ISSUE 6 / WINTER 2011 Climate Risk: A growing issue AML and CFT in Malaysia: Aiming high FATCA: Deep impact Inside this issue: in C in c COMPLIANCE QUARTERLY JOURNAL OF THE INTERNATIONAL COMPLIANCE ASSOCIATION Risk management: A dynamic environment
Oct 02, 2014
Issue 6 / WInter 2011
Climate Risk:
A growing issue
AML and CFT in Malaysia:
Aiming high
FATCA:
Deep impact
Inside this issue:
inCOMPLIANCE
incomplianceComplianCeq u a r t e r ly j o u r n a l o f t h e I n t e r n a t I o n a l C o m p l I a n C e a s s o C I a t I o n
risk management: A dynamic environment
Anti-Money LAunderinginternational Advanced Certificate in Anti-Money Laundering (uK course also revised)
Includes new content on:• KYC • CDDandEnhancedCDD • Sanctions • SARsInvestigationProcess • NewTypologies • EmergingIndustrySectors,e.g.MobileMoney
Advanced Certificate in Anti-Money Laundering – Capital Markets
Includescomprehensivecontenton:• HowCapitalMarketsareusedforMoney LaunderingPurposes • AMLRisksinFinancialProducts • AMLSystemsandControls • CustomerDueDiligence • SuspiciousTransactionReporting
CoMpLiAnCeAdvanced Certificate in Compliance – Automotive industry
Includesadditionalcontenton:• RegulatoryFramework • RegulationinPractice • RoleofComplianceOfficers • KeyComplianceIssues • TreatingCustomersFairly • TheInsuranceConductofBusinessSourcebook • ComplaintsHandlingRules • DistanceSellingRegulation
Forfurtherdetailsonthesenewprogrammespleaseemail [email protected]
ICTA267
new Certificates and professional Qualifications from the iCA
in-houseThesenewqualificationscanbedeliveredin-house.Theyareagreatwaytoharmoniseknowledgeanddevelopskillsamongstyourteam.Pricesperpersonarereducedandyouhavetheoptiontoincludeprocessesandproceduresuniquetoyourfirminworkshopdiscussions.Formoreinformationemailhlangton@int-comp.com
inCOMPLIANCEIssue 6 Winter 2011
Publisher: International Compliance [email protected]
editor: James [email protected]
Design: [email protected]
Production: Dorinda [email protected]
Advertising Queries: Lily [email protected]
Chief executive, International Compliance Association:Bill [email protected]
ICA Membership enquiries: Dorinda [email protected]
ICA Qualification enquiries: Michelle [email protected]
Cover Illustration: DocOrig
International Compliance Association CPD - 1 point
Advice to readersinCOMPLIAnCe is published four times a year by the International Compliance Association. reproduction, copying, extraction, or redistribution by any means of the whole or part of this publication must not be undertaken without the written permission of the publishers. inCOMPLIAnCe is distributed as a free member benefit to all members of the International Compliance Association. Articles are published in good faith without responsibility on the part of the publishers or authors for loss occasioned to any person acting or refraining from action as a result of any views expressed therein. Opinions expressed in this publication should not be regarded as the official view of the ICA or as the personal views of the editorial Board members of inCOMPLIAnCe. All rights reserved in respect of all articles, drawings, photographs etc published in inCOMPLIAnCe anywhere in the world. reproduction or imitations of these are expressly forbidden without permission of the publishers.
Printed in england by Clarke Print Ltd.
Measuring progressIt is often argued that the financial crisis was triggered in part by excessive risk-taking brought
about by excessive remuneration and incentives. so with the approach of the bonus season,
how far has the financial sector come since 2008? the Centre for economics and Business
research estimates this year’s total bonus pool for workers in the City of London at £4.2bn.
It should be noted that these sums fall some way short of the pre-recession peak of £11.6bn
received by City workers in 2007/08 (and indeed that bonuses have shown a 38% year-on-
year decline). However, such arguments will carry little weight with a general public struggling
in the face of austerity cuts and a euro crisis whose momentum gathers by the day. Moreover,
the headline figures of course overlook the fact that the reduction in bonuses in response to
regulatory measures such as the FsA’s remuneration Code has been accompanied by a general
uprating in baseline salaries.
Meanwhile, although the Vickers report will undoubtedly create some considerable risk and
compliance challenges (see pp18-19), with implementation having been pushed back until
2019 it is difficult to counter the suggestion that, on the issue of breaking up the banks, the
can has been kicked down the road somewhat. Indeed, many would argue that Vickers simply
didn’t go far enough in the first place.
For compliance professionals, the last three years have certainly been busy as firms have
confronted the twin challenges of economic downturn and the constantly moving target of
regulation. Less certain, perhaps, is whether this regulatory activity has had the desired effect
of improving financial stability. time, as ever, will tell, but in the immediate future, at least, the
march of regulatory reform looks set to continue.
James thomas
editor
inCOMPLIAnCe
COntentsMessage from Bill Howarth 4
Opinion: Boardroom Monitoring 6
Opinion: Climate risk 9
Opinion: Plea Bargains 12
Insight: AML and CFt in Malaysia 15
Insight: ringfencing 18
Insight: risk Management 20
Insight: regulation and Compliance risks 23
Insight: FAtCA 26
Insight: social Media 28
Growth and developmentinCOMPLIANCE
Editorial Board
Kathryn Cearns, Herbert smith,
Jacob Ghanty, Berwin Leighton Paisner,
Caroline Hayes, APCC,
rachel Kent, Hogan Lovells,
Irwin spilka, stonehage,
David symes, Compliance recruitment
the ambitions of the ICA to penetrate new sectors, new regions and new markets continue. throughout my editorial
I have kept you informed of our activities in forming links with organisations around the world and establishing the
ICA qualifications in Malaysia, Australia, russia and the Middle east. Our expansion plans continue to grow with
programmes being launched in romania, the seychelles and nigeria. We have strengthened our foothold in Hong
Kong where we recently launched a region-specific version of the Diploma in Anti-Money Laundering (AML).
In this edition I wanted to tell you about the new qualifications and programmes the ICA has developed. We
have created a number of intermediate level programmes in AML, classified as Advanced Certificates. We have uK
and International versions and these will be open to delegates in early 2012. At the same academic level we have
developed an AML programme specifically for the needs of capital markets practitioners. this has been received very
positively with authorities in the Middle east making its completion compulsory. We have created a us specific version
of the Diploma in Anti-Money Laundering too and this is expected to be available to study on a distance learning basis
early next year. these developments are a direct reflection of the needs of the individuals and firms and of the growing
concern surround AML and related issues.
the compliance programmes have also expanded. In early spring of next year, the Advanced Certificate in
Compliance for the Automotive Industry will be launched. A new sector for the ICA and one in which we are pleased
to be working. Later in 2012 will see the launch of new programmes in risk Management and Cybercrime. As a
representative body, championing best practice in all areas of risk and compliance, the ICA feels a duty as part of its
vision to continue to develop programmes that meet the evolving needs of practitioners today.
I am delighted at the positive feedback we have been receiving about inCOMPLIAnCe. Do please keep liaising with
the team here at ICA and let us know your views. We would like to invite you to make editorial contributions too. We
value highly the views of practitioners and their input into the debate.
As we all continue to watch daily the unfolding of the financial crisis, almost as if watching a powerful tV-drama,
we can be sure that regulation will continue to evolve presenting new challenges to practitioners. Budgets will be
tightened. resource will be limited. enhanced systems and controls will be required. Just as there is a demand for
the international community to work together to manage the crisis, so I invite you as an ICA member to get involved
with ICA activities, share best practice, contribute to the debates and forums and use the network of contacts we can
provide to help you manage your business through these tough times. the ICA is developing platforms via social media
to expedite this dialogue so do get involved.
Finally, on behalf of the team here at ICA, our best wishes to you, your colleagues, friends and family for the coming
festive season.
Bill Howarth
Chief executive
International Compliance Association
CongrAtuLAtions to our suCCessFuL 2011 students & FeLLoWs
iCA Annual Award Ceremony 201215 March, Middle temple hall, Middle temple Lane, London
6pm – 8.30pm
All2011successfulDiplomastudentsandnewFellowmembersareinvitedtoattendtheICAAnnualAwardCeremonytocelebratetheirachievement.
Oncetheceremonyhastakenplace,youcanenjoyaninformaldrinksreceptionwithnibblesandtimetochattoyourcolleaguesandtutors.
PhotosofyoureceivingyourDiplomaorFellowshipwillbefreelyavailableonournewFacebookpageaftertheevent.
Click heretocompletetheregistrationform.
iCA syMposiuM And MeMBer’s AsseMBLy15 March 2012, 1.30pm – 4.30pm, London
In2012weareextendingtheMember’sAssemblytoincludeasymposiumandhavebeenfortunateinsecuringguestspeakerandHBOSWhistle-blowerPaulMooretocomeanddiscusshisexperiences.
TheeventwillalsoincludeanAML,ComplianceandFinancialCrimePreventionupdatefromtheICTtutors,hottopicsfromtheindustryandaquestionandanswersessionwithapaneloftutors.
ThiseventisfreetoICAmembersandforthefirsttimewillbeavailabletonon-membersatacostof£99.
DetailsonhowtoregisterforthiseventwillbeontheICAwebsiteandwillbesentouttoyouinearlyJanuary.
ICTA262
An FsA cuckoo in the boardroom nest?Peter Wright and James Daughtrey consider whether the FsA’s presence in the boardrooms of authorised firms is a welcome development or an initiative we should be cautious of
OPInIOn: BOArDrOOM MOnItOrInG
inCOMPLIANCE
incompliancePage 6
institution. It can be argued that these failings
arose as a result of the culture that prevailed
in these firms and the perception that
management favoured the growth of their
business in a benign climate at the cost of
prudence and appropriate risk management.
In order for a firm to operate prudently
and effectively it is important that there
are effective management and corporate
governance structures in place. Dependent on
the firm, these structures will include the board
(comprising both executive and non-executive
directors), asset and liability committees, audit
committees and risk committees. However,
such structures are only the starting point for
effective management and governance. Whilst
a firm may have all of the necessary structures
in place, it is crucial that those structures work
in practice. this is a matter that will very much
depend on the action and behaviour of those
involved in the board and the other bodies
that help govern the firm.
In order to obtain an effective line of sight
over systemically important firms it appears
attractive to the regulator to participate and
As widely reported, it appears that
the Financial services Authority
(FsA) has started attending board
meetings of some firms that it
considers could pose a risk to financial stability
in the uK. the move was described by Hector
sants, the Chief executive of the FsA, as an
“eyeball-to-eyeball” approach to regulation.
the new approach appears to be part of the
regulator’s reaction to well-founded claims
that it had too “hands off” an approach
to regulation in the years leading up to the
financial crisis. so what does the new stance
mean in practice and what effects are likely to
stem from the change in approach?
Management and corporate governance failingsthe failing at some large banks and other
institutions in the years leading up to the
financial crisis were caused by several
factors, one of which was the failure by
senior management to correctly assess and,
where appropriate, reduce the risks of the
firm’s activities on the overall stability of the
monitor such arrangements – but what are the
ramifications of such an approach?
so what are the likely effects of board
participation?
Draconian moveWhen compared with previous practice, the
FsA’s move to attend board meetings can
only be described as a complete change of
approach and one which, some might say, is
draconian, even in light of the recent turmoil
experienced in the uK’s financial system and
following the mis-selling of financial products.
Preventing debateOne of the concerns is that the FsA’s presence
at board meetings will stymie open and frank
debate at board level.
It could be suggested that perhaps directors
will end up saying things that they do not
really mean, which could cause confusion
and mismanagement and ultimately have a
negative effect on the outcomes the FsA is
trying to achieve.
there is also the risk that board meetings
OPInIOn: BOArDrOOM MOnItOrInG
Page 7 inCOMPLIANCE
incompliance
could be “stage managed” for the benefit of
the regulator and that the regulator’s presence
may encourage more informal decision taking by
executives outside of formal boardroom meetings.
Shadow directorOne of the most thought-provoking
suggestions is that the FsA may end up
becoming a “shadow director” of firms. this
is perhaps overstated. under the Companies
Act 2006 there is still no statutory guidance
to codify the circumstances in which a person
will be found to be a shadow director. What
the Companies Act 2006 does provide,
however, is that a shadow director is a
person in accordance with whose directions
or instructions the directors of the company
are accustomed to act. to become a shadow
director, the FsA representative in attendance
at board meetings would need to exercise
real influence over the company’s affairs and
direct the acts of the directors, such that the
majority of the board act on such instruction,
as a matter of practice, over a relatively long
period of time.
Whether the FsA (or its representative) will
end up being a shadow director is therefore
a question of fact. If the FsA representative is
merely overseeing proceedings (perhaps merely
to provide a report back to the FsA), then the
chance of that person being a shadow director
is greatly reduced. It would be stretching the
imagination of the Courts to conclude that
the presence of the FsA representative has,
by virtue of such presence alone, the effect of
“instructing” the directors to comply with FsA
regulation, as it could properly be argued that
the directors are already required to comply
with such regulations, whether or not the FsA
representative is present at board meetings.
In practice, however, the FsA representative
is likely to have a degree of interaction at
board meetings. the greater the degree of
that interaction, the higher the chances of the
FsA being deemed to be a shadow director
of the firm concerned. However, whether or
not the FsA representative becomes a shadow
director is of more concern to the FsA than it
is to the firm concerned.
Understanding institutionsOne of the benefits of the FsA having a board
presence is that the FsA should have a better
understanding of institutions. At the very
least, if another financial crisis similar to that
experienced in 2008-9 were to reoccur, the
FsA would have a better handle on the affairs
of firms who are caught up in the crisis and it
may then be able to respond more effectively
(in 2008-9, the FsA’s knowledge of these
institutions was so lacking that the FsA was in
the end sidelined by government departments
such as the treasury).
Prioritising regulationIt is also probable that FsA presence at
directors’ meetings is likely to ensure that
regulation gets moved well up the agenda,
When compared with previous practice, the FSA’s move to attend board meetings can only be described as a complete change of approach and one which, some might say, is draconian, even in light of the recent turmoil experienced in the UK’s financial system and following the mis-selling of financial products perhaps in preference to anything else
being discussed at the relevant meetings. It
must generally be regarded as positive that
compliance with regulation is being given
greater consideration, as it was relatively
ignored in the years leading up to the financial
crisis with disastrous consequences.
However, the other side of the coin is
inCOMPLIANCE
incompliancePage 8
OPInIOn: BOArDrOOM MOnItOrInG
It must generally be
regarded as positive
that compliance
with regulation is
being given greater
consideration, as it
was relatively ignored
in the years leading
up to the financial
crisis with disastrous
consequences
that the board may now be distracted from
giving due care and consideration to other
important non-regulatory matters, such as
making a profit (the lack of which can, of
course, have its own dire consequences for
the firms concerned and the overall stability
of the financial system in the uK). One other
important observation is that the oversight of
regulatory compliance is only worthwhile if
the regulations themselves promote the right
behaviours, which is a complex debate in itself.
Is an FSA presence likely to achieve its aims?At present, the FsA’s presence at board meetings
has only extended to financial firms which are
the “largest” and “most complex” (i.e. most
likely banks whose regulation will eventually
fall under the remit of the yet-to-be established
Prudential regulatory Authority [PrA]).
However, it is possible that the FsA will,
if it has not already done so, start to adopt
a similar approach to firms selling financial
products to retail customers who will not fall
within the remit of the PrA, but nevertheless
have a potentially large risk of causing
consumer detriment (i.e. those firms that
will ultimately be regulated by the Financial
Conduct Authority [FCA]).
Despite the risks associated with the FsA’s
moves, such an approach could be beneficial
for banks and other large financial institutions
insofar as it seeks to make the financial system
more secure.
However, even if the FsA’s presence on the
board brings the need for regulatory compliance
to the front of directors’ minds, it is likely that
many of the things that are now happening
would be occurring with or without the presence
of the FsA at board meetings.
regulation has crept up the agenda for good
reason and, in the “new” boardroom and
regulatory environment that exists today, directors
are already focused on capital ratios, the ratio of
deposits to lending and so on (profitability has,
perhaps, been temporarily relegated now that
survival itself appears to at risk).
As for the FsA, a better understanding
of firms (something which was profoundly
lacking when the recent financial crisis
unfolded) will surely assist in the event of
another financial crisis. However, there are
considerable downsides to adopting such an
approach and, whilst it may be appropriate to
intervene in the early stage of the aftermath of
the financial crisis, the FsA should continue to
monitor, on a firm by firm basis, whether such
an approach is warranted and proportionate in
the months and years ahead.
Peter Wright (pwright@foxwilliams.
com) is a Partner and James Daughtrey
([email protected]) an
Associate within the Financial Services
Sector Group at London law firm Fox
Williams LLP.
A growing issueDespite the slow progress of international negotiations on climate change, endorsement of a Green new Deal could accelerate momentum towards a high and stable price for carbon, suggesting that the financial sector should improve its understanding of climate risk. James Thomas examines the issues
Page 9 inCOMPLIANCE
incompliance
OPInIOn: CLIMAte rIsK
Many institutional investors have suffered seriously in this present crisis as result of not having sufficiently understood and managed the various risks facing their portfolios. The risks posed by climate change are another form of risk that is poorly understood and hence mismanaged Sony Kapoor
on architectural reform and more on the development of
policy instruments to incentivise capital flows towards green
investments.
As a means of killing the two birds of climate change and a
dysfunctional finance sector with one stone, the GnD is therefore
both wide-ranging and controversial in scope, and naturally
entails some profound implications (and uncertainties) for those
working in risk and compliance.
Appreciating climate riskFirst and foremost, any discussion of a GnD exposes a current
shortfall in the understanding of climate risk within the financial
sector. As sony Kapoor, Managing Director, re-Define, explains:
“Let’s assume a stress scenario, for example ‘what happens
tomorrow if there is a positive decision taken in the eu that there
is going to be a carbon tax?’ Firms have to account for
As you read this, negotiations in Durban are ongoing
as the governments of the world attempt to thrash
out a successor to the Kyoto Protocol. Global
attention on the subject of climate change perhaps
peaked two years ago in Copenhagen but has since subsided
somewhat following the damp squib that was the Copenhagen
Accord, being overshadowed by the ongoing downturn and,
most recently, the euro crisis. nevertheless, the outcome of the
Conference of the Parties in Durban, whether it reaches a binding
agreement or not, should be on the radar of anyone working in
the financial sector.
Two birds, one stonethe global downturn post-financial crisis has arguably further
polarized opinion on the issue of climate change. there are those
who argue that the only sensible route out of the downturn is
a return to business as usual. On the other hand, many see the
financial crisis itself as an opportunity to restructure the economy
along “greener” lines; to move away from the short-termism,
complexity and poor incentive structures that contributed
towards the current malaise.
A “Green new Deal” (GnD) has therefore emerged as
something of a catch-all for any proposal which has the twin
objectives of stimulating economic recovery while maintaining
one eye on climate change. naturally, the appropriate means
by which to achieve this vary according to who you ask. For
example, thinktank the new economics Foundation (neF)
envisages the GnD as a process of “re-regulating the domestic
financial system to ensure that the creation of money at low
rates of interest is consistent with democratic aims, financial
stability, social justice and environmental sustainability.”1 In neF’s
view “finance will have to be returned to its role as servant,
not master, of the global economy”, a process which involves
not only separating investment banking from utility banking
functions, but moreover breaking the resulting institutions into
yet smaller entities. Other commentators place less emphasis
inCOMPLIANCE
incompliancePage 10
OPInIOn: CLIMAte rIsK
such possibilities and consider what impact they could have on
their portfolio. However, as things stand, the basic information
infrastructure to undertake this type of risk assessment simply
doesn’t exist at a firm level.”
Climate risk can take several forms 2:
• Physical risk – for example, the exposure of investments to
risks associated with increases in extreme weather events.
• Regulatory / policy risk – for example, through the banning
of certain carbon-intensive activities, the imposition of carbon
or other environmental taxes, or the progression towards a
higher, more stable price for carbon, all of which might make
investments in carbon-intensive industries less attractive.
• Legal / litigation risk – for example, for failure to fulfil
fiduciary duties (as Mr Kapoor notes, there have been a small
but increasing number of cases of activist investors suing or
threatening to sue institutional investors and credit
institutions for not examining their carbon risks when making
“dirty” investments).
• Reputational risk associated with failure to implement
environmentally friendly business and investment practices
against a background of increasing consumer concern over
climate change.
Currently, it is rare for, say, asset managers to take full
account of this broad range of risks when making investment
decisions, or for banks to factor in such considerations when
lending. Indeed, such risks are difficult to quantify, even if there
were the will to do so. the uncertainty of climate policy (and
the resulting volatility of the price of carbon) is a hindrance
to such risks being considered, as are ongoing uncertainties
regarding the extent and timing of potential climate impacts
(which are themselves dependent upon future deviation from
or adherence to business as usual paths). such obstacles have
contributed towards a lack of collective action.
Going forward, however, more resources will need to
be directed towards understanding climate risks as the
consequences of their underweighting by investors may be
significant. As neF points out: “no pension fund has yet
digested the full implications of the 2007 climate consensus
– that emissions need to be at least halved by 2050, with
upwards of 80% cuts in the industrialised world... avoiding
catastrophic climate change will require an unprecedented
shift in investment capital by pension funds and other holders
of long-term assets.” Bearing in mind, for example, the uK’s
carbon reduction budgets – given statutory force by the Climate
Change Act – this impending requirement for a radical shift in
the direction of investment flows is quite real.
The price of carboneven in those states that have not enacted statutory measures
for reducing emissions, a drive towards a higher stable price
for carbon seems likely sooner or later. Indeed, the success or
failure of a GnD rests upon whether institutional investment
can be successfully redirected away from dirty investments
and towards cleaner ones. the argument is that the flow of
such funds is hindered by current policy barriers which result
in investors both overestimating the risk associated with green
investments (and underestimating the returns), while at the
same time underestimating the risks associated with dirty
Page 11 inCOMPLIANCE
incompliance
OPInIOn: CLIMAte rIsK
disclose their expected financial risk from climate changes and
their management of those risks, imposed by the us national
Association of Insurance Commissioners in 2009.
OpportunitiesCompliance with such regulatory measures would require
an understanding of climate risk that simply isn’t currently
present within most financial institutions. But whether such
policy proposals gain traction or not, there is a further
– business – incentive for firms to get a handle on the issue of
climate change. simply put, underweighting climate risk could
undermine investment returns, and the corollary is that a fuller
understanding of climate change may enable firms to seize
potential opportunities.
As sony Kapoor explains: “there are three elements to
this. Firstly, avoiding negative consequences associated with
climate change; second, identifying potential opportunities;
and third, complying with regulations. there is a crucial role
for compliance departments even in the absence or in addition
to these proposals making it into regulation.” He argues that,
say, institutional investors or sovereign wealth funds who are
heavily exposed to dirty industries have a strong diversification
imperative, which will increase with the price of carbon,
meaning that gaining positive exposure to the green sector
becomes increasingly attractive. Indeed, with the current drive
against short-termism (see inCOMPLIAnCe Autumn 2011) comes
a further argument that such investments are in fact a good
match for longer term investors. Despite higher upfront costs, it
is suggested that green investments could deliver smoother long
term returns (for example due to the lower operating costs of,
say, renewable energy versus fossil fuel sources) while avoiding
volatility associated with the fossil fuel markets.
In summary, climate change represents an underappreciated
aspect of financial institutions’ risk spectrum. As sony Kapoor
points out: “Many institutional investors have suffered
seriously in this present crisis as result of not having sufficiently
understood and managed the various risks facing their
portfolios. the risks posed by climate change are another form
of risk that is poorly understood and hence mismanaged.”
While comprehensive global solutions to climate change remain
elusive, the prevailing trend is likely towards a higher carbon
price and an increase over time in the physical impacts of global
warming. With that in mind, firms would be well advised to
place greater emphasis on climate risk in the future.
1 NEF: “A Green New Deal: Joined-up policies to solve the triple
crunch of the credit crisis, climate change and high oil prices”
www.neweconomics.org
2 Re-Define: “Funding the Green New Deal: Building a Green
Financial System” www.re-define.org
investments (and thereby overestimating the returns). Hence
the establishment of a high and stable price for carbon would
redress the balance – the “externality” of emissions associated
with dirty enterprises would be “internalised”.
If the main hindrance to investment in green technologies
has been the absence of a sufficiently high and stable price for
carbon, it would be foolhardy of financial institutions to simply
assume that those conditions will persist indefinitely, given the
political capital that has been invested internationally
– whether in the eu, us, China, Australia, Japan or elsewhere
– in embedding green principles into stimulus packages in
some form. Indeed, even in the absence of a binding global
deal on emissions cuts, developments in pricing carbon are
many and varied and include the recent approval of a carbon
tax by the Australian senate; the forthcoming extension of
the eu emissions trading scheme to include airline operators
from 2012 and a range of other industries from 2013; and
the possibility of the eu carbon market being linked with
California’s, which opens 1 January 2012. these seem likely
in the long run at least to result in a trend towards carbon
being increasingly factored into investment decisions. As sony
Kapoor explains: “no matter who you ask, be they industry
professionals, policy makers or investment managers, the vast
majority of people expect that the future carbon price will be
higher than it is today, so it simply doesn’t make sense to not
take that into account.”
Regulatory measures?re-Define’s report proposes a range of potential regulatory
measures to increase the attention given to climate risk,
framed in a language familiar to those in the risk and
compliance world. Firstly, it proposes the implementation of
“carbon stress tests” to establish the resilience of financial
institutions to “sharp increases in the price of carbon”. the
thinktank argues that these carbon stress tests should apply
both “at the point of making new financing commitments
to energy intensive or carbon exposed industries” and “to
the whole outstanding credit portfolio for banks and credit
institutions and the investment portfolio for investors as part
of their fiduciary and risk management obligations.”
“those working within the financial industry have long
understood the idea of stress tests, but such tests have now
caught the popular imagination, including that of politicians,”
suggests Mr Kapoor. “It has become clear that it is prudent
to check for hidden risks and to provide against them. We
are accustomed to talking about credit risk, market risk and
operational risk, and it makes complete sense in my mind to
talk about carbon risk, in particular because the magnitude
of those risks is so large. this is not a conceptual leap, but a
logical extension of the current regulatory framework.”
A further proposal is for mandatory tracking and disclosure
of carbon exposures and risks by investment firms and banks.
some progress has already been made towards such an
objective, albeit in a piecemeal fashion rather than through
joined up mechanisms. re-Define cites the examples of the
Carbon Disclosure Project; 2010 guidance issued by the us
securities and exchange Commission (seC) on disclosure of
business and legal developments related to climate change;
and a mandatory requirement on large insurance firms to
Page 12
OPInIOn: PLeA BArGAIns
A plea into the bargainAs the uK’s solicitor general ponders the merits of the use of us-style plea bargains in the uK, Dan Hyde considers how these would work, what would be the deterrent effect and whether it is a desirable route for the uK to go down
Page 13 inCOMPLIANCE
incompliance
OPInIOn: PLeA BArGAIns
the uK has struggled to keep pace
with the us when it comes to
tackling corporate corruption and
white collar crime. Joint investigations
by the Financial services Authority (FsA)
and its us counterpart the securities and
exchange Commission (seC) have repeatedly
demonstrated the much larger range of
options and penalties available to the us
system with prosecutions being us-led
and penalties imposed on that side of the
pond dwarfing those, if any, imposed here.
the Attorney General’s Office is currently
consulting on proposals to introduce us-style
plea bargains (“deferred plea agreements”)
to the uK in an attempt to bolster the
prosecution of white collar crime and plug a
gap that has, of late, become all too apparent.
“No power”the inability of the uK to enter in to us-style
plea bargain arrangements was crystallised
by the cases of Innospec and Dougall. In
Innospec, Lord Justice thomas determined
that the serious Fraud Office (sFO) or its
Director “had no power” to enter into such
arrangements and significantly “no such
arrangements should be made again”. the
arrangements in question were the attempt
of the sFO to reach agreement (together
with their us counterparts the Department of
Justice [DOJ]) as to the appropriate penalties in
the uK and us. In Lord Justice thomas’ view
it was not open to the sFO to agree a penalty
which fell to be determined by a court having
first scrutinised the basis of the plea and the
extent of the criminal conduct. In the case of
Dougall the Lord Chief Justice sir Igor Judge
admonished both the sFO and the defence
for presenting the court with a suggested
sentence as part of an apparent plea bargain.
A plea bargain involving agreement on
sentence was, in the Lord Chief Justices’ view,
contrary to principle and “... vested exclusively
in the sentencing court”.
Clearly the judiciary were reluctant to allow
deals to be struck on sentencing when they,
quite properly, regarded sentencing as their
exclusive patch and any change in this would
have to be effected by legislation.
Casting the netthe need for deferred plea agreements has
become more pressing with the advent
of the Bribery Act 2010. Prosecutors now
have the legislation with which to tackle
bribery not only in relation to uK companies
but also non-uK companies that have a
presence or conduct business here. Whilst
the Bribery Act casts it net wider and has
more stringent penalties than the us Foreign
Corrupt Practices Act the uK has little hope
of matching regulation in the us as matters
stand. this is due to an entirely different legal
landscape in the us where self-reporting or
an early admission of fault can result in a plea
bargain that suspends any criminal charges
in return for a substantial financial penalty.
these Deferred Prosecution Agreements
(DPA) collect billions of dollars for the us
state Department, allow companies to avoid
prosecution and continue with their business,
and deliver certainty of outcome rather than
the uncertainty, cost and risk of a lengthy
court trial. Moreover the company must, as
part of the agreement, implement specified
corporate reform or risk the reinstatement of
the prosecution.
It now seems to have finally dawned
on the uK legal establishment that justice
through co-operation is a route that delivers
arguably more justice. edward Garnier QC,
the solicitor General, now seeks to import
DPAs or equivalent instruments to the uK
and to re-examine both our approach to
economic crime and whether the sentences,
when imposed, are sufficient. Whilst some
will argue that a us-style system would yield
an unwelcome hike in fines for businesses
and arguably see senior executives being able
to avoid prosecution, the present system is
due for an overhaul if corporate regulation
is to be effective. Moreover companies can
currently enter in to a plea bargain in the
us and by virtue of double jeopardy rules
be subsequently insulated from further
prosecution in the uK. In effect the uK is
currently frozen out where there is deal to be
struck in the us.
A degree of uncertaintythere are of course arguments against
the adoption here of deferred prosecution
agreements. Chief among them is that they
would enable corrupt companies with deep
pockets to avoid traditional justice and,
conversely, may induce the innocent to sign
up and pay up rather than face trial and test
their defence. the fines imposed under the
agreements would also need to be carefully
determined and the agreed corporate reforms
monitored to ensure compliance.
the crucial difference between the us and
uK and perhaps the reason why we haven’t
adopted a DPA approach is that here the
judiciary are unused to being and unwilling
The need for deferred plea agreements has become more pressing with the advent of the Bribery Act 2010. Prosecutors now have the legislation with which to tackle bribery not only in relation to UK companies but also non-UK companies that have a presence or conduct business here
to be fettered. the cases of Innospec and
Dougall amply demonstrated the reluctance
of uK judges to accept a settlement that
purported to set the punishment without
reference to the judge. If plea bargains are
to be adopted here it will likely involve more
judicial input than in the us where judges
are used to rubber stamping DOJ settlements
with little or no inquiry into their factual and
legal basis. the danger is that judicial input
brings a degree of uncertainty and, unless
there is certainty in the outcome, there is
less inducement to admit wrongdoing and
enter in to a plea bargain. One approach
might be to have a tariff of sentences so that
the applicable tariff can be agreed and the
resulting fine within a relatively small bracket.
It may be yet another Americanisation
of our legal system but it is hard to argue
that corporate regulation wouldn’t be more
effective if we could find a way to implement
these agreements. us-style plea bargains
are the means to an otherwise unachievable
regulatory end.
Dan Hyde is a
Consultant at
Cubism Law
Free briefing sessionsThesesessionsprovideanopportunityforyoutofindoutmoreaboutICAqualificationsandhowtheycanbenefityouandyourorganisation.
10 January 2012 Jersey Pahang&KotaKinabalu,Malaysia11 January 2012 Guernsey Kedah&KualaLumpur,Malaysia12 January 2012 Perak&Malacca,Malaysia18 January 2012 IsleofMan30 January 2012 Oman
31 January 2012 Singapore Bahrain1 February 2012 London Qatar15 February 2012 LiveWebinarforUKqualifications24 April 2012 Dubai
Contact us for more information Telephone:+44(0)1213627534|Email:[email protected]|Web:www.int-comp.com
15 March 2012
ICASymposiumandMembersAssembly,London1.30pmto4.30pmICAAwardCeremony,MiddleTempleHall,London6pmto8.30pm
ICTA261
Learn.Excel.Lead.
To register for a briefing session or webinar: email [email protected]
Closing enrolment dates
30 January 2012 InternationalDiplomasinAML&Compliance(Romania)9 February 2012 AllMalaysiaProgrammes13 February 2012 InternationalDiplomainFinancialCrimePrevention (ChannelIslandsandIsleofMan)20 February 2012 InternationalAdvancedCertificateinAML(ChannelIslandsand IsleofMan)1 March 2012 InternationalDiplomainCompliance (ChannelIslandsandIsleofMan) InternationalAdvancedCertificateinCompliance (ChannelIslands&IsleofMan)
5 March 2012 UKAdvancedCertificatesinAML&Compliance UKDiplomainAML InternationalAdvancedCertificateinCompliance(Romania)16 March 2012 InternationalDiplomainAML(Qatar) InternationalDiplomainCompliance(Oman,Bahrain,Qatar)19 March 2012 UKDiplomainCompliance2 April 2012 InternationalDiplomainFinancialCrimePrevention(Romania) UKDiplomainFinancialCrimePrevention
Don’tdelaysendinyourapplicationtoday
dates for your diary
Page 15
InsIGHt: AML AnD CFt In MALAysIA
Aiming highA concerted drive is underway in Malaysia towards higher standards in AML and CFt. James Thomas examines the issues
Page 16 inCOMPLIANCE
incompliance
InsIGHt: AML AnD CFt In MALAysIA
Money laundering and terrorist financing
are currently hot topics in Malaysia as the
country looks increasingly to establish itself
as an attractive location for business on the
international stage. Moreover, the drive towards improved
practice around AML and CFt is being led by both the industry
and the regulatory authorities, and the value of professional
training and qualifications in meeting these objectives has
become ever more apparent.
the growing focus on AML and CFt is motivated in part by
the current review of the Financial Action task Force’s (FAtF)
standards, due for completion in February 2012 with the next
round of evaluations by the Asia / Pacific Group on Money
Laundering (APGML) following in late 2013. Malaysia fared
reasonably well in the last APGML mutual evaluation exercise in
2007, although the fact that it scored mostly “largely compliant”
or “partially compliant” with FAtF’s 40+9 recommendations
demonstrates that there is some room for improvement. For
example, the evaluation found “uncertainties about [the]
current level of implementation” of both customer due diligence
measures (recommendation 5) and measures to deal with
politically exposed persons (recommendation 6).
Ensuring effectivenessAnother potential area for development unearthed by the
evaluation was compliance with FAtF recommendation
15 (“Internal controls, compliance & audit”). Malaysia
was considered to be “largely compliant” with this
recommendation, which states that:
Financial institutions should develop programmes against
money laundering and terrorist financing. These programmes
should include:
a) The development of internal policies, procedures and
controls, including appropriate compliance management
arrangements, and adequate screening procedures to
ensure high standards when hiring employees.
b) An ongoing employee training programme.
c) An audit function to test the system.
notably the evaluation observed “uncertainties regarding
[the] effectiveness of implementation” associated with such
programmes. Moreover, the regulators will doubtless be
keen to improve compliance with FAtF’s recommendation 23
(“regulation, supervision and monitoring”) after the evaluation
found “gaps in effectiveness of implementation of AML/CFt
monitoring and supervision”.
Indeed, the regulatory authorities in Malaysia clearly view
this issue of effectiveness as a key - and emerging - one. As
Puan nor shamsiah Mohd yunus, Deputy Governor Bank
negara Malaysia, noted at this year’s International Conference
on Financial Crime and terrorism Financing (IFCtF): “A major
development in the review of the [FAtF] standards is the higher
emphasis that will be placed on assessing the effectiveness
of measures implemented to counter the risks of money
laundering and terrorist financing, rather than merely looking at
technical compliance.” In this regard, she suggested that: “As
Malaysia’s AML/CFt regime grows in maturity, the benchmark
for compliance by financial institutions will be measured more
in terms of its effectiveness in deterring and preventing financial
crimes before they occur.”
she also added that: “talent development in this area is
becoming increasingly critical. A well-trained workforce is
a valuable asset that would contribute to the implementation of an
effective compliance framework with impactful results. this can be
achieved through the formulation of structured and coordinated
capacity development programmes aimed at elevating the level of
technical skills, leadership and professionalism.”
Malaysia’s Minister of Home Affairs, Datuk seri
Hishammuddin tun Hussein, who provided the keynote
address at the conference, echoed this view, suggesting that:
“the financial industry should train more experts in financial
investigations and encourage international collaboration
between financial regulators and national security agencies...
to ensure financial investigations are carried out effectively and
standardised across the globe.” the ICA launched a new AML
/ CFt framework for Malaysia - developed at the request of
Institute of Bankers Malaysia (IBBM) and the Asian Institute of
Finance (AIF) - at the conference, with a view to meeting
these needs.
Attracting businessthe aim of attracting international business to Malaysia is a
strong motivation behind the push to raise standards in AML /
CFt. As tay Kay Luan, Chief executive Officer, IBBM, explains:
“Although relatively speaking Malaysia performs better on AML
than most states within south east Asia and it is considered top
tier in terms of enacting legislation on AML, it is clear that the
Central Bank is keen to further develop Malaysia’s reputation
when it comes to AML. We are a trading nation and therefore
improving governance measures and legislation is important in
the context of global markets for financial services.”
Others in the region are upping their game - for example
Hong Kong is bringing major new AML legislation into force
next year - and Malaysia is keen to keep pace with such
developments. As sam Gibbins, sales and Marketing Director,
International Compliance training Academy, suggests: “you
don’t need to look too far from KL to find jurisdictions - such
as Hong Kong and singapore - which are generating huge
volumes of international business. While Malaysia is good at
attracting business in some fields, such as shariah finance, it
clearly wants to attract in other international players too.”
It is fair to say that Malaysia has suffered in the past
As Malaysia’s AML/CFT
regime grows in maturity, the
benchmark for compliance by
financial institutions will be
measured more in terms of its
effectiveness in deterring and
preventing financial crimes
before they occur Puan nor shamsiah Mohd yunus
Page 17 inCOMPLIANCE
incompliance
InsIGHt: AML AnD CFt In MALAysIA
- reputationally speaking - through a perception that it
has given insufficient attention to tackling corruption. For
example, Malaysia scored just 4.4 out of 10 on transparency
International’s 2010 Corruption Perception Index* (down
from 4.5 in 2009), and ranked joint 56th out of 178 countries
(showing no move from 2009 but down from joint 47th [with
a score of 5.1] in 2008). By contrast, singapore was joint first
in 2010’s index with 9.3, while Hong Kong was 13th with a
score of 8.4. Malaysia ranked 11th in the region. the negative
potential impact of such perceptions on Malaysia’s ability to
attract business is clear, and similar concerns are a strong
motivating factor behind the current push for improved AML /
CFt standards.
Indeed, speaking at this year’s IFCtF, Bank negara’s Deputy
Governor was keen to stress the potential reputational damage
associated with money laundering and terrorist financing.
“While the direct cost of financial crimes to individual financial
institutions may be substantial, it pales in comparison to the
damage to the overall financial system that can arise from
the failure to implement adequate measures to effectively
combat financial crimes, in particular those relating to money
laundering and terrorist financing,” she warned. “With the
increasing trend by supranational bodies to publicly name
jurisdictions that are seen to be uncooperative, and to call
on their respective members and the broader international
community to implement appropriate countermeasures in
dealing with institutions and entities from these jurisdictions,
the implications, both financially and socially, can be devastating
to the countries concerned.”
Regime change?In securing the desired improvements in standards, Malaysia
has eschewed regime change per se in favour of improved
education and awareness. the main legislation remains the
Anti-Money Laundering and Anti-terrorist Financing Act
2001 (AMLA), with updated guidance issued by Bank negara
Malaysia, the securities Commission (sC) and the Labuan
Offshore Financial services Authority (LOFsA) in 2006.
As sam Gibbins explains: “the regime as such hasn’t
changed much, the regulators are simply trying to make it more
prominent, partly through raising awareness, and partly through
introducing training standards. It’s been interesting to note that
a lot of this has been driven by the industry, particularly on the
education and training front.”
the Compliance Officers’ network Group (COnG),
established by IBBM, has been instrumental in this drive,
and has worked closely with the IBBM and the ICA in the
development of the recently-launched qualifications and
training in AML / CFt (see Box for more). For example, COnG’s
AML committee reviewed and provided feedback on the course
material, helping to ensure that the material was as applicable
and relevant as possible for the jurisdiction and staff.
IBBM has also been active in raising awareness more
generally, most notably through the annual IFCtF, now in its
third year. “the objectives of the conference are twofold,”
explains tay Kay Luan. “One is to provide updates on the latest
developments in AML / CFt. the second is to share experiences,
which can also include the introduction of new technology by
important players within the supply chain. Other stakeholders
from government, as well as enforcement agencies (both local
and foreign), have also contributed to the annual conferences.”
such developments mean that it is an exciting time to be
involved in AML compliance sphere in Malaysia. the country
seems determined to raise standards, and the collaboration
between industry, regulators and training providers has been a
hugely positive factor in this regard. the conditions seem ripe,
therefore, for compliance professionals to raise both their own
position within firms, and that of the profession more generally.
* http://transparency.org/policy_research/surveys_indices/cpi
Box: Professional qualifications and training in AML / CFT
By Sam Gibbins
the qualifications in AML / CFt are tiered at three levels:
Intermediate, Advanced, experienced Practitioner (Certified
Professional level). the Intermediate level course is aimed
at those entering the banking and finance industry. the
programme is structured such that, once individuals have
completed the Intermediate level, they can move to the
Advanced level course and finally to the Certified Professional
level. starting with the banking sector, the intention is that
the courses will evolve to cover capital markets, insurance and
shariah finance. the ICA, together with IBBM and COnG,
is considering setting up courses in general compliance that
follow the same general framework.
the programme has already enjoyed an excellent response
from industry. For example, one bank has, at the time of
writing, already signed up 21 people (out of 90 staff in this
area), to the first course, starting in December. nearly 40
individuals have signed up to the programme to date.
Talent development in this
area is becoming increasingly
critical. A well-trained
workforce is a valuable asset
that would contribute to the
implementation of an effective
compliance framework with
impactful results Puan nor shamsiah Mohd yunus
Page 18 inCOMPLIANCE
incompliance
InsIGHt: rInGFenCInG
the final report of the uK’s Independent Commission
on Banking (ICB), chaired by sir John Vickers, was
published on 12 september 2011. the report sets out
a number of recommendations and reforms aimed at
improving stability in the uK banking sector. Key proposals
include a requirement to ring-fence uK banks’ retail operations,
enhanced capital adequacy requirements for uK banks, and
measures to provide preferential status to depositors insured
by the Financial services Compensation scheme (FsCs) on any
bank insolvency (currently, all bank depositors rank pari passu
with unsecured creditors).
the ICB’s recommendations are in the form of high-level
principles and will require substantial and detailed legislation
before they can be put into practice. the Government response
to the ICB’s final report is likely to be published in December
2011 and will include a suggested timetable for implementation
of the recommendations. However, it is already possible to make
some assessment of the impact of the proposed reforms on bank
compliance functions (or, at least, articulate the issues that will
need to be clearly addressed as part of the legislative process).
Ring-fencingFrom a bank group compliance perspective, the most significant
recommendation is the proposal to set up an operational and
legal “ring-fence” around retail operations. Once implemented,
certain mandated services that are essential to a retail banking
operation (such as accepting deposits from individuals and
sMes) may only be conducted within a separate ring-fenced
entity or part of the bank group. In the same way, the ring-
fenced entity will be prohibited from conducting certain types
of business, including proprietary trading and most types of
derivative trading. the precise legal mechanism which will be
used to effect this separation is being hotly debated (and is
beyond the scope of this article). rather, we focus here on the
likely practical impact for bank compliance professionals, once
the ring-fence is put in place.
Whilst the ICB recommendations stop short of suggesting
Preparing for the storm?the final report of the Independent Commission on Banking may have a significant impact on how compliance functions will need to be organised and structured. Harriet Territt and Liz Saxton consider new compliance challenges in a “post-Vickers” world
full separation of retail operations, the requirements of the
ring-fence proposal are significant. the ICB report makes clear
that where a ring-fenced bank is part of a wider corporate
group, the authorities must have confidence that it can be
isolated from the rest of the group in a matter of days and can
continue providing banking services without needing additional
solvency support. to meet this high test, the ring-fenced entity
will first need to have an independent governance structure,
including a separate Board of directors. the ICB report suggests
that, in many cases, the majority of these directors will need to
be independent non-executives, with limits on when directors
of ring-fenced entities can sit on the board of the parent or
another part of the bank group. the ring-fenced entity will also
need to be legally separate and operationally separable, and
will need to transact with the rest of its banking group on an
arm’s-length basis, as if with an unconnected third party.
It is clear that, once this recommendation is implemented,
ring-fenced operations will need to have a separate,
independent compliance function in place. It seems very likely
that such a ring-fenced compliance function will need to have
separate reporting lines, including a right of direct access
to the ring-fenced Board of Directors, in order to meet the
requirement of operational separability. An interesting aside
from the ICB report suggests the board members of both the
ring-fenced bank and its parent company may be placed under
a specific duty to maintain the integrity of the ring-fence, and
to ensure the ring-fence principles are followed at all times. If
this proposal is adopted, it will inevitably affect the approach to
risk management and compliance across the group.
Separation anxietyHowever, the ring-fenced entity (and its compliance function)
also cannot act in total isolation from the wider bank group.
this is acknowledged by the ICB report in two ways. Firstly,
the ring-fencing requirement does not place any additional
restrictions on the sharing of information and expertise within
banking groups. Information about individual customers
Page 19 inCOMPLIANCE
incompliance
InsIGHt: rInGFenCInG
(and presumably market information and expertise) can be
shared within the bank group. In the same way, compliance
professionals will obviously need to share information and
adopt common policies and procedures across the bank group,
in order to operate effectively and to comply with the uK
regulatory framework.
In addition, operational infrastructure can be shared,
although the ICB report suggests that the wider corporate
group should be required to put in place arrangements to
ensure that the ring-fenced bank has continuous access to all
of the operations, staff, data and services required to continue
its activities, irrespective of the financial health of the rest of
the group.
In practice, allowing the ring-fenced entity to share
operational infrastructure and information whilst remaining
“operationally separable” will be a significant challenge. the
ring-fenced entity will need an ability to access compliance
databases, reporting systems and It infrastructure, even if the
wider bank group goes into an insolvency process. It will need
to maintain its own separate client records for the same reason.
Its employees could also need to be employed directly by the
ring-fenced entity, rather than the wider bank group, with
separate payroll and Hr systems. Where third party suppliers
provide essential services to an entire bank group, contracts
may need to be renegotiated to ensure continued provision of
services to the ring-fenced entity, even if the wider bank group
is in default. the same issues will arise for other parts of the
bank group such as operations, payments, treasury, risk and
finance. Banks will need to either replicate functions on each
side of the ring-fence (which has a clear risk of inconsistent
approach and/or confusion), or find a way to organise these
functions into a bankruptcy-remote entity within the group.
Complex issuesthe requirement to treat the rest of the bank group as an
unconnected third party for the purposes of inter-group
transactions will also affect compliance processes. At a basic
level, transactions with the rest of the bank group may require
independent due diligence and more detailed compliance
reviews. More difficult still will be ensuring that the ring-fenced
bank is no longer party to agreements which contain cross-
default clauses, or similar arrangements which are triggered
by the default of entities in the rest of the bank group.
Consideration will also need to be given to use of common
terms such as “affiliate” in any new transaction documents.
these practical considerations have led some commentators,
such as Lord Myners (the former Financial services secretary)
to suggest that total separation of retail banking functions is
inevitable in the longer term. However, given the length of
time before the ring-fence requirement will come into effect
(2019), it seems likely that banks can develop strategies for
dealing with the issues identified in this article. What will
be critical for affected bank groups going forward is that
major legal, operational and risk management decisions from
2012 onwards take proper account of the upcoming ring-
fence requirement. For example, if a proposed new piece of
It infrastructure cannot meet the challenge of operational
seperability or a proposed group service contract cannot be
extended at the bank’s option to a particular subsidiary, it may
not be in the group’s interest to enter into a binding agreement
at the present time. In the same way, banks should consider
negotiating specific “change of law” clauses into relevant
contracts to give a measure of flexibility for the future.
Harriet Territt and Liz Saxton
are Of Counsel in the Financial
Institutions group at Jones
Day in London
A dynamic environmentunderstanding the dynamics of the compliance risk environment is an essential, but sometimes overlooked, part of the compliance professional’s role. Jonathan Bowdler explains
Page 20
InsIGHt: rIsK MAnAGeMent
Page 21 inCOMPLIANCE
incompliance
InsIGHt: rIsK MAnAGeMent
Risk management is about
taking as much risk as possible,
provided that it is informed
and controlled risk and within
the firm’s risk appetite
Whether it is included in your role profile or not,
all compliance professionals are, to a greater or
lesser degree, risk managers. If I am ever asked
to summarise in one sentence what the purpose
of the compliance function is I usually state that it is to “manage
the firm’s compliance risk”. risk management is fundamental
to what we do and indeed it is beginning to appear more and
more in the aforementioned role profiles. However, when I ask
delegates at compliance conferences or workshops how many
have actually received any form of risk management training the
response is always disappointingly low.
The purpose of risk managementOne common misconception is that risk management is all
about minimising losses when risks materialise. Whilst this
is undeniably one of the purposes of risk management it is
first and foremost about maximising benefits. We take risk
because of the rewards available when we do so. the more risk
you can take the more reward you can obtain. therefore risk
management is about taking as much risk as possible, provided
that it is informed and controlled risk and within the firm’s risk
appetite. this is the prime driver for taking risk and consequently
should inform the entire risk management process.
Where risk comes fromto be able to manage compliance risk you must first understand
where the risks come from. there are four main drivers:
• whatyoudo,e.g.whatproductsyousell
• howyoudoit,e.g.whatdeliverychannelsyouuse
• whereyoudoit,e.g.thejurisdictionswithinwhich
you operate
• change,e.g.somethingthathappenseveryday!
It does not take long to realise that risks are all around us, and
that they change on a constant basis. It is therefore essential
that we understand the most effective and efficient ways of
managing these risks.
The risk management frameworkrisk management is an ongoing, cyclical process. every firm
will have its own variation upon the standard approach, but
fundamentally it should look something like Figure 1 (overleaf).
It is vital to understand that this process is continuous. For
example, once a risk has been identified, assessed and
evaluated, the decision might be to accept that risk. But the
assessment or evaluation could change, and the result could
mean that the decision to accept should also change. It is also
worth noting that often mitigating one risk creates others, which
then need to enter the cycle at the identification stage. However,
the overall aim is to bring as many risks as possible within the
firm’s risk appetite so that associated benefits can be obtained.
Risk dynamismunfortunately risks themselves are not as simple to present as
the risk management process, but Figure 2 (overleaf) and the
following explanatory notes should demonstrate the basics:
• Riskscanbemovedthroughspecificaction–Forexample,
“know your customer” (KyC) procedures could be relaxed
for “low risk” customers, which would have the effect
of increasing the likelihood of such as risk occurring. Or
insurance could be taken out against unfavourable currency
movements, which would have the effect of reducing the
impact of this occurrence.
• Riskscanmovebythemselves–Anincreaseordecreasein
probability, or an increase or decrease in impact, could be
caused due to some external influencing change, such as a
change in regulatory approach or a foreign piece of legislation
with extraterritorial impact.
• Thefirm’sriskappetitecanbemoved,eitherthroughthe
strategic choice of the firm or through a response to some
external influencer. For example during the credit crisis many
financial services firms reduced their risk appetites during the
period of uncertainty.
so a risk can move from acceptable to unacceptable, and vice
versa, through:
• Achangeinthelikelihoodofoccurrence
• Achangeintheimpactofoccurrence
• Achangeinthefirm’sriskappetite
And in each case this change can be driven internally
or externally.
A dynamic processWe are involved in risk management of one form or another
most working days. It is a cyclical process that requires constant
management. It is a dynamic process and risks can change
both internally through planned activity and externally through
unexpected occurrences. therefore all compliance professionals
should be aware of the risk management process and ensure that
it is working effectively for managing compliance risk. In this way
compliance risk can be managed as effectively as possible.
Page 22 inCOMPLIANCE
incompliance
InsIGHt: rIsK MAnAGeMent
Figure 1: The risk management process
Figure 2: Risk dynamism
IMPA
CT
PROBABILITY
RISK APPETITE MOVEMENT
INDIVIDUAL RISK MOVEMENT
RISK APPETITE
INDIVIDUAL RISK
1 2 3 4IDENTIFY ASSESS AND
EVALUATE
RISK MANAGEMENT PROCESS
TAKE ACTION REVIEW ANDREPORT
IMPA
CT
PROBABILITY
RISK APPETITE MOVEMENT
INDIVIDUAL RISK MOVEMENT
RISK APPETITE
INDIVIDUAL RISK
1 2 3 4IDENTIFY ASSESS AND
EVALUATE
RISK MANAGEMENT PROCESS
TAKE ACTION REVIEW ANDREPORT
Jonathan Bowdler is the Course Director responsible
for the ICA’s Compliance programmes. With nineteen
years industry experience, nine of which have been in
senior compliance roles including holding Approved
Person status, Jonathan has a wealth of practical
compliance experience and also holds an MBA from
Henley Business School.
Page 23 inCOMPLIANCE
incompliance
InsIGHt: reGuLAtIOn AnD COMPLIAnCe rIsKs
regulation and compliance risks are
the most serious perceived threat to
global firms and sit in the centre of
the risk radar, according to a recent
survey by ernst & young*. this was also the
case in 2010.
While regulation and compliance risks are of
greatest concern to bankers and life scientists,
and least to those in retail, in every sector,
regulation and compliance ranked among the
top four risks. In fact, in four out of the seven
sectors surveyed - banking, healthcare, oil and
gas, life sciences, power and utilities, public
administration, and retail - regulation and
compliance risks ranked first. this uniformity
is perhaps surprising, in ernst & young’s view,
given that sector-specific pressures are the
most frequently reported driver of this risk.
Both banking and life sciences - the sectors
ranking this risk highest today - see risks in
this area continuing to rise in the years ahead.
One banking CrO reported that: “[new
regulations] are having a material impact on
banks’ operations - particularly those with
large capital market trading books. It will be
increasingly difficult for banks to generate the
returns on income expected by investors.”
However, in other sectors, including oil
and gas and power and utilities, the survey
found that the impact of regulation and
compliance risks is expected to fall as 2013
approaches. this view was mirrored among
many respondents in most emerging markets
- including China, India, russia and the Middle
east/north Africa (MenA) region. this may be
attributable to economic development in these
countries that is producing enhanced stability
of regulatory regimes, said the report.
In fact, regulatory risks are apparently
of greatest concern in the us, where the
companies interviewed report an exceptionally
high perceived impact of regulation and
compliance risks; furthermore, they expect risk
levels to rise during 2013.
Mitigation strategiessince regulation and compliance has ranked
the number one risk in the four out of five
years that ernst & young has been conducting
the survey, it’s not surprising that more than
60% of participating organisations say that
they have implemented measures to address
these risks.
Banks are particularly confident in their
approach in this area, with more than 70%
reporting that a strong risk management
function is effective in addressing the threat.
(this is perhaps unsurprising, because
in banking, the performance of the risk
management function is now regulators’
chief concern.)
But some of the banking panellists the firm
interviewed were more cautious. regarding
the rush to impose new capital adequacy
requirements as a means to reduce risk in the
banking sector, Avinash Persaud, a
Regulatory risks are
apparently
of greatest concern
in the US, where
the companies
interviewed report
an exceptionally high
perceived impact
of regulation and
compliance risks;
furthermore, they
expect risk levels to
rise during 2013
non-executive Director of the uK treasury’s
Audit and risk Committee, said: “It is not the
amount of capital that determines safety, but
how risks are allocated, and it is highly likely
that we will end up with much more capital
but not much more safety.”
In other sectors, regulation and compliance
A universal issuethe financial sector is not alone in placing ever increasing emphasis on regulation and compliance risk, as a recent survey shows. Arthur Piper explains
Page 24 inCOMPLIANCE
incompliance
InsIGHt: reGuLAtIOn AnD COMPLIAnCe rIsKs
risks take different forms, and investing in
government relations is one of the most
frequently reported risk mitigation strategies.
In the health care and power and utilities
sectors, firms are more likely to report that
new legislation and general trends toward
regulatory tightening are key challenges. In oil
and gas, power and retail, firms tend to report
that the broadening of regulation into areas
such as corporate social responsibility (Csr) is
making this risk difficult to address.
Least confidentLooking across the geographies, organisations
from russia, sweden and Australia are
particularly likely to be confident in their ability
to manage this risk, and firms based in Poland
least confident (only 40% of respondents from
Poland said that their current risk mitigation
measures are effective). the challenges faced
by companies in Poland could be ascribed to
the rapid evolution of regulatory standards
associated with eu entry. Indeed, respondents
in Poland appear particularly likely to report
that they face challenges associated with
both new legislation and a generally rapid
pace of regulatory tightening. (Organisations
in Germany and in France are also more
likely to report that new legislation is a
particular challenge.)
ernst & young says that the strengthening
of risk management and government relations
functions is the approach favoured by a majority
of respondents in nearly all geographies
covered, although respondents from China are
particularly likely to adopt an approach which
seeks to embed suppliers and customers in their
regulation and compliance efforts.
OpportunitiesIf dealing with compliance and regulation is at
the top of the corporate worry list, improving
execution of strategy across business functions
is seen as the prime opportunity for 2012,
according to the survey. But this is also an
opportunity for which organisations are
likely to report that measures to respond are
needed, though not yet implemented.
the impact of this opportunity is uniform,
rated highly in all sectors. As might be
expected for an opportunity that is operational
in nature, on balance, executives tend to see
this opportunity as stable, neither rising nor
falling when looking forward to 2013.
Obstaclesthe obstacles most frequently reported by
executives seeking to improve the execution
of strategy across business functions are
operational in nature: either their organisation
has been unable to execute current efforts
effectively, or more often, a strategic
alignment process has been started but
remains a work in progress.
the most frequently cited successful
responses to this opportunity are centred
around communication of strategy within the
organisation. this is particularly true of the us,
where nearly 60% of respondents indicate
they have adopted this approach. elsewhere
only 20% to 30% of respondents did so.
Other approaches to addressing this
opportunity are more organisationally focused,
such as developing an integrated strategic
planning function. (Firms from China in particular
emphasise the development of a strategic
planning function as a key opportunity.)
Despite the top rank of this opportunity,
a significant number of companies reported
that efforts to respond are still a work in
progress. In the power and utilities sector,
where the importance of improving execution
of strategy across business functions is seen
to be rising, nearly 50% of respondents
nonetheless state that their efforts to respond
are not yet effective. In the banking sector
the figure is 40%. the survey concludes that
such figures demonstrate that maintaining
operational effectiveness in the face of
organisational and business model change is
an ongoing challenge.
* Turn risks and opportunities into results:
Exploring the top 10 risks and opportunities
for global organisations
A version of this article by Arthur Piper
([email protected]) first appeared in
Internal Auditing magazine published
by the Chartered Institute of Internal
Auditors (www.iia.org.uk)
It is not the
amount of capital that
determines safety,
but how risks are
allocated, and it is
highly likely that we
will end up with much
more capital but not
much more safety Avinash Persaud
Page 25 Page 25 inCOMPLIANCE
incompliance
InsIGHt: reGuLAtIOn AnD COMPLIAnCe rIsKs
BOX: Top ten business risks
1. regulation and compliance. unchanged from number one in the 2010 report. In four out of
seven sectors surveyed, regulation and compliance risks rank first.
2. Cost cutting. up four places from the 2010 report. Much of the pressure driving the rise of
cost cutting appears to originate from government austerity programs. the most frequently
reported mitigation strategy is process optimization.
3. Managing talent. up one place from the 2010 report. In almost all sectors, human resources
risks rank among the top four challenges. Many of the geographies where the risk is of
particular concern are emerging markets.
4. Pricing pressure. up 11 places from the 2010 report. Organisations in many sectors are facing
mature markets and slow organic growth rates, and thus pressure on prices. Additionally, like
cost cutting, national austerity programs seem to be a driver of this risk.
5. emerging technologies. up eight places from the 2010 report. the most frequently cited
drivers of this risk are in developing an innovation culture and uncertainties inherent in
untested technologies.
6. Market risks. Market risks are a new entrant to the radar, combining issues such as commodity
price shocks and real estate market volatility. Mitigation strategies based on active monitoring
are most frequently reported.
7. expansion of government’s role. Another new entrant, expanding government ranks among the
top four concerns of respondents from the world’s two largest economies, the us and China.
8. slow recovery/double-dip recession. Down five places from the 2010 report. economic risks
have fallen, as expectations of recovery have risen. still, 50% of respondents from Germany
report concerns, and 50% of us respondents report continued weakness in private demand.
9. social acceptance risk/Csr. unchanged from nine in 2010. Oil and gas, life sciences and public
administration respondents are most likely to report a rise in public pressures on their sector. the most
frequently reported response is the integration of Csr into strategy.
10. Access to credit. up eight places from the 2010 report. Concerns about access to credit have
abated overall. still, one in four organisations worldwide report ongoing struggles to obtain
the credit they need.
Source: Ernst & Young
BOX: Top ten business opportunities
1. Improving execution of strategy across business functions. the most frequently cited successful
response to this opportunity is to enhance strategic communication. respondents located in China
are more likely to emphasise the development of the strategic planning function as a key to success.
2. Investing in process, tools and training to achieve greater productivity. the sectors vary
in the degree to which cost optimisation or staff development are emphasised in seeking
productivity. Overall, the banking and public administration sectors report the greatest barriers
to productivity improvements.
3. Investing in It. Across europe and the us, investing in It is typically either the top or second-highest
priority for executives. In China, russia, and India, however, It tends to rank further down the list.
4. Innovating in products, services and operations. respondents identified four key barriers to
innovation and success: lack of focus or investment, excessive conservatism, lack of sufficient
expertise, and inflexibility. Life sciences lead the way in incorporating innovation into core strategy.
5. emerging market demand growth. One in five organisations surveyed reported scaling back in Asia,
following setbacks there. Initial unrealistic expectations are being replaced by long-term commitments.
6. Investing in cleantech. the opportunity from cleantech tends to vary depending on an
organisation’s country and sector. respondents from China were the most likely to see the
need to adapt corporate cultures and strategies to prioritise cleantech in coming years.
7. excellence in investor relations. Although not the number one strategic initiative in any sector,
banking and power and utilities respondents give particular priority to investor relations.
8. new marketing channels. new marketing channels include social media, web 2.0, email,
mobile marketing, search and apps. these channels are notably of interest to executives in the
us, China and russia.
9. Mergers and acquisitions. Lack of experience is the most frequently reported perceived
obstacle to success in M&A, while the desire to enter new markets is the strategic goal most
frequently pursued via acquisition.
10. Public-private partnership. Increasing government intervention in markets appears not only on
our risk radar, but also on our opportunity ladder. this was due in part to significant interest in
respondents in the healthcare sector.
Source: Ernst & Young
inCOMPLIANCE
incompliancePage 26
InsIGHt: FAtCA
Deep impactthe wide-ranging nature of FAtCA will require considerable changes for non-us financial institutions. Louise Courtman advises firms to act now in preparation for the January 2013 compliance deadline
As more and more financial services organisations
begin to prepare for the new us Foreign Account tax
Compliance Act (FAtCA), many of them are starting
to realise the far-reaching extent of the regulations.
FAtCA, part of the Hiring Incentives to restore employment
(HIre) Act, is an important development in us efforts to combat
tax evasion by us taxpayers with investments in offshore
accounts and on us-sourced income. In particular, FAtCA
gives the us Internal revenue service (Irs) new powers against
offshore non-compliance by taxpayers, dramatically affecting
us nationals who hold bank accounts or other assets with
institutions outside the us. under the Act, us taxpayers must
reveal to the Irs all overseas accounts holding $50,000 or more.
Extra-territorial effectthe Act also contains what is known as an “extra-territorial
effect”, which means that the us government will require
Foreign Financial Institutions (FFIs) to report directly to the Irs
information about financial accounts held by us taxpayers or
by foreign entities in which us taxpayers hold a substantial
ownership interest.
FFIs must be compliant with FAtCA identification and
verification requirements for all new clients from 1st January
2013. Final guidelines are still to be issued by the Irs, and the
most up to date guidelines were due for publication at the end
of november 2011. Whilst some ambiguity remains around
aspects of the regulation, the likelihood is that FAtCA will come
into effect in some form, so firms need to prepare by working
with experts who are conversant with the information that has
been disclosed to date.
Wide scopeDue to the wide scope of the regulation, the changes that will
be necessary to comply with FAtCA will be far-reaching across
banks, from the front through to the back office. Whereas
other regulations have been limited to specific products and
jurisdictions, FAtCA is global and cross-product. It will affect all
major banking functions, in particular operations (AML/KyC,
CrM teams, client reference data and asset servicing),
Whereas other regulations
have been limited to specific
products and jurisdictions,
FATCA is global and cross-
product. It will affect all major
banking functions
technology and tax. As a result, banks are already finding it
difficult to determine the necessary budget that will be required
to implement and maintain FAtCA compliance. According to our
research, the implementation of FAtCA compliance is expected
to cost a large bank in the region of $100-$200m. some banks
have already assigned 40% of their entire global operations
change budget to meeting the challenges posed by FAtCA.
Key challenges for banks will be data integrity, collection,
accurate reporting to the Irs and application of correct
withholding tax. Firms will be required to have a clear
understanding of the make-up of their client base and
product offerings to accurately assess the impact of FAtCA
on their business.
European impacteuropean banks have raised particular concerns. the head of
the european Commission’s tax policy office has publicly
criticised the disclosure provisions imposed by FAtCA on
european banks. In a letter sent to both the us treasury
secretary and the Commissioner of the us Internal revenue
service, the european tax Commissioner claimed that FAtCA
will have a severe impact on the eu financial industry, not only
in terms of the cost of compliance, but also in terms of potential
penalties for non-compliance.
some european banks have already decided not to deal with
American clients for this reason. some banks are also continuing
to relay their objections to the european Commission in the
Page 27 inCOMPLIANCE
incompliance
InsIGHt: FAtCA
hope that something can be achieved at a political level, since
many european firms feel that FAtCA’s requirements are too
wide-ranging and that the us should introduce exemptions for
banks conducting activities on behalf of their us clients where
the risk of tax evasion is very low.
If the us authorities refuse to make any concessions, a
significant number of eu-based financial institutions may be
tempted to withdraw from the us market altogether. Banks
need to carefully evaluate the business case for and cost of
opting in to FAtCA compliance versus opting out and declining
business. Banks should seek expert guidance before making a
decision as to whether to comply with or opt out of FAtCA.
Multi-territorial complianceFor european banks an additional challenge associated with
FAtCA comes in the form of multi-territorial compliance. In
some cases the broad FAtCA guidelines may directly contradict
european regulations, potentially resulting in a contravention of
either local or Irs laws, or both. For instance, FAtCA’s provisions
may conflict with eu member states’ internal data protection
laws that forbid banks to pass sensitive personal data about
individuals to certain non-eu countries, including the us.
As a longer-term solution to the problem, some european
banks feel that there should be a more general tax co-operation
agreement in place between the us and eu. For example,
an agreement based on new Irs guidance to us financial
institutions on their duty to report interest paid to non-resident
individuals and/or on the eu savings Directive.
regardless of whether these ideas will be taken forward, the
obvious cannot be denied; the first compliance deadlines for
FAtCA are looming and banks need to act now.
Need for actionBanks can’t afford to play “the waiting game”. even though
the current uncertainty surrounding FAtCA is making it difficult
for financial organisations to assess their budgetary requirements
and take action, it is imperative that banks start to assess the
impact of FAtCA upon their organisation.
Most major banks are already reviewing the regulation
in readiness for implementing the required changes to their
processes and systems in 2012. this objective can be achieved
more easily by leveraging existing initiatives and regulatory
projects, to deliver FAtCA compliance more cost-effectively.
Whilst FAtCA will likely impose some new data requirements,
most banks are already collecting a lot of the information
required by FAtCA, for instance as part of their existing tax
withholding processes. FAtCA simply takes this process to a
far broader level. By adopting a structured approach now,
banks can ensure that any FAtCA compliance projects are more
cost efficient.
the ability to deliver cost-effective regulatory change is critical
to banks in the current cost-pressured and regulation-focused
environment. FAtCA needs to be considered within the context
of the wider regulatory change environment rather than in
isolation. By adopting a holistic approach now to delivering
regulatory change, banks will be able to establish a framework
that can be applied not only to FAtCA, but to other regulations
impacting the same functions.
there is no room for complacency when it comes to FAtCA,
as all functions within banks will be affected by these new
requirements. the 2012 planning and execution period will
be crucial; banks will need to use this time wisely in order to
implement changes required to their processes and systems, to
ensure that they meet the first FAtCA compliance deadline of
1st January 2013.
Louise Courtman is an Associate
Partner at Crossbridge, the
financial markets consultancy
www.crossbridge.co.uk
Some banks have already
assigned 40% of their entire
global operations change
budget to meeting the
challenges posed by FATCA
inCOMPLIANCE
incompliancePage 28
InsIGHt: sOCIAL MeDIA
An opportunity or a headache?Mushtaq Dost looks at the emerging compliance issues around the burgeoning sphere of social media, and considers how compliance professionals and firms can stay abreast of the issues in this fast-moving area
social media and, more importantly, how social media
is regarded by the regulators, is an area of interest and
concern for anyone who conducts business in today’s
financial world. the power of social media rests in
public information being shared through communities. It may
appear innocent enough, but as social media has grown, the
lines between our personal and professional lives have become
so blurred that it is increasingly difficult to separate what
represents “private” information anymore. Facebook, Myspace,
twitter, and LinkedIn, are now part of the social vernacular and
have become powerful tools for many employees, both on a
personal and professional level, so much so that a recent article
in Forbes magazine, entitled “Social Power and the Coming
Corporate Revolution”, argued that the social media revolution
will so empower employees and customers that eventually they
will be calling the shots in firms rather than the management.
this information power struggle, coupled with the broad
adoption of social media in the workplace, is prompting business
leaders to contemplate procedures on how best to safeguard
both employee and corporate interests. For Compliance,
the use of social media in marketing and other corporate
communications has become the most perplexing issue, creating
the need to understand the unique risk issues involved. How
does this new way of connecting with the world fit into the
firm’s strategic risk and growth planning? Most other industries
recognize that this medium can provide business benefits by
promoting the brand, products and services to both existing,
and future customers. However, the highly regulated world of
financial services has prevented many from jumping on board.
Despite concerns social
media compliance is not nearly
as complicated as it seems
Regulations and responsibilities Despite these concerns social media compliance is not nearly as
complicated as it seems.
A financial firm’s main responsibility when it comes to
communicating through social media is to be fair, clear and not
misleading and also to take responsibility for customer data.
this seems simple enough, but firms need to be very careful
to avoid bad publicity caused by poor planning. A sense
of proportion is highly important. negative comments by
disgruntled customers or employees can potentially reach
thousands – possibly millions – if they are a well known blogger
or if readers are actively searching for mention of the firm. the
digital footprint has suddenly become much more significant
and permanent. As social media becomes more pervasive as a
method of business communication, Compliance will need to
become increasingly tech-savvy and understand the use of each
social media platform and device and how they fit in with the
firm`s regulatory obligations.
some commentators have suggested that regulations as
they currently stand are out of alignment with reality, with most
regulators trying to fit social media into existing promotions and
communication rules. the social media landscape is continually
evolving, and it remains to be seen whether current rules
Page 29 inCOMPLIANCE
incompliance
InsIGHt: sOCIAL MeDIA
over time can cover every social media platform, technology
and device. As with any new technology, social media and its
practical aspects will be monitored by the regulator for a certain
period of time before any meaningful guidance and/or new rules
are put in to effect.
A case in point is the uK where the Financial services
Authority (FsA) regulates the majority of financial
communications through its Conduct of Business (COB) rules.
the FsA is currently monitoring the effects of social media and
compliance against these rules having sent an update notice
last year. A review had found that communications through
social or “new media” had lacked compliance with a number of
established safeguards.
In the coming year, social
media compliance will be
one of the major issues and
a primary area of review for
compliance officers
An important Compliance issue here is that, for the FsA,
financial promotion rules are “media neutral” which means
that that they remain the same regardless of whether an
advertisement is published in print, a blog or sent through
twitter. Concomitantly, upon assessing any violation of these
rules, the FsA is indifferent to whether the communication
was made through social media or any other written or
personal contact.
In its update last year, the FsA noted that a review had
found that companies were publishing twitter updates or
commenting on discussion threads without the usual disclaimers
and risk warnings and engaging in behaviour that acted as
promotional activity that went beyond “image advertising”.
Image advertising consists of the firm’s logo, contact point and
reference to the types of regulated activities provided or to its
fees and commissions. When a communication goes beyond
this, it will need to comply with the relevant communication
rule, namely COBs 4 (the rule on communicating with clients).
the treatment of image advertising varies depending on the
type of product (and therefore on which source book applies)
but in many cases image advertising is exempt from most of
the financial promotion rules. However, the fair, clear and not
misleading rule always applies and any social media promotions
and communications must also meet the requirements for stand-
alone compliance. A note published in 2009 by the FsA states
that “every financial promotion must comply with all relevant
financial promotion rules. It is not acceptable, for example, for
firms to omit important risk information just because they intend
to give it later in the sales process.”
Technical controlsFor Compliance, finding which particular social media channel
is appropriate for what type of communication is an important
inCOMPLIANCE
incompliancePage 30
InsIGHt: sOCIAL MeDIA
concern. If the communication is balanced, then the audience
should be able to read the item and understand exactly the
nature of the product or service, their commitment and
associated risks. While Compliance guidance can focus on this
outcome, manual procedures and other processes currently used
to approve content and mitigate risk, must also be scalable.
How can you ensure, for example, that someone in your firm
is not accessing a social media site and inadvertently placing
information that could be deemed a financial promotion? some
firms are implementing technical controls, such as web filtering,
that restrict social media sites. Although this may help protect
the firm while employees are connected to its network, most
technical controls do not address smart phone and other mobile
devices, such as laptops, when they leave the firm’s premises.
Having the ability to record activity and content and to
monitor employee activity on social media sites is crucial.
records related to firm communications are required to be
maintained for at least five years. Many firms are turning to
outside help from vendors that can provide electronic retention
of social media communications. However, firms need to use
caution here as the technology to capture and retain messages
sent or received via social media sites is still evolving.
Policies and proceduresA firm needs to have a clear understanding of its social media
compliance obligations. there must be policies and procedures
in place that address behaviours that may fall outside “normal”
compliance rules. Compliance needs to be involved at the
very beginning when talk of social media begins to emerge.
Incorporating a social media risk assessments into the firms
overall risk framework will go a long way in prevent compliance
related problems. the ABA Banking Journal made the following
recommendations:
• Engage a multidisciplinary team – social media affects
the whole firm and a range of functions. Any risk mitigation
strategy should include representatives from Hr, It,
Legal, Marketing, risk Management, Public relations and
Compliance. the risk committee should retain ownership and
track progress.
• Document current and intended social media use – the
team should document how each function uses social media
and how it intends to use it in the future.
• Perform a risk assessment – the team must identify and
quantify the various risks associated with social media use and
put in place safeguards and controls taking into consideration
the likelihood and potential damage of a disgruntled customer
or employee to the firm’s reputation, its products and brand.
• Expand current policies to include social media – Once
risks have been identified, the firm will need to decide
whether any changes to its existing policy need to be made
to address these risks. social media guidance can be included
is a stand-alone policy or incorporated into existing policies.
regardless, the policy needs to be easily accessible to
employees and include reference to: appropriate use of social
media; Hr policies; It security; marketing and communications
policies; and vendor management policies.
• Implement safeguards – A firm will need to consider
bespoke It security safeguards and evaluate a new set of
technical risks and mitigate them with appropriate It policies
and controls.
• Provide social media training – employees need to
understand the firm’s social media policy. training should
include examples of appropriate and inappropriate
communications and actions, distinguish between positive
and negative use, and highlight the threats posed by each
different platform. As with other compliance training, training
should be a frequent occurrence.
• Monitor social media platforms – Firms also need to monitor
the different platforms that have been approved for use. some
It solutions by third party vendors can help monitor public
channels for social media chatter that could affect the firm.
In the coming year, social media compliance will be one of
the major issues and a primary area of review for compliance
officers. A robust risk management framework coupled with a
proper understanding of how to use social media networks may
prove to be a tremendous opportunity for many firms. Instead
of trying to ban or block social media, firms should embrace the
world of social media. However, they must also know the risks
and prepare for them.
Mushtaq Dost is the Principal / Managing
Director of Trafford Consulting SL. He
can be contacted at: + 34 93 268 82 82 or
1 http://www.informationweek.com/thebrainyard/news/social_
networking_consumer/229402623
2 the full rules can be seen at http://fsahandbook.info/FsA/
html/handbook/COBs/4
3 http://www.fsa.gov.uk/pages/Doing/regulated/Promo/pdf/
new_media.pdf
A financial firm’s main
responsibility when it comes
to communicating through
social media is to be fair, clear
and not misleading and also
to take responsibility for
customer data
Follow us on twitter @intcompassoc
Like our facebook page International Compliance Association
Follow our company page on Linkedin International Compliance Association
Join our Linkedin group ICA Group
Coming soon....iCA Blog Check the ICA website over the next few weeks
download the iCA App for iphone (50%introductorydiscount)
ICA goes digital!
get in touch through the channels below, submit ideas or even write a guest blog!
ICTA266
Head Office
Wrens Court | 52-54 Victoria road | sutton Coldfield | Birmingham | B72 1sX | unIteD KInGDOM
tel: +44 (0) 121 362 7747 Fax: +44 (0) 121 240 3002
email: [email protected] www.int-comp.org