Volume 7 (2023-24)

Each volume of Journal of Financial Compliance consists of four 100-page issues published both in print and online. 

The Articles published in Volume 7 include:

Volume 7 Number 2

  • Editorial
    Mario J. Difiore
  • Practice paper
    Reviving securitisation in the EU: A critical analysis of the reporting requirements
    Olivia Hauet, European Central Bank

    The EU Securitisation Regulation (SECR) came into force in 2018, applying to securitisations issued after 1st January, 2019 and to eligible legacy securitisations. This is a cornerstone of the Capitals Market Union (CMU), which, together with the amendment of the Capital Requirements Regulation (CRR), aims at reviving the European securitisation market. By introducing a robust and harmonised framework, the regulator intends to resolve the following conundrum: how to relaunch the securitisation market, which is essential for financing the economy, while mitigating its vulnerabilities and the stigma associated with it? More specifically, the CRR amendment contains the calibration of capital requirements in accordance with the updated hierarchy of methods while the SECR defines the criteria for securitisations to qualify as ‘simple, transparent and standardised’ (STS). The SECR also sets common rules for the due diligence obligations of institutional investors, regardless of the sector to which they belong. An intrinsic (although not specific) problem with securitisation is the question of asymmetry of information, since investors have access to less information about the loans backing the tranches than lenders involved in their origination. Article 7 of the SECR addresses this issue by defining high standards to transparency requirements using a very granular reporting method. While market participants recognise the necessity of fostering transparency and due diligence to increase confidence in the market, the current reporting framework, because of the burden it represents, may discourage potential investors and originators. This paper provides a thorough overview of the reporting obligations set on credit institutions in the context of securitisation. It demonstrates how the lack of integration and proportionality combined with technical limitations perpetuates regulatory fragmentation and associated high costs. It proposes potential solutions to integrate requirements from various sources into a unified model and concludes with the necessity to improve the governance of reporting and data requirements at a European level.
    Keywords: securitisation; due diligence; regulatory reporting; capital requirements; granular data; data model

  • Compliant marketing: breaking down the new marketing rule
    Elizabeth Cope, SEC Compliance Solutions

    The Securities and Exchange Commission (SEC) adopted the New Marketing Rule on 4th May, 2021, giving registered investment advisers until 4th November, 2022 to comply. This New Marketing Rule (the Rule) replaced the original advertising rule that was adopted in 1961 and the original cash solicitation rule that was adopted in 1979. This much-needed update takes into consideration the modernisation of advisers' marketing efforts and combines the two old rules into one. As with any new rule, advisers run into the added challenge of interpretation. This Rule is primarily principles-based, and we do not know yet how the SEC will interpret advisers' various implementations. This paper will only address the requirements that apply to investment advisers registered with the SEC. As such, this paper will tackle the new definition of an ‘advertisement’, principles-based prohibitions, specific disclosure requirements and restrictions for performance, testimonials and endorsements, third party ratings, clarification on the applicability for private fund managers, new ADV disclosure requirements around advertising and new books and records requirements.
    Keywords: marketing; solicitation; general prohibitions; disclosures; testimonials and endorsements; third party ratings

  • Preparing for the implementation of EMIR REFIT
    Carolyn Jackson and Ciara McBrien, Katten Muchin Rosenman UK LLP

    The new obligations under EMIR REFIT (as defined below) require firms to adopt new reporting standards for derivatives transactions and upgrade outstanding derivatives transactions to the new reporting format. The implementation date is 29th April, 2024 in the EU and 30th September, 2024 in the UK. To navigate the complexities of EMIR REFIT, firms should start preparing for the implementation of the new requirements as soon as possible.
    Keywords: reporting; EMIR; REFIT; derivatives; regulation; EMIR 3.0

  • AML for a blockchain age
    Neal Christiansen, Valerie-Leila Jaber, Grant Rabenn, and Melissa Strait, Coinbase

    Blockchain technology is not only unlocking important innovations in financial systems, it is also the foundation for powerful new tools used to combat illicit finance. This paper describes some of the ways that this technology not only enhances traditional compliance tools but also goes further, offering investigators unprecedented access to transactional data. The result is that virtual asset service providers, unlike traditional financial institutions, are not limited to static or opaque stores of customer information but can instead conduct more sophisticated analyses that are faster, more reliable and more dynamic than what was previously available. Given this new compliance landscape, this paper sheds light on where the most significant illicit finance threats are in the cryptocurrency ecosystem and, further, how regulators can support the development and adoption of powerful new compliance tools, including those using novel digital identity systems.
    Keywords: virtual assets; cryptocurrency; virtual asset service provider; VASP; blockchain analytics; know your transaction; KYT; decentralised identity; DID

  • Unintended consequences of the risk-based approach? De-risking tendencies in anti-money laundering and countering the financing of terrorism compliance
    Astrid Satovich, European Savings and Retail Banking Group

    This paper provides an overview of the regulatory approach taken by the European Union (EU) to counter unwarranted de-risking activities by financial institutions in the field of money laundering and terrorist financing. As an integral part of the network to combat money laundering and terrorist financing in the EU, financial institutions are subject to a comprehensive regulatory framework that follows a risk-based approach. In the course of the revision of this legal framework and driven by different developments such as migration, the phenomenon of unwarranted de-risking has increasingly come to the attention of EU regulators. Some related factors to unwarranted de-risking are typically the risk of non-compliance with rules in the field of anti-money laundering (AML) and countering the financing of terrorism and respective sanctions, including reputational damage, the increasing administrative burden that potentially comes with risky customers, as well as the associated high compliance costs and necessary training for employees. Additionally, the phenomenon of unwarranted de-risking can only be fairly assessed when being distinguished from de-risking decisions taken by financial institutions in accordance with their business strategy. Given the high impact unwarranted de-risking can have on important areas such as financial inclusion and as a result of observing an increase in unwarranted de-risking activities, EU regulators have focused on clarifying legal uncertainties faced by financial institutions, for example in the AML package published in 2021 and in the revision of existing and issuance of new Guidelines by the European Supervisory Authorities in 2023, as examined in this paper.
    Keywords: de-risking; compliance; anti-money laundering; risk-based approach; know your customer; KYC; financial crime

  • How does hotline and incident management stack up in the financial services industry? An analysis of comparative metrics
    Carrie Penman, NAVEX

    An efficient and trusted mechanism by which employees can anonymously or confidentially report allegations of suspected or actual misconduct is the hallmark of a well-designed compliance programme. Yet, every industry will have different metrics related to their reporting processes and systems. There is not a ‘right’ answer because all metrics will be influenced by the risk areas facing each industry. The finance sector is no exception. So, what does the data show for the finance sector and how can the data be used to impact programme effectiveness? To answer this question, in 2023, NAVEX®, a provider of governance, risk and compliance information system software and services, examined financial-industry specifics within a large global data set of anonymised hotline and incident management metrics. This research, published here for the first time, follows the release of NAVEX's 2023 ‘Hotline & Incident Management Benchmark Report’ — an annual, publicly available analysis of hotline reporting data generated through the intake channels NAVEX provides to its customers. This research publication, published in March, involved a total of 1.52 million reports worldwide. Financial services was the third-most represented sector across the larger benchmark report. Comparing financial services to global benchmarks, it appears the industry is outperforming other sectors in several key incident management metrics. Yet for individual financial firms, the industry-specific benchmark data revealed in this analysis could provide a more refined look into the ways organisations can compare their programmes to their industry peers. Overall, the financial services industry received more reports per 100 employees, fewer anonymous reports, and were consistently closing cases even with a different mix of issue types, ie more business-related issues than other industries.
    Keywords: compliance; governance; risk and compliance; organisational culture; risk management; hotline

  • How counter extremism could improve financial institutions’ counter terrorist financing controls
    Richard Wall, Bank J. Safra Sarasin (Gibraltar) Ltd

    This paper aims to provide insights into counter-extremism measures and how these may be applied by financial institutions as part of their counterterrorist financing controls. The paper suggests that extremism ‘red flags' could be used as a pre-emptive measure against terrorist financing.
    Keywords: counterterrorism financing; extremism; terrorism; financial institutions

  • Expert networks, alternative data and managing risks of material non-public information
    James G. Lundy, Margaret Gembala Nelson and Bill McCaughey, Foley & Lardner LLP

    Expert networks and alternative data providers can be sources of invaluable information with which to make investment decisions, and they can play an important role in maximising returns from financial markets, but with the use of the sophisticated information they provide comes certain risks of regulatory scrutiny and even potential investigation for insider trading. However, a well-designed compliance programme can be tailored to monitor for, prevent, and detect red flags to avoid investigations and charges by financial enforcement authorities. Due diligence, the establishment of proper policies and procedures, and adherence to best practices will make the difference, not only in avoiding prohibited trading but in ameliorating the potential consequences if allegations of illegal behaviour arise. Financial advisers looking for an edge are well advised, themselves, to understand the risks and prepare against them.
    Keywords: expert network; alternative data; material non-public information; MNPI; insider trading; investment best practices; SEC

Volume 7 Number 1

  • Editorial
    Mario J. Difiore
  • Practice paper
    Why and how to embrace entity resolution and contextual monitoring
    Aaron Wolf, Deutsche Bank

    Criminal activity is an unfortunate constant in life. Some criminals are highly sophisticated, others not so much. The common objective of each criminal, regardless of the level of sophistication, is to stay at least one step ahead of the system of controls in place to prevent, detect and report their illicit activity. From a transaction monitoring perspective, criminals had a significant advantage for some time with the ineffective rules-based transaction monitoring (RBTM) that most banks utilise. The scale is beginning to tip back in our favour with the advent of new and improved technologies, such as entity resolution and contextual monitoring (ER/CM). The purpose of this paper is to demonstrate the clear advantages of ER/CM and what you as practitioners should consider when deciding if you should make the switch and what to consider when implementing the technology.
    Keywords: regulatory technology (RegTech); entity resolution; contextual monitoring; risk-based approach; risk appetite

  • The case for self-regulation for the digital assets industry
    Alma Angotti, Tracy Angulo, and Gene Bolton, Director, Guidehouse, and Gabriella Kusz, Global Digital Asset & Cryptocurrency Association

    The concept of self-regulation and the use of self-regulatory organisations (SROs) as a feature of legal and regulatory frameworks has been adopted to support effective and efficient capital market development in a number of countries around the world. Most notably, the International Organization of Securities Commissions (IOSCO) set forth through its SRO Consultative Committee a ‘model for effective self-regulation’, the general principles for self-regulation and why self-regulation should be incorporated into regulatory frameworks. Since 2000, this has served as the outline for SRO development. Today, many countries are struggling with the question of how to regulate cryptocurrency and digital assets — including the US. The rapid evolution, high degree of expertise and understanding needed, and decentralised, cross-border nature of digital assets presents unique challenges for regulators. In the wake of the failure of the centralised finance (CeFi) digital asset exchange FTX, this research explores whether an SRO may be suited to the nature of the digital asset industry and how it may provide a strong complement to formal US government regulation. Such a complementary relationship may offer United States regulators and legislators a mechanism for providing a high degree of regulatory coverage which balances the need for consumer protection and market integrity with the need for innovation. In exploring this subject, researchers undertook desk study on the IOSCO Framework for Effective Self-regulation and explored existing and emerging national SROs in the digital asset space. Desk study was coupled with individual one-on-one interviews with global digital asset industry leadership and public roundtable forums. This research concludes that an SRO may serve to provide the US legal and regulatory framework with a high-quality solution to the challenges of legislating and regulating in the ever-changing environment of digital assets.
    Keywords: self-regulation; digital assets; crypto; cryptocurrency; regulation; the International Organization of Securities Commissions (IOSCO); National Futures Association (NFA); Japan Financial Services Agency (JFSA); Japan; Switzerland; USA; securities; commodities; Commodities Futures Trading Commission (CFTC)

  • The resolution plan for insurers in France: Being prepared in case of a failure
    Frédéric Visnovsky, French Prudential Supervision and Resolution Authority

    The failure of an insurer may affect policyholders as well as the broader economy. This explains why a resolution regime is useful, with the objective of making it feasible to maintain vital economic functions and activities, which are needed, without disruption and without exposing taxpayers to loss. The resolution regime is a core element of the policy measures adopted by the G20 in the wake of the global financial crisis and applies to banks in most countries, with France being one of the first EU member states to adopt a regime for the recovery and resolution of insurance undertakings. The work undertaken to prepare resolution plans consists of first identifying the functions deemed to be critical which should be maintained. For the resolution to be effective, this work needs to be complemented with analysis of the level of separability of these critical functions from the rest of the undertaking or group, as this is necessary to ensure operational continuity in the event that a resolution action is applied. The next step consists of specifying resolution strategies that could be applied to groups or bodies performing critical functions, in accordance with different possible crisis scenarios and taking into account different resolution tools used separately or in combination. Based on these elements, Autorité de Contrôle Prudentiel et de Résolution has adopted the first resolution plan for 13 insurers, but this needs to be complemented by additional analyses and additional information in order to cover all the topics needed to operationalise resolution strategies and ensure the resolvability of undertakings.
    Keywords: recovery; resolution; insurers; critical functions; separability; interconnection

  • Best practices when handling whistleblower complaints
    Tracey Salmon-Smith. Sandra D. Grannum, Jesse Linebaugh, and Vijayasri G. Aryama, Faegre Drinker

    This paper is intended to serve as an initial guide for members of public companies on creating company whistleblower policies and procedures for the investigation of employee whistleblower complaints. Companies should establish clear internal policies for how employees can make whistleblower complaints, who should receive those complaints, how to investigate those complaints (whether internally or externally) and how the results of the investigation should be reported or shared with others.
    Keywords: whistleblower; whistleblower complaint; regulatory; regulatory investigation; internal investigation; internal complaint; compliance

  • The crypto frontier: How US policymakers and investment advisers can address digital assets
    William Nelson, Investment Adviser Association

    This paper focuses on prominent issues surrounding digital assets. The lack of a comprehensive federal digital asset law has recently raised several issues for Securities and Exchange Commission (SEC)-registered investment advisers as they try to navigate new markets and new industry practices. As such, this paper addresses the current US regulatory landscape, provides a comparison of non-US approaches to digital assets and provides US policymakers with key principles they can consider for potential digital asset legislation and/or regulation. The paper also provides compliance considerations for investment advisers who currently manage digital assets, to address the evolving obligations under the US securities laws.
    Keywords: Securities and Exchange Commission (SEC); investment adviser; compliance; digital assets; cryptocurrency; crypto-assets

  • Consumer protection and good customer outcomes in an evolving financial services ecosystem
    Donna Turner, Shapes First

    Consumer protection and the conduct of financial services firms has been a focal point and priority since statutory obligations on the financial services sector became law in 1986 with the introduction of the Financial Services Act. However, that has not prevented the continuous stream of scandals hitting the financial services industry and the consumers they serve or the never-ending battle to fight against criminal activity and strategies. This paper describes the evolution of standards in relation to financial services consumer protection, the new and evolving risks that consumers face and considers why regulation is needed that requires firms to put their customer needs first.
    Keywords: treating customers fairly; payment protection insurance; consumer duty; Senior Managers and Certification Regime (SM&CR)

  • Simplifying US state-level obligations to help achieve compliance certainty
    Kris Stewart and Elaine F. Duffus, Wolters Kluwer

    This paper provides key insights into how expert augmented intelligence helps simplify and refine state compliance obligation management with dynamic technology. Learn strategies to help financial institutions overcome four unique pain points of achieving complete compliance confidence. Readers will learn how top banks are able to reduce reliance on third-party legal firms, connect various components of regulatory change management together and gain a strategic perspective on how that impact is realised.
    Keywords: state obligation management; regulatory change; regulatory compliance; artificial intelligence; state-level legal and regulatory compliance

  • Is employees’ understanding of conduct risk aligned with values espoused in their employers’ public statements?
    Alexander Culley, C & G Regulatory Solutions

    The purpose of this paper is to examine whether there is any correlation between the values expressed in the published statements of investment firms and their employees' understanding of conduct risk. A qualitative examination of: (a) 20 semi-structured interviews, comprising 17 with employees from nine UK firms engaged in brokerage and trading activities, and three interviews with consultants specialising in conduct risk who regularly assist such firms; and (b) the publicly available statements issued by nine UK firms engaged in brokerage and trading activities. The paper finds much alignment between firms' publicly stated values and their employees' understanding of conduct risk. However, some themes that are currently high on the UK Financial Conduct Authority's (FCA) agenda, such as non-financial misconduct and transparency, receive little to no attention in either. The study's findings are limited to the insights of the interviewees who took part. These insights may not represent ‘what actually happens' on the trading floor. For this, an ethnographic study would be required. The findings imply that current conduct-related initiatives led by the FCA are not making a significant impact on brokerage and trading firms. This paper builds on a previous study that examines possible relationships between banks' corporate value statements and incidences of misconduct. Furthermore, it proposes the piloting of a conduct risk awareness programme that utilises the experiences of former miscreants to help embed cultural change.
    Keywords: conduct risk; Financial Conduct Authority; corporate values; corporate culture; business ethics; investment firms