“This journal provides valuable peer-reviewed practical business Ideas for industry leaders and academics,”
Volume 8 (2024-25)
Each volume of Journal of Financial Compliance consists of four 100-page issues.
Articles scheduled for Volume 8 include:
Volume 8 Number 1
-
Editorial
Mario J. Difiore, Editor -
Practice Papers
Machine learning and compliance: A consumer-led approach
Matthew Connell, Director of Policy and Public Affairs, Chartered Insurance Institute
For compliance professionals, addressing the risks and opportunities of technologies such as machine learning is a huge challenge. This paper examines the issues involved with machine learning and insurance, by combining known regulatory concerns from international and UK supervisors with the results of consumer research, to identify key risks and how they can be mitigated. The paper finds that blending consumer research and wider risk management analysis can lead to a holistic compliance approach to machine learning. This builds from the individual, through job role design, individual accountability and training, to organisational systems and controls including governance, pricing policies and data management, through to sector-wide systems and initiatives including management of third parties and consistent standards for model transparency. In particular, it can help focus financial services firms on elements that consumers consider to be highly important, such as pricing according to risk rather than other factors (for example, price elasticity of demand). Conversely, it can help firms take a more proportionate approach to societal factors, such as exclusion of high-risk groups, that insurers alone cannot resolve without partnership with civic authorities.
Keywords: machine learning; compliance; consumer perception; AI; ethics; outcomes -
Strengthening governance practices of TCSPS in the EU’s smallest member state
Christopher P. Buttigieg, Chief Officer Supervision, and Petra Camilleri, Deputy Head, Trust and Company Service Providers Supervision, Malta Financial Services Authority, Triq L-Imdina
In Malta, Trust and Company Service Providers (TCSPs) are subject to sector-specific legislation and regulation, overseen by the Malta Financial Services Authority (MFSA) responsible for their authorisation and prudential supervision. TCSPs act as gatekeepers to Malta's financial system, playing a pivotal role in ensuring the integrity of financial services. The paper evaluates the outcomes of the MFSA TCSP governance and compliance thematic review within the context of financial supervision in Malta. It aims to: (a) analyse international reports on TCSP risks, informing the rationale for sector regulation; (b) explore the significance of thematic reviews in the MFSA's supervisory framework; (c) evaluate governance and compliance importance in the MFSA's supervisory approach and (d) examine principal findings of the review and their sector implications. Contributing to the debate on the nature of financial supervision, the paper argues that the TCSP governance and compliance thematic review underscores a growing recognition among TCSPs of the need for robust compliance culture. However, it highlights persistent deficiencies warranting attention. This academic study sheds light on TCSP regulation and supervision in Malta, emphasising the oversight approach in the EU's smallest member state.
Keywords: regulation; supervision; TCSP; MFSA; compliance; EU -
Is DORA the dawn of a new era for cybersecurity compliance in the EU’s financial sector?
Antonio Giannino, Chief Risk and Compliance Officer, and Francesca Valenti, Legal and Regulatory Adviser, Amagis Capital Group, and Federico Sertori, Legal and Compliance Officer, Cargolux Italia
This paper aims to set out the application of Regulation (EU) 2022/2254, the Digital Operational Resilience Act (DORA), to analyse its main obligations, its impacts on the current financial ecosystem and on the future culture around cybersecurity in the financial sector. The paper focuses on the main pillars around which the regulation has been built, and its aim is to assist compliance officers and non-technical personnel to assess the impact of DORA within their organisation. The authors offer an overview of DORA because the first step to address the implementation of a new regulation is having a clear view on all areas involved and the intensity of the changes. DORA will require a deep review of current documentation and processes: legal departments will have to ensure the agreements in place with IT providers comply with the new requirements, which entails new processes and the ability to follow the new contractual obligations; risk officers will need to work closely with the IT department, middle-back office and the compliance department to ensure they are all proactively involved in the implementation and monitoring of the new processes and that such procedures and the IT tools integrated are constantly suitable to serve the organisation's need. Furthermore, management will be involved in DORA implementation and will bear responsibility for information and communication technology topics and, consequently, it will be incentivised to pay attention to and invest in information security. Meanwhile, carrying out a pre-assessment at organisational level to understand business impacts and drafting an implementation plan so as to be ready for January 2025, when DORA comes into effect is highly recommended.
Keywords: cybersecurity; compliance; European digital finance package; financial industry -
How to maintain a strong compliance function in a remote/hybrid working environment, using ESG as both the objective and the driver
Jessica Ramos, Head of Regulatory and Financial Affairs, Ella Adler, Regulatory and Oversight Affairs Counsel, and Erietta Exarchopoulou, Regulatory and Oversight Affairs Adviser, EBA Clearing
The new realities of the workplace have had a significant impact on how compliance experts are engaging staff in organisations across all sectors and in particular in the financial services sector. Remote/hybrid working arrangements as well as flexible hours have changed the way people interact with each other and how they live and absorb the company's culture. It has also led to an increase of existing risks, such as cyber risks, and created new risks, such as inspections from authorities of staff members' homes. In addition, an increased focus on Environmental, Social and Governance (ESG) principles in the corporate space presents challenges for companies from a regulatory point of view, in terms of dealing with new compliance requirements, requiring additional resources to cover reporting requirements and exposure to reputational or litigation risk. However, this paper sets out a number of opportunities that companies can benefit from by leveraging their ESG activities to attract and retain talent. This paper details the abovementioned challenges, laying out the main consequences that have been observed. It also offers a number of practical tips to leverage creative and novel methods to cultivate a culture of compliance, despite the challenges of the new realities of the workplace, and it gives insights on how to leverage ESG to promote compliance and general staff engagement.
Keywords: compliance culture; ESG; remote working; employee engagement -
From data to decisions: How emerging technologies can enhance ESG assessments and reporting
William Nelson, Associate General Counsel, Investment Adviser Association, Washington, DC
This paper presents a comparison of the environmental, social and governance (ESG) regulatory landscape across California, the European Union (EU) and the US Securities and Exchange Commission (SEC). It highlights both the similarities and key differences within these regulations, empowering companies with practical insights. Specifically, the paper explores how companies can leverage data and analytics, alongside emerging technologies like artificial intelligence and blockchain, to gain a deeper understanding of their ESG risks and opportunities. The paper also delves into how these technologies can facilitate ongoing progress monitoring and enhance transparency in communicating ESG performance to stakeholders.
Keywords: environmental; social and governance; ESG; artificial intelligence; AI; blockchain; GHG emissions -
Risk-based customer due diligence is the key to effectively managing financial crime risk
Ola Tucker, Founder, Compliance Notes
Customer due diligence (CDD) processes and procedures are a required component of a financial institution's anti-money laundering (AML) compliance programme in the US and in many other countries. Solid CDD policies and procedures are key to meeting regulatory expectations as well as effectively managing money laundering/terrorist financing (ML/TF) risk. However, there are many nuances to conducting risk-based CDD and it is critical that financial institutions understand the specific risks they face and tailor their programme accordingly, as well as update it regularly to account for evolving threats and updates in legislation. This paper discusses the importance of CDD for risk management in financial institutions. It starts with an introduction to CDD, defines the three basic types of due diligence and explains the requirement to identify beneficial owners of legal entity customers. The paper goes on to discuss regulatory expectations as well as some of the more common compliance violations related to CDD incurred by financial institutions. The paper also highlights a case study examining the regulatory enforcement action against Deutsche Bank related to its AML compliance failures involving Jeffrey Epstein. Finally, the paper concludes with a list of best practices and recommendations for banks and other financial institutions.
Keywords: customer due diligence; enhanced due diligence; anti-money laundering; compliance; beneficial ownership; know your customer -
A consideration of the evolving role visibility and prominence of compliance play in strategic planning and protecting brand and reputation
Catherine Vaughan, Global Financial Crime, Ethics and Compliance Leader, Ernst & Young
Compliance has progressively evolved from a mere legal and regulatory necessity to a strategic imperative for organisations. In today's fast-paced and interconnected business environment, compliance plays a crucial role in protecting an organisation's brand and reputation. Looking at the relationship between compliance and key function heads such as the Chief Operating Officer, Chief Financial Officer, Human Resources Executives and the increasingly visible Chief Trust Officer, this paper explores the shifting landscape of compliance, its increasing visibility and prominence, particularly in strategic planning. It emphasises the crucial interconnection between compliance and a company's brand and reputation, demonstrating how adherence to legal and ethical standards has become a core aspect of protecting and enhancing organisational success. While there is a leaning towards larger organisations, the concepts and insights explored in this paper have equal relevance to smaller firms, for whom brand and reputation is as equally important as for larger ones. For any organisation which relies on a reputation of trust, the relationship between compliance and strategy explored in this paper is crucial regardless of size, industry or sector.
Keywords: compliance; brand; reputation; strategy; protection; growth; board; trust; culture; evolution