancial regulation has never been more onerous. Increasingly, financial institutions of all sizes are coming to terms with rapidly expanding regulatory obligations and ever more stringent enforcement activity. As a result, compliance risks are becoming more important and challenging for firms operating in today’s climate – especially those that need to maintain compliance in a number of different jurisdictions with unique demands. Though there will likely be some similarities between regulatory regimes in some areas (countries within the EU, for example, will have many common threads), institutions are still required to be cognisant of a great number of regulatory requirements. Accordingly, it is imperative that both management and staff are provided with regularly updates and relevant training on companywide policies and procedures.

The financial services sector is still haunted by the spectre of the financial crisis, with public confidence low. Scandals surrounding Libor and Euribor rigging have not helped, and regulatory bodies are likely to remain focused on the sector for some time.

Regulatory initiatives are having a profound impact. The Single Rulebook in Europe, for example, affects all financial institutions in EU Member States and, along with other developments that have been foisted onto institutions, will increase compliance costs for firms going forward.

Regulatory developments on data protection and privacy have also taken centre stage. Information and communication technology has become a key asset for global firms. However, with data breaches now common, banks, insurance and asset management companies are coming to terms with new regulations covering data privacy, protection and confidentiality. As threats to cyber security become more prevalent, firms must ensure that their IT systems and processes can stand up to the challenges that lie ahead.

A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N 2 0 1 5

A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N

8 • F INANCIER WORLDWIDE • JULY 2015

Q TO WHAT EXTENT DO

YOU BELIEVE TODAY’S

FINANCIAL INSTITUTIONS

ARE OPERATING IN

AN ENVIRONMENT OF

INCREASING REGULATORY

SCRUTINY AND

ENFORCEMENT ACTIVITY?

www.f inancierworldwide.com


UNITED STATESDWIGHT SMITHNELSON MULLINS RILEY & SCARBOROUGH LLP

SMITH: Virtually all financial institutions, regardless of size, face a

growing number of regulations and increased supervision through both

examinations and enforcement actions. The expansion of regulatory

regimes is, in many respects, a response to the financial crisis of 2008

and 2009. Indeed, national economies are still absorbing the impact of

the crisis, and until there is a strong level of public confidence in the

financial sector, the intensity of the regulators will continue. Moreover,

cooperation among national regulators, especially between UK and US

authorities, has buttressed the regulatory framework for large financial

institutions. Capital, resolution planning, and international matters

such as the London Whale and the LIBOR rate-setting cases have

forced large banks both to expand and to integrate their regulatory

compliance functions.

SMITH: The sector faces challenges on several fronts. The two broad

reforms after the financial crisis – increased capital and different forms

of ring-fencing around depository institutions – continue to resonate.

Regulators, particularly in the US, have begun to take enforcement

action on other matters, such as money laundering and consumer

protection. Additionally, the accelerating evolution of payments systems

will present new risks that regulators are only beginning to grasp.

SMITH: New and emerging requirements have had, and will continue

to have, a material impact on the financial services sector – even

to the point of a firm’s existence as an economic entity. In the US,

regulatory costs now spur consolidation among smaller banks. Larger

banks do not face quite the same pressure, but regulatory costs now

are a material part of earnings reports and forecasts, with a quantifiable

impact on returns to shareholders and share prices. Of course, capital

Q COULD YOU OUTLINE

SOME OF THE BROAD LEGAL

AND REGULATORY CHANGES

AFFECTING THE FINANCIAL

SERVICES SECTOR?

Q WHAT ARE THE

IMPLICATIONS OF THESE

RECENT REGULATORY

REQUIREMENTS FOR

FINANCIAL INSTITUTIONS?

A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O NA N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N

JULY 2015 • F INANCIER WORLDWIDE • 9 8www.f inancierworldwide.com

UNITED STATES • DWIGHT SMITH • NELSON MULLINS RILEY & SCARBOROUGH LLP

raising remains a priority. At a slightly more granular level, all financial

institutions will have to set aside an increased amount of resources for

managing the operational risks that the regulators have focused on.

Some firms will have to consider whether to terminate business lines.

SMITH: With the possible exception of some smaller institutions

where compliance costs are daunting if not prohibitive, all financial

institutions are working diligently to address regulatory changes and

the accompanying compliance obligations. This is not an easy task

– the securities filings of the largest US banking firms are replete with

statements about a continuing need to devote increasing amounts of

resources to regulatory compliance. Appropriate corporate governance

– under the umbrella of the ‘tone at the top’ set by the board – is

essential to these efforts. The necessary ‘tone’ is not limited to anodyne

statements by directors. Internal governance should secure the

independence of the compliance function, provide for direct reports to

the board and senior management, and create incentives for compliance

in the operating business units.

SMITH: Particular changes depend, of course, on specific regulations,

but something of a template for a compliance framework has emerged

in the US in several enforcement orders imposed by the Federal Reserve

Board and other regulators. This framework would well serve efforts to

adhere to regulations in other countries. There are several elements

involved. The board of directors must exercise greater oversight,

sometimes through a specially designated committee, by reviewing

compliance regularly and frequently. The board is also expected to

maintain a ‘culture of compliance’, which in some cases may mean

revising compensation policies to encourage greater attention to

Q IN YOUR EXPERIENCE,

HOW ARE FINANCIAL

INSTITUTIONS RESPONDING

AND ADAPTING TO THESE

REGULATORY CHANGES?

HOW IMPORTANT IS IT

TO ESTABLISH A STRONG

INTERNAL GOVERNANCE

FRAMEWORK TO MAINTAIN

COMPLIANCE?

Q WHAT POLICY AND

PROCESS CHANGES MIGHT


NEED TO IMPLEMENT TO

MAINTAIN COMPLIANCE

WITH NEW REGULATIONS?


10 • F INANCIER WORLDWIDE • JULY 2015 www.f inancierworldwide.com


compliance at the operational level. Often necessary is a chief

compliance officer who reports directly to the board and who has both

authority to direct compliance activities and accountability for defects.

Compliance staff should report to this officer and not to the heads

of business units. Management should review and update operational

policies and procedures to incorporate new regulatory obligations.

Compliance training should be provided across the organisation.

SMITH: The almost routine media accounts of hacking into what were

once thought to be secure systems at government agencies and private

companies make it abundantly clear that management of cyber risk

should be a high priority. The risk is operational in nature, meaning that

an institution can be affected anywhere, and the risk is not limited to

particular business lines. Management of cyber risk is an especially knotty

problem. The risk is relatively new, and institutions also encounter the

problem of not-knowing-what-they-don’t-know. The risk is also highly

sophisticated, unlike most other risks confronting financial institutions,

where senior officials and directors will have developed an almost

intuitive sense of how to respond. Nevertheless, two actions are clear.

First, an institution must expand risk management to include personnel

with a level of technical expertise at least equal to those of hackers.

Second, a response and contingency plan is essential. US regulators

have not dictated particular actions but expect financial institutions to

have in place a well-thought-out approach to cyber risk.

SMITH: Financial institutions face several challenges in managing

compliance on an international basis, among them the fact that

the international dimensions of compliance will vary from issue to

issue. National responses to the systemically important banking

organisations are a case in point. In one respect, the Basel III capital

requirements, regulators have cooperated to produce a nearly uniform

set of requirements across all jurisdictions. Related regulations, such as

those that require some form of ring-fencing, are not the same across

Q IN WHAT WAYS ARE DATA

PROTECTION AND PRIVACY

LAWS IMPACTING THE

OPERATIONS OF FINANCIAL

INSTITUTIONS? DOES

MORE NEED TO BE DONE TO

ADDRESS CYBER RISK AND

RELATED LIABILITIES?

Q COULD YOU PROVIDE AN

INSIGHT INTO SOME OF THE

CHALLENGES ASSOCIATED

WITH ENSURING THAT

COMPLIANCE POLICIES AND

PROCEDURES ARE ADHERED

TO ACROSS MULTIPLE

JURISDICTIONS?



JULY 2015 • F INANCIER WORLDWIDE • 11www.f inancierworldwide.com

jurisdictions. The Volcker Rule requires the divestiture of specific trading

operations and the termination of certain investments. The UK and the

EU look for steps to separate depository institutions from the risks of

nonbanking affiliates but do not necessarily require divestitures, nor

do they have the same limits on investments. In the enforcement area,

an issue in one country is more likely to reverberate with regulators

in another country. US anti-money laundering actions against foreign

banks have, for example, triggered home country reactions – but not

the same reactions as in the US. The result is that an institution should

organise its compliance units in a way that compels integration and

a uniform response when necessary, while at the same time allowing

these units to address regulatory obligations in individual countries.

Dwight Smith

Partner

Nelson Mullins Riley & Scarborough LLP

+1 (202) 545 2885

[email protected]

Dwight Smith is a partner at Nelson Mullins. He focuses his practice on bank regulatory and consumer finance matters. Mr Smith began his banking work during the savings and loan crisis and its resolution during the late 1980s and early 1990s, experience that set the stage for his practice during the recent financial crisis and its aftermath. He has advised on both the institutional and consumer sides of banking. His clients include community, regional and large banks and thrifts across the country and nonbank consumer finance companies.


“ Often necessary is a chief compliance officer who reports directly to the board and who has both authority to direct compliance activities and accountability for defects.”



Q TO WHAT EXTENT DO



ARE OPERATING IN

AN ENVIRONMENT OF


SCRUTINY AND




CANADANANCY J. CARROLLMCCARTHY TÉTRAULT LLP

CARROLL: Although Canadian financial institutions weathered the 2008 financial

crisis relatively well, and are among the best capitalised financial institutions in

the world, they have faced a significantly changing regulatory environment post-

crisis. The Office of the Superintendent of Financial Institutions (OSFI) has strongly

supported the development of international prudential standards by indicating its

intention to fully implement Basel III well in advance of 2019 and by publishing

increased expectations for corporate governance and risk management. OSFI’s

priorities for 2015 to 2016 are to enhance its supervisory process and to focus on

post-crisis priorities for larger financial institutions, including data aggregation and

risk reporting capabilities. The Financial Consumer Agency of Canada has more than

doubled its number of investigations from 2011 to 2014. The Financial Transactions

and Reports Analysis Centre of Canada (FINTRAC) acquired the authority to impose

administrative penalties in December 2008. Together with OSFI, FINTRAC conducts

rigorous anti-money laundering compliance examinations.

CARROLL: OSFI is implementing post-crisis reforms through new guidelines regarding

capital adequacy requirements and liquidity adequacy requirements for banks,

own risk and solvency assessment and evolving capital requirements for insurers,

and corporate governance and regulatory compliance management for institutions

generally. Canada plans to adopt a bail-in regime for domestic systemically important

banks. Canada is implementing its G-20 commitments for OTC derivatives, with

trade reporting effective in Ontario, Quebec and Manitoba since October 2014.

The Supreme Court’s decision in Marcotte in September 2014 ruled that certain

provisions of provincial consumer protection legislation could apply to federally

regulated banks, resulting in uncertainty regarding the scope of applicable provincial

regulation. Canada intends to adopt a comprehensive federal financial consumer

protection code which would likely dissipate such uncertainty. The ‘Code of Conduct

for the Credit and Debit Card Industry’ was extended in April 2015 to include mobile

payments. The government is consulting with the Canadian payments industry to

determine to what extent the payments system should be reformed.

Q COULD YOU OUTLINE




SERVICES SECTOR?


JULY 2015 • F INANCIER WORLDWIDE • 13

Q WHAT ARE THE


RECENT REGULATORY

REQUIREMENTS FOR


8www.f inancierworldwide.com

CARROLL: Recent regulatory and legal changes have resulted in additional

compliance costs and increased compliance focus for all financial institutions, from

domestic systemically important banks to small and mid-sized institutions who seek

to scale OSFI guidelines to their size, complexity and risk profile. Some financial

institutions have expressed concern that growing regulatory demands detract

from their ability to compete and focus on their business. Furthermore, Canadian

financial institutions are operating in an environment of regulatory uncertainty as

they await the details of expected reforms such as the federal financial consumer

code. Regulatory uncertainty and increased compliance costs are occurring at the

same time as a number of unregulated entities have been entering the Canadian

financial services sector, particularly in the payments space. On the other hand,

OSFI’s conservative regulatory approach has likely contributed to Canada’s banking

system being consistently recognised by the World Economic Forum as the soundest

in the world over the past seven years.

CARROLL: Financial institutions are responding proactively. They are engaging

with regulators in public consultations on new regulations, and with other financial

institutions through industry groups, to keep abreast of evolving requirements and

to develop best practices in compliance. Financial institutions are in the business

of assuming and managing risk; they are focused on understanding how regulatory

changes affect their particular businesses with their distinct risk profiles. They are

also looking closely at regulatory compliance risk and strengthening their regulatory

compliance risk management. Furthermore, they are viewing regulatory compliance

as an essential component of their core business, allocating increased financial and

human resources to compliance. A strong internal governance framework is crucial

to regulatory compliance. Financial institutions are taking steps to ensure they have

robust corporate governance with a comprehensive, effective risk management

framework tailored to their business’s risk appetite and strategic and capital plans.

CANADA • NANCY J. CARROLL • MCCARTHY TÉTRAULT LLP


HOW ARE FINANCIAL



REGULATORY CHANGES?

HOW IMPORTANT IS IT


INTERNAL GOVERNANCE


COMPLIANCE?


Q WHAT POLICY AND




MAINTAIN COMPLIANCE




CARROLL: Financial institutions might undertake critical reviews of their corporate

governance, risk management, regulatory compliance management, and capital

and liquidity management policies to assess whether they meet OSFI’s heightened

expectations. Based on their particular size, complexity and risk appetite, institutions

might identify changes required to make their policies more stringent, clear and

effective in practice. Financial institutions might engage in more rigorous testing

of the capabilities of their processes and oversight functions. Employee training on

new regulations and enhanced processes might be required. The goal is to create

widespread understanding of, and support for, risk management and regulatory

compliance throughout the institution. Financial institutions might implement policy

and process changes to position themselves to demonstrate to their regulators that

they have effective policies and processes in place to analyse evolving regulatory

requirements, implement and evaluate their compliance program, and generate

reports to meet evolving regulatory requirements for data aggregation and risk

reporting.

CARROLL: Canadian financial institutions have been complying with federal and

provincial privacy laws for many years, seeing the protection of their customers’

personal information as key to their business success. Federal privacy law was

amended in June 2015 to require the mandatory reporting of privacy breaches – to

be implemented through regulations – with potentially significant fines for non-

compliance. Financial institutions might need to revise their privacy policies to comply.

Cyber security is a top priority for financial institutions, their boards of directors and

regulators, who identify it as a major operational, reputational, financial and systemic

risk. Financial institutions use OSFI’s Cyber Security Self Assessment Guidance to

assess their preparedness and develop effective practices. Some financial institutions

view robust data protection and breach response plans as a competitive advantage,

critical to limiting data loss and operational disruption, and minimising liability to

third parties and regulators – particularly if their plans are regularly updated to

reflect evolving cyber security standards.




LAWS IMPACTING THE


INSTITUTIONS? DOES




“ Imposing uniform policies typically leads to adoption across jurisdictions of the most stringent standards, with the resulting trade-off on costs.”






WITH ENSURING THAT



TO ACROSS MULTIPLE

JURISDICTIONS?

CARROLL: It is challenging, complicated and costly to design and ensure adherence

to policies that apply across multiple jurisdictions which often have inconsistent

or contradictory requirements. Although home regulators may require enterprise-

wide policies, one policy may not be suitable for all jurisdictions. Local legal advice

is required to ensure that compliance policies meet each jurisdiction’s standards.

The US Volcker Rule, for example, differs from more globally harmonised prudential

requirements favoured elsewhere. As such, this requires Canadian banks with US

operations to implement unique systems to comply. Imposing uniform policies

typically leads to adoption across jurisdictions of the most stringent standards, with

the resulting trade-off on costs. Certain global policies, such as those dealing with

anti-money laundering or corruption, might need to be tailored to be effective in

jurisdictions with higher perceived risk. It is critical that management and employees

in each jurisdiction receive training on the implementation of enterprise-wide policies

and procedures.

Nancy J. Carroll

Partner, Financial Services Group

McCarthy Tétrault LLP

+1 (416) 601 7733

[email protected]

Nancy J. Carroll is a partner in McCarthy Tétrault LLP’s Financial Services Group and a former member of McCarthy Tétrault’s board. She is a leading lawyer in financial institutions regulation, advising banks and insurance companies on regulatory requirements and compliance, regulatory approvals, corporate governance, regulatory risk management, anti-money laundering, privacy and cyber security. She has extensive transactional experience in representing banks and insurance companies on mergers and acquisitions, and on the establishment in Canada of branch operations for foreign banks and insurance companies. Ms Carroll is the editor of Consolidated Insurance Companies Act of Canada, Regulations and Guidelines, 2015 Edition.




Q TO WHAT EXTENT DO



ARE OPERATING IN

AN ENVIRONMENT OF


SCRUTINY AND




GABRIEL MATARASSOMARVAL O’FARRELL & MAIRAL

ARGENTINA

MATARASSO: Financial institutions in Argentina are certainly operating in

an environment of increasing regulatory scrutiny and enforcement activity.

Current regulations from the Argentine Central Bank, the enforcement

authority overseeing banking operations in Argentina, impose a wide range

of requirements and obligations on financial institutions, and restrict and

regulate many of the main aspects of the banking business. For example,

the Central Bank has recently regulated many of the common sources of

financial institutions’ income. Financial institutions may also be subject to

other regulatory authorities depending on whether they provide certain

complementary services. For example, financial institutions that provide

capital markets services will be subject further to capital markets regulations

which, as per a recent amendment, have granted the enforcement authority,

the National Securities Commission (CNV), wide regulatory and sanctioning

powers. Furthermore, in recent years there has been an increasing level of

regulation in anti-money laundering related matters, which has led to more

extensive ‘Know Your Customer’ checks and more exhaustive reporting of

unusual and suspicious activities.

MATARASSO: The Central Bank has recently regulated many of the common

sources of financial institutions’ income, such as fees and commissions,

granting of loans and interest rates. Some of these new regulations include

specific provisions on admitted and non-admitted charges and expenses as

well as provisions on the presentation, modification and reimbursement of

such. These regulations provide, among others, that charges and fees shall be

based on real and demonstrable costs and be duly justified from a technical

and economic standpoint. No charges and fees may be charged on services

and products if not previously agreed with the client. Also, no fees can be

charged on transactions through human bank tellers or with respect to the

engagement or management of insurance policies, the issuance of bank

statements, the sending of electronic bank statements or the assessment,

Q COULD YOU OUTLINE




SERVICES SECTOR?



ARGENTINA • GABRIEL MATARASSO • MARVAL O’FARRELL & MAIRAL

granting or management of credits. Regulations also require prior authorisation

from the Central Bank to increase fees for ‘basic products or services’. Since

2012, the Central Bank has imposed a temporary regime – which has been

repeatedly extended to date – under which certain financial institutions are

required to allocate, at least, an amount equal to 6.5 percent of the deposits in

Argentine pesos from the non-financial private sector in financings to micro,

small and medium-sized enterprises (MSMEs) at a fixed annual rate of up to

19 percent, which is lower than the annual inflation rate, and with a one year

initial grace period.

MATARASSO: Recent regulations place great pressure on financial institutions

that are faced with extensive regulations which cover all relevant aspects of the

banking business. Also, these types of regulations have an immediate impact

on the operations of financial institutions, since certain matters such as fees

and expenses to be charged, the interest rates to which the financial institution

is willing to lend money and the allocation of financing to the private sector,

now rest with the Central Bank, which has the power to determine maximum

charges, fees and expenses, benchmark interest rates and loan quotas. Similar

powers are also granted to the CNV, which is empowered to set maximum

fees and charges on capital markets transactions.

MATARASSO: Given the extensive set of regulations currently in force,

financial institutions must create internal controls in order to ensure

compliance with all aspect of Central Bank regulations. Although financial

institution usually have a person trained on regulations applicable to particular

departments, most financial institutions have also created a specific department

within their corporate structure devoted to compliance. Furthermore, most

financial institutions have a compliance committee within their board of directors

which is entrusted to supervise and follow up on day-to-day compliance.

Q IN YOUR EXPERIENCE, HOW

ARE FINANCIAL INSTITUTIONS

RESPONDING AND ADAPTING

TO THESE REGULATORY

CHANGES? HOW IMPORTANT

IS IT STABLISH A STRONG

INTERNAL GOVERNANCE


COMPLIANCE?

Q WHAT ARE THE


RECENT REGULATORY

REQUIREMENTS FOR





MATARASSO: Extensive regulations impose a great burden on financial

institutions and they must adapt to this highly regulated scenario. Not only are

financial institutions limited in their ‘decision-making process’, they are also

constantly faced with the increasing need to create internal structures and

control processes to ensure compliance with all applicable regulations. Most

financial institutions are on their way to adapting to this scenario and have

adopted several internal measures. Some of these include creating particular

committees focused on compliance, developing a specific department within

the corporate structure with trained professionals in regulatory matters,

and investing a great amount of time in studying regulations and training

professionals in these matters.

MATARASSO: Personal data protection is regulated in Argentina by the

Personal Data Protection Law No. 25,326 (PDPL). Under the PDPL, any existing

public or private database intended to provide information – including

financial institutions’ databases – must be registered with the Argentine

Personal Data Protection Agency, the personal data enforcement authority,

before processing data. Also, the PDPL imposes the need to adopt necessary

technical and organisational measures in order to guarantee the security

and confidentiality of the personal data, protecting it against accidental

or intentional destruction, loss, alteration, or against unauthorised access

or disclosure. Central Bank regulations also address IT related matters and

set forth specific requirements and standards on security and monitoring.

Furthermore, the Financial Entities Law No. 21,526 (FEL) regulates financial

entities’ obligations regarding banking secrecy. The law prohibits financial

entities from disclosing the information provided by their clients and their

borrowing transactions, but not their lending transactions and other financial

services. FEL also requires employees of a financial entity to preserve

the confidentiality of any information that they acquire in the course of

performing their work. The law contemplates certain exceptions to this duty

of confidentiality, such as when the information is requested by judges, the

Central Bank, the taxing authorities and other financial entities, provided that

the conditions established by law are met.



LAWS IMPACTING THE


INSTITUTIONS? DOES




Q WHAT POLICY AND




MAINTAIN COMPLIANCE





MATARASSO: The coexistence and sometimes the overlapping of current

compliance policies and procedures across multiple jurisdictions create a

highly complex scenario for financial entities. In recent years there have been

several pieces of legislation around the world which are supposed to have

worldwide application. For example, there is FATCA, a US regulation which

is intended to be applied worldwide and which clearly clashes with local

regulations such as data protection regulations and banking secrecy. Financial

institutions, mainly those which are part of multinational corporate groups,

are faced with the challenge of harmonising different compliance regimes so

as to be able to comply with all regulations across different jurisdictions.

Gabriel Matarasso

Partner

Marval O’Farrell & Mairal

+54 11 4310 0100

[email protected]

Gabriel Matarasso joined Marval, O’Farrell & Mairal in 1994 and has been a partner since 1996. His areas of specialisation include corporate, commercial, finance and capital markets, both local and international. Mr Matarasso has also worked on many M&A deals, advising investment banks, financial entities, strategic partners and private equity funds in international transactions. He has also advised banks and companies on different types of transactions, including debt restructurings and restructuring proceedings under Central Bank supervision. Mr Matarasso is a member of the Bar Association of the City of Buenos Aires and the International Bar Association.




WITH ENSURING THAT



TO ACROSS MULTIPLE

JURISDICTIONS?


“Extensive regulations impose a great burden on financial institutions and they must adapt to this highly regulated scenario.”



Q TO WHAT EXTENT DO



ARE OPERATING IN

AN ENVIRONMENT OF


SCRUTINY AND




COLOMBIAANDREA FRADIQUE-MÉNDEZGÓMEZ-PINZÓN ZULETA ABOGADOS S.A.S.

FRADIQUE-MÉNDEZ: There is an increase in regulatory scrutiny and

enforcement activity. The Colombian Financial Superintendency (CFS)

has adopted risk-based supervision with respect to financial institutions

and insurance companies which involves extra situ and in situ supervision

and monitoring. The idea behind this approach is to allow the supervisory

authorities a more comprehensive and preventive supervision which relies, to

a great extent, on information provided by the institutions themselves and the

adoption of internal control policies and procedures. In part due to the fact that

risk-based supervision is still being fully effected, there has not been an increase

in enforcement activity, except with respect to practices implying systemic

risks, including data protection, conflicts of interest, manipulation of capital

markets, mainly in connection with specific scandals involving the liquidation

of Interbolsa, the then largest Colombian stock broker, as well as deposit taking

activities by non-authorised entities.

FRADIQUE-MÉNDEZ: The most relevant regulatory changes relate to

international standardisation and consolidated supervision, financing

facilitation for the Colombian government’s fourth generation infrastructure

program, and financial inclusion.

FRADIQUE-MÉNDEZ: International standardisation involves the continuing

implementation of the Basel III accord and the convergence of Colombian

Banking GAAP to IFRS. In 2012, prudential regulations were modified to

gradually close the gap to Basel III, with the aim of improving the quality of

regulatory capital. Also, very recently, financial institutions have been permitted

to issue hybrid capital instruments. Requirements for establishing capital buffers

have not yet been adopted. With respect to the convergence to IFRS, the first

group of institutions has issued 2015 first quarter IFRS financials in a less-than-

smooth process, which proves that this will be a slow-paced and ever-changing

Q COULD YOU OUTLINE




SERVICES SECTOR?

Q WHAT ARE THE


RECENT REGULATORY

REQUIREMENTS FOR




COLOMBIA • ANDREA FRADIQUE-MÉNDEZ • GÓMEZ-PINZÓN ZULETA ABOGADOS S.A.S.

adaptation. Another leading step from an accounting perspective relates to the

obligation of credit institutions to comply with solvency ratios on a consolidated

basis, including information on financial local and foreign affiliates as a response

to the salient expansion of Colombian financial institutions abroad, and

particularly to Central America. The infrastructure program is an ambitious task

that requires nearly COP$60bn of fresh funds, significantly exceeding the credit

capacity of local financial institutions. Regulatory changes have involved raising

the cap of lending and concentration limits and allowing institutional investors

to participate in investment funds conceived for this type of financing. With

respect to the promotion of financial inclusion, the most aggressive strategy

has revolved around allowing the use of non-financial correspondents by

financial institutions, and most recently, by insurance companies, in remote

regions, which is said to have expanded the ratio of banking inclusiveness to up

to 99 percent. Also, it is expected that additional and easier access to electronic

deposits subject to lighter KYC rules provided by companies specialised in

electronic deposit and payments will help build on this progress.

FRADIQUE-MÉNDEZ: The response of financial institutions to these regulatory

changes has been positive. As an example, adapting to the changes on

international standardisation has required the re-composition of capital and

accounting measures to comply with prudential regulations, software migration

and configuration and modifications of information-providing standards to

supervisors. In particular, convergence to IFRS has proved challenging and has

required combined efforts between financial institutions and the CFS to better

understand IFRS standards and their local application, and the implications of

the accounting changes vis-à-vis compliance with prudential regulations. It is

very important to establish a strong governance framework. The adoption of

strong governance and internal control policies over financial reporting have

gained an essential role to maintain assurance of reliability of information,

determine the specific risk profile of each institution, facilitate and report to the


HOW ARE FINANCIAL



REGULATORY CHANGES?

HOW IMPORTANT IS IT


INTERNAL GOVERNANCE


COMPLIANCE?




supervisor the existence of early alerts, manage risks and maintain compliance

with reporting obligations. Furthermore, Bancolombia and Grupo Aval, which

constitute a substantial part of the financial sector, are listed in exchanges in

the United States and have adopted the Internal Control-Integrated Framework

issued by the Committee of Sponsoring Organizations of the Treadway

Commission. In the regulatory pipeline there are initiatives that will require

strengthening internal governance, including more discretion to the CFS to

request, on a case by case basis, additional individual or consolidated capital

over the minimum set forth by prudential rules and the obligation of the board

of directors of financial institutions to provide annual risk profile assessments

to the supervisor.

FRADIQUE-MÉNDEZ: In addition to policy and process changes related to

accounting practices due to the changes referred to above, compliance with

new regulations will require self-regulation policies and self-monitoring

to assure compliance and keeping up with a more discretionary activity by

the supervisor. Said self-regulation and monitoring will need to be extended

globally to consolidated entities.

FRADIQUE-MÉNDEZ: Financial data protection and privacy laws were adopted

in 2008. The most important protections refer to the use of the information,

recordation of documentation, and the need for consent from the owner of the

information, including information originated in other jurisdictions. In 2012,

a new set of regulations were adopted for other sectors but the principles of

restricted access and circulation, technical security and transparency provided

therein apply to financial institutions as well. Although financial institutions

have adapted their practices and operation systems to comply with these

requirements, enforceability of these regulations has been a priority of the

supervisor and certain sanctions have been imposed. More may need to be

done to address concerns resulting from the dynamic expansion of Colombian

financial institutions to other jurisdictions – offshore assets have increased by

267 percent in the past five years – and cyber risks and attacks, which Colombia

has dealt with in other spheres but has not yet permeated the financial sector.



LAWS IMPACTING THE


INSTITUTIONS? DOES




Q WHAT POLICY AND




MAINTAIN COMPLIANCE



“ More may need to be done to address concerns resulting from the dynamic expansion of Colombian financial institutions to other jurisdictions.”






WITH ENSURING THAT



TO ACROSS MULTIPLE

JURISDICTIONS?

FRADIQUE-MÉNDEZ: Ensuring adherence to compliance policies and procedures

across multiple jurisdictions is a task that goes hand in hand with international

standardisation and consolidated monitoring and supervision. The main challenges

include establishing a common ground in terms of standards and conducts, the

sharing of sufficient and periodic information across jurisdictions to maintain

adequate monitoring and flow of information, a clear determination of jurisdictional

competence and comprehensive supervision of financial and non-financial legs of

financial groups, which is an initiative that is currently being evaluated. To facilitate

transnational supervision, the CFS has participated in banking supervisors forums and

conferences and has entered into a number of bilateral and multilateral memoranda

of understanding with other supervisory authorities in jurisdictions of interest

to foster communication, cooperation and exchange of information and deter a

potential appetite for increasing levels of risk in other jurisdictions which could

have a negative impact in Colombia. Further, as part of the Pacific Alliance efforts,

a committee is intended to be formed to identify barriers for the consolidation and

integration of the financial market across Colombia, Mexico, Chile and Peru and

contemplate potential regulatory reforms to facilitate the integration.

Andrea Fradique-Méndez

Senior Associate

Gómez-Pinzón Zuleta Abogados S.A.S.

+571 319 2900 ext. 248

[email protected]

Andrea Fradique-Méndez is a dual admitted attorney in New York and Colombia and a senior member of the banking, finance & capital markets practice of Gómez-Pinzón Zuleta S.A.S. Ms Fradique-Méndez has also been an associate with Skadden, Arps, Slate, Meagher and Flom in New York. She holds an LL.M. from Columbia University, a JD from Universidad Javeriana and a graduate degree from Universidad de los Andes. In addition to her regulatory expertise, Ms Fradique-Méndez has extensive experience in negotiating and structuring complex international banking and project finance transactions and cutting-edge local and international capital market deals.




Q TO WHAT EXTENT DO



ARE OPERATING IN

AN ENVIRONMENT OF


SCRUTINY AND




CAYMAN ISLANDSSIMONE PROCTORSOLOMON HARRIS

PROCTOR: Nothing is singly more important to an offshore financial centre,

such as the Cayman Islands, than its reputation. To protect its soundness,

regulators in Cayman are tasked with maintaining an internationally

acceptable regulatory framework and the correct balance of supervision

and enforcement. It has to be done. It is clear that there has been increased

regulatory enforcement activity in the financial services sector here. This is

also evident in other financial markets as well. One only has to look at the

number of enforcement actions brought, including against chief compliance

officers – without commenting on whether they ought to have been

brought, or whether they were ultimately settled and on what terms – by

the SEC, the FCA and their peers, in the past 12 to 24 months. The numbers

are staggering.

PROCTOR: The Cayman Islands has publicly and formally indicated its

intention to meet established international standards in financial services,

and to cooperate with the exchange of tax information and other measures

which promote transparency in the jurisdiction. Everyone has heard of

FATCA by now. Having passed the relevant implementing local legislation

and built the infrastructure, the Cayman Islands government, through the

Department for International Tax Cooperation, recently launched its portal

for the automatic exchange of information, and the first deadline for the

submission of returns for US FATCA was 26 June. Even before that was out

of the way, the government advisory announcing Cayman’s implementation

of the OECD’s common reporting standards was issued on 16 June. As one

of the early adopters of the measures, the Cayman Islands has committed

to a rigorous implementation timetable. Financial institutions and other

sector participants will be required to have the IT systems in place to meet

the new account opening procedures and due diligence requirements by

1 January 2016. We are also anticipating the start of reporting obligations

under UK FATCA, next year, and preparing for a National Risk Assessment

Q COULD YOU OUTLINE




SERVICES SECTOR?



CAYMAN ISLANDS • SIMONE PROCTOR • SOLOMON HARRIS

based on the FATF 40 Recommendations, especially Recommendation

1, that a country should assess its risk. The latter will most likely lead to

certain tweaks being made in our AML/CFT legislative framework in the

months to follow. A CFATF mutual evaluation is scheduled to take place in

the first quarter of 2017. Concurrently, we are focused on the Alternative

Investment Fund Managers Directive and in particular, on revising the

legal framework and engaging at the right levels to ensure that Cayman

positions itself to benefit from arrangements for third countries, including

‘passporting’ measures.

PROCTOR: One result of all the regulatory changes is increased compliance

and operational costs. It’s the glaring reality. Each one of the leading

financial centres, onshore and offshore, has conducted a post 2009 financial

crisis review. The result feels like an avalanche of regulatory changes and

the need to find a bigger budget to pay for it all. New entrants to the

financial markets have to review their projections and budgets from the

initial application and build phases, all the way through to implementation.

A second notable result is more subtle. It takes the form of three deadly

words: “Our expectation is...” When the regulator says this, no matter how

softly, please make a note. Regulatory expectations have also increased.

PROCTOR: Financial institutions are running a business. While costs may

be increasing and work continues to engage regulators to harmonise

measures to keep the regulatory changes within context and relevant,

non-compliance is not an option. Investors, as a part of their due diligence

process, are examining compliance matters very closely, and financial

institutions are fully aware of this. Financial institutions are constantly

reassessing, and while some may opt, after detailed analysis, to divest

themselves from regulated lines of business, the vast majority embrace


HOW ARE FINANCIAL



REGULATORY CHANGES?

HOW IMPORTANT IS IT TO

ESTABLISH A STRONG

Q WHAT ARE THE


RECENT REGULATORY

REQUIREMENTS FOR





the regulatory developments, seek the appropriate advice and carry on. In

Cayman established businesses, we have seen a shift in the composition of

boards and governing bodies, often with the recruitment of independent

directors with regulatory, compliance and risk management backgrounds.

Under Cayman Islands laws and regulations, the responsibility ultimately

lies with the board, or governing body, even where a function is outsourced,

so it is critical that a compliance culture starts from the very top and is kept

at the forefront of the board agenda.

PROCTOR: An investment in compliance systems and software is inevitable.

Manual systems must simply be replaced. There are too many moving parts

to think that a manual system, no matter how well it worked in the past,

will suffice now. Take the example of a global group of companies with a

Cayman holding company that books its treasury through an affiliate which

holds a category B bank licence in the Cayman Islands, has operations in

Mauritius, and offices in London and Argentina. The compliance oversight

function needs to be set up with a global dashboard as well as at a local

level with attendant policies and procedures and advice. The compliance

function continues to be a regulator’s first line of defence against breaches,

so the proper level of seniority and resources is crucial.

PROCTOR: The data protection law is still in draft form in the Cayman

Islands, and when implemented will impose certain obligations and liability

on entities that collect, store, process and transmit personal data. There is,

however, the Confidential Relationships (Preservation) Law (2009 Revision)

which financial institutions are no doubt aware of, and which has been in

place for more than 40 years. This law outlines the framework for keeping

confidential information private. In an environment of increased cyber crime

and cyber attacks, the conversation extends beyond liability for the theft

of personal data, and data breach; financial institutions must also concern

themselves with the financial impact of theft of intellectual property,

proprietary software and the like. This, in turn, leads us back to regulatory

requirements for having adequate systems and risk controls. Cyber crime



LAWS IMPACTING THE


INSTITUTIONS? DOES




Q WHAT POLICY AND




MAINTAIN COMPLIANCE


INTERNAL GOVERNANCE


COMPLIANCE?




is more than just a risk, it is reality. Regulated financial institutions in the

Cayman Islands are required to comply with the statement of guidance

on the use of the internet which includes requirements for IT security.

However, we fully expect to see a more comprehensive regulatory policy or

statement of guidance on cyber security being consulted upon vigorously

and issued by the Monetary Authority in short order.

PROCTOR: Laws and regulations differ across jurisdictions, and procedures

may differ from one regulated activity to the next. The reality is that

financial institutions doing business in the Cayman Islands or elsewhere

must be prepared to meet and comply with the increasing regulatory

obligations. They must also be willing to engage regulators and decision

makers through the various organisations like AIMA, to contribute to the

shape of what ultimately is unveiled. The runway for those determined not

to engage or comply is very short.

Simone Proctor

Senior Associate

Solomon Harris

+1 (345) 949 0488

[email protected]

Simone Proctor is a member of Solomon Harris’ Corporate Department and heads up our Regulatory and Compliance group, having joined the firm as an associate in October 2010. She is an honours graduate in law from the University of the West Indies (Cave Hill Campus), holds an LLM: Banking & Finance from the University of London, QMW, and is a member of the Chartered Institute for Securities & Investments. Admitted to practise as a solicitor of the Law Society of England & Wales in 2003, Ms Proctor is also admitted in the Cayman Islands, New York State Bar 2nd Circuit, and in Guyana.




WITH ENSURING THAT



TO ACROSS MULTIPLE

JURISDICTIONS?


“ The compliance function continues to be a regulator’s first line of defence against breaches, so the proper level of seniority and resources is crucial.”



Q TO WHAT EXTENT DO



ARE OPERATING IN

AN ENVIRONMENT OF


SCRUTINY AND




AHERN: Since the financial crisis, there has been a proliferation of regulatory

measures in such volume and at such pace that it has been difficult for the

regulated community to absorb. The regulatory response has been to radically

curb the ability of banks to lend by imposing capital requirements that far

exceed those that were in place prior to the crisis. In addition, Volker, Vickers

and Liikanen have proposed massive structural changes to the way in which

banks are organised so that retail deposits are protected in the event of bank

failure. In the UK, regulatory policy has undergone a fundamental shift from

‘light touch’ to enhanced monitoring and supervision and the regulatory

approach is much more intrusive than in the past.

AHERN: At a global level, we have seen broad ranging proposals from the G20

to the Basel Committee on Banking Supervision proposals for a new bank

capital framework which significantly increases bank capital requirements.

At a European level, these and other reforms have been articulated through

a variety of EU legislative measures, including the Capital Requirements

Regulation, the European Markets Infrastructure Regulation, MiFID II, the

Alternative Investment Fund Managers Directive, new payment services

directive, and the Bank Recovery and Resolution Directive. At a domestic

UK level, we have seen sweeping amendments to the Financial Services

and Markets Act 2000 made by the Financial Services Act 2012 as well as

the enactment of the Banking Act 2009 and the Financial Services (Banking

Reform) Act 2013.

AHERN: The new regulatory requirements will hamper the ability of the

banks and other financial institutions to do business. Firstly, increased capital

requirements on banks and the changes to the qualitative characteristics

of eligible capital instruments mean that the banks had to recapitalise and

the cost of capital has spiralled. This is largely due to the requirement that

JOHN C. AHERNJONES DAY

UNITED KINGDOM

Q COULD YOU OUTLINE




SERVICES SECTOR?

Q WHAT ARE THE


RECENT REGULATORY

REQUIREMENTS FOR




additional Tier 1 capital instruments must have a bail-in or write-down

feature. Clearly, investors in banks will charge a premium for that risk. Secondly,

because of the capital requirements now imposed on banks, lending to the

SME and consumer markets is more difficult – banks will need to see a better

return on capital than before and are disincentivised to post capital against

exposures that are less profitable and of greater risk. Thirdly, when the ring-

fencing provisions of the Banking Reform Act commence, banks will not be

able to fund a variety of activities with retail deposits. Accordingly, their

ability to grow will be somewhat restricted. Fourthly, the consequences of

mandatory clearing of OTC derivatives under EMIR and the proposals under

MiFID for derivatives contracts to be traded on organised venues means

that the cost of trading these instruments has soared – this is primarily due

to the costs of clearing and the quality of collateral required by clearing

houses to engage in the clearing process. There is a further implication arising

from mandatory clearing of OTC derivatives and that is that the risk of the

counterparty in a bilateral trade is replaced with the risk of the clearing house

across all trades.

AHERN: It is difficult for practitioners to keep abreast of the various

consultation papers, discussion papers, orders, regulations and

pronouncements that endlessly flow from the regulatory authorities both

domestic and European. For internal compliance and legal support functions,

the challenge must be exponentially more difficult considering they also

need to help their institutions get on with day to day business. Regulatory

reform has had a single very important theme: accountability of senior

management. In most measures, the ultimate responsibility for compliance

rests with senior management. In that regard the Senior Managers Regime is

designed to improve responsibility and accountability of senior management

in banking businesses.

UNITED KINGDOM • JOHN C. AHERN • JONES DAY


HOW ARE FINANCIAL



REGULATORY CHANGES?

HOW IMPORTANT IS IT


INTERNAL GOVERNANCE


COMPLIANCE?


Q WHAT POLICY AND




MAINTAIN COMPLIANCE




AHERN: While regulatory risk has always been accepted as part and parcel

of being active in the financial services sector, it has moved centre stage

in many ways in the eyes of those managing regulated businesses. Along

with the regulatory emphasis on management accountability, there are new

criminal offences relating to reckless behaviour which precipitates the failure

of a bank. These changes make the communication of information regarding

compliance requirements an imperative at firms. Furthermore, the volume

of material with which financial institutions need to be familiar is such that

there must be smooth and effective processes to ensure that it is dealt with

in a timely and efficient manner. As regards policy changes, what we see in

private practice is a strong reduction in attempts to rationalise behaviours

at the expense of regulatory infraction. Gone are the days when firms will

spend any time trying to rationalise practices or behaviours which intuitively

seem to be inconsistent with the expectations of regulators.

AHERN: As technology develops, so too does the ingenuity and innovation of

those involved in criminal activity. There is so much that data protection and

privacy laws can do. However, ultimately, the sophistication of fraudsters is

a demanding challenge across the industry. In essence, much more needs to

be done to address cyber risk as the costs of cyber fraud continue to escalate

year on year. In part, cyber risk increases as a result of the age of IT systems

operated by some firms. In some cases, IT spend has not been sufficient in

the last number of years to equip firms to manage cyber risk. Cyber risk,

including the risk of card fraud and financial crime, is exacerbated by larger

reliance in recent years on web-based front-end channels that increase the

risk of personal data and consumer funds being compromised. The growing

interconnectedness of firms must be considered too.



LAWS IMPACTING THE


INSTITUTIONS? DOES





“ Gone are the days when firms will spend any time trying to rationalise practices or behaviours which intuitively seem to be inconsistent with the expectations of regulators.”






WITH ENSURING THAT



TO ACROSS MULTIPLE

JURISDICTIONS?

AHERN: Broadly, where there is a lack of political integration it is difficult to

achieve absolute harmonisation across Member States. Accordingly, it becomes

difficult to avoid having disparate compliance policies and procedures in different

jurisdictions – to do otherwise would probably put a firm at a competitive

disadvantage in certain jurisdictions. Another impediment to harmonised

compliance policies and procedures is the risk associated with going further

than is required by local regulation. In those circumstances, where a particular

procedure is not followed, the firm risks regulatory sanction or criticism, although

the procedure is not required in that particular locality in order to comply with

the relevant regulatory requirements. On the other hand, governance becomes

much more fragmented in the absence of uniform policies and procedures.

Additionally, the uniform approach may enhance brand value and recognition.

In our experience, cultural and political differences across jurisdictions add to

the difficulty raised by differing laws and regulations in developing uniform

compliance procedures. Firms either opt for a one size fits all approach or tackle

each market separately, and develop local compliance procedures everywhere.

John C. Ahern

Partner

Jones Day

+44 (0)20 7039 5176

[email protected]

John Ahern is a leader in UK financial services law and regulation and has extensive experience in the markets of the UK and Europe. He advises on a range of regulatory issues in the wholesale and private banking sector where he has developed considerable knowledge in private practice as in-house counsel at a global investment bank. Mr Ahern advises multilateral trading facilities, broker-dealers and banks on trading, clearing and settlement as well as custody of securities. He has a particular focus on regulatory capital and advises a number of banks on the requirements and implications of the prudential regime.




Q TO WHAT EXTENT DO



ARE OPERATING IN

AN ENVIRONMENT OF


SCRUTINY AND




ANDREW BATESDILLON EUSTACE

IRELAND

BATES: Like their international counterparts, regulated entities in Ireland are

subject to an ever increasing level of regulatory scrutiny as well as enforcement

activity. This is evident from the practical application of the Irish Central Bank’s

probability risk and impact system, or PRISM – the risk-based framework for

supervision of regulated entities, which it uses to determine which entities to

focus mostly closely on and how frequently. It is also evident in regular Central

Bank themed inspections, through regulatory questionnaires and also from the

attitude of regulators in dealing with those they regulate. We are finding across

all regulated industry sectors that there is a constant and deep questioning and

challenging by regulators of what is being done, why it is being done and how

it is being done.

BATES: Legal and regulatory changes come in many guises. At one level they

are driven by EU and broader international bodies. On top of that we have

regulatory changes due to new interpretations or opinions from European

supervisors such as ESMA, or the assumption of roles by such supervisors, such

as the single supervisory mechanism for banks via the EBA. We also have new

domestic legislation dealing with wider enforcement and supervisory powers,

whistleblowing and protected disclosures legislation, client money and asset

regulations, a complete overhaul of guidance in areas such as Solvency II, as

well as delegate oversight and other governance proposals. One can see why

compliance officers are in high demand.

Q COULD YOU OUTLINE




SERVICES SECTOR?



Q WHAT ARE THE


RECENT REGULATORY

REQUIREMENTS FOR



IRELAND • ANDREW BATES • DILLON EUSTACE

BATES: Probably the greatest implication for the financial services industry is

that the cost of entry has become pretty high. Given the capital requirements

imposed on operating businesses, given the significant compliance burden

as well as what remains a somewhat fractured international regulatory

environment, only those with significant resources can survive. Regulatory

fatigue is often mentioned and simply listing off the regulatory and legislative

initiatives demonstrates what regulated entities face. Changes feed through

into many areas including, for example, governance structures, client facing

documentation, contractual arrangements, remuneration arrangements, and

so on. That the process seems unending is an issue. It may not be possible to

wait until the next development to amend documentation to deal with today’s

issue. Therefore, some groups end up amending their documentation today

and then carrying out a further overhaul in, for example, six months’ time to

address the next development, resulting in significant additional costs. Those

costs often end up at the door of the investor or customer.

BATES: Generally we are seeing a good response from financial institutions

to the regulatory environment. It has taken time, as much effort was put into

place by organisations in developing policies and procedures which would work

not only at individual operating company level but also are consistent with

group level and cross-business policies. They have also realised that having

complete policies and procedures is just one part of the equation. They have to

implement the policies and procedures and also test them periodically to see if

they are fit for purpose. This can raise concerns where regulators do not seem

willing to accept that, when one tests policies and procedures, the result can

be that they are not sufficient. If reporting such deficiencies – and remediation

plans – to one’s regulator can lead to a sanction process being initiated, that

can remove an incentive to test. Regulators may need to rethink their approach

so that there is a positive benefit, not a disincentive, to test active systems,


HOW ARE FINANCIAL



REGULATORY CHANGES?

HOW IMPORTANT IS IT


INTERNAL GOVERNANCE


COMPLIANCE?




policies and procedures. From a governance perspective, boards of regulated

entities are becoming more sophisticated in what they are looking for and

at. Some boards initially felt swamped by new policies and procedures and

presentations on the volume of regulatory changes, but over time have been

able to move past the policy and procedures stage and organise themselves to

focus on how, from a business perspective, those policies and procedures are

applied as well as looking at areas where there may be gaps, but which are just

as important to the overall regulatory and compliance environment.

BATES: This changes very quickly and can sometimes be dependent on the

regulatory flavour of the month. Cyber security seems to be a current focus

and AML/CTF is a constant one. Other areas institutions need to focus on

might include capital adequacy controls and calculation processes, product

approval processes and oversight of distribution channels, product suitability,

and remuneration.

BATES: At one level, we see the impact of data protection laws – over and

above the normal day-to-day application – where domestic financial services

groups have been taken over by larger international groups and where data

processing is centralised in a jurisdiction outside the EU, where information

obtained for one purpose is sought to be used for a different purpose without

prior authority and cases involving accidental data loss. Perhaps more relevantly,

cyber security risk has become an ever increasing issue for regulated entities.

We have seen several recent attempts to defraud fund vehicles and life insurers

through hacking of investors’ email accounts and submission of fraudulent

redemption and surrender requests. We have also seen fraudsters creating quite

sophisticated fraudulent websites using publicly available data and logos of

legitimate financial services product producers resulting in innocent investors

being defrauded of sizeable sums. A more coordinated approach between law

enforcement agencies and regulators is required as it is often very difficult

for individual regulated entities to pursue fraudsters across multiple borders

trying to trace money as it moves in and out of different bank accounts almost

instantaneously.



LAWS IMPACTING THE


INSTITUTIONS? DOES




Q WHAT POLICY AND




MAINTAIN COMPLIANCE



“We have seen several recent attempts to defraud fund vehicles and life insurers through hacking of investors’ email accounts and submission of fraudulent redemption and surrender requests. ”






WITH ENSURING THAT



TO ACROSS MULTIPLE

JURISDICTIONS?

BATES: In a recent example, many European jurisdictions did not require financial

institutions to carry out politically exposed person (PEP) checking on their own

nationals. This did not always sit well with cross-border business. For example, if

an Irish financial institution was selling products into another EU jurisdiction via

a bank network in that jurisdiction, the bank network in that other jurisdiction

did not carry out PEP checking itself for its own customers. However, the Irish

entity, because it was now selling cross-border, had to establish whether its

customers in that other jurisdiction were PEPs. That required the foreign bank

to put in place a PEP checking framework that it did not have for its domestic

business and required significant new expenditure to ensure compliance. There

is also the element of frustration at the absence of a combined approach

between, for example, North American regulators and European regulators,

with the end result being that groups managing assets on both sides of the

Atlantic often end up with mismatching obligations and multiplied effort. This

all simply increases cost, effort, compliance and exposures, and can be difficult

to justify. Annex IV and Form PF reporting is an example.

Andrew Bates

Partner and Head of Financial Services

Dillon Eustace

+353 (0)1 673 1704

[email protected]

Andrew Bates is a partner and Head of Financial Services at Dillon Eustace, a law firm with principal offices in Dublin and Cayman. Mr Bates works mainly in the area of asset management and investment funds, insurance regulation and regulatory affairs. He advises clients on formation and establishment issues and on the ever changing regulatory landscape as well as representing clients dealing with regulatory investigations and in administrative sanctions proceedings. He is a former Council member of the Irish Funds Industry Association (IFIA) and is a current member of a number of IFIA working groups.




Q TO WHAT EXTENT DO



ARE OPERATING IN

AN ENVIRONMENT OF


SCRUTINY AND




DONNER: In response to the financial crisis, the European Commission pursued

a number of initiatives to create a safer and sounder financial sector for the

single market. These initiatives – the so-called Single Rulebook , which include

stronger prudential requirements for banks, improved depositor protection and

rules for managing failing banks – affect all financial players in EU Member States.

Therefore, today’s financial services institutions, meaning credit institutions

and investment services providers, are facing increasing supervisory activity on

a national and European level. With regard to the European Banking Union, for

instance, systemically relevant banks will be subject to closer supervision and

misconduct will be avenged more forcefully. In addition, national legislators

seek to improve a properly functioning banking and financial services system

to promote the performance potential of a country’s economy.

DONNER: A milestone in the integration of the European financial markets

has been conferring specific supervisory tasks on the European Central Bank

(ECB). Another component of the Single Rulebook is the directive establishing

a harmonised framework for the recovery and resolution of credit institutions

and investment firms which was adopted by the Member States by the end of

2014. The German Banking Act (KWG) already provided for certain instruments

for the recovery and resolution of credit institutions. With the implementation

of the Act, the resolution authority now has the right to require shareholders

and creditors of the failing institution to participate in the loss absorbency. The

directive is supplemented by the SRM regulation ensuring effective resolution

decisions for failing banks within the EU, including on the use of funding raised

at EU level. New regulations for distribution and trading financial instruments

have been introduced by the new Markets in Financial Instruments Directive

(MiFID II) and the supplementary Markets in Financial Instruments Regulation

(MiFIR). The key objectives of these regulations include investor protection,

market transparency, market infrastructure, and governance and supervisory

provisions. With regard to effective risk data aggregation and risk reporting,

GERMANYDR KIRSTEN DONNERKIRKLAND & ELLIS INTERNATIONAL LLP

Q COULD YOU OUTLINE




SERVICES SECTOR?



the principles published by the Basel Committee on Banking Supervision

(BCBS 239), in Germany to be incorporated in the Minimum Requirements

for Risk Management (MaRisk), and the guidelines for common procedures

and methodologies for the Supervisory Review and Evaluation Process (SREP)

published by the European Banking Authority, will play an important role.

DONNER: Financial institutions will see a dramatic rise in costs required to

ensure compliance with new regulatory requirements. These costs will not only

arise in connection with bank levies, they will also arise due to higher personnel

requirements, IT costs to support the broad management of financial risks and

adjustments in the organisational structure of financial institutions. Directors,

shareholders and creditors of financial institutions will, in the future, not be

able to rely on states and taxpayers as lenders of last resort.

DONNER: Proactive financial institutions will try to participate in and influence

the legislative procedure as early as possible. They will also be able to prepare

for the implementation of new regulatory requirements at the same time. Most

financial institutions get early advice on the possible implications and main

differences to present requirements. Others just ignore the developments and

struggle with the implementation in the remaining short time. It is extremely

important to have a strong governance structure to anticipate new regulatory

requirements. In Germany, this is already required by the MaRisk.

DONNER: In a fast changing regulatory environment, financial institutions

need to implement effective compliance processes to detect future regulatory

requirements at an early stage. In Germany, this is ensured by the compliance

process of the MaRisk. The German Regulator has adjusted the MaRisk with

regard to new requirements under the CRD IV package two years before CRD

GERMANY • DR KIRSTEN DONNER • KIRKLAND & ELLIS INTERNATIONAL LLP

Q IN YOUR EXPERIENCE, HOW

ARE FINANCIAL INSTITUTIONS

RESPONDING AND ADAPTING

TO THESE REGULATORY

CHANGES? HOW IMPORTANT

IS IT TO ESTABLISH A STRONG

INTERNAL GOVERNANCE


COMPLIANCE?

Q WHAT ARE THE


RECENT REGULATORY

REQUIREMENTS FOR


Q WHAT POLICY AND







IV came into force. To implement MiFID II and MiFIR, various interfaces need to

be identified and analysed. This applies, for instance, to the interaction of the

OTC derivatives trading and clearing between EMIR and MiFIR, or the varying

prerequisites for the product design and sale of different financial instruments.

The required implementation measures relate to the entire business model

– strategy, structural and process organisation, processes and systems. Those

that do not face the new challenges early on risk falling behind competitors

and losing possible efficiency and cost benefits, and will be exposed to

consequences from the supervisory authorities and liability and reputation

risks. BCBS 239 requires the aggregation of risk data by system-relevant

credit institutions and entails a great deal of effort as it requires a group-

wide analysis. As a consequence, banks will need to adjust their IT architecture

and bank controlling infrastructure, data quality management and governance

framework.

DONNER: The importance of information and communications technology

for credit institutions has grown substantially over the past two decades.

Banking processes from retail transactions to market operations have been

transformed by technology and continue to evolve. The economic effects

of cyber attacks can reach far beyond simply the loss of financial assets or

intellectual property. The KWG notes that institutions must have adequate

technical and organisational resources in place, as well as an adequate

contingency plan, particularly for their IT systems. In accordance with the KWG

and the MaRisk, institutions must ensure that their IT systems and processes

secure the integrity, availability, authenticity and confidentiality of data. BaFin

has announced expectations of banking supervision with regard to such IT

security. Defending and countering cyber attacks, while keeping up to date

with evolving regulations and policy, is a complex challenge. However, existing

laws in Germany still ensure flexibility for credit institutions with regard to

their specific risk situation. Breach of data protection and privacy laws is a key

risk for financial institutions, and therefore a special focus of interest for the

ECB. Specifically, the Commission proposal for a European Union Network and

Information Security Directive (NIS) sets out mandatory data breach reporting

regulations for the financial sector.

MAINTAIN COMPLIANCE




LAWS IMPACTING THE


INSTITUTIONS? DOES










WITH ENSURING THAT



TO ACROSS MULTIPLE

JURISDICTIONS?

DONNER: The world of financial institutions is a globalised one, with

institutions having a presence in many countries throughout the world.

Advantages for businesses in being able to access international markets are

countervailed by significant difficulties. In particular, multinationals are faced

with having to comply with myriad laws – those of every country in which

they have an established presence. Although there may be common threads

between the laws of different countries, especially in the EU, there are almost

invariably differences which banks must take into account when running their

operations at local level. Where these differences are substantial, the operation

of a global organisation can be immensely difficult, particularly where group-

wide strategies are implemented which may be legal in some jurisdictions

but illegal in others. Therefore, financial institutions must adequately identify,

manage and monitor global requirements.

Dr Kirsten Donner

Lawyer

Kirkland & Ellis International LLP

+49 (89) 2030 6185

[email protected]

Dr Kirsten Donner is a lawyer at Kirkland & Ellis International LLP, a law firm that she has joined in 2014; she’s a member of the firm’s Munich finance team. She advises national and international clients on national and cross-border acquisition finance transactions and German banking supervisory law. She is an author in one of the standard commentaries on the German Banking Act and has wider experience in advising national and international financial institutions on compliance related matters. She has worked in recent years for another major international law firm.


“ Breach of data protection and privacy laws is a key risk for financial institutions, and therefore a special focus of interest for the ECB.”



Q TO WHAT EXTENT DO



ARE OPERATING IN

AN ENVIRONMENT OF


SCRUTINY AND




NETHERLANDSPAUL ROTHWELLDELOITTE

ROTHWELL: Due to recent global macro-economic events, as well as

local issues and scandals, the solid reputation of the financial system in

the Netherlands has taken a blow. As a reaction, European and national

authorities are becoming more and more demanding and continue

to define new requirements with a prudential – e.g. leverage ratio

– and behavioural – e.g. customer due diligence – impact. Since the

Netherlands operates within a European context, the government is

continuously balancing local and European requirements. In many cases

the local legislation is more strict – e.g. banking bonus – impacting the

level playing field.

ROTHWELL: Supervision is becoming more binary and rule-based,

fuelled by the ongoing developments in technology and big data.

Banks, in particular their finance and risk functions, are currently leading

the pack when it comes to implementing demanding requirements

on internal operations. These requirements are partly related to the

disclosure of granular data on a timely basis for regulatory purposes,

such as analytical credit data. The requirements also contain principles,

under BCBS #239, regarding how banks have organised their data and

information environment and how it is used by senior management for

decision making.

ROTHWELL: The regulatory changes are affecting the sector in a number

of ways. Firstly, supervision is strongly data-driven and data is requested

at the most granular, transactional level. This impacts the way in which

financial institutions collect, store and disclose data. Conceptually

speaking, the distance between supervisors and the industry is

Q COULD YOU OUTLINE




SERVICES SECTOR?

Q WHAT ARE THE


RECENT REGULATORY

REQUIREMENTS FOR




NETHERLANDS • PAUL ROTHWELL • DELOITTE

diminishing since supervisors – the ECB In particular – have access to

large amounts of source data that can be used for analytics purposes.

The ECB is able to compare data across banks, sectors and countries,

identifying unique insights that can be used to challenge the outcomes

of the risk models and the management decisions of the banks. Because

of this, the added value of bank-specific internal risk models is currently

up for debate since the analytical power of one financial institution can

never compete against the vast amount of data and power represented

by the risk models of the supervisor. However, local exceptions still

need to be considered. The lines between regulatory and commercial

data are blurring, and financial institutions are struggling to develop a

common language that unifies the functional silos so that a consistent

message is communicated to all stakeholders.

ROTHWELL: Even though the regulations are becoming more rule-

based, there is still a lot room for interpretation. Banks, for example,

are learning to define what ‘good’ operations look like within their

own context. Financial institutions are being faced with the fact that

they have a lot of legacy that should have been cleared up a long time

ago. Back to the banks, they also have to deal with a new supervisor

that has less regard for local issues and characteristics. Historically,

financial institutions have been organised in silo-functions that are not

aligned. However, new regulations and laws require a holistic view of

the organisation, if the essence of the requirements is to be adopted.

It would be very inefficient, incomplete and rather short-term to

treat new regulations in isolation. In short, an integrated approach is

fundamental to the success and financial institutions are inexperienced

in this area.


HOW ARE FINANCIAL



REGULATORY CHANGES?

HOW IMPORTANT IS IT


INTERNAL GOVERNANCE


COMPLIANCE?




ROTHWELL: We believe that if financial institutions are to adequately

respond to these changes, they need to implement an integrated view

of the relationship between policies, guidelines, processes, risks and

controls on the one hand, and information, data, rules and IT system

infrastructure on the other. Processes need to be re-implemented in

order to respond swiftly and effectively to ad hoc occurrences. In this

new data-driven reality, the IT department plays a critical role in

complying with the new regulations. Financial institutions need to

develop an information policy that defines essential information

concepts in understandable business terms so that the non-IT

functions can take ownership and act as an adequate challenger to the

IT department.

ROTHWELL: Leveraging the large investments needed to comply

with the new regulations, financial institutions are investigating

ways to commercially use the large amount of data that is available.

There are many uses of advanced analytics that can even lead to new

business models. In fact, one major bank in the Netherlands openly

pitched this idea, which led to a storm of criticism from both the

local privacy regulator as well as the general public. We expect to hear

more of these initiatives as financial institutions learn more about

the boundaries of commercially using customer data while avoiding

such uproar. Moving forward, not only will there be implications from

the Network and Information Security (NIS) Directive, but the Dutch

regulator is also preparing disclosure requirements of security and

privacy related incidents to a central authority. For banks, as part of the

Single Supervisory Mechanism, the ECB has identified cyber crime risk

as a strategic issue, and is actively measuring the industry’s ability to

identify, protect, detect, respond and recover from cyber crime.



LAWS IMPACTING THE


INSTITUTIONS? DOES





Q WHAT POLICY AND




MAINTAIN COMPLIANCE







WITH ENSURING THAT



TO ACROSS MULTIPLE

JURISDICTIONS?

ROTHWELL: Banks that look beyond the compliance aspect of these

regulations, and focus on the strategic impact, will have a greater

chance of successfully achieving compliance as well as other benefits.

Measures in this regard include, for example, taking a holistic view of

policies, processes, risks, data and systems, and adopting an integrated

approach across all relevant functions within financial institutions,

when changing the information environment. Another measure is

the creation on a non-technical information policy. Other measures,

include the establishment of a chief data officer function, a data quality

monitoring team and implementation of an organisation-wide data

governance framework. The more integrated the approach, the greater

the commitment of business units and local entities to support the

measures. And for both financial institutions that are struggling to keep

their heads afloat, as well as those that are seeking to leap ahead of the

pack, that should be worth doing.


Paul Rothwell

Director

Deloitte

+31 (0) 88 288 3916

[email protected]

Paul Rothwell is a director within Deloitte’s Risk Advisory practice. He leads the Strategic Analytics & Reporting service line, which focuses on supporting financial institutions in responding to their regulatory reporting requirements. He has more than 17 years of experience working at many financial institutions in Europe on the intersection point of finance, risk and IT. He has written multiple articles on finance transformation, finance and risk alignment, and data-driven reporting. He has a masters in Business Economics and participated in INSEAD’s International Banking master programme.

“ Banks that look beyond the compliance aspect of these regulations, and focus on the strategic impact, will have a greater chance of successfully achieving compliance as well as other benefits.”



Q TO WHAT EXTENT DO



ARE OPERATING IN

AN ENVIRONMENT OF


SCRUTINY AND




PORTUGALPEDRO FERREIRA MALAQUIASURÍA MENÉNDEZ-PROENÇA DE CARVALHO

FERREIRA MALAQUIAS: The reinforcement of the regulatory framework

applicable to banks in recent years and, in the case of Portugal, the

Bank of Portugal’s application of an unprecedented resolution measure

under an untested European resolution regime to one of its major

banks in August 2014, were accompanied by, and led to, an increase in

supervisory and enforcement activities. Prudential banking supervision

and conduct supervision have become more intrusive and focused

on risk. An analysis that was mostly static is now complemented

by a cross-cutting analysis on the basis of institutions presenting

funding and capital plans, as well as stress-test exercises. Permanent

onsite inspections have also become normal practice. The number of

administrative proceedings initiated and proceedings settled has also

risen considerably in recent years. The implementation of the new

banking union – including the single supervisory mechanism, the single

resolution mechanisms and the new European regulatory authorities

– has also contributed to the increased regulatory scrutiny. We strongly

believe that on a European and domestic level, regulatory scrutiny and

enforcement will be ever more demanding in the coming years.

FERREIRA MALAQUIAS: Broadly speaking, changes affecting the

Portuguese financial services sector can be broken down into three

main areas – financial requirements, corporate governance provisions

and the move towards the European Banking Union. Financial

institutions are required to comply with unprecedented capital and

liquidity requirements, and institutions’ balance sheets are subject

to stricter rules on assets and leverage ratios. Regulation has also

been moving further into the internal structure of credit institutions

and investment firms, establishing internal mechanisms to promote

compliance, prudent risk management and client oriented performance

Q COULD YOU OUTLINE




SERVICES SECTOR?



PORTUGAL • PEDRO FERREIRA MALAQUIAS • URÍA MENÉNDEZ-PROENÇA DE CARVALHO

in line with the EBA guidelines on internal governance. The Banking

Union, and the single supervisory mechanism and the single resolution

mechanism, will require institutions to comply with further reporting

and the implementation of plans to allow for early problem-tackling

and banks’ orderly management in case of default.

FERREIRA MALAQUIAS: Recent regulatory reforms have increased

pressure on banking structures and the costs of doing business, on the

constraints of balance sheet composition, business activities and on

the legal and operational structure and interference in banks’ business

models and strategy. The combined impact of all these changes is still

unclear. Banks continue to deal with the complexity of keeping track of,

and adjusting to, the volume of measures and the interactions between

them. In some cases, the capacity of banks to absorb and implement

these measures, often within constricted deadlines, is uncertain.

FERREIRA MALAQUIAS: Notwithstanding the pace of change and the

complexity of recent regulation, Portuguese banks have been responding

in an active and positive manner to reform. On the downside, pressure

on the Portuguese banking system to quickly adapt key areas to its

business model, such as the composition of balance sheets, has led to

steep implementation costs which can ultimately lead to increased costs

for consumers. Portuguese financial institutions recognise the need for

a strong internal governance framework, and have been implementing

this through the reorganisation and empowering of compliance and

risk management structures. Additionally, the main Portuguese banks

have been drafting a new code of ethics and conduct in line with the

challenges of today’s financial system.


HOW ARE FINANCIAL



REGULATORY CHANGES?

HOW IMPORTANT IS IT


INTERNAL GOVERNANCE


COMPLIANCE?

Q WHAT ARE THE


RECENT REGULATORY

REQUIREMENTS FOR



Q WHAT POLICY AND




MAINTAIN COMPLIANCE




FERREIRA MALAQUIAS: In light of the new regulatory requirements,

financial institutions must focus on maintaining or achieving a

sustainable business model which complies with increasingly strict

capital and liquidity requirements, enforces sound corporate governance

policies and also adapts to the impact of implementing the single

supervisory mechanism. Among the changes financial institutions

are being forced to implement, we should highlight the adaptation of

remuneration policies in accordance with soundness, risk management

and transparency principles, as well as efforts to comply with assets

and leverage ratios. Moreover, financial institutions must keep pace

with growing regulatory concerns on Know Your Customer matters,

resulting in significant updates on anti-money laundering policies.

FERREIRA MALAQUIAS: In recent years in the financial sector, the

growth of electronic communication services, the recent technological

developments in the cloud computing area, the transfer and processing

of Big Data between countries and subsequent outsourcing activities

for these purposes has created a good level of awareness of the

confidentiality, integrity and availability of the personal information

they have access to in the course of business. Nevertheless, despite

the Data Protection Authority’s effort to address concerns related

to the security of data, Portugal has an overall low degree of cyber

risk prevention. Portuguese financial institutions recognise the need

for better enforcement of privacy laws and in this regard they have

been voluntarily developing internal methods on how to establish and

implement security measures, how to remediate vulnerabilities and

deviations and provide reporting mechanisms to prove compliance

with privacy laws.



LAWS IMPACTING THE


INSTITUTIONS? DOES










WITH ENSURING THAT



TO ACROSS MULTIPLE

JURISDICTIONS?

FERREIRA MALAQUIAS: Europe and the US have been setting the

pace for regulatory reform, making the role of compliance policies and

procedures increasingly important. This new landscape is not always

easily grasped by subsidiaries or branches operating in regulatory

environments of low density. This cultural problem is one of the key

challenges across jurisdictions, alongside the difficulty in recruiting

the right people in markets where demand for qualified staff is higher.

Nevertheless, we are increasingly seeing banks directing their focus to

these issues. The reputational damage associated with investigations

and penalties may take its toll on a bank, even where the acts under

suspicion were carried out by just a few, far from the head office.


Pedro Ferreira Malaquias

Partner

Uría Menéndez-Proença de Carvalho

+351 210 308 661

[email protected]

Pedro Ferreira Malaquias has, since 2004, been a partner of Uría Menéndez-Proença de Carvalho, based in the Lisbon office. Previously, Mr Ferreira Malaquias worked in the Competition Directorate General of the EC (1986-1988), and in the legal department of Banco Português do Atlântico, S.A. He headed the legal department of BCP Investimento between 1995 and 2001. Since 1998, Mr Ferreira Malaquias has been a legal consultant to the Portuguese Banking Association, and a member of the Legal and Retail Committees of the European Banking Federation. He heads the Finance Department and is responsible for the banking and insurance areas.

“ Financial institutions must keep pace with growing regulatory concerns on Know Your Customer matters, resulting in significant updates on anti-money laundering policies.”



Q TO WHAT EXTENT DO



ARE OPERATING IN

AN ENVIRONMENT OF


SCRUTINY AND




SWEDENDAN HANQVISTROSCHIER ADVOKATBYRÅ AB

HANQVIST: Today’s financial markets are very different to the markets

of the pre-financial crisis era. The official narrative of the aetiology of the

crisis explains what happened with reference primarily to the wayward

behaviour of institutions and individuals active in the markets. This explains

the overwhelming focus on new, more intrusive regulation, both from the

EU and nationally. The creation of three ‘federal’ supervisory authorities at

the Union level can only lead to an ever increasing number of regulations.

Any bureaucracy will keep itself busy and justify its budget by some

measureable output. As too little attention has been paid to the economic

policies of governments and central banks, demographics in the advanced

economies, and to the competence, attitude and resources of regulators,

as ultimate causes for the crisis, this output is likely to consist primarily of

binding legislation and regulations, as well as a plethora of various guidelines

and policy statements of dubious legal standing. The Swedish Financial

Supervisory Authority is increasingly active in scrutinising firms under its

supervision. The Authority has grown more willing to impose sanctions,

including the revocation of operating licences and maximum fines. The

Authority has recently been given wider powers which have long been seen

as rather uncomplicated and convenient ways of disciplining the market.

HANQVIST: Two overarching trends are greater intrusiveness and a very

high turnover of regulations. Rather than providing guiding principles, the

preference is now increasingly for intrusive and detailed rules, or seemingly

detailed rules. It is a common experience among practitioners that what

may appear as detailed rules, when practitioners seek to apply them to

actual businesses, are extremely vague, and often inconsistent. This feeds

into the increasing need for detailed ad hoc guidance from regulators, which

sometimes, but not always, is provided in the form of ‘Questions & Answers’.

As the regulatory project only gets adapted to real-life situations and thus

Q COULD YOU OUTLINE




SERVICES SECTOR?



SWEDEN • DAN HANQVIST • ROSCHIER ADVOKATBYRÅ AB

only becomes truly relevant for businesses at this level, Q&As loom large in

the daily life of compliance staff – indeed, these informal guidance documents

threaten to supersede formal legislation and regulation. For institutions that

are active in more than one financial sector, there are additional challenges

in setting up compliance systems that can manage the combination and

interaction of sometimes overlapping and conflicting but never fully

coordinated legislation and regulations that apply to various elements or

sections of the business. As the legislation and regulations are commonly

issued without coordination or consistency by EU and national authorities, it

is up to institutions to coordinate the various requirements in practice.

HANQVIST: Undoubtedly costs will increase, as will regulatory risks. The

fairly uncoordinated method of adopting and implementing legislation

and regulations, together with the frequent changes and modifications to

legislation and regulations recently adopted, mean that compliance risks need

to be addressed. The increasing cost of compliance should be clearly factored

into any business decision. Any product or business line should of course, as

a rule, carry its own compliance costs. These costs may be significant and

can therefore impact the profitability and viability of business lines and

products. Old structures will have to be reassessed and possibly discontinued

and all new business lines and products should include compliance costs

at an early stage of development. Businesses that bestride more than one

segment of the financial markets should also carefully assess the compliance

implications of the combination of various segments in one firm or group. It

may sometimes be too expensive to combine segments that may each be

viable on their own. Despite the supposedly common rulebook in the EU,

national borders still matter and having to deal with more than one set of

regulators will complicate compliance.

Q WHAT ARE THE


RECENT REGULATORY

REQUIREMENTS FOR





HANQVIST: Compliance organisations have grown and generally have

attracted more resources. Some institutions have chosen to cut compliance

resources to protect profits. This may, however, often be a case of false

economies. Profit expectations for the financial sector need to adjust to the

new cost environment. It may be prudent to assess the long-term viability

of various lines of business and make structural adjustments as appropriate.

Previous periods of regulatory change have resulted in structural changes to

markets, usually by increasing concentration and reducing competition.

HANQVIST: It is clear that the liability of senior management is increasing.

It is likely that boards and senior management will have to devote

considerably more time to risk and compliance matters, in addition to more

traditionally business-related matters. This will have implications for how

reporting from risk and compliance is managed internally and how these

areas are communicated externally, both to markets and to regulators. Some

institutions have ‘upgraded’ their heads of risk and compliance by including

them squarely in senior management and by involving these functions

more intensely in business development. In some institutions it may well

be necessary to reassess the recruitment of board members to ensure that

the mix of skills and perspectives in the board is adequate for the new

business environment in which firms have to live. A difficult balance has to

be struck between overly bureaucratic measures and truly relevant, effective

and efficient ones. Legislators and regulators do not seem to appreciate

that the balance is difficult or indeed that there is a balance to be struck

and are unlikely to be able to provide much useful guidance. Firms need to

work out the balance for themselves and in respect of their own particular

circumstances.

HANQVIST: The Swedish market is heavily reliant on the internet and other

electronic services. This, in combination with growing sensitivities about data

protection, is likely to mean that more work could be required for financial

institutions to meet expectations, both from customers and regulators. As



LAWS IMPACTING THE

Q WHAT POLICY AND




MAINTAIN COMPLIANCE



HOW ARE FINANCIAL



REGULATORY CHANGES?

HOW IMPORTANT IS IT


INTERNAL GOVERNANCE


COMPLIANCE?


“ A difficult balance has to be struck between overly bureaucratic measures and truly relevant, effective and efficient ones.”



legislation and regulations are not coordinated, the implementation of data

protection and privacy laws may well conflict with other areas of law, such as

consumer credit rules and anti-discrimination laws. As various legal areas are

subject to different regulators, regulators may sometimes be ignorant of the

balances to be struck by firms between the strictures of different regulations.

HANQVIST: The sheer amount of regulation means that the coordination of

compliance across the jurisdictions of several regulators will be challenging,

both for the regulators and the institutions. As financial regulation is not

isolated but forms part of the wider administrative, legal, political and cultural

traditions and systems of various countries, the differences between the

practical application of even rules expressed in the same language will vary

– sometimes to a very significant extent – between jurisdictions, and even

between various officers of the same regulator. It is clear that the social cost

of regulation will increase dramatically. Institutions therefore face significant

challenges in devising commercially viable solutions.

Dan Hanqvist

Finance and Regulatory Counsel

Roschier Advokatbyrå AB

+46 8 553 191 17

[email protected]

Dan Hanqvist is financial and regulatory counsel in the banking and debt capital markets practice at Roschier Advokatbyrå AB, Stockholm, Sweden. He has more than 20 years of experience in assisting both Swedish and international banks, financial institutions, funds, corporations as well as public authorities on transactions involving regulatory matters, financial restructuring, derivative transactions and complex financial instruments. He is also often involved in the legislative process in respect of the financial markets. His work experience includes working for market participants in London, Moscow and Sweden, including in-house work for NASDAQ in Stockolm.




WITH ENSURING THAT



TO ACROSS MULTIPLE

JURISDICTIONS?


INSTITUTIONS? DOES







Q TO WHAT EXTENT DO



ARE OPERATING IN

AN ENVIRONMENT OF


SCRUTINY AND




RUSSIAGRIGORY MARINICHEVMORGAN LEWIS

MARINICHEV: Over the last year, regulatory scrutiny in the Russian

financial market has increased dramatically. As a result of the imposition

of US and EU sanctions and the downgrade of Russia’s sovereign rating,

the Russian banking sector has been put under significant pressure. Since

then the number of banking insolvencies has been increasing, which has

further shattered the market. The Russian Central Bank has responded

by tightening its supervision over the banks. Furthermore, in response

to Western sanctions the Russian government has implemented a

number of ‘countermeasures’ which have also affected the financial

sector and have resulted in further complications for the activity of

financial institutions.

MARINICHEV: The Russian financial sector has been affected by

regulatory changes both from inside and outside of the country.

Externally to Russia, the most important changes have been FATCA

and EU/US financial sanctions. Although not mandatory from the

standpoint of Russian law, as Russian banks are part of the international

financial system, they cannot ignore such regulation and have had to

adapt their operations accordingly. Within Russia, changes to the local

implementation of the Basel III accords, the requirement to process

all credit and debit card transactions via a Russian payment system,

and the recent rule that all personal data must be physically stored in

Russia, have completely changed the way in which financial services

providers operate.

Q COULD YOU OUTLINE




SERVICES SECTOR?



Q WHAT ARE THE


RECENT REGULATORY

REQUIREMENTS FOR



RUSSIA • GRIGORY MARINICHEV • MORGAN LEWIS

MARINICHEV: With regard to Western financial sanctions, the

possibility of Russian state-owned banks – which have traditionally

been the driving force in the local financial sector – raising funds in

US dollars or euros has been greatly diminished. For other Russian

banks, international capital markets, though not closed completely,

have become extremely difficult to access. There has been much talk

of China or the Middle East becoming alternative markets for the

funding of Russian banks. However, this talk has not materialised into

significant actions, and the prospect of such alternatives being used

seems obscure. Refinancing existing debt has become a real challenge

for Russian corporates that are dealing not only with reduced access

to financial markets, but also the steep depreciation of the Russian

currency, leading to a greater volume of non-performing loans. As a

result, most Russian banks are experiencing problems with capital and

reserves. In response, the Russian government has directly capitalised

the state banks and the Russian Central Bank has amended Russia’s

Basel III regulations to provide more flexibility to the banks in relation

to funding their regulatory capital.

MARINICHEV: Russian banks are waking up in a different world and

are realising that they can no longer hunker down in Russia without

paying attention to international regulations. In the absence of an

intergovernmental agreement on FATCA between Russia and US – for

political reasons the signing has been postponed – Russian banks have

had to sign individual agreements with the IRS in order to become FATCA

compliant. The news of huge fines being imposed by US authorities on

European banks has made those Russian financial institutions that are

not directly affected by sanctions extremely cautious. There is hardly a

Russian bank that would take part in a transaction prohibited by US or


HOW ARE FINANCIAL



REGULATORY CHANGES?

HOW IMPORTANT IS IT


INTERNAL GOVERNANCE


COMPLIANCE?




EU sanctions despite the fact that these sanctions do not directly apply

to Russian banks.

MARINICHEV: The constant expansion of the list of sanctioned persons,

combined with the Russian government’s policy to ‘de-offshorise’

the Russian economy by moving holdings of Russian businesses to

Russia, has led to more stringent requirements on Russian financial

institutions to perform enhanced scrutiny over the beneficial owners

of the companies they have dealings with. Consequently, Russian banks

are now significantly changing their KYC and compliance policies

and procedures making them much tighter than in the past. Also,

some banks – mostly the Russian subsidiaries of foreign banks – have

implemented policies and procedures aimed at complying with EU and

US sanctions.

MARINICHEV: Russian law and banking regulations have always been

very strict when it concerns personal data protection. The most recent

legislative changes have made this issue even more cumbersome.

Starting from 1 September 2015, all personal data of Russian citizens

must be physically stored in Russia. Although this regulation was not

specifically aimed at the Russian financial sector, the industry has been

directly affected because many Russian financial institutions have been

outsourcing customer personal data services to foreign providers. The

effect of the new law has yet to be seen, as there are several issues

which remain unclear. For example, it is arguable that the law requiring

that personal data of Russian individuals be stored only in Russia could

be ‘duplicated’ and stored abroad, thus making it possible for Russian

financial institutions to continue using foreign service providers that

require access to the personal data of Russian customers.




LAWS IMPACTING THE


INSTITUTIONS? DOES




Q WHAT POLICY AND




MAINTAIN COMPLIANCE







WITH ENSURING THAT



TO ACROSS MULTIPLE

JURISDICTIONS?

MARINICHEV: The current turbulent political environment has resulted

in many Russian banks being held hostage by Western sanctions and

Russian government countermeasures. Most international financial

institutions have adopted policies to comply with US and EU sanctions

in all jurisdictions they operate in and are applying the relevant changes

across their whole group structure. Domestic Russian banks do not face

the same challenges but mostly gear their policies toward compliance

with Western sanctions. This has resulted in fewer banks willing to take

any risk which, in turn, further decreases the number of finance deals

being done in Russia.

Grigory Marinichev

Partner

Morgan Lewis

+7 495 212 2420

[email protected]

Grigory Marinichev represents international lenders and borrowers in structured finance, syndicated lending, debt restructuring transactions and insolvency issues. Mr Marinichev advises clients in the metals, mining, telecommunications, oil and gas and power generation industries on a range of financial transactions – from syndicated and bilateral credit facilities, refinancing and bond issues, to export financing, loans and loan restructurings. He also represents and advises project sponsors, export credit agencies and multilateral financial institutions.


“ Russian law and banking regulations have always been very strict when it concerns personal data protection.”



Q TO WHAT EXTENT DO



ARE OPERATING IN

AN ENVIRONMENT OF


SCRUTINY AND




SINGAPOREANTONY ELDRIDGEPWC SINGAPORE

ELDRIDGE: In recent years, financial institutions (FIs) have faced large

sanctions and fines as a result of non-compliance with regulations. It was

recently reported in the Financial Times that based on a review of the

announced settlements and penalties, as well as provisions set aside for

potential penalties of the top 16 biggest infringers, the ‘conduct cost’ for the

banking industry from 2009 to 2013 was approximately $300bn. Currently

IT risk is becoming increasingly prominent and future failures could begin to

add significantly to this tally. Regulators around Asia are updating their cyber

security regulations to deal with the increasing and changing risks of cyber

security, as well as to extend the scope of regulations to outsourced service

providers of FIs. More Asian countries are enacting data protection laws. The

EU is looking at revising its data protection directive to further regulate the

increasing use of personal data in the world where Big Data, social networks

and the digital economy increase the risks of abuse of personal data.

ELDRIDGE: Overall regulations range from operational, capital, liquidity,

financial crime and technology related compliance regulations. For banks,

the key areas of focus of the G20 included identification and management

of systemic risks, transparency of trading and incentives, as well as new

consumer protections and improvements to resolution and recovery of

international institutions. Significant international initiatives, such as the

update of the Basel Accords have been developed to provide for greater

stability of financial markets via increased capital requirements and new

leverage and liquidity rules. Other multijurisdictional changes proposed

or enacted including the introduction of bank levies and controls on

executive compensation. The result, especially for large international banks,

is a complex web of regulation posing fundamental challenges to existing

business strategies, structures and business models. Major regulatory

changes in the US and in Europe have been planned and implemented in

response to the G20 priorities, many of which are impacting FIs in Asia.

Q COULD YOU OUTLINE




SERVICES SECTOR?



Q WHAT ARE THE


RECENT REGULATORY

REQUIREMENTS FOR



SINGAPORE • ANTONY ELDRIDGE • PWC SINGAPORE

ELDRIDGE: FIs face the challenge of meeting tough new capital and

liquidity demands while delivering adequate returns to investors under

testing economic conditions. They have not just been driven by the various

new regulations, but are also driven by what peers are doing, what markets

want to see, and the need to rebuild reputations. Following the financial

crisis, stability and doing the right thing for customers and clients are often

seen as equally important as profit. To achieve this difficult balance, firms

need to address their customer strategies, culture and conduct risk appetite

together. Firms that can demonstrate their people put the interests of the

customer at the heart of the decision making process, and are rewarded for

doing the right thing, will help rebuild trust with customers, investors and

regulators. This is impacting strategy, operations, reporting and even the

structure of FIs.

ELDRIDGE: While FIs engage regulators, they are also beefing up the internal

governance framework to respond to a changing environment. In addition,

FIs have been facing expanding compliance expectations that are pushing

compliance programmes to the brink. The scope and nature of compliance

has evolved and is no longer limited to rules-based banking regulations.

Strategic, operational and compliance risks have become more complex and

entwined, increasing the potential for failed processes that cause customer

confusion and compliance control breakdowns. Given the major changes

in the compliance and regulatory landscape, and the resulting long-term

impact on banks, many FIs have been required to change their compliance

frameworks to take into account areas including integrating relevant aspects

of operational and compliance risk management, simplifying products and

channels, leveraging analytics, and standardising compliance testing.


HOW ARE FINANCIAL



REGULATORY CHANGES?

HOW IMPORTANT IS IT


INTERNAL GOVERNANCE


COMPLIANCE?


Q WHAT POLICY AND




MAINTAIN COMPLIANCE




ELDRIDGE: Compliance officers have a huge job on their hands. They

need to follow complex new regulations, manage risks and support

management in making strategic decisions. Ultimately they need to

provide a holistic solution. Given the major changes in the compliance

and regulatory landscape, and the resulting long-term impact on FIs,

incremental adjustments to compliance functions to survive in the new

world will simply not be enough. To understand better how to comply with

new regulations, FIs should try to understand regulator expectations and

see how compliance arrangements compare to them. Understand whether

there are gaps and weaknesses. They should also look at the roles each

person plays in compliance, as well as the roles of the three lines of defence,

to understand how they combine to give effective compliance.

ELDRIDGE: Unfortunately there has been a rapid increase in the number of

the data breach and privacy misuse incidents in the financial services sector.

As a result of the new requirements, banks, insurance and asset management

companies are all increasingly impacted by the growing data privacy risks

and issues which include non-compliance with data privacy, protection and

confidentiality regulations, immature data handling practices, weak security

measures, lack of user awareness, lack of transparency in data ownership

and accountability, and outsourcing of activities to shared services or utility

centres without adequate oversight. Despite millions of dollars spent on

enhancements, cyber security remains the area of risk management with

the largest gap between threat and preparedness. As the frequency and

sophistication of cyber attacks have increased significantly in recent years,

countermeasures have failed to keep pace. Three major factors contribute

to FIs cyber vulnerability. Firstly, FIs are highly desirable targets for cyber

criminals due to the centralisation of data they hold, which can be easily

monetised. Secondly, due to technological advances, more sophisticated

tools are increasingly available to cyber criminals at a reduced cost. Thirdly,

cyber crime is increasingly becoming a weapon in cross-border commercial

or political disputes where state-sponsored hackers target FIs. At this stage,

the best option for FIs is to become cyber resilient.




LAWS IMPACTING THE


INSTITUTIONS? DOES




“ To understand better how to comply with new regulations, FIs should try to understand regulator expectations and see how compliance arrangements compare to them.”






WITH ENSURING THAT



TO ACROSS MULTIPLE

JURISDICTIONS?

ELDRIDGE: Since the crisis, various regulatory standard setters have

sought to set global standards for regulation for larger FIs, hoping that

this will lead to regulatory convergence. It is challenging for FIs to adhere

to requirements across multiple jurisdictions. An example of this is data

sovereignty, where China has made it difficult for data to leave China. What

is uncertain is whether other countries, especially the larger ones, will do

the same. It will be difficult for an FI that needs common systems to serve

clients throughout Asia. Some are of the view that geopolitical uncertainty

and the Balkanised nature of financial regulation will continue to swing the

pendulum away from the globalisation of financial markets. As a result, the

business models of traditional FIs operating in multiple jurisdictions may

need to be reviewed as the need to comply with differing global as well as

local requirements could mean that equity returns previously expected in

some jurisdictions may not be reasonable or realistic.

Antony Eldridge

Financial Services Leader

PwC Singapore

T: +65 6236 7348

E: [email protected]

Having been with PwC in London for over 27 years, with tours of duty in New York, Zurich and nine years in Japan/Asia-Pacific, Antony Eldridge is now based in Singapore where he is the firm’s Financial Services practice leader. Across Asia-Pacific he also leads PwC’s Banking and Capital Markets practice. He has specialised in Investment Banking since very early in his career, working closely with most of the key players in the industry, in both an audit and an advisory capacity. Most recently, Mr Eldridge was leading the global relationship and service delivery for Barclays Corporate and Investment Bank.




Q TO WHAT EXTENT DO



ARE OPERATING IN

AN ENVIRONMENT OF


SCRUTINY AND




VIETNAMKENT WONGVCI LEGAL

WONG: Banking reforms by the government have seen vital steps to

revamp and restructure Vietnam’s financial sector. The boardrooms of

Vietnamese banks are being zeroed in on as a part of the government’s

intensified scrutiny of the banking system after the problem of non-

performing loans. Increased pressure is not limited to the larger banks;

smaller banks categorised as ‘weak’ are also facing more scrutiny.

The stepped up regulatory scrutiny is the result of concerns that

recent banking problems have been due in part to banks’ boards not

understanding the risks they were taking and not exercising appropriate

oversight. Despite the aftermath of high-profile criminal ‘mega-cases’

involving banks in Vietnam, including the imprisonment of senior

staff members for embezzlement and fraud, regulators have focused

on ensuring banks have robust financial debt ratio cushions. However,

regulators have yet to fully turn their attention to corporate governance

and the role of directors to make sure banks have the right culture, risk

management systems and controls to prevent excessive risk taking.

WONG: The government recently issued several regulations to

restructure the financial system in Vietnam. Decision 254 on

“restructuring the system of credit institutions during 2011-2015”

initiated the merger and consolidation of credit institutions. Instruction

02 for the settlement of bad debts requires credit institutions to strictly

obey safe operation provisions, debt restructuring, loan classification and

establishing risk provisions. Circular 36 stipulates the minimum safety

limits and ratios for transactions performed by credit institutions and

foreign banks branches for strict management and supervision. Decree

39 defines the operations of certain types of financial companies and

financial leasing companies. Finally, Circular 31 provides additional

information for KYC checks on individuals, corporate customers and

other obligations of financial institutions for AML compliance.

Q COULD YOU OUTLINE




SERVICES SECTOR?



Q WHAT ARE THE


RECENT REGULATORY

REQUIREMENTS FOR



VIETNAM • KENT WONG • VCI LEGAL

WONG: The operation of credit institutions, especially banks, will be

more strictly managed and the ‘health’ of each institution identified

and given an appropriate solution for restructuring. Credit institutions

must seriously obey regulations and procedures for safe and effective

operations to reduce their ratio of bad debts. Numerous limitations on

granting loans are now applied to credit institutions, such as publicising

and reporting loans and capital contribution. Cross-ownership, cross-

investment and unfair competition in the banking system will be

restricted and prevented due to many regulations on the conditions

and limits of capital contribution and the purchase of shares between

subsidiaries, affiliates and companies controlled by commercial banks

and finance companies.

WONG: A raft of new regulations and legislation has caused substantial

work for banks, requiring them to build new relationships, change various

reporting regimes and, in some cases, change their organisational

structure to successfully adapt and better identify opportunities arising

from a new regulatory environment. Credit institutions are advised to

comply with the new financial regulations by focusing on promptly

checking bad debts and making plans and remedies for selling bad

debts to the VAMC to meet the objective of reducing bad debts to less

than 3 percent by the end of 2015. They also need to adjust processes

to comply with new regulations such as changing the processes and

conditions for granting loans. In addition, financial institutions must

avoid cross-ownerships and cross-investment by transferring their

contributed capital in other financial institutions or merging with

institutions where they own contributed capital. Furthermore, financial

institutions are being asked to have a strong internal governance

framework to maintain compliance and avoid any negative legal

consequences due to violations of financial regulations.


HOW ARE FINANCIAL



REGULATORY CHANGES?

HOW IMPORTANT IS IT


INTERNAL GOVERNANCE


COMPLIANCE?


Q WHAT POLICY AND




MAINTAIN COMPLIANCE




LAWS IMPACTING THE


INSTITUTIONS? DOES






WONG: To maintain compliance with new regulations, credit institutions

should change the policies and processes in connection with managing

and settling debts, especially bad debts, to speed up the process and

meet SBV requirements. They should apply new risk management

processes by strictly and frequently checking and reporting such

activities to the SBV. Finally, they should apply new policies on granting

loans. For example, banks need to ensure total loans and extensions of

outstanding credit to a client and an associate entity do not exceed 25

percent of their equity capital.

WONG: Despite the spate of recent cyber attacks occurring around the

world, the government has placed little importance on data protection

and privacy laws in the financial sector. However, to some extent, current

policy and regulations in this sector have helped financial institutions

to prevent risks and loss due to technology crime. Vietnam does not

have a comprehensive data privacy protection law. Instead, general

confidentiality protection provisions for personal data are included

in the Civil Code. Regarding electronic personal data, regulation is

provided by the Law of Information Technology and Law on Electronic

Transactions which deal with the processing of electronic personal data.

The nature of the protection is similar in each case, although there are

slight differences in wording. Vietnam is tabling a draft of the Law on

Information Security in Vietnam’s National Assembly. The Ministry of

Information and Communications, the communications authority in

Vietnam, has established the Vietnam Computer Emergency Response

Team, which is the task force to deal with cyber security issues at the

national level. In 2011, the SBV issued compulsory requirements for

information security, including human resources, hardware, software,

access management, data recovery and disaster protection plan. To

address cyber risk and related liabilities, the government should apply

more stringent penalties on the relevant crime and use advanced

technology to prevent unauthorised access and data theft.







WITH ENSURING THAT



TO ACROSS MULTIPLE

JURISDICTIONS?

WONG: Meeting different and conflicting regulatory agendas is not an easy

task. Regulation is one of the biggest drivers of change facing the financial sector,

significantly impacting liquidity, capital, data capture and return on equity. Banks

have had to develop a completely new business model that integrates compliance

with the strategic changes wrought by impending regulations, often across

multiple jurisdictions. Compliance must be aligned with a bank’s strategic change

agenda to convert a potentially costly implementation exercise into a lever for

competitive advantage. However, this requires a high level of sophistication and

maturity. Guiding principles which underpin a comprehensive futures-oriented

approach include developing an expansive view of the global regulatory landscape

to facilitate long term strategic planning, and evaluating the cumulative impact

of regulatory change on the balance sheet, supporting business and operating

models. The multijurisdictional nature of regulatory change is clearly increasing

the complexity for banks, given the need to comply with different timeframes,

nuances and supervisors. This places ever more emphasis on the need to manage

the changes holistically and to develop coordinated, organised responses.

Kent Wong

Partner

VCI Legal

+84 (0) 8 38 272 029

[email protected]

Kent Wong is head of banking and capital markets at VCI Legal. An internationally recognised lawyer, he has experience working at top firms in the US, Korea, Cambodia, Hong Kong and New Zealand. He has published numerous journal articles and given lectures and seminars on foreign investment, project finance and M&A. Mr Wong represents major Korean and European financial institutions investing overseas (especially in ASEAN), as well as foreign clients with business interests in Korea and Vietnam, advising on cross-border financing, corporate finance, M&A, joint ventures, private equity and syndicated loans, equity financing, IPOs and restructuring.


“ Compliance must be aligned with a bank’s strategic change agenda to convert a potentially costly implementation exercise into a lever for competitive advantage.”

FWS U P P L E M E N T

www.fi nancierworldwide.com

A N N U A L R E V I E W

FINANCIAL REGULATION - Nelson Mullins · ANNUAL REVIEW • FINANCIAL REGULATION ANNUAL REVIEW • FINANCIAL REGULATION JULY 2015 • FINANCIER WORLDWIDE • 9 8 UNITED STATES •

Documents