FINANCIAL REGULATION ANNUAL REVIEW 2015
FINANCIAL REGULATION
A N N UA L R E V I E W 2 0 1 5
Published by
Financier Worldwide
23rd Floor, Alpha Tower
Suffolk Street, Queensway
Birmingham B1 1TT
United Kingdom
Telephone: +44 (0)845 345 0456
Fax: +44 (0)121 600 5911
Email: [email protected]
www.financierworldwide.com
Copyright © 2015 Financier Worldwide
All rights reserved.
Annual Review • July 2015
Financial regulation
No part of this publication may be copied, reproduced, transmitted or held in a
retrievable system without the written permission of the publishers.
Whilst every effort is made to ensure the accuracy of all material published in
Financier Worldwide, the publishers accept no responsibility for any errors or
omissions, nor for any claims made as a result of such errors or omissions.
Views expressed by contributors are not necessarily those of the publisher.
Any statements expressed by professionals in this publication are understood to
be general opinions and should not be relied upon as legal or financial advice.
Opinions expressed herein do not necessarily represent the views of the author’s
firm or clients or of any organisations of which the author is a member.
Financial RegulationJ U LY 2 0 1 5 • A N N U A L R E V I E W
F i n a n c i e r Wo r l d w i d e c a n v a s s e s t h e o p i n i o n s o f l e a d i n g p r o f e s s i o n a l s a r o u n d t h e w o r l d o n t h e l a t e s t t r e n d s i n f i n a n c i a l r e g u l a t i o n .
Financial RegulationJ U LY 2 0 1 5 • A N N U A L R E V I E W
UNITED STATES ..................................................... 08Dwight Smith NELSON MULLINS RILEY & SCARBOROUGH LLP
CANADA ............................................................... 12Nancy J. Carroll MCCARTHY TÉTRAULT LLP
ARGENTINA .......................................................... 16Gabriel Matarasso MARVAL O’FARRELL & MAIRAL
COLOMBIA ............................................................ 20Andrea Fradique-Méndez GÓMEZ-PINZÓN ZULETA ABOGADOS S.A.S.
CAYMAN ISLANDS ................................................ 24Simone Proctor SOLOMON HARRIS
UNITED KINGDOM ................................................ 28John C. Ahern JONES DAY
IRELAND ............................................................... 32Andrew Bates DILLON EUSTACE
GERMANY ............................................................. 36Dr Kirsten Donner KIRKLAND & ELLIS INTERNATIONAL LLP
Contents
Financial RegulationJ U LY 2 0 1 5 • A N N U A L R E V I E W
www.financierworldwide.com
Financial RegulationJ U LY 2 0 1 5 • A N N U A L R E V I E W
NETHERLANDS ...................................................... 40Paul Rothwell DELOITTE
PORTUGAL ............................................................ 44Pedro Ferreira Malaquias URÍA MENÉNDEZ-PROENÇA DE CARVALHO
SWEDEN ............................................................... 48Dan Hanqvist ROSCHIER ADVOKATBYRÅ AB
RUSSIA ................................................................. 52Grigory Marinichev MORGAN LEWIS
SINGAPORE .......................................................... 56Antony Eldridge PWC SINGAPORE
VIETNAM .............................................................. 60Kent Wong VCI LEGAL
Contents
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N 2 0 1 5
INTRODUCTIONFinancial regulation has never been more onerous. Increasingly, financial institutions of all sizes are coming to terms with rapidly expanding regulatory obligations and ever more stringent enforcement activity. As a result, compliance risks are becoming more important and challenging for firms operating in today’s climate – especially those that need to maintain compliance in a number of different jurisdictions with unique demands. Though there will likely be some similarities between regulatory regimes in some areas (countries within the EU, for example, will have many common threads), institutions are still required to be cognisant of a great number of regulatory requirements. Accordingly, it is imperative that both management and staff are provided with regularly updates and relevant training on companywide policies and procedures.
The financial services sector is still haunted by the spectre of the financial crisis, with public confidence low. Scandals surrounding Libor and Euribor rigging have not helped, and regulatory bodies are likely to remain focused on the sector for some time.
Regulatory initiatives are having a profound impact. The Single Rulebook in Europe, for example, affects all financial institutions in EU Member States and, along with other developments that have been foisted onto institutions, will increase compliance costs for firms going forward.
Regulatory developments on data protection and privacy have also taken centre stage. Information and communication technology has become a key asset for global firms. However, with data breaches now common, banks, insurance and asset management companies are coming to terms with new regulations covering data privacy, protection and confidentiality. As threats to cyber security become more prevalent, firms must ensure that their IT systems and processes can stand up to the challenges that lie ahead.
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N 2 0 1 5
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
8 • F INANCIER WORLDWIDE • JULY 2015
Q TO WHAT EXTENT DO
YOU BELIEVE TODAY’S
FINANCIAL INSTITUTIONS
ARE OPERATING IN
AN ENVIRONMENT OF
INCREASING REGULATORY
SCRUTINY AND
ENFORCEMENT ACTIVITY?
www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
UNITED STATESDWIGHT SMITHNELSON MULLINS RILEY & SCARBOROUGH LLP
SMITH: Virtually all financial institutions, regardless of size, face a
growing number of regulations and increased supervision through both
examinations and enforcement actions. The expansion of regulatory
regimes is, in many respects, a response to the financial crisis of 2008
and 2009. Indeed, national economies are still absorbing the impact of
the crisis, and until there is a strong level of public confidence in the
financial sector, the intensity of the regulators will continue. Moreover,
cooperation among national regulators, especially between UK and US
authorities, has buttressed the regulatory framework for large financial
institutions. Capital, resolution planning, and international matters
such as the London Whale and the LIBOR rate-setting cases have
forced large banks both to expand and to integrate their regulatory
compliance functions.
SMITH: The sector faces challenges on several fronts. The two broad
reforms after the financial crisis – increased capital and different forms
of ring-fencing around depository institutions – continue to resonate.
Regulators, particularly in the US, have begun to take enforcement
action on other matters, such as money laundering and consumer
protection. Additionally, the accelerating evolution of payments systems
will present new risks that regulators are only beginning to grasp.
SMITH: New and emerging requirements have had, and will continue
to have, a material impact on the financial services sector – even
to the point of a firm’s existence as an economic entity. In the US,
regulatory costs now spur consolidation among smaller banks. Larger
banks do not face quite the same pressure, but regulatory costs now
are a material part of earnings reports and forecasts, with a quantifiable
impact on returns to shareholders and share prices. Of course, capital
Q COULD YOU OUTLINE
SOME OF THE BROAD LEGAL
AND REGULATORY CHANGES
AFFECTING THE FINANCIAL
SERVICES SECTOR?
Q WHAT ARE THE
IMPLICATIONS OF THESE
RECENT REGULATORY
REQUIREMENTS FOR
FINANCIAL INSTITUTIONS?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O NA N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 9 8www.f inancierworldwide.com
UNITED STATES • DWIGHT SMITH • NELSON MULLINS RILEY & SCARBOROUGH LLP
raising remains a priority. At a slightly more granular level, all financial
institutions will have to set aside an increased amount of resources for
managing the operational risks that the regulators have focused on.
Some firms will have to consider whether to terminate business lines.
SMITH: With the possible exception of some smaller institutions
where compliance costs are daunting if not prohibitive, all financial
institutions are working diligently to address regulatory changes and
the accompanying compliance obligations. This is not an easy task
– the securities filings of the largest US banking firms are replete with
statements about a continuing need to devote increasing amounts of
resources to regulatory compliance. Appropriate corporate governance
– under the umbrella of the ‘tone at the top’ set by the board – is
essential to these efforts. The necessary ‘tone’ is not limited to anodyne
statements by directors. Internal governance should secure the
independence of the compliance function, provide for direct reports to
the board and senior management, and create incentives for compliance
in the operating business units.
SMITH: Particular changes depend, of course, on specific regulations,
but something of a template for a compliance framework has emerged
in the US in several enforcement orders imposed by the Federal Reserve
Board and other regulators. This framework would well serve efforts to
adhere to regulations in other countries. There are several elements
involved. The board of directors must exercise greater oversight,
sometimes through a specially designated committee, by reviewing
compliance regularly and frequently. The board is also expected to
maintain a ‘culture of compliance’, which in some cases may mean
revising compensation policies to encourage greater attention to
Q IN YOUR EXPERIENCE,
HOW ARE FINANCIAL
INSTITUTIONS RESPONDING
AND ADAPTING TO THESE
REGULATORY CHANGES?
HOW IMPORTANT IS IT
TO ESTABLISH A STRONG
INTERNAL GOVERNANCE
FRAMEWORK TO MAINTAIN
COMPLIANCE?
Q WHAT POLICY AND
PROCESS CHANGES MIGHT
FINANCIAL INSTITUTIONS
NEED TO IMPLEMENT TO
MAINTAIN COMPLIANCE
WITH NEW REGULATIONS?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
10 • F INANCIER WORLDWIDE • JULY 2015 www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
compliance at the operational level. Often necessary is a chief
compliance officer who reports directly to the board and who has both
authority to direct compliance activities and accountability for defects.
Compliance staff should report to this officer and not to the heads
of business units. Management should review and update operational
policies and procedures to incorporate new regulatory obligations.
Compliance training should be provided across the organisation.
SMITH: The almost routine media accounts of hacking into what were
once thought to be secure systems at government agencies and private
companies make it abundantly clear that management of cyber risk
should be a high priority. The risk is operational in nature, meaning that
an institution can be affected anywhere, and the risk is not limited to
particular business lines. Management of cyber risk is an especially knotty
problem. The risk is relatively new, and institutions also encounter the
problem of not-knowing-what-they-don’t-know. The risk is also highly
sophisticated, unlike most other risks confronting financial institutions,
where senior officials and directors will have developed an almost
intuitive sense of how to respond. Nevertheless, two actions are clear.
First, an institution must expand risk management to include personnel
with a level of technical expertise at least equal to those of hackers.
Second, a response and contingency plan is essential. US regulators
have not dictated particular actions but expect financial institutions to
have in place a well-thought-out approach to cyber risk.
SMITH: Financial institutions face several challenges in managing
compliance on an international basis, among them the fact that
the international dimensions of compliance will vary from issue to
issue. National responses to the systemically important banking
organisations are a case in point. In one respect, the Basel III capital
requirements, regulators have cooperated to produce a nearly uniform
set of requirements across all jurisdictions. Related regulations, such as
those that require some form of ring-fencing, are not the same across
Q IN WHAT WAYS ARE DATA
PROTECTION AND PRIVACY
LAWS IMPACTING THE
OPERATIONS OF FINANCIAL
INSTITUTIONS? DOES
MORE NEED TO BE DONE TO
ADDRESS CYBER RISK AND
RELATED LIABILITIES?
Q COULD YOU PROVIDE AN
INSIGHT INTO SOME OF THE
CHALLENGES ASSOCIATED
WITH ENSURING THAT
COMPLIANCE POLICIES AND
PROCEDURES ARE ADHERED
TO ACROSS MULTIPLE
JURISDICTIONS?
UNITED STATES • DWIGHT SMITH • NELSON MULLINS RILEY & SCARBOROUGH LLP
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 11www.f inancierworldwide.com
jurisdictions. The Volcker Rule requires the divestiture of specific trading
operations and the termination of certain investments. The UK and the
EU look for steps to separate depository institutions from the risks of
nonbanking affiliates but do not necessarily require divestitures, nor
do they have the same limits on investments. In the enforcement area,
an issue in one country is more likely to reverberate with regulators
in another country. US anti-money laundering actions against foreign
banks have, for example, triggered home country reactions – but not
the same reactions as in the US. The result is that an institution should
organise its compliance units in a way that compels integration and
a uniform response when necessary, while at the same time allowing
these units to address regulatory obligations in individual countries.
Dwight Smith
Partner
Nelson Mullins Riley & Scarborough LLP
+1 (202) 545 2885
Dwight Smith is a partner at Nelson Mullins. He focuses his practice on bank regulatory and consumer finance matters. Mr Smith began his banking work during the savings and loan crisis and its resolution during the late 1980s and early 1990s, experience that set the stage for his practice during the recent financial crisis and its aftermath. He has advised on both the institutional and consumer sides of banking. His clients include community, regional and large banks and thrifts across the country and nonbank consumer finance companies.
UNITED STATES • DWIGHT SMITH • NELSON MULLINS RILEY & SCARBOROUGH LLP
“ Often necessary is a chief compliance officer who reports directly to the board and who has both authority to direct compliance activities and accountability for defects.”
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
12 • F INANCIER WORLDWIDE • JULY 2015
Q TO WHAT EXTENT DO
YOU BELIEVE TODAY’S
FINANCIAL INSTITUTIONS
ARE OPERATING IN
AN ENVIRONMENT OF
INCREASING REGULATORY
SCRUTINY AND
ENFORCEMENT ACTIVITY?
www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
CANADANANCY J. CARROLLMCCARTHY TÉTRAULT LLP
CARROLL: Although Canadian financial institutions weathered the 2008 financial
crisis relatively well, and are among the best capitalised financial institutions in
the world, they have faced a significantly changing regulatory environment post-
crisis. The Office of the Superintendent of Financial Institutions (OSFI) has strongly
supported the development of international prudential standards by indicating its
intention to fully implement Basel III well in advance of 2019 and by publishing
increased expectations for corporate governance and risk management. OSFI’s
priorities for 2015 to 2016 are to enhance its supervisory process and to focus on
post-crisis priorities for larger financial institutions, including data aggregation and
risk reporting capabilities. The Financial Consumer Agency of Canada has more than
doubled its number of investigations from 2011 to 2014. The Financial Transactions
and Reports Analysis Centre of Canada (FINTRAC) acquired the authority to impose
administrative penalties in December 2008. Together with OSFI, FINTRAC conducts
rigorous anti-money laundering compliance examinations.
CARROLL: OSFI is implementing post-crisis reforms through new guidelines regarding
capital adequacy requirements and liquidity adequacy requirements for banks,
own risk and solvency assessment and evolving capital requirements for insurers,
and corporate governance and regulatory compliance management for institutions
generally. Canada plans to adopt a bail-in regime for domestic systemically important
banks. Canada is implementing its G-20 commitments for OTC derivatives, with
trade reporting effective in Ontario, Quebec and Manitoba since October 2014.
The Supreme Court’s decision in Marcotte in September 2014 ruled that certain
provisions of provincial consumer protection legislation could apply to federally
regulated banks, resulting in uncertainty regarding the scope of applicable provincial
regulation. Canada intends to adopt a comprehensive federal financial consumer
protection code which would likely dissipate such uncertainty. The ‘Code of Conduct
for the Credit and Debit Card Industry’ was extended in April 2015 to include mobile
payments. The government is consulting with the Canadian payments industry to
determine to what extent the payments system should be reformed.
Q COULD YOU OUTLINE
SOME OF THE BROAD LEGAL
AND REGULATORY CHANGES
AFFECTING THE FINANCIAL
SERVICES SECTOR?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O NA N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 13
Q WHAT ARE THE
IMPLICATIONS OF THESE
RECENT REGULATORY
REQUIREMENTS FOR
FINANCIAL INSTITUTIONS?
8www.f inancierworldwide.com
CARROLL: Recent regulatory and legal changes have resulted in additional
compliance costs and increased compliance focus for all financial institutions, from
domestic systemically important banks to small and mid-sized institutions who seek
to scale OSFI guidelines to their size, complexity and risk profile. Some financial
institutions have expressed concern that growing regulatory demands detract
from their ability to compete and focus on their business. Furthermore, Canadian
financial institutions are operating in an environment of regulatory uncertainty as
they await the details of expected reforms such as the federal financial consumer
code. Regulatory uncertainty and increased compliance costs are occurring at the
same time as a number of unregulated entities have been entering the Canadian
financial services sector, particularly in the payments space. On the other hand,
OSFI’s conservative regulatory approach has likely contributed to Canada’s banking
system being consistently recognised by the World Economic Forum as the soundest
in the world over the past seven years.
CARROLL: Financial institutions are responding proactively. They are engaging
with regulators in public consultations on new regulations, and with other financial
institutions through industry groups, to keep abreast of evolving requirements and
to develop best practices in compliance. Financial institutions are in the business
of assuming and managing risk; they are focused on understanding how regulatory
changes affect their particular businesses with their distinct risk profiles. They are
also looking closely at regulatory compliance risk and strengthening their regulatory
compliance risk management. Furthermore, they are viewing regulatory compliance
as an essential component of their core business, allocating increased financial and
human resources to compliance. A strong internal governance framework is crucial
to regulatory compliance. Financial institutions are taking steps to ensure they have
robust corporate governance with a comprehensive, effective risk management
framework tailored to their business’s risk appetite and strategic and capital plans.
CANADA • NANCY J. CARROLL • MCCARTHY TÉTRAULT LLP
Q IN YOUR EXPERIENCE,
HOW ARE FINANCIAL
INSTITUTIONS RESPONDING
AND ADAPTING TO THESE
REGULATORY CHANGES?
HOW IMPORTANT IS IT
TO ESTABLISH A STRONG
INTERNAL GOVERNANCE
FRAMEWORK TO MAINTAIN
COMPLIANCE?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
Q WHAT POLICY AND
PROCESS CHANGES MIGHT
FINANCIAL INSTITUTIONS
NEED TO IMPLEMENT TO
MAINTAIN COMPLIANCE
WITH NEW REGULATIONS?
14 • F INANCIER WORLDWIDE • JULY 2015 www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
CARROLL: Financial institutions might undertake critical reviews of their corporate
governance, risk management, regulatory compliance management, and capital
and liquidity management policies to assess whether they meet OSFI’s heightened
expectations. Based on their particular size, complexity and risk appetite, institutions
might identify changes required to make their policies more stringent, clear and
effective in practice. Financial institutions might engage in more rigorous testing
of the capabilities of their processes and oversight functions. Employee training on
new regulations and enhanced processes might be required. The goal is to create
widespread understanding of, and support for, risk management and regulatory
compliance throughout the institution. Financial institutions might implement policy
and process changes to position themselves to demonstrate to their regulators that
they have effective policies and processes in place to analyse evolving regulatory
requirements, implement and evaluate their compliance program, and generate
reports to meet evolving regulatory requirements for data aggregation and risk
reporting.
CARROLL: Canadian financial institutions have been complying with federal and
provincial privacy laws for many years, seeing the protection of their customers’
personal information as key to their business success. Federal privacy law was
amended in June 2015 to require the mandatory reporting of privacy breaches – to
be implemented through regulations – with potentially significant fines for non-
compliance. Financial institutions might need to revise their privacy policies to comply.
Cyber security is a top priority for financial institutions, their boards of directors and
regulators, who identify it as a major operational, reputational, financial and systemic
risk. Financial institutions use OSFI’s Cyber Security Self Assessment Guidance to
assess their preparedness and develop effective practices. Some financial institutions
view robust data protection and breach response plans as a competitive advantage,
critical to limiting data loss and operational disruption, and minimising liability to
third parties and regulators – particularly if their plans are regularly updated to
reflect evolving cyber security standards.
CANADA • NANCY J. CARROLL • MCCARTHY TÉTRAULT LLP
Q IN WHAT WAYS ARE DATA
PROTECTION AND PRIVACY
LAWS IMPACTING THE
OPERATIONS OF FINANCIAL
INSTITUTIONS? DOES
MORE NEED TO BE DONE TO
ADDRESS CYBER RISK AND
RELATED LIABILITIES?
“ Imposing uniform policies typically leads to adoption across jurisdictions of the most stringent standards, with the resulting trade-off on costs.”
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 15www.f inancierworldwide.com
Q COULD YOU PROVIDE AN
INSIGHT INTO SOME OF THE
CHALLENGES ASSOCIATED
WITH ENSURING THAT
COMPLIANCE POLICIES AND
PROCEDURES ARE ADHERED
TO ACROSS MULTIPLE
JURISDICTIONS?
CARROLL: It is challenging, complicated and costly to design and ensure adherence
to policies that apply across multiple jurisdictions which often have inconsistent
or contradictory requirements. Although home regulators may require enterprise-
wide policies, one policy may not be suitable for all jurisdictions. Local legal advice
is required to ensure that compliance policies meet each jurisdiction’s standards.
The US Volcker Rule, for example, differs from more globally harmonised prudential
requirements favoured elsewhere. As such, this requires Canadian banks with US
operations to implement unique systems to comply. Imposing uniform policies
typically leads to adoption across jurisdictions of the most stringent standards, with
the resulting trade-off on costs. Certain global policies, such as those dealing with
anti-money laundering or corruption, might need to be tailored to be effective in
jurisdictions with higher perceived risk. It is critical that management and employees
in each jurisdiction receive training on the implementation of enterprise-wide policies
and procedures.
Nancy J. Carroll
Partner, Financial Services Group
McCarthy Tétrault LLP
+1 (416) 601 7733
Nancy J. Carroll is a partner in McCarthy Tétrault LLP’s Financial Services Group and a former member of McCarthy Tétrault’s board. She is a leading lawyer in financial institutions regulation, advising banks and insurance companies on regulatory requirements and compliance, regulatory approvals, corporate governance, regulatory risk management, anti-money laundering, privacy and cyber security. She has extensive transactional experience in representing banks and insurance companies on mergers and acquisitions, and on the establishment in Canada of branch operations for foreign banks and insurance companies. Ms Carroll is the editor of Consolidated Insurance Companies Act of Canada, Regulations and Guidelines, 2015 Edition.
CANADA • NANCY J. CARROLL • MCCARTHY TÉTRAULT LLP
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
16 • F INANCIER WORLDWIDE • JULY 2015
Q TO WHAT EXTENT DO
YOU BELIEVE TODAY’S
FINANCIAL INSTITUTIONS
ARE OPERATING IN
AN ENVIRONMENT OF
INCREASING REGULATORY
SCRUTINY AND
ENFORCEMENT ACTIVITY?
www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
GABRIEL MATARASSOMARVAL O’FARRELL & MAIRAL
ARGENTINA
MATARASSO: Financial institutions in Argentina are certainly operating in
an environment of increasing regulatory scrutiny and enforcement activity.
Current regulations from the Argentine Central Bank, the enforcement
authority overseeing banking operations in Argentina, impose a wide range
of requirements and obligations on financial institutions, and restrict and
regulate many of the main aspects of the banking business. For example,
the Central Bank has recently regulated many of the common sources of
financial institutions’ income. Financial institutions may also be subject to
other regulatory authorities depending on whether they provide certain
complementary services. For example, financial institutions that provide
capital markets services will be subject further to capital markets regulations
which, as per a recent amendment, have granted the enforcement authority,
the National Securities Commission (CNV), wide regulatory and sanctioning
powers. Furthermore, in recent years there has been an increasing level of
regulation in anti-money laundering related matters, which has led to more
extensive ‘Know Your Customer’ checks and more exhaustive reporting of
unusual and suspicious activities.
MATARASSO: The Central Bank has recently regulated many of the common
sources of financial institutions’ income, such as fees and commissions,
granting of loans and interest rates. Some of these new regulations include
specific provisions on admitted and non-admitted charges and expenses as
well as provisions on the presentation, modification and reimbursement of
such. These regulations provide, among others, that charges and fees shall be
based on real and demonstrable costs and be duly justified from a technical
and economic standpoint. No charges and fees may be charged on services
and products if not previously agreed with the client. Also, no fees can be
charged on transactions through human bank tellers or with respect to the
engagement or management of insurance policies, the issuance of bank
statements, the sending of electronic bank statements or the assessment,
Q COULD YOU OUTLINE
SOME OF THE BROAD LEGAL
AND REGULATORY CHANGES
AFFECTING THE FINANCIAL
SERVICES SECTOR?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O NA N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 17 8www.f inancierworldwide.com
ARGENTINA • GABRIEL MATARASSO • MARVAL O’FARRELL & MAIRAL
granting or management of credits. Regulations also require prior authorisation
from the Central Bank to increase fees for ‘basic products or services’. Since
2012, the Central Bank has imposed a temporary regime – which has been
repeatedly extended to date – under which certain financial institutions are
required to allocate, at least, an amount equal to 6.5 percent of the deposits in
Argentine pesos from the non-financial private sector in financings to micro,
small and medium-sized enterprises (MSMEs) at a fixed annual rate of up to
19 percent, which is lower than the annual inflation rate, and with a one year
initial grace period.
MATARASSO: Recent regulations place great pressure on financial institutions
that are faced with extensive regulations which cover all relevant aspects of the
banking business. Also, these types of regulations have an immediate impact
on the operations of financial institutions, since certain matters such as fees
and expenses to be charged, the interest rates to which the financial institution
is willing to lend money and the allocation of financing to the private sector,
now rest with the Central Bank, which has the power to determine maximum
charges, fees and expenses, benchmark interest rates and loan quotas. Similar
powers are also granted to the CNV, which is empowered to set maximum
fees and charges on capital markets transactions.
MATARASSO: Given the extensive set of regulations currently in force,
financial institutions must create internal controls in order to ensure
compliance with all aspect of Central Bank regulations. Although financial
institution usually have a person trained on regulations applicable to particular
departments, most financial institutions have also created a specific department
within their corporate structure devoted to compliance. Furthermore, most
financial institutions have a compliance committee within their board of directors
which is entrusted to supervise and follow up on day-to-day compliance.
Q IN YOUR EXPERIENCE, HOW
ARE FINANCIAL INSTITUTIONS
RESPONDING AND ADAPTING
TO THESE REGULATORY
CHANGES? HOW IMPORTANT
IS IT STABLISH A STRONG
INTERNAL GOVERNANCE
FRAMEWORK TO MAINTAIN
COMPLIANCE?
Q WHAT ARE THE
IMPLICATIONS OF THESE
RECENT REGULATORY
REQUIREMENTS FOR
FINANCIAL INSTITUTIONS?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
18 • F INANCIER WORLDWIDE • JULY 2015 www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
MATARASSO: Extensive regulations impose a great burden on financial
institutions and they must adapt to this highly regulated scenario. Not only are
financial institutions limited in their ‘decision-making process’, they are also
constantly faced with the increasing need to create internal structures and
control processes to ensure compliance with all applicable regulations. Most
financial institutions are on their way to adapting to this scenario and have
adopted several internal measures. Some of these include creating particular
committees focused on compliance, developing a specific department within
the corporate structure with trained professionals in regulatory matters,
and investing a great amount of time in studying regulations and training
professionals in these matters.
MATARASSO: Personal data protection is regulated in Argentina by the
Personal Data Protection Law No. 25,326 (PDPL). Under the PDPL, any existing
public or private database intended to provide information – including
financial institutions’ databases – must be registered with the Argentine
Personal Data Protection Agency, the personal data enforcement authority,
before processing data. Also, the PDPL imposes the need to adopt necessary
technical and organisational measures in order to guarantee the security
and confidentiality of the personal data, protecting it against accidental
or intentional destruction, loss, alteration, or against unauthorised access
or disclosure. Central Bank regulations also address IT related matters and
set forth specific requirements and standards on security and monitoring.
Furthermore, the Financial Entities Law No. 21,526 (FEL) regulates financial
entities’ obligations regarding banking secrecy. The law prohibits financial
entities from disclosing the information provided by their clients and their
borrowing transactions, but not their lending transactions and other financial
services. FEL also requires employees of a financial entity to preserve
the confidentiality of any information that they acquire in the course of
performing their work. The law contemplates certain exceptions to this duty
of confidentiality, such as when the information is requested by judges, the
Central Bank, the taxing authorities and other financial entities, provided that
the conditions established by law are met.
Q IN WHAT WAYS ARE DATA
PROTECTION AND PRIVACY
LAWS IMPACTING THE
OPERATIONS OF FINANCIAL
INSTITUTIONS? DOES
MORE NEED TO BE DONE TO
ADDRESS CYBER RISK AND
RELATED LIABILITIES?
Q WHAT POLICY AND
PROCESS CHANGES MIGHT
FINANCIAL INSTITUTIONS
NEED TO IMPLEMENT TO
MAINTAIN COMPLIANCE
WITH NEW REGULATIONS?
ARGENTINA • GABRIEL MATARASSO • MARVAL O’FARRELL & MAIRAL
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 19www.f inancierworldwide.com
MATARASSO: The coexistence and sometimes the overlapping of current
compliance policies and procedures across multiple jurisdictions create a
highly complex scenario for financial entities. In recent years there have been
several pieces of legislation around the world which are supposed to have
worldwide application. For example, there is FATCA, a US regulation which
is intended to be applied worldwide and which clearly clashes with local
regulations such as data protection regulations and banking secrecy. Financial
institutions, mainly those which are part of multinational corporate groups,
are faced with the challenge of harmonising different compliance regimes so
as to be able to comply with all regulations across different jurisdictions.
Gabriel Matarasso
Partner
Marval O’Farrell & Mairal
+54 11 4310 0100
Gabriel Matarasso joined Marval, O’Farrell & Mairal in 1994 and has been a partner since 1996. His areas of specialisation include corporate, commercial, finance and capital markets, both local and international. Mr Matarasso has also worked on many M&A deals, advising investment banks, financial entities, strategic partners and private equity funds in international transactions. He has also advised banks and companies on different types of transactions, including debt restructurings and restructuring proceedings under Central Bank supervision. Mr Matarasso is a member of the Bar Association of the City of Buenos Aires and the International Bar Association.
Q COULD YOU PROVIDE AN
INSIGHT INTO SOME OF THE
CHALLENGES ASSOCIATED
WITH ENSURING THAT
COMPLIANCE POLICIES AND
PROCEDURES ARE ADHERED
TO ACROSS MULTIPLE
JURISDICTIONS?
ARGENTINA • GABRIEL MATARASSO • MARVAL O’FARRELL & MAIRAL
“Extensive regulations impose a great burden on financial institutions and they must adapt to this highly regulated scenario.”
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
20 • F INANCIER WORLDWIDE • JULY 2015
Q TO WHAT EXTENT DO
YOU BELIEVE TODAY’S
FINANCIAL INSTITUTIONS
ARE OPERATING IN
AN ENVIRONMENT OF
INCREASING REGULATORY
SCRUTINY AND
ENFORCEMENT ACTIVITY?
www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
COLOMBIAANDREA FRADIQUE-MÉNDEZGÓMEZ-PINZÓN ZULETA ABOGADOS S.A.S.
FRADIQUE-MÉNDEZ: There is an increase in regulatory scrutiny and
enforcement activity. The Colombian Financial Superintendency (CFS)
has adopted risk-based supervision with respect to financial institutions
and insurance companies which involves extra situ and in situ supervision
and monitoring. The idea behind this approach is to allow the supervisory
authorities a more comprehensive and preventive supervision which relies, to
a great extent, on information provided by the institutions themselves and the
adoption of internal control policies and procedures. In part due to the fact that
risk-based supervision is still being fully effected, there has not been an increase
in enforcement activity, except with respect to practices implying systemic
risks, including data protection, conflicts of interest, manipulation of capital
markets, mainly in connection with specific scandals involving the liquidation
of Interbolsa, the then largest Colombian stock broker, as well as deposit taking
activities by non-authorised entities.
FRADIQUE-MÉNDEZ: The most relevant regulatory changes relate to
international standardisation and consolidated supervision, financing
facilitation for the Colombian government’s fourth generation infrastructure
program, and financial inclusion.
FRADIQUE-MÉNDEZ: International standardisation involves the continuing
implementation of the Basel III accord and the convergence of Colombian
Banking GAAP to IFRS. In 2012, prudential regulations were modified to
gradually close the gap to Basel III, with the aim of improving the quality of
regulatory capital. Also, very recently, financial institutions have been permitted
to issue hybrid capital instruments. Requirements for establishing capital buffers
have not yet been adopted. With respect to the convergence to IFRS, the first
group of institutions has issued 2015 first quarter IFRS financials in a less-than-
smooth process, which proves that this will be a slow-paced and ever-changing
Q COULD YOU OUTLINE
SOME OF THE BROAD LEGAL
AND REGULATORY CHANGES
AFFECTING THE FINANCIAL
SERVICES SECTOR?
Q WHAT ARE THE
IMPLICATIONS OF THESE
RECENT REGULATORY
REQUIREMENTS FOR
FINANCIAL INSTITUTIONS?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O NA N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 21 8www.f inancierworldwide.com
COLOMBIA • ANDREA FRADIQUE-MÉNDEZ • GÓMEZ-PINZÓN ZULETA ABOGADOS S.A.S.
adaptation. Another leading step from an accounting perspective relates to the
obligation of credit institutions to comply with solvency ratios on a consolidated
basis, including information on financial local and foreign affiliates as a response
to the salient expansion of Colombian financial institutions abroad, and
particularly to Central America. The infrastructure program is an ambitious task
that requires nearly COP$60bn of fresh funds, significantly exceeding the credit
capacity of local financial institutions. Regulatory changes have involved raising
the cap of lending and concentration limits and allowing institutional investors
to participate in investment funds conceived for this type of financing. With
respect to the promotion of financial inclusion, the most aggressive strategy
has revolved around allowing the use of non-financial correspondents by
financial institutions, and most recently, by insurance companies, in remote
regions, which is said to have expanded the ratio of banking inclusiveness to up
to 99 percent. Also, it is expected that additional and easier access to electronic
deposits subject to lighter KYC rules provided by companies specialised in
electronic deposit and payments will help build on this progress.
FRADIQUE-MÉNDEZ: The response of financial institutions to these regulatory
changes has been positive. As an example, adapting to the changes on
international standardisation has required the re-composition of capital and
accounting measures to comply with prudential regulations, software migration
and configuration and modifications of information-providing standards to
supervisors. In particular, convergence to IFRS has proved challenging and has
required combined efforts between financial institutions and the CFS to better
understand IFRS standards and their local application, and the implications of
the accounting changes vis-à-vis compliance with prudential regulations. It is
very important to establish a strong governance framework. The adoption of
strong governance and internal control policies over financial reporting have
gained an essential role to maintain assurance of reliability of information,
determine the specific risk profile of each institution, facilitate and report to the
Q IN YOUR EXPERIENCE,
HOW ARE FINANCIAL
INSTITUTIONS RESPONDING
AND ADAPTING TO THESE
REGULATORY CHANGES?
HOW IMPORTANT IS IT
TO ESTABLISH A STRONG
INTERNAL GOVERNANCE
FRAMEWORK TO MAINTAIN
COMPLIANCE?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
22 • F INANCIER WORLDWIDE • JULY 2015 www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
supervisor the existence of early alerts, manage risks and maintain compliance
with reporting obligations. Furthermore, Bancolombia and Grupo Aval, which
constitute a substantial part of the financial sector, are listed in exchanges in
the United States and have adopted the Internal Control-Integrated Framework
issued by the Committee of Sponsoring Organizations of the Treadway
Commission. In the regulatory pipeline there are initiatives that will require
strengthening internal governance, including more discretion to the CFS to
request, on a case by case basis, additional individual or consolidated capital
over the minimum set forth by prudential rules and the obligation of the board
of directors of financial institutions to provide annual risk profile assessments
to the supervisor.
FRADIQUE-MÉNDEZ: In addition to policy and process changes related to
accounting practices due to the changes referred to above, compliance with
new regulations will require self-regulation policies and self-monitoring
to assure compliance and keeping up with a more discretionary activity by
the supervisor. Said self-regulation and monitoring will need to be extended
globally to consolidated entities.
FRADIQUE-MÉNDEZ: Financial data protection and privacy laws were adopted
in 2008. The most important protections refer to the use of the information,
recordation of documentation, and the need for consent from the owner of the
information, including information originated in other jurisdictions. In 2012,
a new set of regulations were adopted for other sectors but the principles of
restricted access and circulation, technical security and transparency provided
therein apply to financial institutions as well. Although financial institutions
have adapted their practices and operation systems to comply with these
requirements, enforceability of these regulations has been a priority of the
supervisor and certain sanctions have been imposed. More may need to be
done to address concerns resulting from the dynamic expansion of Colombian
financial institutions to other jurisdictions – offshore assets have increased by
267 percent in the past five years – and cyber risks and attacks, which Colombia
has dealt with in other spheres but has not yet permeated the financial sector.
Q IN WHAT WAYS ARE DATA
PROTECTION AND PRIVACY
LAWS IMPACTING THE
OPERATIONS OF FINANCIAL
INSTITUTIONS? DOES
MORE NEED TO BE DONE TO
ADDRESS CYBER RISK AND
RELATED LIABILITIES?
Q WHAT POLICY AND
PROCESS CHANGES MIGHT
FINANCIAL INSTITUTIONS
NEED TO IMPLEMENT TO
MAINTAIN COMPLIANCE
WITH NEW REGULATIONS?
COLOMBIA • ANDREA FRADIQUE-MÉNDEZ • GÓMEZ-PINZÓN ZULETA ABOGADOS S.A.S.
“ More may need to be done to address concerns resulting from the dynamic expansion of Colombian financial institutions to other jurisdictions.”
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 23www.f inancierworldwide.com
Q COULD YOU PROVIDE AN
INSIGHT INTO SOME OF THE
CHALLENGES ASSOCIATED
WITH ENSURING THAT
COMPLIANCE POLICIES AND
PROCEDURES ARE ADHERED
TO ACROSS MULTIPLE
JURISDICTIONS?
FRADIQUE-MÉNDEZ: Ensuring adherence to compliance policies and procedures
across multiple jurisdictions is a task that goes hand in hand with international
standardisation and consolidated monitoring and supervision. The main challenges
include establishing a common ground in terms of standards and conducts, the
sharing of sufficient and periodic information across jurisdictions to maintain
adequate monitoring and flow of information, a clear determination of jurisdictional
competence and comprehensive supervision of financial and non-financial legs of
financial groups, which is an initiative that is currently being evaluated. To facilitate
transnational supervision, the CFS has participated in banking supervisors forums and
conferences and has entered into a number of bilateral and multilateral memoranda
of understanding with other supervisory authorities in jurisdictions of interest
to foster communication, cooperation and exchange of information and deter a
potential appetite for increasing levels of risk in other jurisdictions which could
have a negative impact in Colombia. Further, as part of the Pacific Alliance efforts,
a committee is intended to be formed to identify barriers for the consolidation and
integration of the financial market across Colombia, Mexico, Chile and Peru and
contemplate potential regulatory reforms to facilitate the integration.
Andrea Fradique-Méndez
Senior Associate
Gómez-Pinzón Zuleta Abogados S.A.S.
+571 319 2900 ext. 248
Andrea Fradique-Méndez is a dual admitted attorney in New York and Colombia and a senior member of the banking, finance & capital markets practice of Gómez-Pinzón Zuleta S.A.S. Ms Fradique-Méndez has also been an associate with Skadden, Arps, Slate, Meagher and Flom in New York. She holds an LL.M. from Columbia University, a JD from Universidad Javeriana and a graduate degree from Universidad de los Andes. In addition to her regulatory expertise, Ms Fradique-Méndez has extensive experience in negotiating and structuring complex international banking and project finance transactions and cutting-edge local and international capital market deals.
COLOMBIA • ANDREA FRADIQUE-MÉNDEZ • GÓMEZ-PINZÓN ZULETA ABOGADOS S.A.S.
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
24 • F INANCIER WORLDWIDE • JULY 2015
Q TO WHAT EXTENT DO
YOU BELIEVE TODAY’S
FINANCIAL INSTITUTIONS
ARE OPERATING IN
AN ENVIRONMENT OF
INCREASING REGULATORY
SCRUTINY AND
ENFORCEMENT ACTIVITY?
www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
CAYMAN ISLANDSSIMONE PROCTORSOLOMON HARRIS
PROCTOR: Nothing is singly more important to an offshore financial centre,
such as the Cayman Islands, than its reputation. To protect its soundness,
regulators in Cayman are tasked with maintaining an internationally
acceptable regulatory framework and the correct balance of supervision
and enforcement. It has to be done. It is clear that there has been increased
regulatory enforcement activity in the financial services sector here. This is
also evident in other financial markets as well. One only has to look at the
number of enforcement actions brought, including against chief compliance
officers – without commenting on whether they ought to have been
brought, or whether they were ultimately settled and on what terms – by
the SEC, the FCA and their peers, in the past 12 to 24 months. The numbers
are staggering.
PROCTOR: The Cayman Islands has publicly and formally indicated its
intention to meet established international standards in financial services,
and to cooperate with the exchange of tax information and other measures
which promote transparency in the jurisdiction. Everyone has heard of
FATCA by now. Having passed the relevant implementing local legislation
and built the infrastructure, the Cayman Islands government, through the
Department for International Tax Cooperation, recently launched its portal
for the automatic exchange of information, and the first deadline for the
submission of returns for US FATCA was 26 June. Even before that was out
of the way, the government advisory announcing Cayman’s implementation
of the OECD’s common reporting standards was issued on 16 June. As one
of the early adopters of the measures, the Cayman Islands has committed
to a rigorous implementation timetable. Financial institutions and other
sector participants will be required to have the IT systems in place to meet
the new account opening procedures and due diligence requirements by
1 January 2016. We are also anticipating the start of reporting obligations
under UK FATCA, next year, and preparing for a National Risk Assessment
Q COULD YOU OUTLINE
SOME OF THE BROAD LEGAL
AND REGULATORY CHANGES
AFFECTING THE FINANCIAL
SERVICES SECTOR?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O NA N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 25 8www.f inancierworldwide.com
CAYMAN ISLANDS • SIMONE PROCTOR • SOLOMON HARRIS
based on the FATF 40 Recommendations, especially Recommendation
1, that a country should assess its risk. The latter will most likely lead to
certain tweaks being made in our AML/CFT legislative framework in the
months to follow. A CFATF mutual evaluation is scheduled to take place in
the first quarter of 2017. Concurrently, we are focused on the Alternative
Investment Fund Managers Directive and in particular, on revising the
legal framework and engaging at the right levels to ensure that Cayman
positions itself to benefit from arrangements for third countries, including
‘passporting’ measures.
PROCTOR: One result of all the regulatory changes is increased compliance
and operational costs. It’s the glaring reality. Each one of the leading
financial centres, onshore and offshore, has conducted a post 2009 financial
crisis review. The result feels like an avalanche of regulatory changes and
the need to find a bigger budget to pay for it all. New entrants to the
financial markets have to review their projections and budgets from the
initial application and build phases, all the way through to implementation.
A second notable result is more subtle. It takes the form of three deadly
words: “Our expectation is...” When the regulator says this, no matter how
softly, please make a note. Regulatory expectations have also increased.
PROCTOR: Financial institutions are running a business. While costs may
be increasing and work continues to engage regulators to harmonise
measures to keep the regulatory changes within context and relevant,
non-compliance is not an option. Investors, as a part of their due diligence
process, are examining compliance matters very closely, and financial
institutions are fully aware of this. Financial institutions are constantly
reassessing, and while some may opt, after detailed analysis, to divest
themselves from regulated lines of business, the vast majority embrace
Q IN YOUR EXPERIENCE,
HOW ARE FINANCIAL
INSTITUTIONS RESPONDING
AND ADAPTING TO THESE
REGULATORY CHANGES?
HOW IMPORTANT IS IT TO
ESTABLISH A STRONG
Q WHAT ARE THE
IMPLICATIONS OF THESE
RECENT REGULATORY
REQUIREMENTS FOR
FINANCIAL INSTITUTIONS?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
26 • F INANCIER WORLDWIDE • JULY 2015 www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
the regulatory developments, seek the appropriate advice and carry on. In
Cayman established businesses, we have seen a shift in the composition of
boards and governing bodies, often with the recruitment of independent
directors with regulatory, compliance and risk management backgrounds.
Under Cayman Islands laws and regulations, the responsibility ultimately
lies with the board, or governing body, even where a function is outsourced,
so it is critical that a compliance culture starts from the very top and is kept
at the forefront of the board agenda.
PROCTOR: An investment in compliance systems and software is inevitable.
Manual systems must simply be replaced. There are too many moving parts
to think that a manual system, no matter how well it worked in the past,
will suffice now. Take the example of a global group of companies with a
Cayman holding company that books its treasury through an affiliate which
holds a category B bank licence in the Cayman Islands, has operations in
Mauritius, and offices in London and Argentina. The compliance oversight
function needs to be set up with a global dashboard as well as at a local
level with attendant policies and procedures and advice. The compliance
function continues to be a regulator’s first line of defence against breaches,
so the proper level of seniority and resources is crucial.
PROCTOR: The data protection law is still in draft form in the Cayman
Islands, and when implemented will impose certain obligations and liability
on entities that collect, store, process and transmit personal data. There is,
however, the Confidential Relationships (Preservation) Law (2009 Revision)
which financial institutions are no doubt aware of, and which has been in
place for more than 40 years. This law outlines the framework for keeping
confidential information private. In an environment of increased cyber crime
and cyber attacks, the conversation extends beyond liability for the theft
of personal data, and data breach; financial institutions must also concern
themselves with the financial impact of theft of intellectual property,
proprietary software and the like. This, in turn, leads us back to regulatory
requirements for having adequate systems and risk controls. Cyber crime
Q IN WHAT WAYS ARE DATA
PROTECTION AND PRIVACY
LAWS IMPACTING THE
OPERATIONS OF FINANCIAL
INSTITUTIONS? DOES
MORE NEED TO BE DONE TO
ADDRESS CYBER RISK AND
RELATED LIABILITIES?
Q WHAT POLICY AND
PROCESS CHANGES MIGHT
FINANCIAL INSTITUTIONS
NEED TO IMPLEMENT TO
MAINTAIN COMPLIANCE
WITH NEW REGULATIONS?
INTERNAL GOVERNANCE
FRAMEWORK TO MAINTAIN
COMPLIANCE?
CAYMAN ISLANDS • SIMONE PROCTOR • SOLOMON HARRIS
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 27www.f inancierworldwide.com
is more than just a risk, it is reality. Regulated financial institutions in the
Cayman Islands are required to comply with the statement of guidance
on the use of the internet which includes requirements for IT security.
However, we fully expect to see a more comprehensive regulatory policy or
statement of guidance on cyber security being consulted upon vigorously
and issued by the Monetary Authority in short order.
PROCTOR: Laws and regulations differ across jurisdictions, and procedures
may differ from one regulated activity to the next. The reality is that
financial institutions doing business in the Cayman Islands or elsewhere
must be prepared to meet and comply with the increasing regulatory
obligations. They must also be willing to engage regulators and decision
makers through the various organisations like AIMA, to contribute to the
shape of what ultimately is unveiled. The runway for those determined not
to engage or comply is very short.
Simone Proctor
Senior Associate
Solomon Harris
+1 (345) 949 0488
Simone Proctor is a member of Solomon Harris’ Corporate Department and heads up our Regulatory and Compliance group, having joined the firm as an associate in October 2010. She is an honours graduate in law from the University of the West Indies (Cave Hill Campus), holds an LLM: Banking & Finance from the University of London, QMW, and is a member of the Chartered Institute for Securities & Investments. Admitted to practise as a solicitor of the Law Society of England & Wales in 2003, Ms Proctor is also admitted in the Cayman Islands, New York State Bar 2nd Circuit, and in Guyana.
Q COULD YOU PROVIDE AN
INSIGHT INTO SOME OF THE
CHALLENGES ASSOCIATED
WITH ENSURING THAT
COMPLIANCE POLICIES AND
PROCEDURES ARE ADHERED
TO ACROSS MULTIPLE
JURISDICTIONS?
CAYMAN ISLANDS • SIMONE PROCTOR • SOLOMON HARRIS
“ The compliance function continues to be a regulator’s first line of defence against breaches, so the proper level of seniority and resources is crucial.”
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
28 • F INANCIER WORLDWIDE • JULY 2015
Q TO WHAT EXTENT DO
YOU BELIEVE TODAY’S
FINANCIAL INSTITUTIONS
ARE OPERATING IN
AN ENVIRONMENT OF
INCREASING REGULATORY
SCRUTINY AND
ENFORCEMENT ACTIVITY?
www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
AHERN: Since the financial crisis, there has been a proliferation of regulatory
measures in such volume and at such pace that it has been difficult for the
regulated community to absorb. The regulatory response has been to radically
curb the ability of banks to lend by imposing capital requirements that far
exceed those that were in place prior to the crisis. In addition, Volker, Vickers
and Liikanen have proposed massive structural changes to the way in which
banks are organised so that retail deposits are protected in the event of bank
failure. In the UK, regulatory policy has undergone a fundamental shift from
‘light touch’ to enhanced monitoring and supervision and the regulatory
approach is much more intrusive than in the past.
AHERN: At a global level, we have seen broad ranging proposals from the G20
to the Basel Committee on Banking Supervision proposals for a new bank
capital framework which significantly increases bank capital requirements.
At a European level, these and other reforms have been articulated through
a variety of EU legislative measures, including the Capital Requirements
Regulation, the European Markets Infrastructure Regulation, MiFID II, the
Alternative Investment Fund Managers Directive, new payment services
directive, and the Bank Recovery and Resolution Directive. At a domestic
UK level, we have seen sweeping amendments to the Financial Services
and Markets Act 2000 made by the Financial Services Act 2012 as well as
the enactment of the Banking Act 2009 and the Financial Services (Banking
Reform) Act 2013.
AHERN: The new regulatory requirements will hamper the ability of the
banks and other financial institutions to do business. Firstly, increased capital
requirements on banks and the changes to the qualitative characteristics
of eligible capital instruments mean that the banks had to recapitalise and
the cost of capital has spiralled. This is largely due to the requirement that
JOHN C. AHERNJONES DAY
UNITED KINGDOM
Q COULD YOU OUTLINE
SOME OF THE BROAD LEGAL
AND REGULATORY CHANGES
AFFECTING THE FINANCIAL
SERVICES SECTOR?
Q WHAT ARE THE
IMPLICATIONS OF THESE
RECENT REGULATORY
REQUIREMENTS FOR
FINANCIAL INSTITUTIONS?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O NA N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 29 8www.f inancierworldwide.com
additional Tier 1 capital instruments must have a bail-in or write-down
feature. Clearly, investors in banks will charge a premium for that risk. Secondly,
because of the capital requirements now imposed on banks, lending to the
SME and consumer markets is more difficult – banks will need to see a better
return on capital than before and are disincentivised to post capital against
exposures that are less profitable and of greater risk. Thirdly, when the ring-
fencing provisions of the Banking Reform Act commence, banks will not be
able to fund a variety of activities with retail deposits. Accordingly, their
ability to grow will be somewhat restricted. Fourthly, the consequences of
mandatory clearing of OTC derivatives under EMIR and the proposals under
MiFID for derivatives contracts to be traded on organised venues means
that the cost of trading these instruments has soared – this is primarily due
to the costs of clearing and the quality of collateral required by clearing
houses to engage in the clearing process. There is a further implication arising
from mandatory clearing of OTC derivatives and that is that the risk of the
counterparty in a bilateral trade is replaced with the risk of the clearing house
across all trades.
AHERN: It is difficult for practitioners to keep abreast of the various
consultation papers, discussion papers, orders, regulations and
pronouncements that endlessly flow from the regulatory authorities both
domestic and European. For internal compliance and legal support functions,
the challenge must be exponentially more difficult considering they also
need to help their institutions get on with day to day business. Regulatory
reform has had a single very important theme: accountability of senior
management. In most measures, the ultimate responsibility for compliance
rests with senior management. In that regard the Senior Managers Regime is
designed to improve responsibility and accountability of senior management
in banking businesses.
UNITED KINGDOM • JOHN C. AHERN • JONES DAY
Q IN YOUR EXPERIENCE,
HOW ARE FINANCIAL
INSTITUTIONS RESPONDING
AND ADAPTING TO THESE
REGULATORY CHANGES?
HOW IMPORTANT IS IT
TO ESTABLISH A STRONG
INTERNAL GOVERNANCE
FRAMEWORK TO MAINTAIN
COMPLIANCE?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
Q WHAT POLICY AND
PROCESS CHANGES MIGHT
FINANCIAL INSTITUTIONS
NEED TO IMPLEMENT TO
MAINTAIN COMPLIANCE
WITH NEW REGULATIONS?
30 • F INANCIER WORLDWIDE • JULY 2015 www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
AHERN: While regulatory risk has always been accepted as part and parcel
of being active in the financial services sector, it has moved centre stage
in many ways in the eyes of those managing regulated businesses. Along
with the regulatory emphasis on management accountability, there are new
criminal offences relating to reckless behaviour which precipitates the failure
of a bank. These changes make the communication of information regarding
compliance requirements an imperative at firms. Furthermore, the volume
of material with which financial institutions need to be familiar is such that
there must be smooth and effective processes to ensure that it is dealt with
in a timely and efficient manner. As regards policy changes, what we see in
private practice is a strong reduction in attempts to rationalise behaviours
at the expense of regulatory infraction. Gone are the days when firms will
spend any time trying to rationalise practices or behaviours which intuitively
seem to be inconsistent with the expectations of regulators.
AHERN: As technology develops, so too does the ingenuity and innovation of
those involved in criminal activity. There is so much that data protection and
privacy laws can do. However, ultimately, the sophistication of fraudsters is
a demanding challenge across the industry. In essence, much more needs to
be done to address cyber risk as the costs of cyber fraud continue to escalate
year on year. In part, cyber risk increases as a result of the age of IT systems
operated by some firms. In some cases, IT spend has not been sufficient in
the last number of years to equip firms to manage cyber risk. Cyber risk,
including the risk of card fraud and financial crime, is exacerbated by larger
reliance in recent years on web-based front-end channels that increase the
risk of personal data and consumer funds being compromised. The growing
interconnectedness of firms must be considered too.
Q IN WHAT WAYS ARE DATA
PROTECTION AND PRIVACY
LAWS IMPACTING THE
OPERATIONS OF FINANCIAL
INSTITUTIONS? DOES
MORE NEED TO BE DONE TO
ADDRESS CYBER RISK AND
RELATED LIABILITIES?
UNITED KINGDOM • JOHN C. AHERN • JONES DAY
“ Gone are the days when firms will spend any time trying to rationalise practices or behaviours which intuitively seem to be inconsistent with the expectations of regulators.”
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 31www.f inancierworldwide.com
Q COULD YOU PROVIDE AN
INSIGHT INTO SOME OF THE
CHALLENGES ASSOCIATED
WITH ENSURING THAT
COMPLIANCE POLICIES AND
PROCEDURES ARE ADHERED
TO ACROSS MULTIPLE
JURISDICTIONS?
AHERN: Broadly, where there is a lack of political integration it is difficult to
achieve absolute harmonisation across Member States. Accordingly, it becomes
difficult to avoid having disparate compliance policies and procedures in different
jurisdictions – to do otherwise would probably put a firm at a competitive
disadvantage in certain jurisdictions. Another impediment to harmonised
compliance policies and procedures is the risk associated with going further
than is required by local regulation. In those circumstances, where a particular
procedure is not followed, the firm risks regulatory sanction or criticism, although
the procedure is not required in that particular locality in order to comply with
the relevant regulatory requirements. On the other hand, governance becomes
much more fragmented in the absence of uniform policies and procedures.
Additionally, the uniform approach may enhance brand value and recognition.
In our experience, cultural and political differences across jurisdictions add to
the difficulty raised by differing laws and regulations in developing uniform
compliance procedures. Firms either opt for a one size fits all approach or tackle
each market separately, and develop local compliance procedures everywhere.
John C. Ahern
Partner
Jones Day
+44 (0)20 7039 5176
John Ahern is a leader in UK financial services law and regulation and has extensive experience in the markets of the UK and Europe. He advises on a range of regulatory issues in the wholesale and private banking sector where he has developed considerable knowledge in private practice as in-house counsel at a global investment bank. Mr Ahern advises multilateral trading facilities, broker-dealers and banks on trading, clearing and settlement as well as custody of securities. He has a particular focus on regulatory capital and advises a number of banks on the requirements and implications of the prudential regime.
UNITED KINGDOM • JOHN C. AHERN • JONES DAY
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
32 • F INANCIER WORLDWIDE • JULY 2015
Q TO WHAT EXTENT DO
YOU BELIEVE TODAY’S
FINANCIAL INSTITUTIONS
ARE OPERATING IN
AN ENVIRONMENT OF
INCREASING REGULATORY
SCRUTINY AND
ENFORCEMENT ACTIVITY?
www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
ANDREW BATESDILLON EUSTACE
IRELAND
BATES: Like their international counterparts, regulated entities in Ireland are
subject to an ever increasing level of regulatory scrutiny as well as enforcement
activity. This is evident from the practical application of the Irish Central Bank’s
probability risk and impact system, or PRISM – the risk-based framework for
supervision of regulated entities, which it uses to determine which entities to
focus mostly closely on and how frequently. It is also evident in regular Central
Bank themed inspections, through regulatory questionnaires and also from the
attitude of regulators in dealing with those they regulate. We are finding across
all regulated industry sectors that there is a constant and deep questioning and
challenging by regulators of what is being done, why it is being done and how
it is being done.
BATES: Legal and regulatory changes come in many guises. At one level they
are driven by EU and broader international bodies. On top of that we have
regulatory changes due to new interpretations or opinions from European
supervisors such as ESMA, or the assumption of roles by such supervisors, such
as the single supervisory mechanism for banks via the EBA. We also have new
domestic legislation dealing with wider enforcement and supervisory powers,
whistleblowing and protected disclosures legislation, client money and asset
regulations, a complete overhaul of guidance in areas such as Solvency II, as
well as delegate oversight and other governance proposals. One can see why
compliance officers are in high demand.
Q COULD YOU OUTLINE
SOME OF THE BROAD LEGAL
AND REGULATORY CHANGES
AFFECTING THE FINANCIAL
SERVICES SECTOR?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O NA N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 33
Q WHAT ARE THE
IMPLICATIONS OF THESE
RECENT REGULATORY
REQUIREMENTS FOR
FINANCIAL INSTITUTIONS?
8www.f inancierworldwide.com
IRELAND • ANDREW BATES • DILLON EUSTACE
BATES: Probably the greatest implication for the financial services industry is
that the cost of entry has become pretty high. Given the capital requirements
imposed on operating businesses, given the significant compliance burden
as well as what remains a somewhat fractured international regulatory
environment, only those with significant resources can survive. Regulatory
fatigue is often mentioned and simply listing off the regulatory and legislative
initiatives demonstrates what regulated entities face. Changes feed through
into many areas including, for example, governance structures, client facing
documentation, contractual arrangements, remuneration arrangements, and
so on. That the process seems unending is an issue. It may not be possible to
wait until the next development to amend documentation to deal with today’s
issue. Therefore, some groups end up amending their documentation today
and then carrying out a further overhaul in, for example, six months’ time to
address the next development, resulting in significant additional costs. Those
costs often end up at the door of the investor or customer.
BATES: Generally we are seeing a good response from financial institutions
to the regulatory environment. It has taken time, as much effort was put into
place by organisations in developing policies and procedures which would work
not only at individual operating company level but also are consistent with
group level and cross-business policies. They have also realised that having
complete policies and procedures is just one part of the equation. They have to
implement the policies and procedures and also test them periodically to see if
they are fit for purpose. This can raise concerns where regulators do not seem
willing to accept that, when one tests policies and procedures, the result can
be that they are not sufficient. If reporting such deficiencies – and remediation
plans – to one’s regulator can lead to a sanction process being initiated, that
can remove an incentive to test. Regulators may need to rethink their approach
so that there is a positive benefit, not a disincentive, to test active systems,
Q IN YOUR EXPERIENCE,
HOW ARE FINANCIAL
INSTITUTIONS RESPONDING
AND ADAPTING TO THESE
REGULATORY CHANGES?
HOW IMPORTANT IS IT
TO ESTABLISH A STRONG
INTERNAL GOVERNANCE
FRAMEWORK TO MAINTAIN
COMPLIANCE?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
34 • F INANCIER WORLDWIDE • JULY 2015 www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
policies and procedures. From a governance perspective, boards of regulated
entities are becoming more sophisticated in what they are looking for and
at. Some boards initially felt swamped by new policies and procedures and
presentations on the volume of regulatory changes, but over time have been
able to move past the policy and procedures stage and organise themselves to
focus on how, from a business perspective, those policies and procedures are
applied as well as looking at areas where there may be gaps, but which are just
as important to the overall regulatory and compliance environment.
BATES: This changes very quickly and can sometimes be dependent on the
regulatory flavour of the month. Cyber security seems to be a current focus
and AML/CTF is a constant one. Other areas institutions need to focus on
might include capital adequacy controls and calculation processes, product
approval processes and oversight of distribution channels, product suitability,
and remuneration.
BATES: At one level, we see the impact of data protection laws – over and
above the normal day-to-day application – where domestic financial services
groups have been taken over by larger international groups and where data
processing is centralised in a jurisdiction outside the EU, where information
obtained for one purpose is sought to be used for a different purpose without
prior authority and cases involving accidental data loss. Perhaps more relevantly,
cyber security risk has become an ever increasing issue for regulated entities.
We have seen several recent attempts to defraud fund vehicles and life insurers
through hacking of investors’ email accounts and submission of fraudulent
redemption and surrender requests. We have also seen fraudsters creating quite
sophisticated fraudulent websites using publicly available data and logos of
legitimate financial services product producers resulting in innocent investors
being defrauded of sizeable sums. A more coordinated approach between law
enforcement agencies and regulators is required as it is often very difficult
for individual regulated entities to pursue fraudsters across multiple borders
trying to trace money as it moves in and out of different bank accounts almost
instantaneously.
Q IN WHAT WAYS ARE DATA
PROTECTION AND PRIVACY
LAWS IMPACTING THE
OPERATIONS OF FINANCIAL
INSTITUTIONS? DOES
MORE NEED TO BE DONE TO
ADDRESS CYBER RISK AND
RELATED LIABILITIES?
Q WHAT POLICY AND
PROCESS CHANGES MIGHT
FINANCIAL INSTITUTIONS
NEED TO IMPLEMENT TO
MAINTAIN COMPLIANCE
WITH NEW REGULATIONS?
IRELAND • ANDREW BATES • DILLON EUSTACE
“We have seen several recent attempts to defraud fund vehicles and life insurers through hacking of investors’ email accounts and submission of fraudulent redemption and surrender requests. ”
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 35www.f inancierworldwide.com
Q COULD YOU PROVIDE AN
INSIGHT INTO SOME OF THE
CHALLENGES ASSOCIATED
WITH ENSURING THAT
COMPLIANCE POLICIES AND
PROCEDURES ARE ADHERED
TO ACROSS MULTIPLE
JURISDICTIONS?
BATES: In a recent example, many European jurisdictions did not require financial
institutions to carry out politically exposed person (PEP) checking on their own
nationals. This did not always sit well with cross-border business. For example, if
an Irish financial institution was selling products into another EU jurisdiction via
a bank network in that jurisdiction, the bank network in that other jurisdiction
did not carry out PEP checking itself for its own customers. However, the Irish
entity, because it was now selling cross-border, had to establish whether its
customers in that other jurisdiction were PEPs. That required the foreign bank
to put in place a PEP checking framework that it did not have for its domestic
business and required significant new expenditure to ensure compliance. There
is also the element of frustration at the absence of a combined approach
between, for example, North American regulators and European regulators,
with the end result being that groups managing assets on both sides of the
Atlantic often end up with mismatching obligations and multiplied effort. This
all simply increases cost, effort, compliance and exposures, and can be difficult
to justify. Annex IV and Form PF reporting is an example.
Andrew Bates
Partner and Head of Financial Services
Dillon Eustace
+353 (0)1 673 1704
Andrew Bates is a partner and Head of Financial Services at Dillon Eustace, a law firm with principal offices in Dublin and Cayman. Mr Bates works mainly in the area of asset management and investment funds, insurance regulation and regulatory affairs. He advises clients on formation and establishment issues and on the ever changing regulatory landscape as well as representing clients dealing with regulatory investigations and in administrative sanctions proceedings. He is a former Council member of the Irish Funds Industry Association (IFIA) and is a current member of a number of IFIA working groups.
IRELAND • ANDREW BATES • DILLON EUSTACE
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
36 • F INANCIER WORLDWIDE • JULY 2015
Q TO WHAT EXTENT DO
YOU BELIEVE TODAY’S
FINANCIAL INSTITUTIONS
ARE OPERATING IN
AN ENVIRONMENT OF
INCREASING REGULATORY
SCRUTINY AND
ENFORCEMENT ACTIVITY?
www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
DONNER: In response to the financial crisis, the European Commission pursued
a number of initiatives to create a safer and sounder financial sector for the
single market. These initiatives – the so-called Single Rulebook , which include
stronger prudential requirements for banks, improved depositor protection and
rules for managing failing banks – affect all financial players in EU Member States.
Therefore, today’s financial services institutions, meaning credit institutions
and investment services providers, are facing increasing supervisory activity on
a national and European level. With regard to the European Banking Union, for
instance, systemically relevant banks will be subject to closer supervision and
misconduct will be avenged more forcefully. In addition, national legislators
seek to improve a properly functioning banking and financial services system
to promote the performance potential of a country’s economy.
DONNER: A milestone in the integration of the European financial markets
has been conferring specific supervisory tasks on the European Central Bank
(ECB). Another component of the Single Rulebook is the directive establishing
a harmonised framework for the recovery and resolution of credit institutions
and investment firms which was adopted by the Member States by the end of
2014. The German Banking Act (KWG) already provided for certain instruments
for the recovery and resolution of credit institutions. With the implementation
of the Act, the resolution authority now has the right to require shareholders
and creditors of the failing institution to participate in the loss absorbency. The
directive is supplemented by the SRM regulation ensuring effective resolution
decisions for failing banks within the EU, including on the use of funding raised
at EU level. New regulations for distribution and trading financial instruments
have been introduced by the new Markets in Financial Instruments Directive
(MiFID II) and the supplementary Markets in Financial Instruments Regulation
(MiFIR). The key objectives of these regulations include investor protection,
market transparency, market infrastructure, and governance and supervisory
provisions. With regard to effective risk data aggregation and risk reporting,
GERMANYDR KIRSTEN DONNERKIRKLAND & ELLIS INTERNATIONAL LLP
Q COULD YOU OUTLINE
SOME OF THE BROAD LEGAL
AND REGULATORY CHANGES
AFFECTING THE FINANCIAL
SERVICES SECTOR?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O NA N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 37 8www.f inancierworldwide.com
the principles published by the Basel Committee on Banking Supervision
(BCBS 239), in Germany to be incorporated in the Minimum Requirements
for Risk Management (MaRisk), and the guidelines for common procedures
and methodologies for the Supervisory Review and Evaluation Process (SREP)
published by the European Banking Authority, will play an important role.
DONNER: Financial institutions will see a dramatic rise in costs required to
ensure compliance with new regulatory requirements. These costs will not only
arise in connection with bank levies, they will also arise due to higher personnel
requirements, IT costs to support the broad management of financial risks and
adjustments in the organisational structure of financial institutions. Directors,
shareholders and creditors of financial institutions will, in the future, not be
able to rely on states and taxpayers as lenders of last resort.
DONNER: Proactive financial institutions will try to participate in and influence
the legislative procedure as early as possible. They will also be able to prepare
for the implementation of new regulatory requirements at the same time. Most
financial institutions get early advice on the possible implications and main
differences to present requirements. Others just ignore the developments and
struggle with the implementation in the remaining short time. It is extremely
important to have a strong governance structure to anticipate new regulatory
requirements. In Germany, this is already required by the MaRisk.
DONNER: In a fast changing regulatory environment, financial institutions
need to implement effective compliance processes to detect future regulatory
requirements at an early stage. In Germany, this is ensured by the compliance
process of the MaRisk. The German Regulator has adjusted the MaRisk with
regard to new requirements under the CRD IV package two years before CRD
GERMANY • DR KIRSTEN DONNER • KIRKLAND & ELLIS INTERNATIONAL LLP
Q IN YOUR EXPERIENCE, HOW
ARE FINANCIAL INSTITUTIONS
RESPONDING AND ADAPTING
TO THESE REGULATORY
CHANGES? HOW IMPORTANT
IS IT TO ESTABLISH A STRONG
INTERNAL GOVERNANCE
FRAMEWORK TO MAINTAIN
COMPLIANCE?
Q WHAT ARE THE
IMPLICATIONS OF THESE
RECENT REGULATORY
REQUIREMENTS FOR
FINANCIAL INSTITUTIONS?
Q WHAT POLICY AND
PROCESS CHANGES MIGHT
FINANCIAL INSTITUTIONS
NEED TO IMPLEMENT TO
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
38 • F INANCIER WORLDWIDE • JULY 2015 www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
IV came into force. To implement MiFID II and MiFIR, various interfaces need to
be identified and analysed. This applies, for instance, to the interaction of the
OTC derivatives trading and clearing between EMIR and MiFIR, or the varying
prerequisites for the product design and sale of different financial instruments.
The required implementation measures relate to the entire business model
– strategy, structural and process organisation, processes and systems. Those
that do not face the new challenges early on risk falling behind competitors
and losing possible efficiency and cost benefits, and will be exposed to
consequences from the supervisory authorities and liability and reputation
risks. BCBS 239 requires the aggregation of risk data by system-relevant
credit institutions and entails a great deal of effort as it requires a group-
wide analysis. As a consequence, banks will need to adjust their IT architecture
and bank controlling infrastructure, data quality management and governance
framework.
DONNER: The importance of information and communications technology
for credit institutions has grown substantially over the past two decades.
Banking processes from retail transactions to market operations have been
transformed by technology and continue to evolve. The economic effects
of cyber attacks can reach far beyond simply the loss of financial assets or
intellectual property. The KWG notes that institutions must have adequate
technical and organisational resources in place, as well as an adequate
contingency plan, particularly for their IT systems. In accordance with the KWG
and the MaRisk, institutions must ensure that their IT systems and processes
secure the integrity, availability, authenticity and confidentiality of data. BaFin
has announced expectations of banking supervision with regard to such IT
security. Defending and countering cyber attacks, while keeping up to date
with evolving regulations and policy, is a complex challenge. However, existing
laws in Germany still ensure flexibility for credit institutions with regard to
their specific risk situation. Breach of data protection and privacy laws is a key
risk for financial institutions, and therefore a special focus of interest for the
ECB. Specifically, the Commission proposal for a European Union Network and
Information Security Directive (NIS) sets out mandatory data breach reporting
regulations for the financial sector.
MAINTAIN COMPLIANCE
WITH NEW REGULATIONS?
Q IN WHAT WAYS ARE DATA
PROTECTION AND PRIVACY
LAWS IMPACTING THE
OPERATIONS OF FINANCIAL
INSTITUTIONS? DOES
MORE NEED TO BE DONE TO
ADDRESS CYBER RISK AND
RELATED LIABILITIES?
GERMANY • DR KIRSTEN DONNER • KIRKLAND & ELLIS INTERNATIONAL LLP
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 39www.f inancierworldwide.com
Q COULD YOU PROVIDE AN
INSIGHT INTO SOME OF THE
CHALLENGES ASSOCIATED
WITH ENSURING THAT
COMPLIANCE POLICIES AND
PROCEDURES ARE ADHERED
TO ACROSS MULTIPLE
JURISDICTIONS?
DONNER: The world of financial institutions is a globalised one, with
institutions having a presence in many countries throughout the world.
Advantages for businesses in being able to access international markets are
countervailed by significant difficulties. In particular, multinationals are faced
with having to comply with myriad laws – those of every country in which
they have an established presence. Although there may be common threads
between the laws of different countries, especially in the EU, there are almost
invariably differences which banks must take into account when running their
operations at local level. Where these differences are substantial, the operation
of a global organisation can be immensely difficult, particularly where group-
wide strategies are implemented which may be legal in some jurisdictions
but illegal in others. Therefore, financial institutions must adequately identify,
manage and monitor global requirements.
Dr Kirsten Donner
Lawyer
Kirkland & Ellis International LLP
+49 (89) 2030 6185
Dr Kirsten Donner is a lawyer at Kirkland & Ellis International LLP, a law firm that she has joined in 2014; she’s a member of the firm’s Munich finance team. She advises national and international clients on national and cross-border acquisition finance transactions and German banking supervisory law. She is an author in one of the standard commentaries on the German Banking Act and has wider experience in advising national and international financial institutions on compliance related matters. She has worked in recent years for another major international law firm.
GERMANY • DR KIRSTEN DONNER • KIRKLAND & ELLIS INTERNATIONAL LLP
“ Breach of data protection and privacy laws is a key risk for financial institutions, and therefore a special focus of interest for the ECB.”
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
40 • F INANCIER WORLDWIDE • JULY 2015
Q TO WHAT EXTENT DO
YOU BELIEVE TODAY’S
FINANCIAL INSTITUTIONS
ARE OPERATING IN
AN ENVIRONMENT OF
INCREASING REGULATORY
SCRUTINY AND
ENFORCEMENT ACTIVITY?
www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
NETHERLANDSPAUL ROTHWELLDELOITTE
ROTHWELL: Due to recent global macro-economic events, as well as
local issues and scandals, the solid reputation of the financial system in
the Netherlands has taken a blow. As a reaction, European and national
authorities are becoming more and more demanding and continue
to define new requirements with a prudential – e.g. leverage ratio
– and behavioural – e.g. customer due diligence – impact. Since the
Netherlands operates within a European context, the government is
continuously balancing local and European requirements. In many cases
the local legislation is more strict – e.g. banking bonus – impacting the
level playing field.
ROTHWELL: Supervision is becoming more binary and rule-based,
fuelled by the ongoing developments in technology and big data.
Banks, in particular their finance and risk functions, are currently leading
the pack when it comes to implementing demanding requirements
on internal operations. These requirements are partly related to the
disclosure of granular data on a timely basis for regulatory purposes,
such as analytical credit data. The requirements also contain principles,
under BCBS #239, regarding how banks have organised their data and
information environment and how it is used by senior management for
decision making.
ROTHWELL: The regulatory changes are affecting the sector in a number
of ways. Firstly, supervision is strongly data-driven and data is requested
at the most granular, transactional level. This impacts the way in which
financial institutions collect, store and disclose data. Conceptually
speaking, the distance between supervisors and the industry is
Q COULD YOU OUTLINE
SOME OF THE BROAD LEGAL
AND REGULATORY CHANGES
AFFECTING THE FINANCIAL
SERVICES SECTOR?
Q WHAT ARE THE
IMPLICATIONS OF THESE
RECENT REGULATORY
REQUIREMENTS FOR
FINANCIAL INSTITUTIONS?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O NA N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 41 8www.f inancierworldwide.com
NETHERLANDS • PAUL ROTHWELL • DELOITTE
diminishing since supervisors – the ECB In particular – have access to
large amounts of source data that can be used for analytics purposes.
The ECB is able to compare data across banks, sectors and countries,
identifying unique insights that can be used to challenge the outcomes
of the risk models and the management decisions of the banks. Because
of this, the added value of bank-specific internal risk models is currently
up for debate since the analytical power of one financial institution can
never compete against the vast amount of data and power represented
by the risk models of the supervisor. However, local exceptions still
need to be considered. The lines between regulatory and commercial
data are blurring, and financial institutions are struggling to develop a
common language that unifies the functional silos so that a consistent
message is communicated to all stakeholders.
ROTHWELL: Even though the regulations are becoming more rule-
based, there is still a lot room for interpretation. Banks, for example,
are learning to define what ‘good’ operations look like within their
own context. Financial institutions are being faced with the fact that
they have a lot of legacy that should have been cleared up a long time
ago. Back to the banks, they also have to deal with a new supervisor
that has less regard for local issues and characteristics. Historically,
financial institutions have been organised in silo-functions that are not
aligned. However, new regulations and laws require a holistic view of
the organisation, if the essence of the requirements is to be adopted.
It would be very inefficient, incomplete and rather short-term to
treat new regulations in isolation. In short, an integrated approach is
fundamental to the success and financial institutions are inexperienced
in this area.
Q IN YOUR EXPERIENCE,
HOW ARE FINANCIAL
INSTITUTIONS RESPONDING
AND ADAPTING TO THESE
REGULATORY CHANGES?
HOW IMPORTANT IS IT
TO ESTABLISH A STRONG
INTERNAL GOVERNANCE
FRAMEWORK TO MAINTAIN
COMPLIANCE?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
42 • F INANCIER WORLDWIDE • JULY 2015 www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
ROTHWELL: We believe that if financial institutions are to adequately
respond to these changes, they need to implement an integrated view
of the relationship between policies, guidelines, processes, risks and
controls on the one hand, and information, data, rules and IT system
infrastructure on the other. Processes need to be re-implemented in
order to respond swiftly and effectively to ad hoc occurrences. In this
new data-driven reality, the IT department plays a critical role in
complying with the new regulations. Financial institutions need to
develop an information policy that defines essential information
concepts in understandable business terms so that the non-IT
functions can take ownership and act as an adequate challenger to the
IT department.
ROTHWELL: Leveraging the large investments needed to comply
with the new regulations, financial institutions are investigating
ways to commercially use the large amount of data that is available.
There are many uses of advanced analytics that can even lead to new
business models. In fact, one major bank in the Netherlands openly
pitched this idea, which led to a storm of criticism from both the
local privacy regulator as well as the general public. We expect to hear
more of these initiatives as financial institutions learn more about
the boundaries of commercially using customer data while avoiding
such uproar. Moving forward, not only will there be implications from
the Network and Information Security (NIS) Directive, but the Dutch
regulator is also preparing disclosure requirements of security and
privacy related incidents to a central authority. For banks, as part of the
Single Supervisory Mechanism, the ECB has identified cyber crime risk
as a strategic issue, and is actively measuring the industry’s ability to
identify, protect, detect, respond and recover from cyber crime.
Q IN WHAT WAYS ARE DATA
PROTECTION AND PRIVACY
LAWS IMPACTING THE
OPERATIONS OF FINANCIAL
INSTITUTIONS? DOES
MORE NEED TO BE DONE TO
ADDRESS CYBER RISK AND
RELATED LIABILITIES?
NETHERLANDS • PAUL ROTHWELL • DELOITTE
Q WHAT POLICY AND
PROCESS CHANGES MIGHT
FINANCIAL INSTITUTIONS
NEED TO IMPLEMENT TO
MAINTAIN COMPLIANCE
WITH NEW REGULATIONS?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 43www.f inancierworldwide.com
Q COULD YOU PROVIDE AN
INSIGHT INTO SOME OF THE
CHALLENGES ASSOCIATED
WITH ENSURING THAT
COMPLIANCE POLICIES AND
PROCEDURES ARE ADHERED
TO ACROSS MULTIPLE
JURISDICTIONS?
ROTHWELL: Banks that look beyond the compliance aspect of these
regulations, and focus on the strategic impact, will have a greater
chance of successfully achieving compliance as well as other benefits.
Measures in this regard include, for example, taking a holistic view of
policies, processes, risks, data and systems, and adopting an integrated
approach across all relevant functions within financial institutions,
when changing the information environment. Another measure is
the creation on a non-technical information policy. Other measures,
include the establishment of a chief data officer function, a data quality
monitoring team and implementation of an organisation-wide data
governance framework. The more integrated the approach, the greater
the commitment of business units and local entities to support the
measures. And for both financial institutions that are struggling to keep
their heads afloat, as well as those that are seeking to leap ahead of the
pack, that should be worth doing.
NETHERLANDS • PAUL ROTHWELL • DELOITTE
Paul Rothwell
Director
Deloitte
+31 (0) 88 288 3916
Paul Rothwell is a director within Deloitte’s Risk Advisory practice. He leads the Strategic Analytics & Reporting service line, which focuses on supporting financial institutions in responding to their regulatory reporting requirements. He has more than 17 years of experience working at many financial institutions in Europe on the intersection point of finance, risk and IT. He has written multiple articles on finance transformation, finance and risk alignment, and data-driven reporting. He has a masters in Business Economics and participated in INSEAD’s International Banking master programme.
“ Banks that look beyond the compliance aspect of these regulations, and focus on the strategic impact, will have a greater chance of successfully achieving compliance as well as other benefits.”
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
44 • F INANCIER WORLDWIDE • JULY 2015
Q TO WHAT EXTENT DO
YOU BELIEVE TODAY’S
FINANCIAL INSTITUTIONS
ARE OPERATING IN
AN ENVIRONMENT OF
INCREASING REGULATORY
SCRUTINY AND
ENFORCEMENT ACTIVITY?
www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
PORTUGALPEDRO FERREIRA MALAQUIASURÍA MENÉNDEZ-PROENÇA DE CARVALHO
FERREIRA MALAQUIAS: The reinforcement of the regulatory framework
applicable to banks in recent years and, in the case of Portugal, the
Bank of Portugal’s application of an unprecedented resolution measure
under an untested European resolution regime to one of its major
banks in August 2014, were accompanied by, and led to, an increase in
supervisory and enforcement activities. Prudential banking supervision
and conduct supervision have become more intrusive and focused
on risk. An analysis that was mostly static is now complemented
by a cross-cutting analysis on the basis of institutions presenting
funding and capital plans, as well as stress-test exercises. Permanent
onsite inspections have also become normal practice. The number of
administrative proceedings initiated and proceedings settled has also
risen considerably in recent years. The implementation of the new
banking union – including the single supervisory mechanism, the single
resolution mechanisms and the new European regulatory authorities
– has also contributed to the increased regulatory scrutiny. We strongly
believe that on a European and domestic level, regulatory scrutiny and
enforcement will be ever more demanding in the coming years.
FERREIRA MALAQUIAS: Broadly speaking, changes affecting the
Portuguese financial services sector can be broken down into three
main areas – financial requirements, corporate governance provisions
and the move towards the European Banking Union. Financial
institutions are required to comply with unprecedented capital and
liquidity requirements, and institutions’ balance sheets are subject
to stricter rules on assets and leverage ratios. Regulation has also
been moving further into the internal structure of credit institutions
and investment firms, establishing internal mechanisms to promote
compliance, prudent risk management and client oriented performance
Q COULD YOU OUTLINE
SOME OF THE BROAD LEGAL
AND REGULATORY CHANGES
AFFECTING THE FINANCIAL
SERVICES SECTOR?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O NA N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 45 8www.f inancierworldwide.com
PORTUGAL • PEDRO FERREIRA MALAQUIAS • URÍA MENÉNDEZ-PROENÇA DE CARVALHO
in line with the EBA guidelines on internal governance. The Banking
Union, and the single supervisory mechanism and the single resolution
mechanism, will require institutions to comply with further reporting
and the implementation of plans to allow for early problem-tackling
and banks’ orderly management in case of default.
FERREIRA MALAQUIAS: Recent regulatory reforms have increased
pressure on banking structures and the costs of doing business, on the
constraints of balance sheet composition, business activities and on
the legal and operational structure and interference in banks’ business
models and strategy. The combined impact of all these changes is still
unclear. Banks continue to deal with the complexity of keeping track of,
and adjusting to, the volume of measures and the interactions between
them. In some cases, the capacity of banks to absorb and implement
these measures, often within constricted deadlines, is uncertain.
FERREIRA MALAQUIAS: Notwithstanding the pace of change and the
complexity of recent regulation, Portuguese banks have been responding
in an active and positive manner to reform. On the downside, pressure
on the Portuguese banking system to quickly adapt key areas to its
business model, such as the composition of balance sheets, has led to
steep implementation costs which can ultimately lead to increased costs
for consumers. Portuguese financial institutions recognise the need for
a strong internal governance framework, and have been implementing
this through the reorganisation and empowering of compliance and
risk management structures. Additionally, the main Portuguese banks
have been drafting a new code of ethics and conduct in line with the
challenges of today’s financial system.
Q IN YOUR EXPERIENCE,
HOW ARE FINANCIAL
INSTITUTIONS RESPONDING
AND ADAPTING TO THESE
REGULATORY CHANGES?
HOW IMPORTANT IS IT
TO ESTABLISH A STRONG
INTERNAL GOVERNANCE
FRAMEWORK TO MAINTAIN
COMPLIANCE?
Q WHAT ARE THE
IMPLICATIONS OF THESE
RECENT REGULATORY
REQUIREMENTS FOR
FINANCIAL INSTITUTIONS?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
Q WHAT POLICY AND
PROCESS CHANGES MIGHT
FINANCIAL INSTITUTIONS
NEED TO IMPLEMENT TO
MAINTAIN COMPLIANCE
WITH NEW REGULATIONS?
46 • F INANCIER WORLDWIDE • JULY 2015 www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
FERREIRA MALAQUIAS: In light of the new regulatory requirements,
financial institutions must focus on maintaining or achieving a
sustainable business model which complies with increasingly strict
capital and liquidity requirements, enforces sound corporate governance
policies and also adapts to the impact of implementing the single
supervisory mechanism. Among the changes financial institutions
are being forced to implement, we should highlight the adaptation of
remuneration policies in accordance with soundness, risk management
and transparency principles, as well as efforts to comply with assets
and leverage ratios. Moreover, financial institutions must keep pace
with growing regulatory concerns on Know Your Customer matters,
resulting in significant updates on anti-money laundering policies.
FERREIRA MALAQUIAS: In recent years in the financial sector, the
growth of electronic communication services, the recent technological
developments in the cloud computing area, the transfer and processing
of Big Data between countries and subsequent outsourcing activities
for these purposes has created a good level of awareness of the
confidentiality, integrity and availability of the personal information
they have access to in the course of business. Nevertheless, despite
the Data Protection Authority’s effort to address concerns related
to the security of data, Portugal has an overall low degree of cyber
risk prevention. Portuguese financial institutions recognise the need
for better enforcement of privacy laws and in this regard they have
been voluntarily developing internal methods on how to establish and
implement security measures, how to remediate vulnerabilities and
deviations and provide reporting mechanisms to prove compliance
with privacy laws.
Q IN WHAT WAYS ARE DATA
PROTECTION AND PRIVACY
LAWS IMPACTING THE
OPERATIONS OF FINANCIAL
INSTITUTIONS? DOES
MORE NEED TO BE DONE TO
ADDRESS CYBER RISK AND
RELATED LIABILITIES?
PORTUGAL • PEDRO FERREIRA MALAQUIAS • URÍA MENÉNDEZ-PROENÇA DE CARVALHO
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 47www.f inancierworldwide.com
Q COULD YOU PROVIDE AN
INSIGHT INTO SOME OF THE
CHALLENGES ASSOCIATED
WITH ENSURING THAT
COMPLIANCE POLICIES AND
PROCEDURES ARE ADHERED
TO ACROSS MULTIPLE
JURISDICTIONS?
FERREIRA MALAQUIAS: Europe and the US have been setting the
pace for regulatory reform, making the role of compliance policies and
procedures increasingly important. This new landscape is not always
easily grasped by subsidiaries or branches operating in regulatory
environments of low density. This cultural problem is one of the key
challenges across jurisdictions, alongside the difficulty in recruiting
the right people in markets where demand for qualified staff is higher.
Nevertheless, we are increasingly seeing banks directing their focus to
these issues. The reputational damage associated with investigations
and penalties may take its toll on a bank, even where the acts under
suspicion were carried out by just a few, far from the head office.
PORTUGAL • PEDRO FERREIRA MALAQUIAS • URÍA MENÉNDEZ-PROENÇA DE CARVALHO
Pedro Ferreira Malaquias
Partner
Uría Menéndez-Proença de Carvalho
+351 210 308 661
Pedro Ferreira Malaquias has, since 2004, been a partner of Uría Menéndez-Proença de Carvalho, based in the Lisbon office. Previously, Mr Ferreira Malaquias worked in the Competition Directorate General of the EC (1986-1988), and in the legal department of Banco Português do Atlântico, S.A. He headed the legal department of BCP Investimento between 1995 and 2001. Since 1998, Mr Ferreira Malaquias has been a legal consultant to the Portuguese Banking Association, and a member of the Legal and Retail Committees of the European Banking Federation. He heads the Finance Department and is responsible for the banking and insurance areas.
“ Financial institutions must keep pace with growing regulatory concerns on Know Your Customer matters, resulting in significant updates on anti-money laundering policies.”
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
48 • F INANCIER WORLDWIDE • JULY 2015
Q TO WHAT EXTENT DO
YOU BELIEVE TODAY’S
FINANCIAL INSTITUTIONS
ARE OPERATING IN
AN ENVIRONMENT OF
INCREASING REGULATORY
SCRUTINY AND
ENFORCEMENT ACTIVITY?
www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
SWEDENDAN HANQVISTROSCHIER ADVOKATBYRÅ AB
HANQVIST: Today’s financial markets are very different to the markets
of the pre-financial crisis era. The official narrative of the aetiology of the
crisis explains what happened with reference primarily to the wayward
behaviour of institutions and individuals active in the markets. This explains
the overwhelming focus on new, more intrusive regulation, both from the
EU and nationally. The creation of three ‘federal’ supervisory authorities at
the Union level can only lead to an ever increasing number of regulations.
Any bureaucracy will keep itself busy and justify its budget by some
measureable output. As too little attention has been paid to the economic
policies of governments and central banks, demographics in the advanced
economies, and to the competence, attitude and resources of regulators,
as ultimate causes for the crisis, this output is likely to consist primarily of
binding legislation and regulations, as well as a plethora of various guidelines
and policy statements of dubious legal standing. The Swedish Financial
Supervisory Authority is increasingly active in scrutinising firms under its
supervision. The Authority has grown more willing to impose sanctions,
including the revocation of operating licences and maximum fines. The
Authority has recently been given wider powers which have long been seen
as rather uncomplicated and convenient ways of disciplining the market.
HANQVIST: Two overarching trends are greater intrusiveness and a very
high turnover of regulations. Rather than providing guiding principles, the
preference is now increasingly for intrusive and detailed rules, or seemingly
detailed rules. It is a common experience among practitioners that what
may appear as detailed rules, when practitioners seek to apply them to
actual businesses, are extremely vague, and often inconsistent. This feeds
into the increasing need for detailed ad hoc guidance from regulators, which
sometimes, but not always, is provided in the form of ‘Questions & Answers’.
As the regulatory project only gets adapted to real-life situations and thus
Q COULD YOU OUTLINE
SOME OF THE BROAD LEGAL
AND REGULATORY CHANGES
AFFECTING THE FINANCIAL
SERVICES SECTOR?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O NA N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 49 8www.f inancierworldwide.com
SWEDEN • DAN HANQVIST • ROSCHIER ADVOKATBYRÅ AB
only becomes truly relevant for businesses at this level, Q&As loom large in
the daily life of compliance staff – indeed, these informal guidance documents
threaten to supersede formal legislation and regulation. For institutions that
are active in more than one financial sector, there are additional challenges
in setting up compliance systems that can manage the combination and
interaction of sometimes overlapping and conflicting but never fully
coordinated legislation and regulations that apply to various elements or
sections of the business. As the legislation and regulations are commonly
issued without coordination or consistency by EU and national authorities, it
is up to institutions to coordinate the various requirements in practice.
HANQVIST: Undoubtedly costs will increase, as will regulatory risks. The
fairly uncoordinated method of adopting and implementing legislation
and regulations, together with the frequent changes and modifications to
legislation and regulations recently adopted, mean that compliance risks need
to be addressed. The increasing cost of compliance should be clearly factored
into any business decision. Any product or business line should of course, as
a rule, carry its own compliance costs. These costs may be significant and
can therefore impact the profitability and viability of business lines and
products. Old structures will have to be reassessed and possibly discontinued
and all new business lines and products should include compliance costs
at an early stage of development. Businesses that bestride more than one
segment of the financial markets should also carefully assess the compliance
implications of the combination of various segments in one firm or group. It
may sometimes be too expensive to combine segments that may each be
viable on their own. Despite the supposedly common rulebook in the EU,
national borders still matter and having to deal with more than one set of
regulators will complicate compliance.
Q WHAT ARE THE
IMPLICATIONS OF THESE
RECENT REGULATORY
REQUIREMENTS FOR
FINANCIAL INSTITUTIONS?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
50 • F INANCIER WORLDWIDE • JULY 2015 www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
HANQVIST: Compliance organisations have grown and generally have
attracted more resources. Some institutions have chosen to cut compliance
resources to protect profits. This may, however, often be a case of false
economies. Profit expectations for the financial sector need to adjust to the
new cost environment. It may be prudent to assess the long-term viability
of various lines of business and make structural adjustments as appropriate.
Previous periods of regulatory change have resulted in structural changes to
markets, usually by increasing concentration and reducing competition.
HANQVIST: It is clear that the liability of senior management is increasing.
It is likely that boards and senior management will have to devote
considerably more time to risk and compliance matters, in addition to more
traditionally business-related matters. This will have implications for how
reporting from risk and compliance is managed internally and how these
areas are communicated externally, both to markets and to regulators. Some
institutions have ‘upgraded’ their heads of risk and compliance by including
them squarely in senior management and by involving these functions
more intensely in business development. In some institutions it may well
be necessary to reassess the recruitment of board members to ensure that
the mix of skills and perspectives in the board is adequate for the new
business environment in which firms have to live. A difficult balance has to
be struck between overly bureaucratic measures and truly relevant, effective
and efficient ones. Legislators and regulators do not seem to appreciate
that the balance is difficult or indeed that there is a balance to be struck
and are unlikely to be able to provide much useful guidance. Firms need to
work out the balance for themselves and in respect of their own particular
circumstances.
HANQVIST: The Swedish market is heavily reliant on the internet and other
electronic services. This, in combination with growing sensitivities about data
protection, is likely to mean that more work could be required for financial
institutions to meet expectations, both from customers and regulators. As
Q IN WHAT WAYS ARE DATA
PROTECTION AND PRIVACY
LAWS IMPACTING THE
Q WHAT POLICY AND
PROCESS CHANGES MIGHT
FINANCIAL INSTITUTIONS
NEED TO IMPLEMENT TO
MAINTAIN COMPLIANCE
WITH NEW REGULATIONS?
Q IN YOUR EXPERIENCE,
HOW ARE FINANCIAL
INSTITUTIONS RESPONDING
AND ADAPTING TO THESE
REGULATORY CHANGES?
HOW IMPORTANT IS IT
TO ESTABLISH A STRONG
INTERNAL GOVERNANCE
FRAMEWORK TO MAINTAIN
COMPLIANCE?
SWEDEN • DAN HANQVIST • ROSCHIER ADVOKATBYRÅ AB
“ A difficult balance has to be struck between overly bureaucratic measures and truly relevant, effective and efficient ones.”
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 51www.f inancierworldwide.com
legislation and regulations are not coordinated, the implementation of data
protection and privacy laws may well conflict with other areas of law, such as
consumer credit rules and anti-discrimination laws. As various legal areas are
subject to different regulators, regulators may sometimes be ignorant of the
balances to be struck by firms between the strictures of different regulations.
HANQVIST: The sheer amount of regulation means that the coordination of
compliance across the jurisdictions of several regulators will be challenging,
both for the regulators and the institutions. As financial regulation is not
isolated but forms part of the wider administrative, legal, political and cultural
traditions and systems of various countries, the differences between the
practical application of even rules expressed in the same language will vary
– sometimes to a very significant extent – between jurisdictions, and even
between various officers of the same regulator. It is clear that the social cost
of regulation will increase dramatically. Institutions therefore face significant
challenges in devising commercially viable solutions.
Dan Hanqvist
Finance and Regulatory Counsel
Roschier Advokatbyrå AB
+46 8 553 191 17
Dan Hanqvist is financial and regulatory counsel in the banking and debt capital markets practice at Roschier Advokatbyrå AB, Stockholm, Sweden. He has more than 20 years of experience in assisting both Swedish and international banks, financial institutions, funds, corporations as well as public authorities on transactions involving regulatory matters, financial restructuring, derivative transactions and complex financial instruments. He is also often involved in the legislative process in respect of the financial markets. His work experience includes working for market participants in London, Moscow and Sweden, including in-house work for NASDAQ in Stockolm.
Q COULD YOU PROVIDE AN
INSIGHT INTO SOME OF THE
CHALLENGES ASSOCIATED
WITH ENSURING THAT
COMPLIANCE POLICIES AND
PROCEDURES ARE ADHERED
TO ACROSS MULTIPLE
JURISDICTIONS?
OPERATIONS OF FINANCIAL
INSTITUTIONS? DOES
MORE NEED TO BE DONE TO
ADDRESS CYBER RISK AND
RELATED LIABILITIES?
SWEDEN • DAN HANQVIST • ROSCHIER ADVOKATBYRÅ AB
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
52 • F INANCIER WORLDWIDE • JULY 2015
Q TO WHAT EXTENT DO
YOU BELIEVE TODAY’S
FINANCIAL INSTITUTIONS
ARE OPERATING IN
AN ENVIRONMENT OF
INCREASING REGULATORY
SCRUTINY AND
ENFORCEMENT ACTIVITY?
www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
RUSSIAGRIGORY MARINICHEVMORGAN LEWIS
MARINICHEV: Over the last year, regulatory scrutiny in the Russian
financial market has increased dramatically. As a result of the imposition
of US and EU sanctions and the downgrade of Russia’s sovereign rating,
the Russian banking sector has been put under significant pressure. Since
then the number of banking insolvencies has been increasing, which has
further shattered the market. The Russian Central Bank has responded
by tightening its supervision over the banks. Furthermore, in response
to Western sanctions the Russian government has implemented a
number of ‘countermeasures’ which have also affected the financial
sector and have resulted in further complications for the activity of
financial institutions.
MARINICHEV: The Russian financial sector has been affected by
regulatory changes both from inside and outside of the country.
Externally to Russia, the most important changes have been FATCA
and EU/US financial sanctions. Although not mandatory from the
standpoint of Russian law, as Russian banks are part of the international
financial system, they cannot ignore such regulation and have had to
adapt their operations accordingly. Within Russia, changes to the local
implementation of the Basel III accords, the requirement to process
all credit and debit card transactions via a Russian payment system,
and the recent rule that all personal data must be physically stored in
Russia, have completely changed the way in which financial services
providers operate.
Q COULD YOU OUTLINE
SOME OF THE BROAD LEGAL
AND REGULATORY CHANGES
AFFECTING THE FINANCIAL
SERVICES SECTOR?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O NA N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 53
Q WHAT ARE THE
IMPLICATIONS OF THESE
RECENT REGULATORY
REQUIREMENTS FOR
FINANCIAL INSTITUTIONS?
8www.f inancierworldwide.com
RUSSIA • GRIGORY MARINICHEV • MORGAN LEWIS
MARINICHEV: With regard to Western financial sanctions, the
possibility of Russian state-owned banks – which have traditionally
been the driving force in the local financial sector – raising funds in
US dollars or euros has been greatly diminished. For other Russian
banks, international capital markets, though not closed completely,
have become extremely difficult to access. There has been much talk
of China or the Middle East becoming alternative markets for the
funding of Russian banks. However, this talk has not materialised into
significant actions, and the prospect of such alternatives being used
seems obscure. Refinancing existing debt has become a real challenge
for Russian corporates that are dealing not only with reduced access
to financial markets, but also the steep depreciation of the Russian
currency, leading to a greater volume of non-performing loans. As a
result, most Russian banks are experiencing problems with capital and
reserves. In response, the Russian government has directly capitalised
the state banks and the Russian Central Bank has amended Russia’s
Basel III regulations to provide more flexibility to the banks in relation
to funding their regulatory capital.
MARINICHEV: Russian banks are waking up in a different world and
are realising that they can no longer hunker down in Russia without
paying attention to international regulations. In the absence of an
intergovernmental agreement on FATCA between Russia and US – for
political reasons the signing has been postponed – Russian banks have
had to sign individual agreements with the IRS in order to become FATCA
compliant. The news of huge fines being imposed by US authorities on
European banks has made those Russian financial institutions that are
not directly affected by sanctions extremely cautious. There is hardly a
Russian bank that would take part in a transaction prohibited by US or
Q IN YOUR EXPERIENCE,
HOW ARE FINANCIAL
INSTITUTIONS RESPONDING
AND ADAPTING TO THESE
REGULATORY CHANGES?
HOW IMPORTANT IS IT
TO ESTABLISH A STRONG
INTERNAL GOVERNANCE
FRAMEWORK TO MAINTAIN
COMPLIANCE?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
54 • F INANCIER WORLDWIDE • JULY 2015 www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
EU sanctions despite the fact that these sanctions do not directly apply
to Russian banks.
MARINICHEV: The constant expansion of the list of sanctioned persons,
combined with the Russian government’s policy to ‘de-offshorise’
the Russian economy by moving holdings of Russian businesses to
Russia, has led to more stringent requirements on Russian financial
institutions to perform enhanced scrutiny over the beneficial owners
of the companies they have dealings with. Consequently, Russian banks
are now significantly changing their KYC and compliance policies
and procedures making them much tighter than in the past. Also,
some banks – mostly the Russian subsidiaries of foreign banks – have
implemented policies and procedures aimed at complying with EU and
US sanctions.
MARINICHEV: Russian law and banking regulations have always been
very strict when it concerns personal data protection. The most recent
legislative changes have made this issue even more cumbersome.
Starting from 1 September 2015, all personal data of Russian citizens
must be physically stored in Russia. Although this regulation was not
specifically aimed at the Russian financial sector, the industry has been
directly affected because many Russian financial institutions have been
outsourcing customer personal data services to foreign providers. The
effect of the new law has yet to be seen, as there are several issues
which remain unclear. For example, it is arguable that the law requiring
that personal data of Russian individuals be stored only in Russia could
be ‘duplicated’ and stored abroad, thus making it possible for Russian
financial institutions to continue using foreign service providers that
require access to the personal data of Russian customers.
RUSSIA • GRIGORY MARINICHEV • MORGAN LEWIS
Q IN WHAT WAYS ARE DATA
PROTECTION AND PRIVACY
LAWS IMPACTING THE
OPERATIONS OF FINANCIAL
INSTITUTIONS? DOES
MORE NEED TO BE DONE TO
ADDRESS CYBER RISK AND
RELATED LIABILITIES?
Q WHAT POLICY AND
PROCESS CHANGES MIGHT
FINANCIAL INSTITUTIONS
NEED TO IMPLEMENT TO
MAINTAIN COMPLIANCE
WITH NEW REGULATIONS?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 55www.f inancierworldwide.com
Q COULD YOU PROVIDE AN
INSIGHT INTO SOME OF THE
CHALLENGES ASSOCIATED
WITH ENSURING THAT
COMPLIANCE POLICIES AND
PROCEDURES ARE ADHERED
TO ACROSS MULTIPLE
JURISDICTIONS?
MARINICHEV: The current turbulent political environment has resulted
in many Russian banks being held hostage by Western sanctions and
Russian government countermeasures. Most international financial
institutions have adopted policies to comply with US and EU sanctions
in all jurisdictions they operate in and are applying the relevant changes
across their whole group structure. Domestic Russian banks do not face
the same challenges but mostly gear their policies toward compliance
with Western sanctions. This has resulted in fewer banks willing to take
any risk which, in turn, further decreases the number of finance deals
being done in Russia.
Grigory Marinichev
Partner
Morgan Lewis
+7 495 212 2420
Grigory Marinichev represents international lenders and borrowers in structured finance, syndicated lending, debt restructuring transactions and insolvency issues. Mr Marinichev advises clients in the metals, mining, telecommunications, oil and gas and power generation industries on a range of financial transactions – from syndicated and bilateral credit facilities, refinancing and bond issues, to export financing, loans and loan restructurings. He also represents and advises project sponsors, export credit agencies and multilateral financial institutions.
RUSSIA • GRIGORY MARINICHEV • MORGAN LEWIS
“ Russian law and banking regulations have always been very strict when it concerns personal data protection.”
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
56 • F INANCIER WORLDWIDE • JULY 2015
Q TO WHAT EXTENT DO
YOU BELIEVE TODAY’S
FINANCIAL INSTITUTIONS
ARE OPERATING IN
AN ENVIRONMENT OF
INCREASING REGULATORY
SCRUTINY AND
ENFORCEMENT ACTIVITY?
www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
SINGAPOREANTONY ELDRIDGEPWC SINGAPORE
ELDRIDGE: In recent years, financial institutions (FIs) have faced large
sanctions and fines as a result of non-compliance with regulations. It was
recently reported in the Financial Times that based on a review of the
announced settlements and penalties, as well as provisions set aside for
potential penalties of the top 16 biggest infringers, the ‘conduct cost’ for the
banking industry from 2009 to 2013 was approximately $300bn. Currently
IT risk is becoming increasingly prominent and future failures could begin to
add significantly to this tally. Regulators around Asia are updating their cyber
security regulations to deal with the increasing and changing risks of cyber
security, as well as to extend the scope of regulations to outsourced service
providers of FIs. More Asian countries are enacting data protection laws. The
EU is looking at revising its data protection directive to further regulate the
increasing use of personal data in the world where Big Data, social networks
and the digital economy increase the risks of abuse of personal data.
ELDRIDGE: Overall regulations range from operational, capital, liquidity,
financial crime and technology related compliance regulations. For banks,
the key areas of focus of the G20 included identification and management
of systemic risks, transparency of trading and incentives, as well as new
consumer protections and improvements to resolution and recovery of
international institutions. Significant international initiatives, such as the
update of the Basel Accords have been developed to provide for greater
stability of financial markets via increased capital requirements and new
leverage and liquidity rules. Other multijurisdictional changes proposed
or enacted including the introduction of bank levies and controls on
executive compensation. The result, especially for large international banks,
is a complex web of regulation posing fundamental challenges to existing
business strategies, structures and business models. Major regulatory
changes in the US and in Europe have been planned and implemented in
response to the G20 priorities, many of which are impacting FIs in Asia.
Q COULD YOU OUTLINE
SOME OF THE BROAD LEGAL
AND REGULATORY CHANGES
AFFECTING THE FINANCIAL
SERVICES SECTOR?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O NA N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 57
Q WHAT ARE THE
IMPLICATIONS OF THESE
RECENT REGULATORY
REQUIREMENTS FOR
FINANCIAL INSTITUTIONS?
8www.f inancierworldwide.com
SINGAPORE • ANTONY ELDRIDGE • PWC SINGAPORE
ELDRIDGE: FIs face the challenge of meeting tough new capital and
liquidity demands while delivering adequate returns to investors under
testing economic conditions. They have not just been driven by the various
new regulations, but are also driven by what peers are doing, what markets
want to see, and the need to rebuild reputations. Following the financial
crisis, stability and doing the right thing for customers and clients are often
seen as equally important as profit. To achieve this difficult balance, firms
need to address their customer strategies, culture and conduct risk appetite
together. Firms that can demonstrate their people put the interests of the
customer at the heart of the decision making process, and are rewarded for
doing the right thing, will help rebuild trust with customers, investors and
regulators. This is impacting strategy, operations, reporting and even the
structure of FIs.
ELDRIDGE: While FIs engage regulators, they are also beefing up the internal
governance framework to respond to a changing environment. In addition,
FIs have been facing expanding compliance expectations that are pushing
compliance programmes to the brink. The scope and nature of compliance
has evolved and is no longer limited to rules-based banking regulations.
Strategic, operational and compliance risks have become more complex and
entwined, increasing the potential for failed processes that cause customer
confusion and compliance control breakdowns. Given the major changes
in the compliance and regulatory landscape, and the resulting long-term
impact on banks, many FIs have been required to change their compliance
frameworks to take into account areas including integrating relevant aspects
of operational and compliance risk management, simplifying products and
channels, leveraging analytics, and standardising compliance testing.
Q IN YOUR EXPERIENCE,
HOW ARE FINANCIAL
INSTITUTIONS RESPONDING
AND ADAPTING TO THESE
REGULATORY CHANGES?
HOW IMPORTANT IS IT
TO ESTABLISH A STRONG
INTERNAL GOVERNANCE
FRAMEWORK TO MAINTAIN
COMPLIANCE?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
Q WHAT POLICY AND
PROCESS CHANGES MIGHT
FINANCIAL INSTITUTIONS
NEED TO IMPLEMENT TO
MAINTAIN COMPLIANCE
WITH NEW REGULATIONS?
58 • F INANCIER WORLDWIDE • JULY 2015 www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
ELDRIDGE: Compliance officers have a huge job on their hands. They
need to follow complex new regulations, manage risks and support
management in making strategic decisions. Ultimately they need to
provide a holistic solution. Given the major changes in the compliance
and regulatory landscape, and the resulting long-term impact on FIs,
incremental adjustments to compliance functions to survive in the new
world will simply not be enough. To understand better how to comply with
new regulations, FIs should try to understand regulator expectations and
see how compliance arrangements compare to them. Understand whether
there are gaps and weaknesses. They should also look at the roles each
person plays in compliance, as well as the roles of the three lines of defence,
to understand how they combine to give effective compliance.
ELDRIDGE: Unfortunately there has been a rapid increase in the number of
the data breach and privacy misuse incidents in the financial services sector.
As a result of the new requirements, banks, insurance and asset management
companies are all increasingly impacted by the growing data privacy risks
and issues which include non-compliance with data privacy, protection and
confidentiality regulations, immature data handling practices, weak security
measures, lack of user awareness, lack of transparency in data ownership
and accountability, and outsourcing of activities to shared services or utility
centres without adequate oversight. Despite millions of dollars spent on
enhancements, cyber security remains the area of risk management with
the largest gap between threat and preparedness. As the frequency and
sophistication of cyber attacks have increased significantly in recent years,
countermeasures have failed to keep pace. Three major factors contribute
to FIs cyber vulnerability. Firstly, FIs are highly desirable targets for cyber
criminals due to the centralisation of data they hold, which can be easily
monetised. Secondly, due to technological advances, more sophisticated
tools are increasingly available to cyber criminals at a reduced cost. Thirdly,
cyber crime is increasingly becoming a weapon in cross-border commercial
or political disputes where state-sponsored hackers target FIs. At this stage,
the best option for FIs is to become cyber resilient.
SINGAPORE • ANTONY ELDRIDGE • PWC SINGAPORE
Q IN WHAT WAYS ARE DATA
PROTECTION AND PRIVACY
LAWS IMPACTING THE
OPERATIONS OF FINANCIAL
INSTITUTIONS? DOES
MORE NEED TO BE DONE TO
ADDRESS CYBER RISK AND
RELATED LIABILITIES?
“ To understand better how to comply with new regulations, FIs should try to understand regulator expectations and see how compliance arrangements compare to them.”
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 59www.f inancierworldwide.com
Q COULD YOU PROVIDE AN
INSIGHT INTO SOME OF THE
CHALLENGES ASSOCIATED
WITH ENSURING THAT
COMPLIANCE POLICIES AND
PROCEDURES ARE ADHERED
TO ACROSS MULTIPLE
JURISDICTIONS?
ELDRIDGE: Since the crisis, various regulatory standard setters have
sought to set global standards for regulation for larger FIs, hoping that
this will lead to regulatory convergence. It is challenging for FIs to adhere
to requirements across multiple jurisdictions. An example of this is data
sovereignty, where China has made it difficult for data to leave China. What
is uncertain is whether other countries, especially the larger ones, will do
the same. It will be difficult for an FI that needs common systems to serve
clients throughout Asia. Some are of the view that geopolitical uncertainty
and the Balkanised nature of financial regulation will continue to swing the
pendulum away from the globalisation of financial markets. As a result, the
business models of traditional FIs operating in multiple jurisdictions may
need to be reviewed as the need to comply with differing global as well as
local requirements could mean that equity returns previously expected in
some jurisdictions may not be reasonable or realistic.
Antony Eldridge
Financial Services Leader
PwC Singapore
T: +65 6236 7348
Having been with PwC in London for over 27 years, with tours of duty in New York, Zurich and nine years in Japan/Asia-Pacific, Antony Eldridge is now based in Singapore where he is the firm’s Financial Services practice leader. Across Asia-Pacific he also leads PwC’s Banking and Capital Markets practice. He has specialised in Investment Banking since very early in his career, working closely with most of the key players in the industry, in both an audit and an advisory capacity. Most recently, Mr Eldridge was leading the global relationship and service delivery for Barclays Corporate and Investment Bank.
SINGAPORE • ANTONY ELDRIDGE • PWC SINGAPORE
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
60 • F INANCIER WORLDWIDE • JULY 2015
Q TO WHAT EXTENT DO
YOU BELIEVE TODAY’S
FINANCIAL INSTITUTIONS
ARE OPERATING IN
AN ENVIRONMENT OF
INCREASING REGULATORY
SCRUTINY AND
ENFORCEMENT ACTIVITY?
www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
VIETNAMKENT WONGVCI LEGAL
WONG: Banking reforms by the government have seen vital steps to
revamp and restructure Vietnam’s financial sector. The boardrooms of
Vietnamese banks are being zeroed in on as a part of the government’s
intensified scrutiny of the banking system after the problem of non-
performing loans. Increased pressure is not limited to the larger banks;
smaller banks categorised as ‘weak’ are also facing more scrutiny.
The stepped up regulatory scrutiny is the result of concerns that
recent banking problems have been due in part to banks’ boards not
understanding the risks they were taking and not exercising appropriate
oversight. Despite the aftermath of high-profile criminal ‘mega-cases’
involving banks in Vietnam, including the imprisonment of senior
staff members for embezzlement and fraud, regulators have focused
on ensuring banks have robust financial debt ratio cushions. However,
regulators have yet to fully turn their attention to corporate governance
and the role of directors to make sure banks have the right culture, risk
management systems and controls to prevent excessive risk taking.
WONG: The government recently issued several regulations to
restructure the financial system in Vietnam. Decision 254 on
“restructuring the system of credit institutions during 2011-2015”
initiated the merger and consolidation of credit institutions. Instruction
02 for the settlement of bad debts requires credit institutions to strictly
obey safe operation provisions, debt restructuring, loan classification and
establishing risk provisions. Circular 36 stipulates the minimum safety
limits and ratios for transactions performed by credit institutions and
foreign banks branches for strict management and supervision. Decree
39 defines the operations of certain types of financial companies and
financial leasing companies. Finally, Circular 31 provides additional
information for KYC checks on individuals, corporate customers and
other obligations of financial institutions for AML compliance.
Q COULD YOU OUTLINE
SOME OF THE BROAD LEGAL
AND REGULATORY CHANGES
AFFECTING THE FINANCIAL
SERVICES SECTOR?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O NA N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 61
Q WHAT ARE THE
IMPLICATIONS OF THESE
RECENT REGULATORY
REQUIREMENTS FOR
FINANCIAL INSTITUTIONS?
8www.f inancierworldwide.com
VIETNAM • KENT WONG • VCI LEGAL
WONG: The operation of credit institutions, especially banks, will be
more strictly managed and the ‘health’ of each institution identified
and given an appropriate solution for restructuring. Credit institutions
must seriously obey regulations and procedures for safe and effective
operations to reduce their ratio of bad debts. Numerous limitations on
granting loans are now applied to credit institutions, such as publicising
and reporting loans and capital contribution. Cross-ownership, cross-
investment and unfair competition in the banking system will be
restricted and prevented due to many regulations on the conditions
and limits of capital contribution and the purchase of shares between
subsidiaries, affiliates and companies controlled by commercial banks
and finance companies.
WONG: A raft of new regulations and legislation has caused substantial
work for banks, requiring them to build new relationships, change various
reporting regimes and, in some cases, change their organisational
structure to successfully adapt and better identify opportunities arising
from a new regulatory environment. Credit institutions are advised to
comply with the new financial regulations by focusing on promptly
checking bad debts and making plans and remedies for selling bad
debts to the VAMC to meet the objective of reducing bad debts to less
than 3 percent by the end of 2015. They also need to adjust processes
to comply with new regulations such as changing the processes and
conditions for granting loans. In addition, financial institutions must
avoid cross-ownerships and cross-investment by transferring their
contributed capital in other financial institutions or merging with
institutions where they own contributed capital. Furthermore, financial
institutions are being asked to have a strong internal governance
framework to maintain compliance and avoid any negative legal
consequences due to violations of financial regulations.
Q IN YOUR EXPERIENCE,
HOW ARE FINANCIAL
INSTITUTIONS RESPONDING
AND ADAPTING TO THESE
REGULATORY CHANGES?
HOW IMPORTANT IS IT
TO ESTABLISH A STRONG
INTERNAL GOVERNANCE
FRAMEWORK TO MAINTAIN
COMPLIANCE?
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
Q WHAT POLICY AND
PROCESS CHANGES MIGHT
FINANCIAL INSTITUTIONS
NEED TO IMPLEMENT TO
MAINTAIN COMPLIANCE
WITH NEW REGULATIONS?
Q IN WHAT WAYS ARE DATA
PROTECTION AND PRIVACY
LAWS IMPACTING THE
OPERATIONS OF FINANCIAL
INSTITUTIONS? DOES
MORE NEED TO BE DONE TO
ADDRESS CYBER RISK AND
RELATED LIABILITIES?
62 • F INANCIER WORLDWIDE • JULY 2015 www.f inancierworldwide.com
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
WONG: To maintain compliance with new regulations, credit institutions
should change the policies and processes in connection with managing
and settling debts, especially bad debts, to speed up the process and
meet SBV requirements. They should apply new risk management
processes by strictly and frequently checking and reporting such
activities to the SBV. Finally, they should apply new policies on granting
loans. For example, banks need to ensure total loans and extensions of
outstanding credit to a client and an associate entity do not exceed 25
percent of their equity capital.
WONG: Despite the spate of recent cyber attacks occurring around the
world, the government has placed little importance on data protection
and privacy laws in the financial sector. However, to some extent, current
policy and regulations in this sector have helped financial institutions
to prevent risks and loss due to technology crime. Vietnam does not
have a comprehensive data privacy protection law. Instead, general
confidentiality protection provisions for personal data are included
in the Civil Code. Regarding electronic personal data, regulation is
provided by the Law of Information Technology and Law on Electronic
Transactions which deal with the processing of electronic personal data.
The nature of the protection is similar in each case, although there are
slight differences in wording. Vietnam is tabling a draft of the Law on
Information Security in Vietnam’s National Assembly. The Ministry of
Information and Communications, the communications authority in
Vietnam, has established the Vietnam Computer Emergency Response
Team, which is the task force to deal with cyber security issues at the
national level. In 2011, the SBV issued compulsory requirements for
information security, including human resources, hardware, software,
access management, data recovery and disaster protection plan. To
address cyber risk and related liabilities, the government should apply
more stringent penalties on the relevant crime and use advanced
technology to prevent unauthorised access and data theft.
VIETNAM • KENT WONG • VCI LEGAL
A N N U A L R E V I E W • F I N A N C I A L R E G U L AT I O N
JULY 2015 • F INANCIER WORLDWIDE • 63www.f inancierworldwide.com
Q COULD YOU PROVIDE AN
INSIGHT INTO SOME OF THE
CHALLENGES ASSOCIATED
WITH ENSURING THAT
COMPLIANCE POLICIES AND
PROCEDURES ARE ADHERED
TO ACROSS MULTIPLE
JURISDICTIONS?
WONG: Meeting different and conflicting regulatory agendas is not an easy
task. Regulation is one of the biggest drivers of change facing the financial sector,
significantly impacting liquidity, capital, data capture and return on equity. Banks
have had to develop a completely new business model that integrates compliance
with the strategic changes wrought by impending regulations, often across
multiple jurisdictions. Compliance must be aligned with a bank’s strategic change
agenda to convert a potentially costly implementation exercise into a lever for
competitive advantage. However, this requires a high level of sophistication and
maturity. Guiding principles which underpin a comprehensive futures-oriented
approach include developing an expansive view of the global regulatory landscape
to facilitate long term strategic planning, and evaluating the cumulative impact
of regulatory change on the balance sheet, supporting business and operating
models. The multijurisdictional nature of regulatory change is clearly increasing
the complexity for banks, given the need to comply with different timeframes,
nuances and supervisors. This places ever more emphasis on the need to manage
the changes holistically and to develop coordinated, organised responses.
Kent Wong
Partner
VCI Legal
+84 (0) 8 38 272 029
Kent Wong is head of banking and capital markets at VCI Legal. An internationally recognised lawyer, he has experience working at top firms in the US, Korea, Cambodia, Hong Kong and New Zealand. He has published numerous journal articles and given lectures and seminars on foreign investment, project finance and M&A. Mr Wong represents major Korean and European financial institutions investing overseas (especially in ASEAN), as well as foreign clients with business interests in Korea and Vietnam, advising on cross-border financing, corporate finance, M&A, joint ventures, private equity and syndicated loans, equity financing, IPOs and restructuring.
VIETNAM • KENT WONG • VCI LEGAL
“ Compliance must be aligned with a bank’s strategic change agenda to convert a potentially costly implementation exercise into a lever for competitive advantage.”
FWS U P P L E M E N T
www.fi nancierworldwide.com
A N N U A L R E V I E W