Volume 5 (2021-22)

Each volume of Journal of Financial Compliance consists of four 100-page issues published in both print and online. 

The articles and case studies confirmed for Volume 5 are listed below:

Volume 5 Number 4

  • Editorial
    Mario J. DiFiore, Editor, Journal of Financial Compliance
  • Practice papers
    Can we keep up with the machines? Stronger and faster artificial intelligence systems require robust risk management practices
    Edward O’Keefe, Co-head of Financial Regulatory Advice & Response, Moore & Van Allen, et al.

    No longer just an issue of isolated enterprise, regulatory or reputational risk for financial institutions, compliance failures are indicators of potential systemic deficiencies that can frustrate the mission and ethical goals of a firm. What is more, compliance failures may impede and compromise a financial institution's ability to deliver core financial products and investments. Recent advancements in data management and computing capacity have ushered in a wave of business technology solutions that rely on the power of artificial intelligence (AI) to transform vast quantities of data into useful business and risk management information. Financial institutions utilise these technologies to predict behaviour, make decisions, identify threats and meet regulatory requirements. An unintended consequence of the proliferation of Big Data and advanced analytics is the concomitant expansion of AI-driven models that tend to amplify social and economic biases. As AI-based technologies expand across compliance and risk management functions, they must be subject to rigorous examination and testing. Robust model governance must be a core component of every financial institution's overall risk management and corporate governance strategies. The extent of a financial institution's model governance must align with the extent and sophistication of its model use. This paper sets out the regulatory trends related to AI in compliance and risk management applications and the risks associated with inadequate data management, over-automation and other risk management oversight failures. The possible adverse outcomes are illustrated by means of a case study relating to the detection of money laundering associated with human trafficking. Recommendations for model risk management and model governance follow.
    Keywords: artificial intelligence; AI; human trafficking; model risk management; compliance

  • Perpetual know your customer: A new approach to addressing customer due diligence
    Henry Balani, Head of Industry & Regulatory Affairs, Encompass Corporation UK

    Perpetual Know Your Customer (pKYC) represents a new and alternative approach to the traditional customer due diligence process currently practised at many regulated financial institutions (FIs) today. FIs adopt a periodic approach in identifying anti-money laundering risks within their customer base as part of a government regulated compliance process. Conventional KYC processes can be ineffective and costly in managing compliance risks, with cumbersome and complex customer onboarding processes. Increasingly, FIs see value in adopting pKYC approaches either alongside or as a replacement for their current processes. This article describes pKYC and how it differs from traditional KYC processes; the benefits and challenges to adopting pKYC; and the right use cases within an FI. pKYC is a continual approach to customer due diligence, potentially replacing traditional forms of customer onboarding. This alternative approach, while it increases operational costs within an FI, does provide benefits in terms of reduced compliance risk exposure. This reduced exposure is achieved as a result of adapting continual review processes leveraging current customer and external reference data during the review process. This article finds that not all FIs can necessarily benefit from pKYC despite the inherent advantages. FIs need to consider their current KYC process that would be appropriate for their line of business. Lines of business that have high risk portfolios and volumes are typically the best candidates for adopting pKYC, compared to FIs that have relatively static and smaller customer bases. The article also provides the reader with a framework for understanding pKYC in the context of adopting such an approach in their FIs so as to make a more informed decision.
    Keywords: know your customer; customer due diligence; anti-money laundering; onboarding; financial crime compliance; perpetual KYC; continuous KYC

  • Taking an intelligence-led approach: How to improve understanding of financial crime threats through intelligence and analysis
    David Gilchrist, Financial crime compliance expert

    The financial crime compliance landscape is evolving, driven by a number of complementary factors: the move towards a more intelligence-led allocation of resources and advances in machine learning and artificial intelligence, both combined with the increasing availability of structured and unstructured data. This paper argues that the best way to take advantage of these developments is through the implementation of an intelligence and analysis model. It provides a high-level example of a model that can identify, understand and investigate the highest risk financial crime concerns. It shows the readers how the different levels of this model — strategic, thematic and tactical — interact to allow for the flow of information between them. In addition, it outlines how this model can integrate into the wider financial crime compliance department and how its outputs can drive tangible improvements in this area.
    Keywords: Intelligence; analysis; investigation; SARs; financial crime model

  • Data as sword and shield: How regulated entities in the banking and securities industries can utilise data analytics to improve compliance and manage enforcement risk
    Brian H. Montgomery, Senior Counsel, Financial Industry Group and David Oliwenstein, Counsel, Corporate Investigations & White Collar Defense, Pillsbury Winthrop Shaw Pittman

    This article examines the role of Big Data in the regulation of the consumer finance and securities industries in the United States. Because many major international financial institutions are located in New York, this paper discusses the role of both federal and New York state regulators. These regulators increasingly rely on data to conduct risk analyses and shape examination priorities, which, in turn, can lead to investigations and enforcement actions (that are also increasingly driven by data analysis). This article also discusses regulators' expectations regarding the role of data analytics in the development of effective compliance programmes and how regulated entities can leverage data to proactively address issues before they become subject to regulatory scrutiny, and use this information during the course of examinations, investigations and enforcement actions.
    Keywords: Data analytics; banking regulation; securities regulation; enforcement

  • A stakeholder-based taxonomy for managing regulatory compliance risk and aligning to business strategy
    David R. Parkatti, Chief Compliance Risk Officer, CWB Financial Group

    Despite advances in how organisations identify and categorise evolving regulatory requirements, there is no common alignment around a robust taxonomy to manage regulatory compliance risk. This paper explains the importance of risk taxonomy, and how objectives provide the lens through which to categorise risks in a robust taxonomy. It summarises a stakeholder-based approach for categorising regulatory compliance risk, providing a financial services taxonomy example that has been successfully implemented at CWB. The advantages of a stakeholder-based taxonomy approach are reviewed, including its (a) robust risk identification and assessment; (b) flexible application to any scale or complexity of enterprise; (c) natural alignment for structuring oversight; (d) facilitation of focused reporting and aggregated updates; (e) agility to apply to an evolving external landscape; and most importantly (f) alignment with processes and tools for strategic management. Areas for further research to expand that literature are proposed, building from the paper's two main ideas — applying an objectives focus to risk taxonomy, and using it to apply a stakeholder-based approach to regulatory compliance risk taxonomy. The paper concludes with practical next step considerations for chief compliance officers in managing their own programmes.
    Keywords: Taxonomy; compliance risk; stakeholders; strategy; objectives; value

  • New AML regulation: From ‘virtual currency’ to ‘crypto assets’ — differentiation from tokenised financial instruments and potential concerns over the perceived end of pseudonymity in the crypto sector
    Stefan Tomanek, Legal Expert and Ralph Rirsch, Team Lead, Austrian Financial Market Authority

    In adopting new regulatory measures, the EU is increasing its efforts to prevent money laundering and terrorist financing. Aside from a uniform and EU-wide ban on cash transactions over €10,000 and the establishment of a common European anti-money laundering (AML) authority, the new rules specifically tackle the growing crypto economy. While existing AML regulations already cover various business activities related to crypto-assets such as Bitcoin & Co., there is still considerable leeway for interpretation and uncertainty. The currently applicable definition of ‘virtual currencies' and demarcation issues to financial instruments subject to stricter regulatory regimes are prominent examples of this. As an answer to these issues the new term ‘crypto-asset’, introduced by the upcoming crypto regulation MiCAR, is going to be consistently used in the new anti-money laundering regulation as well as MiCAR, promising more legal clarity for the future. Meanwhile, headlines about the alleged end of ‘(pseudo)anonymity of crypto-assets' due to the new AML rules are already appearing on the European media landscape. This paper provides an overview of the potential implications of these new regulations for businesses, investors and users, as well as seeking to alleviate some of the fears of the market.
    Keywords: crypto-asset; AMLD; AMLR; travel rule; MiCAR; virtual currency; pseudonymity

  • ESG/sustainable finance in securities lending
    Heiko Stuber, Director, Senior Product Manager Tax, Regulation & Funds and Jacob Gertel, Director, Senior Content Manager Legal & Compliance Data, SIX

    Today, more and more investment strategies are not only led by profit considerations but, also by the incorporation of environmental, social and governance factors and their effect on our planet and society. Sustainable investment strategies are not only limited to the relationship between client advisers and investors but also need to be considered in other business areas, such as lending/borrowing and securitisation/collateralisation. Achieving an effective incorporation of sustainability risks and opportunities to the regulatory framework requires collaboration between global and national policy makers, regulatory and industry bodies. This paper provides the current status regarding global developments — geographically, regulatory and industry driven — in incorporating ESG factors to the securities lending business/process, the current holistic regulatory environment and the current data requirements and challenges, together with suggested guidance for compliance personnel. As a final remark, all financial initiatives and regulations require data — key factors are generation, collection, enrichment, processing and distribution in a timely manner and of top quality — not only as part of the investor's advisory process, but also when it comes to the integration of ESG into the securities lending process.
    Keywords: ESG standards; securities lending and borrowing; data coverage and quality; sanctions; collateralisation; KYL; KYB; KYC

  • Converting critical enterprise risks into a usable risk matrix
    Janice Powell, Senior Compliance Consultant, Core Compliance

    Successful compliance is built upon a solid foundation of risk management. Effective compliance programmes begin with a thorough assessment to identify areas of risk within the organisation. Developing a risk management framework is crucial to an organisation's ability to develop appropriate protocols to identify, monitor, and if needed, mitigate the risks. Aside from the practical benefits a risk assessment can provide, it can also demonstrate to a regulator that a compliance programme is ‘reasonably designed’ to prevent violations of federal securities laws. The purpose of this paper is to discuss practical ways to develop and implement a risk management programme as well as conveying identified risks to senior management for use in practical business decisions.
    Keywords: Risk management; compliance programme; risk assessment; controls

Volume 5 Number 3

  • Editorial
    Mario J. DiFiore, Editor, Journal of Financial Compliance
  • Practice papers
    How compliance leaders are driving efficiency and creating more effective compliance processes
    Stephen Pope, Co-Founder and CEO, Red Oak Compliance Solutions

    Financial compliance management continues to complexify between the addition of ponderous quantities of new regulatory guidance and the development and exchange of new, fairly unregulated asset types. Contrasting these monumental industry shifts against the frequent inertia of company positions toward compliance makes it clear that modernisation requires both the addition of new tools and of new ways of building relationships. This paper discusses the importance of instilling a compliance focus within an organisation, through the use of technology, the conscious development of a compliance-driven culture and the intentional engagement and connection between compliance professionals and other members of the organisational leadership team. In addition, it outlines the key components most likely to yield success when implementing new regulatory compliance tools, and how the addition of such tools can create bandwidth for both expanding the compliance function and creating greater value through strategic compliance-related decisions. Modernising compliance includes using compliance as a tool for horizon planning and making decisions with long-term impact, as well as creating deeper, more trust-driven bonds with consumers.
    Keywords: Compliance management, compliance programmes, compliance software, RegTech, FinTech, regulatory compliance management

  • Assessing and managing UDAAP risk in the new regulatory environment
    Chris Lucas, Consultant, Spinnaker Consulting Group

    The Consumer Financial Protection Bureau (CFPB), created in the wake of the Great Recession to protect consumers in the financial services space, has recently proclaimed that it will give increased attention to financial institutions’ compliance with Unfair, Deceptive or Abusive Acts or Practices (UDAAP). For banks, meeting this requirement has not been easy, as the terms are subjective and the CFPB ultimately holds the power to define what those terms — potential violations — mean, oftentimes on a case-by-case basis. This renewed focus on UDAAP comes on the heels of a global pandemic and a national reckoning on social justice, which have introduced new layers of discriminatory risk into the environment. This paper explores issues of equity and fairness for consumers under UDAAP, as well as presents several best practices that banks should adopt to better manage UDAAP risk, especially as other regulatory agencies are expected to up the ante on unfair banking practices. Failing to prepare for intensified scrutiny could result in significant financial penalties across the industry, which paid US$14.4bn in consumer relief and US$1.7bn in civil penalties in CFPB’s first decade of oversight.
    Keywords: UDAAP, Dodd-Frank Act, risk management, compliance, consumer financial protection board (CFPB)

  • The case for diversity, equality and inclusion
    Francis Janes, Industry Relations and Partnerships Director and Richard H. Harvey, Jr, Executive Vice President, General Counsel and Director of Compliance Risk, Beneficial State Bank

    This paper will give bank compliance officers and senior managers an understanding of how diversity, equity and inclusion efforts within their institutions will drive innovation and reduce risks. The reader will discover that organisations that excel at diversity and inclusion will more likely attract and retain top talent and drive superior financial returns. The reader will also gain an understanding of how to begin incorporating various aspects of this work into the overall business and operational planning of the bank.
    Keywords: Diversity, equity, inclusion, innovation, belonging, equality

  • Moving to a perpetual KYC model: The benefits and the challenges
    Neil Isherwood, Compliance SME & Sales Strategy Leader, Dun & Bradstreet

    Financial services firms have been looking for many years to improve efficiency in the Anti Money Laundering/Know Your Customer (AML/KYC) onboarding process, looking towards a data led approach and automation to reduce costs. In many firms this has been a slow process with many other programmes taking priority in terms of development resource. However, the COVID- 19 pandemic has highlighted that processes which involve large work forces, offshore resources and manual labour, are particularly vulnerable to disruption, resulting in institutions being unable to accept new customers due to lack of resources. This has placed a renewed focus on automation and in turn also turned attention to perpetual KYC as a method for maintaining client files, without the need for a full manual periodic review. This paper looks at the benefits of this type of approach and the challenges that organisations face to adopt it.
    Keywords: know your customer, KYC, Perpetual KYC, anti money laundering, AML, due diligence

  • Three lines of defence — is it the right model?
    Donna Turner, Senior Consultant, Sciens Consulting

    Despite the plethora of legislation, regulatory requirements and industry guidance that financial institutions need to follow, there is an ever-increasing number of scandals involving risk management, governance and compliance failings. Each time a scandal hits the headlines, supervisory bodies, and organisations themselves, consider how to respond and further strengthen the control environment and enhance policies and the related procedures to prevent the same or similar instances occurring. This paper describes the Three Lines of Defence model within financial organisations, considers the Wells Fargo customer account fraud scandal and the departure of Citigroup’s Chief Risk Officer and debates whether the revisions to the Three Lines of Defence model proposed by the Institute of Internal Auditors will strengthen the risk and compliance frameworks within organisations and provide a more robust system of corporate checks and balances, endorsed by both the industry and the regulators.
    Keywords: Three lines of defence, wells fargo, citigroup, institute of internal auditors

  • Improvise, overcome and adapt your CMS to changing times
    Michael Berman, Founder and CEO, Ncontracts

    Compliance has unfairly earned a reputation for uncompromising rigidity, but the reality is that the compliance function is just as capable of and reliant on creative thinking and problem solving as any other department. But for this to happen, compliance needs the right resources and support — including a compliance management system (CMS) built to support improvisation and adaptability so that financial institutions can effectively overcome compliance challenges. From outside events such as the COVID-19 pandemic to internal goals such as growth, the operational environment of financial institution’s requires a distinct combination of flexibility and prescriptive institutional policies and procedures. This paper offers four building blocks for a compliance management system to achieve this balance: a risk management mindset, standardisation, policy and procedure management and resource prioritisation. It reviews recent enforcement actions to illustrate why these elements are essential to a CMS that can keep pace with environmental and regulatory change.
    Keywords: Risk management, compliance, operational risk, compliance management, financial institutions, policy and procedure

  • Market abuse: The new challenges further to ESMA’s technical advice to the European Commission on the review of the Market Abuse Regulation
    Stefano Sirtori, Senior Policy Officer, European Securities and Markets Authority

    In September 2020, ESMA issued its technical advice to the European Commission on a potential review of the European Union (EU) Market Abuse Regulation. This paper describes ESMA’s main proposals for a legislative change and the relevant rationale, also vis-à-vis the feedback received to the public consultation. It also analyses why, in several instances, ESMA did not propose a legislative change to the European Commission, discussing the alternative tools at ESMA’s disposal and the Authority’s commitment to issue further guidance to the market participants. The paper also highlights the several instances where ESMA, whilst not making any express proposal for a legislative change, took the opportunity to express its views on number of grey areas that still call for a regulatory clarification. For each of the main areas touched by the ESMA’s advice are highlighted the rationale and the implications for supervised entities and investors.
    Keywords: Market abuse, MAR, inside information, buyback, insider list, market soundings

  • Financial crime compliance in professional services: Moving beyond the three lines of defence
    Catherine Vaughan, Partner, Global Financial Crime, Ethics & Compliance Leader, Ernst & Young

    The role of professional services in the fight against Financial Crime is as integral as that of the financial sector. Often viewed as ‘Gatekeepers’, professional services including Accountants, Auditors, Lawyers and Tax professionals have a significant role to play in combatting the flow of illicit funds through the world’s economies. This paper explores how professional service organisations, in particular within the Accounting profession, approach compliance with complex and fast-changing rules as they respond to expectations placed on them by regulators, clients and other stakeholders. Examining the traditional ‘three lines’ model for compliance frameworks, the author asks the question, ‘Is it time to move beyond the three lines of defence?’ As part of a broader approach to Enterprise Risk Management consideration is given to the role of education and empowerment as ways of enabling professionals meet their obligations with these key non-negotiable compliance requirements.
    Keywords: Professional services, financial crime, compliance, 3 lines of defence, enablement; empowerment

  • Developing living policy documents that optimise risk taking
    Laurent Robert, Consultant, Spinnaker Consulting Group

    Far too often, organisations consider the development of policy documents an academic exercise rather than integrating them into a robust risk management arsenal. At their fundamental levels, policies establish what an organisation, such as a financial institution, declares as intent for its beliefs and mission as it pursues its daily operations. By changing how they look at risk within their daily business, banks can steer their policy documents away from setting limits, which means minimising risk, and toward seizing opportunities, which means optimising the risk they take for the best benefit. At a more granular level, as they implement policies and bring them to life in their daily practices, banks should use regulatory input to align and influence the individual steps within their processes and procedures, as they work to build well-managed and compliant operations. This paper looks at the need for greater policy transparency, particularly as it addresses resulting risk from the global COVID-19 pandemic and recovery, as well as an expanding focus among customers on social justice. Ultimately, the paper recommends critical strategies that banking leaders should take to avoid adding unintended risk as the organisation develops effective enterprise and business policy documents. When done correctly, building a risk-aware culture, supported by sound policies that all employees embrace, can become an advantage for a bank in a market that has never been more competitive.
    Keywords: Policies, governance, risk management, compliance

Volume 5 Number 2

  • Editorial
    Mario J. DiFiore, Editor, Journal of Financial Compliance
  • Practice papers
    What does it all meme? An exploration of meme stock litigation, regulatory scrutiny and defences for broker-dealers
    Susan Light, Partner, Michael J. Lohnes, Partner, Hannah O. Koesterer, Associate, Carrie M. Stickel, Associate and Conor McDonough, Litigation Associate, Katten Muchin Rosenman 

    US financial market regulators have taken a renewed interest in retail trading and broker-dealer practices following the January 2021 ‘meme stock’ extreme market volatility. In this paper, the authors examine broker-dealer practices and trading rules that are the subject of pending litigation. Specifically, this paper examines areas of potential regulatory interest in the aftermath of the trading frenzy, including payment for order flow and related customer disclosures. It also examines the rationale for certain trading restrictions implemented by some broker-dealers during the period of extreme volatility. It then analyses legal defences for broker-dealers in pending investor litigation. Lastly, this paper discusses potential criminal and regulatory liability for amateur traders active on social media and online forums.
    Keywords: Regulatory scrutiny, game stop, broker-dealers, multidistrict litigation, trading rules, payment for order flow, meme stocks, frenzy

  • What is the role of governance and compliance in ESG investing?
    Beth Haddock, Managing Partner, Warburton Advisers and Carol Sirou, CEO and Founder, Safineia Advisors

    This paper is written by two former Chief Compliance Officers who currently serve as trustees on boards of directors. The paper will cover two topics: In Section 1: The enhanced role compliance can play to support the company in its ESG processes through a risk-based compliance programme specifically designed to address ESG developments; and in Section 2: The role of compliance in supporting board oversight of ESG and compliance officers’ own contribution to ESG stakeholder management.
    Keywords: ESG, stakeholder management, board oversight, sustainability, SEC risk alert

  • Takeaways from sanctions enforcement in 2020 and trends in 2021
    Jodi Avergun, Partner, James Treanor, Special Counsel and Shruti Chandhok, Associate, Cadwalader, Wickersham & Taft

    The COVID-19 pandemic years of 2020 and 2021 have by no means been record setting for sanctions enforcement, yet reliance on economic sanctions as a tool of foreign policy remains high for policymakers and regulators on both sides of the Atlantic. In the United States, recent enforcement has seen a reprieve from the very large penalties paid by large financial institutions in prior years. In the United Kingdom, regulators brought only one sanctions-related enforcement action (which targeted the dealings of one of the country’s largest banks) in 2020. Thus far, penalties in 2021, both in number and amount, are similar to those of 2020. Through an examination of these enforcement actions as well as formal regulatory guidance, legal, compliance and risk departments can draw a number of lessons to improve the effectiveness of their organisations’ sanctions compliance efforts. Just as importantly, anticipating the sanctions landscape for the second half of 2021 and beyond can help to avoid surprises and maintain a robust risk-based sanctions compliance programme.
    Keywords: Sanctions, OFAC, OFSI, Biden administration, Brexit

  • Challenges of competent authority’s AML/CFT risk assessments in practice: No common standard
    Garrett Dunker, Director, FTS Financial Transparency Solutions

    This paper reveals one of the challenges that Competent Authorities face in performing AML/CFT risk assessments, namely a lack of Common Standard, and identifies the benefits which could be achieved if a risk assessment standard were in broad usage. A standardised AML/CFT risk model that is scalable across sectors and across jurisdictions should have significant near-term and long-lasting advantages and efficiency gains for AML/CFT stakeholders such as supervisors, policy making bodies, reporting entities and SupTech developers. Moreover, global objectives could be achieved such as a worldwide increase of compliance and effectiveness related to the FATF standard, Recommendations 26 and 28 and Immediate Outcome 3. The paper then continues to outline the assumptions and objectives which should be used in forming such a standard and provides an early suggestion for consideration, identifying the pros and cons. The suggested method involves the determination of a sector profile level which would be considered an indication of the probability of ML/TF/PF occurring in a sector. The sector profile categorisation is based on a sector’s complexity, transparency, sophistication and the presence of high-risk activities, to which the assigned level dictates a commensurate number and intensity of risk factors and controls factors that should be present in an AML/CFT risk model. The formation of an AML/CFT risk assessment standard is recognised as a challenging feat and this work aims to form a discussion piece around the topic.
    Keywords: AML/CFT, supervision, risk assessment, risk model, standard

  • Creating effective compliance oversight structures for investment advisers
    Michelle L. Jacko, Managing Partner, Jacko Law Group and Janice Powell, Senior Compliance Consultant, Core Compliance & Legal Services

    Creating an effective oversight structure is no easy task. Investment advisers face challenges based on growth of the business, changes in regulations, new initiatives from senior management, product and service evolutions and potentially limited budget and resources to support increasing compliance needs. The purpose of this paper is to address how to create an effective supervisory structure. Focusing on recent guidance by the SEC in the form of speeches, Risk Alerts and a case study, we will explore how to identify and address potential gaps that exist in the supervisory structure, including considerations for building a strong culture of compliance and advance effective oversight, considering both teleworking and in-office environments.
    Keywords: Oversight structures, culture of compliance, compliance programme, surveillance and supervision

  • Real-life revolution: How compliance functions are leveraging innovation to become more aligned, efficient and tech-enabled
    Shelley Metz-Galloway, Managing Director, US Regulatory Compliance Leader, Risk and Compliance and Lucy Pearman, Managing Director and Global Head of Risk Transformation, Protiviti

    Financial institutions are among countless organisations in industries worldwide that are pursuing digital transformation initiatives for the betterment of their business and competitive advantage. Within the financial services industry, second line functions are among the many activities leadership are assessing to achieve greater efficiency and overall effectiveness amid heightened competition in an industry that continues to squeeze costs. Now, more than ever, compliance professionals must be ready to protect their firms. As regulatory scrutiny and compliance requirements increase in both scope and scale, the need for future-oriented, well-aligned, efficient and technology-enabled compliance management systems becomes paramount. Outlined in this article are key areas of focus that are critical to building and implementing an innovative, technology-enabled compliance programme effectively, beginning with the overarching strategy and approach.
    Keywords: Compliance innovation, enabling technology, critical success factors, culture and conduct, infrastructure and investment

  • Towards European electronic identity: A blueprint for a secure pan-European digital identity
    Eric Wagner, Group Product Owner Compliance Advanced Analytics, Group Central Compliance & Strategy, Erste Group Bank AG, Matteo Mannino, Senior Policy Adviser, Digital Finance and Innovation, ESBG and Oliver Lauer, Consultant, FinTech and Digital Identity, DSGV

    As cross-border digital services are expected to grow, a secure electronic identification will be a cornerstone of the digital economy. Besides some existing solutions at the member states level, the European Union (EU) is still struggling to reach a harmonised, comprehensive approach towards digital identification. The combination of a fragmented regulatory framework and an incoherent infrastructure has created a barrier to successful emergence of industry-led use cases. The European digital identity wallet (DIW) proposal announced by the European Commission on 3rd June, 2021, sets the bar high for an extension of the electronic IDentification, Authentication and trust Services (eIDAS) framework that might generate interoperable solutions. The substance of the actual solutions adopted by the members states, however, will much depend on the negotiations in the coming months between the private sector, member states and EU co-legislators. This paper develops a blueprint for a European digital identity in the financial services sector, which should provide sufficient security against identity thefts while protecting against synthetic identities. To this aim, a clear definition of standards is needed to provide portability, interoperability and sufficient data protection and privacy. The paper offers a comprehensive overview of both the necessary requirements and the major components for the design of a future pan-European e-ID (EUid), including know your customer attributes and their respective levels of assurance (LoAs). Furthermore, it outlines the prerequisites for designing authentication. The EUid solution should be founded on a robust trust framework, based on attributes provided and directly verifiable by their respective trusted issuers. The conclusions examine the potential role of the banking sector. Although EU regulators see the private sector as well placed to act as an identity provider for private individuals and legal entities, this alone would not guarantee a high LoA. Could banks think of a successful EUid business model, considering the rising number of national KYC utilities for corporates? A possible solution would be minimising costs via the creation of a common pan-European identity infrastructure centred around a public–private partnership, including actors from different industries.
    Keywords: EUid, pan-European e-ID, digital identity, wallet, secure infrastructure, authentication, KYC

Volume 5 Number 1

  • Editorial
    Mario J. DiFiore, Editor, Journal of Financial Compliance
  • Practice papers
    Responsible and ethical use of emerging technology
    Srividhya Thiagarajan, Compliance & Ethics Lead — Digital Experience, AI and Data Science and Alethea O’Donnell, Head of Corporate Compliance, MassMutual

    Emerging technologies such as digital interfaces and data analytics tools are rapidly transforming the financial services industry. These innovative technologies help financial services companies to reach more customers and meet them on their own terms. In fact, these tools have been a necessity in the pandemic world. Deployment of such new technologies, however, requires a careful consideration of risks. With customers’ financial interest and trust at the forefront, companies must be mindful of the complexity of emerging risks. The pace of change is rapid, and regulations are constantly evolving. While consumers expect ease of doing business, they are also increasingly concerned about data and privacy issues. Compliance & Ethics professionals are constantly challenged with balancing risk and innovation. Nevertheless, they can also act as enablers and catalysts by focusing on the responsible and ethical use of emerging technology. In this paper, we introduce readers to the tenets of responsible and ethical use of technology and data; namely, technology should be purposeful, humanistic, ethical and should work for all consumers. We then provide practical ideas and insights to create compliance programmes aimed at business owners, consumers and employees. These programmes include digital risk assessments, digital upskilling, digital and data compliance programmes and data ethics principles.
    Keywords: compliance programme, artificial intelligence, digital, data ethics, upskilling, emerging technology

  • A guide for chief compliance officers of registered investment advisers on how to develop, conduct and maintain an effective and robust annual testing programme
    Elizabeth Cope, Managing Member, SEC Compliance Solutions

    Every investment advisory firm is unique. Each has a different organisational structure, strategy and service offering and different operational approaches, personnel dynamics and company cultures. There is only one thing I can think of that is consistent from firm to firm: every investment adviser that is registered with the Securities and Exchange Commission (SEC) has to adhere to the same set of rules and regulations. Under Rule 206(4)-7 of the Investment Advisors Act, advisers are required to maintain policies and procedures, conduct an annual review to support those policies and procedures, and designate an individual at the firm as a chief compliance officer (CCO) to administrator the policies and annual review, often referred to in its entirety as a compliance programme. Accomplishing the task of this compliance programme can feel daunting considering that the SEC’s rules and regulations are vast, intricate and confusing. With this in mind, I developed a methodology for tackling the annual compliance review that — time and time again — has made my clients’ jobs easier. This approach is based on simplicity, practicality and customisation. I use it with every one of our clients. And it is my goal to share it with every new, newish and multi-hatted CCO to help make their lives easier.
    Keywords: investment adviser compliance; policies and procedures; annual review; compliance programme; Rule 206(4)-7

  • Enabling a holistic solution to London Interbank Offer Rate repapering
    Marcy Sharon Cohen, General Counsel and Managing Director, ING Financial Holdings Corp., Christopher S. Schell, Partner, Davis Polk & Wardwell LLP, Sirisha Gummaregula, Chief Operating Officer, QuisLex Inc. and Jason Pugh, Managing Director, D2 Legal Technology

    The phrase ‘compliance education’ can merit a bleak response. At times, institution’s compliance functions are associated with occupational constraint rather than encouraging ethical progress. Furthermore, employees overwhelmed by an abundance of trainings can experience fatigue. To encourage a positive response, strategic digital solutions that use learning mediums familiar to the user are necessary. This paper aims to provide insight on how videos can be used to improve compliance education.
    Keywords: compliance learning, compliance videos, digitisation, hybrid messaging, strategy

  • Know your data: Improving an anti-money laundering programme with dedicated data management
    Drew Galow, Director, AML Model Management and Machine Learning, Risk Capital and Model Development, US AML Office, Bank of Montreal and Sara Wright, Director, AML Data, AML Risk, Scotiabank

    Data is gathered, stored and analysed across the globe in every size business and industry faster than it ever has been at any point in human history; the velocity of data at a financial institution is no different. A financial institution’s anti-money laundering (AML) programme needs to equip itself to use this data to their advantage. A dedicated team must be formed to gather critical data for the programme. This team should focus on storing, mapping, evaluating and remediating the programme’s required data. This team can strengthen an AML programme’s base of data and information and, in turn, help the programme effectively and efficiently manage risk. With this base of quality data, the programme can tackle more advanced analytical tasks and use data to drive decision-making, ultimately leading to an efficient, innovative and compliant programme that helps it accomplish its primary job, identifying potential bad actors in the financial system.
    Keywords: AML, data management, data quality, data issues, analytics, data advocate, data model

  • Regulatory requirements, logistics and challenges of conducting an effective field audit programme
    Jim Hooks, Managing Director and Chief Compliance Officer, Private Advisor Group

    This paper reviews internal compliance examinations for broker-dealers and investment advisers in the light of emerging work trends and regulatory guidance stemming from the coronavirus pandemic. It pays special attention to internal compliance practices, the use of technology and staffing needs before examining factors for firms to consider in determining whether to conduct internal examinations remotely or on-site. It pays particular attention to branch-office examinations. The paper concludes that the most successful firms in adapting to changing workplace conditions and regulatory guidance not only will remain at the forefront of compliance but also can drive their own business forwards.
    Keywords: compliance programme, audit, inspection, examination, branch exam

  • Three core competencies for the modern general counsel
    Joseph Polizzotto, Senior Vice President, Strategy and Client Services, QuisLex

    This paper offers a perspective on how current general counsels (GCs) need to extend their reach and spheres of influence in order to add the greatest value to their companies. It provides practical suggestions on how to integrate and align the legal functions squarely with the company’s decision-makers, by focusing on achieving mastery over three competencies: (1) active engagement by the department in the governance structure of the entity; (2) a central role in the company’s reputational risk framework; and (3) an embracing of operational risk in the actual work being performed by the legal function. The author argues that it is insufficient if a GC is simply an outstanding lawyer who views their job largely to analyse legal issues and problems presented to them; rather, the paper postulates that a modern legal department needs to extend its reach and be more proactive and that the three competencies enumerated above, if mastered, help to accomplish that and create the opportunity for the GC and the department to be considered truly successful and influential. The paper also offers thoughts on how to nurture and develop talent within the department, how to incorporate the GC’s experience in crisis management for the greater good of the company, and how to be a thought leader on efforts to streamline processes and increase efficiencies.
    Keywords: role of the general counsel, governance, reputational risk, legal operations, crisis management, developing talent in the legal department

  • The state of state fiduciary laws for broker-dealers: Predicting the impact of state laws on SEC’s Regulation Best Interest enforcement
    Susan Schroeder, Partner, WilmerHale

    On June 30, 2020, US broker-dealers became subject to Regulation Best Interest (Regulation BI), a new standard of conduct imposed by the Securities and Exchange Commission (SEC) after a decade of debate and rulemaking. Regulation BI requires a broker-dealer recommending any securities transaction or investment strategy involving securities (including account recommendations) to act in the ‘best interest’ of the retail customer. Intended to address the different standards of care that registered broker-dealers and registered investment advisers owed their retail clients, Regulation BI tops the list of 2021 priorities for both the SEC and the Financial Industry Regulatory Authority (FINRA), the-self regulatory organisation that governs broker-dealers. In the coming year, initial SEC and FINRA enforcement actions regarding Regulation BI will illuminate the types of conduct or practices that regulators believe violate the new rule. As the federal regulators begin to define what Regulation BI does and does not permit, they do so against the backdrop of some state securities regulators who claimed that Regulation BI would not adequately protect investors. In response to Regulation BI, several states proposed or enacted their own different standards of conduct for broker-dealers. This paper describes the current and proposed fiduciary duties imposed on broker-dealers under state laws, the states’ ongoing assessment of Regulation BI and the resulting pressure that may be brought to bear on the SEC and FINRA as they begin to enforce Regulation BI.
    Keywords: Regulation Best Interest, broker-dealer, fiduciary, NASAA, suitability

  • The forensic professional’s perspective on fraud and fraud detection
    Timothy P. Hedley, Senior Adviser at K2 Integrity, Fordham University and Richard H. Girgenti, Vice-Chairman, K2 Integrity

    As banks and other financial institutions become increasingly complex and rely more heavily on remote and online services, they face an ongoing and ever-changing challenge presented by fraudsters who also have devised increasingly sophisticated methods to commit fraud. An effective compliance and fraud risk management programme must incorporate better and more sophisticated ways to meet the challenge of fraud. To this end, most organisations are increasingly turning to data analytics to help devise better methods to prevent and detect fraudulent activities. At the core of this effort to develop technology solutions to combat fraud are the skills, experience and competencies of forensic professionals. It is essential that any fraud risk management programme rely upon and leverages the diverse expertise of forensic professionals who will have the industry expertise, understanding of regulatory mandates, knowledge of fraud and their red flags and the various schemes devised to commit fraud. These professionals must also possess the investigative and forensic accounting acumen to detect fraud and the data analytic competency to help programmers and data scientists devise the rules and algorithms required to detect fraud and, ultimately, the ability to identify and investigate the data anomalies that will result and require further analysis. This paper discusses the unique perspective and expertise of the forensic professional, the nature of fraud, the forensic fraud detection process, sample banking fraud schemes and how the forensic competencies inform and enhance the power of data analytic processes from rules-based to artificial intelligence (AI) and predictive analytics.
    Keywords: fraud, forensic, scheme, analytic, risk factors, red flags