Coming into focus

ISSUE 28

YOUR MAGAZINE FROM THE INTERNATIONAL COMPLIANCE ASSOCIATION

inCOMPLIANCE ®

Compliance: making a difference

Coming to the surface

Earning your wings

p.16 p.20

£4.95 where sold separately

p.32

inCOMPLIANCE®3

ICA Members’ Assembly28 March 2017, Pullman, St Pancras, London

This is a free event for all current ICA members. It will include an overview of the Association and its achievements over the past year, as well as an insight into future developments.

Paul C. Dwyer will be presenting on ‘understanding and dealing with cyber threats strategically in a financial service firm’, while Bill Howarth and David Jenkins-Handy will discuss ‘measuring culture’.

For further information and to book your place, please visit www.int-comp.org/members-assembly

Attending the Members’

Assembly will give you two CPD hours.

ICA Certificate Workshops in Anti-Corruption and Combating the Financing of TerrorismWe are offering you the chance to attend a free one-off workshop when enrolling on one of our new certificate programmes: ICA Certificate in Anti-Corruption or ICA Certificate in Combating the Financing of Terrorism.

These new certificates will only be available online, so this is a fantastic opportunity to take part in a face-to-face workshop, gain the full certificate in either Anti-Corruption or Combating the Financing of Terrorism and all with the added benefit of gaining CPD points.

The workshops for both certificates will take place on the 28th March 2017.

Further discounts are also available should you wish to attend both a certificate workshop and ICA’s 9th Annual Conference: Making a Difference the following day.

For further information on these events please visit www.int-comp.org/certificate-workshops

ICAA500

Editorial Board

Kathryn Cearns, Independent Consultant, kathryn.cearns@brixtonroaduk.com

Jee Meng Chen, HSBC, jee.meng.chen@hsbc.com.sg

Jacob Ghanty, K&L Gates LLP, Jacob.Ghanty@klgates.com

Tom Salmond, Ernst & Young LLP, tsalmond@uk.ey.com

Irwin Spilka, Stonehage, irwin.spilka@stonehage.com

David Symes, Compliance Recruitment, david@compliancerecruitment.com

Rachel Waldren, ANZ, Rachel.Waldren@anz.com

inCOMPLIANCE®Issue 28

Publisher: International Compliance Associationica@int-comp.org

Editor: James Thomasjthomas284@btinternet.com

Design: Design & Document Servicesdesign.enquiries@wilmingtonplc.com

Production: Dorinda Gibbons & Sophy Lloyddgibbons@int-comp.org sophy.lloyd@int-comp.org

Advertising Queries: Amanda Cardallamanda.cardall@int-comp.org

Chief Executive, International Compliance Association: Phil Ryanphil.ryan@int-comp.org

ICA Membership Enquiries: Dorinda Gibbons & Sophy Lloydica@int-comp.org

ICA Qualifications: Contact our training partner, ICTict@int-comp.com

International Compliance Association CPD - 1 point

Advice to Readers

inCOMPLIANCE® is published six times a year by the International Compliance Association. Reproduction, copying, extraction, or redistribution by any means of the whole or part of this publication must not be undertaken without the written permission of the publishers.

inCOMPLIANCE® is distributed as a free member benefit to all members of the International Compliance Association.

Articles are published in good faith without responsibility on the part of the publishers or authors for loss occasioned to any person acting or refraining from action as a result of any views expressed therein. Opinions expressed in this publication should not be regarded as the official view of the ICA or as the personal views of the Editorial Board members of inCOMPLIANCE®.

All rights reserved in respect of all articles, drawings, photographs etc published in inCOMPLIANCE® anywhere in the world. Reproduction or imitations of these are expressly forbidden without permission of the publishers.

Printed in England

Although the current political and economic landscape appears incredibly unpredictable – with the reverberations of Brexit and the US presidential elections showing no signs of diminishing – it is perhaps worth bearing in mind that the flipside to risk and uncertainty is often opportunity. Within these challenging times, opportunities may present themselves for compliance professionals to make their presence felt through adding value to their businesses and enabling them to navigate choppy waters.

In that spirit, the ICA’s annual conference, later this month (p.16), aims to highlight the positive contribution that compliance can make to business, as well as the strides that the profession itself continues to take within a difficult climate. And you’ll find further evidence of that sentiment throughout this issue of inCOMPLIANCE®, with articles

considering the continuing evolution of the role of the compliance officer and the expanding career prospects that this presents (p.14), as well as outlining the openings available for compliance practitioners to step beyond their day jobs and “give back” to the wider compliance community (p.18).

As the challenges facing compliance become increasingly diverse and demanding, the profession must continue to raise its game, upskill and develop new tools to meet current and future needs. A positive outlook will be essential to achieving this.

.

A positive outlookJames Thomas

Editor

inCOMPLIANCE®3

ICA Certificate Workshops in Anti-Corruption and Combating the Financing of TerrorismWe are offering you the chance to attend a free one-off workshop when enrolling on one of our new certificate programmes: ICA Certificate in Anti-Corruption or ICA Certificate in Combating the Financing of Terrorism.

These new certificates will only be available online, so this is a fantastic opportunity to take part in a face-to-face workshop, gain the full certificate in either Anti-Corruption or Combating the Financing of Terrorism and all with the added benefit of gaining CPD points.

The workshops for both certificates will take place on the 28th March 2017.

Further discounts are also available should you wish to attend both a certificate workshop and ICA’s 9th Annual Conference: Making a Difference the following day.

For further information on these events please visit www.int-comp.org/certificate-workshops

ICAA500

inCOMPLIANCE®4

inCOMPLIANCE®5

Contents

3 Editor’s commentWithin challenging times, opportunities may present

themselves for compliance professionals to add value, writes James Thomas

6 Message from Phil / ICA News A roundup of the latest news

and events from the ICA

10Industry News A summary of recent developments affecting

Financial Crime Prevention, GRC, AML and CDD professionals

12Career CornerMorgan McKinley's specialist compliance team

take a look back at the hot areas of compliance recruitment the UK in 2016, whilst offering their predictions on compliance hiring in 2017

14Career CornerChris Field considers how the role of the compliance

officer has developed and how this affects the career progression of both the existing compliance community and of those interested in becoming a compliance practitioner

30Culture and ConductDavid Jackman outlines

the importance of good, independent judgement in decision-making

32Skills Salima Nanji considers the role and

responsibilities of the CF10

16Compliance: Making a difference

James Thomas previews the forthcoming ICA Annual Conference

18Community mattersThere are opportunities

for personal and professional growth through giving back to the compliance community, as James Thomas reports

20Coming to the surface One year on from their

release, Vladimir Berezansky considers the impact of the Panama Papers

REGULAR FEATURES IN THIS ISSUE

PAGE 20

PAGE 32

24 Coming into focus Matt Timmons and

Keily Blair consider the emergence and evolution of corporate disclosure requirements under the 4MLD

27In my honest opinionKaluwa Maitre-

Avril takes a frank look at client onboarding procedures

34 A basic means of survivalIn the midst of

the ongoing refugee crisis, Deepa Chandrasekhar considers the imperative to facilitate remittance frameworks in fragile states

36An ongoing struggleWith perceived levels of

bribery and corruption on the increase, Ruth Hutchinson reports from the launch of Transparency International’s 2016 Global Corruption Perceptions Index

38 Dirty money seeping through banks

Banks have largely ignored IP theft. However, they may be facilitating their clients’ insidious commercial transactions, opening up a dragnet for themselves, warns Rohan Bedi

41 Rotten to the core?In the wake of the Wells

Fargo fake accounts scandal numerous questions remain to be answered about the role of governance, risk management and compliance at the bank, writes Richard Griffith

inCOMPLIANCE®4

inCOMPLIANCE®5

Have you thought about writing an article for inCOMPLIANCE®?Writing an article is a great opportunity to raise your profile within ICA and present a topic of relevance to your fellow members. Writing an article on anti-money laundering, compliance, financial crime or associated disciplines will also earn you valuable CPD!

Visit tinyurl.com/jvbu58r and download our document on Article writing tips and Blogging Best Practice to enhance your skills in this area and learn about structure, themes and writing style.

Please note: you don’t have to be an ICA Member to register your interest in submitting.

If you are interested in writing an article for inCOMPLIANCE®, email us at: membership@int-comp.org and remember to include your full name and your topic of interest.

PAGE 24

PAGE 41

inCOMPLIANCE®7

Since the last issue of inCOMPLIANCE® we have had an exciting time at ICA as we launched our 2017 roadshow of member events, running a total of 11 hot topic briefing sessions, each attended by 30 – 70 members (plus a handful of guests).

As a professional membership body there is nothing more rewarding than meeting, exchanging views with, and inspiring and educating our members. If you didn’t manage to attend at least one of those events then please keep an eye on the website for an announcement of our next set of dates. The feedback we received – particularly for our keynote speakers – was overwhelmingly positive.

We also took the opportunity to show members a “hands-on” demonstration of the new CPD centre and member benefits, which was well-received.

However, the biggest events in the ICA calendar are still to come!

Elsewhere in this edition you will find information about our all-important Annual Members’ Assembly, 9th Annual Conference and our first ever Fellows’ dinner; all staged at the end of March. Each of these events gives you the opportunity to understand and shape the future of your association, so do please come along and have your say.

I look forward to saying hello to you at one of the many upcoming events.

inCOMPLIANCE®6

A Note from PhilPhil Ryan ICA CEO

Malaysia briefing session reviewOn 12 January 2017 ICA held a briefing session hosted by our partners in Malaysia, the Asian Institute of Chartered Bankers. The event started with a presentation from the Chairman of Malaysia's Compliance Officers Networking Group (CONG), Mr V. Maslamani (who also sits on the ICA International Board), entitled “Compliance 2.0”. The presentation looked at the new compliance regime in Malaysia following the implementation of Bank Negara's (BNM) Compliance Paper, which became effective 1 January 2017.

ICA's Regional Director, Andrew Glover, then looked at the current state of regulation across the globe, specifically in Malaysia, noting in particular the new BNM requirements on firms to provide "accredited training" to all appropriate staff. Andrew also took the opportunity to run through the current programmes offered in Malaysia, as well as to introduce some new "short courses" including the various ICA Specialist Certificates.

Best wishes

Phil

inCOMPLIANCE®7

NEWS FROM THE ICA

ICA annual events in MarchDon’t forget to register for the ICA events taking place on the 28-29 March 2017. More information about all of the events is available on the ICA website where you can register online.

Cumplen ConferencePhil Ryan, ICA CEO, was a keynote speaker at the Annual CUMPLEN conference in Madrid and spoke about the evolution of the compliance professional in the Anglo-Saxon world. Feedback was very positive and a lot of questions centred on ICA’s global overview of how compliance is changing, in different jurisdictions, from a legally-dominated discipline with a rules-based focus into a principles-based, forward-looking practice, which is now establishing itself as a first career in its own right.

Singapore briefing event reviewICA held a briefing event on 17 January 2017 in front of a packed auditorium of 306 attendees. The event started with a presentation from the Director of Workforce Singapore, Mr Kenneth Wong, to launch the Professional Conversion Programme, a new initiative aimed at building skilled workers in the financial services industry. ICTA is proud to have signed the Letter of Appointment and is the only provider of structured training for compliance professionals in Singapore.

Andrew Glover, ICA Regional Director, then took to the stage and discussed the current programmes that are offered in Singapore, as well as introducing our new “Ethics, Rules and Regulations CPD courses for Financial Advisor Representatives”.

inCOMPLIANCE®

8inCOMPLIANCE®

9

NEWS FROM THE ICA

February was a very busy month for the ICA team as we took to the road around the UK crown dependencies and Bahrain to meet our members and prospective students.

The Hot Topic Networking events are free of charge and allow you, our members, to come along and listen to a relevant topic and network with your fellow members. We were very grateful to our colleagues Jonathan Bowdler, Andy Clarke and Pekka Dare from ICT who delivered the sessions. These included:

• Illicit enrichment – the UK response

• How do you build a compliance culture?

• Practical challenges in implementing sanctions controls

ICA Chief Executive, Phil Ryan, and Senior Membership Manager, Tom Perry, attended the events to talk about ICA member benefits, including a demonstration of the CPD Centre. The sessions encouraged member participation and the ICA team were certainly kept busy with interesting questions and ideas for future events.

Our first event in Bahrain was particularly well-attended, with lots of member engagement increasing the planned session time to over two hours, keeping Jonathan Bowdler on his toes!

For those of you who were unable to attend the sessions, all of the topics were recorded and will be available in the CPD Centre. The slides from the event will also be available through the ICA News area on the ICA Website.

The next events will be taking place in September and we hope to see you there. Keep checking the ICA website for details.

Following the Hot Topic events, we held our Open Day events for prospective students who wish to embark on an ICA Qualification. Tutors were again on hand to discuss the qualifications, and ICA staff were there to explain the new membership requirements and the benefits associated with joining our Professional Community.

We hope you enjoy looking at the photos and please let us have your feedback on these events or ideas for future ones at marketing@int-comp.org.

I was pleased to see a verygood turnout. Great topical information and fantastic opportunity to meetothers in the community

LARA BULLOCK

This was a very topical and useful event timed to fit in with a busy work schedule. I would not hesitate to recommend attending a similar event

MICHELE DOREY

inCOMPLIANCE®9

NEWS FROM THE ICA

I've been in the compliance role for 18 months and the compliance culture has always been the one thing that almost seemed fictional. It was great to listen to my fellow members and the presenter about creating a good compliance culture and I came away with lots of useful information, which I will be looking to implement in my workplace

The ICA qualifications and events add real value to my working life, challenging my views and enforcing critical thinking that can be employed in my day to day role

CHRIS MORTON

Jonathan always delivers a very lively, engaging and enthusiastic lecture

This was an excellent presentation. Please could we have more of this?

inCOMPLIANCE®10

INDUSTRY NEWS

Mossack Fonseca partners arrested in connection with Odebrecht scandalThe founders of Mossack Fonseca – the law firm at the centre of the Panama Papers leak (see further, p.20) – have been arrested on charges of money laundering, following a raid by Panamanian prosecutors. Jürgen Mossack and Ramón Fonseca stand accused of establishing offshore accounts that allowed Brazilian engineering company Odebrecht to funnel bribes to various countries.

According to Panama’s Attorney General, Kenia Porcell, the raid yielded information that "allegedly identifies the Panamanian firm as a criminal organisation that is dedicated to hiding assets or money from suspicious origins."

Odebrecht sits at the centre of a corruption scandal that has implicated political leaders from across the region and last year the company signed the largest anticorruption settlement in history after admitting to bribing officials in more than a dozen countries to the tune of $800m in order to obtain government contracts. The settlement has sparked a wave of further investigations across the region.

Industry News

Big banks face prosecution for RAND manipulation Seventeen international banks – including JPMorgan, Bank of America Merrill Lynch, HSBC, Credit Suisse and Barclays – are facing prosecution in connection with RAND manipulation, after South Africa’s Competition Commission referred a collusion case to the coutntry's Competition Tribunal. The referral is the culmination of an investigation that began in April 2015.

The Commission found that, from at least 2007, the banks used chatrooms to "collude on prices for bids, offers and bid-offer spreads for spot trades in relation to currency trading" and "manipulated the price of bids and offers through agreements to refrain from trading and creating fictitious bids and offers at particular times".

The Commission is calling for the imposition of penalties of up to 10% of annual turnover.

inCOMPLIANCE®11

INDUSTRY NEWS

US: AML framework “of limited benefit”“Many if not most of the resources devoted to AML/CFT by the financial sector have limited law enforcement or national security benefit, and in some cases cause collateral damage to other vital US interests,” according to a report published by The Clearing House. The report summarised the findings of around 60 experts, including senior former and current law enforcement, national security, bank regulatory and domestic policy officials; leaders of prominent think tanks; consultants and lawyers practicing in the field; FinTech CEOs; and the heads of AML/CFT at multiple major financial institutions.

Amongst the key strategic problems identified, the report cites the absence of prioritisation, the absence of an overarching purpose, and the outdated SARs regime. Operational problems include: counterproductive examination standards and processes, significant barriers to information sharing, and inefficiencies, such as multiple firms conducting due diligence on the same customers. Proposals for reform include:

• Better co-ordination of AML/CFT policy across the government, with the Department of Treasury taking a more prominent role

• FinCEN should reclaim sole supervisory responsibility for large, multinational financial institutions

• FinCEN should propose a safe harbour rule allowing FIs to innovate in a Financial Intelligence Unit (FIU) “sandbox”

• Policymakers should further facilitate the flow of raw data from financial institutions to law enforcement to assist with the modernisation of the current AML/CFT technological paradigm.

Wells Fargo cuts bonuses as more customers are implicated in scandalWells Fargo has announced that it will withhold bonuses from its senior executives, following the fallout from the fake accounts scandal. Eight senior executives – including President and Chief Executive Officer, Tim Sloan, Chief Financial Officer, John Shrewsberry, and Chief Risk Officer, Michael Loughlin – will lose their 2016 bonuses, while the bank will also reduce their long-term performance share payouts by up to 50%. In total, the cuts amount to $32m.

In a statement from the bank, Chairman Stephen Sanger said that the measures did not relate to findings of improper behaviour but “are part of the board’s ongoing efforts to promote accountability and ensure Wells Fargo puts customer interests first”.

Meanwhile, the bank revealed in its annual 10-K regulatory filing that more customers than previously believed may have been affected by the accounts scandal. According to CNBC, the bank reported that there could be "an increase in the identified number of potentially impacted customers".

inCOMPLIANCE®11

JPMorgan urges regulatory cutbacksThe CFO of JPMorgan, Marianne Lake, is urging the Trump administration to move ahead with the removal of regulations imposed on big banks in the wake of the financial crisis. During a presentation to investors, she suggested that: “A lot has been done to improve safety and soundness and confidence in financial markets and financial institutions, a lot of which was necessary. However, it is perfectly reasonable and rational — and also normal — after many years, and many new rules and requirements, to pause and step back and take a look at the entirety of them, individually and together." She added that: “The industry has come an extremely long way, and the time does feel right to provide more consistency and flexibility.” President Trump has pledged to cut back significantly on regulation, with the Dodd Frank Act under particular scrutiny.

inCOMPLIANCE®

12

CAREER CORNER

KYCThe KYC market across 2016 was very inconsistent compared with previous years. The year started off with a flourish with one of the world’s most established financial services firms hiring in excess of 40 contractors. This was to be the biggest mass hire of the last 12 months. Interestingly, challenger banks within the City and regionally hired around 10-30 contractors throughout the year. The market also took a slight downturn due to firms near or off-shoring their KYC functions to cheaper locations, such as Bournemouth, Belfast, Moscow, Poland and India.

Control roomHiring within the control room remained steady throughout 2016. On the permanent side, hiring focused on candidates at both the AVP and VP level. At the AVP level, candidates with good experience within control room surveillance topics were in demand. Hiring at the VP level focussed on candidates with previous experience of managing members within a team and previous experience within the private side has proved beneficial. At the AVP/VP level the control room market has been candidate short and as such multiple roles can be presented to candidates with typical salary increases of 15-20% being on offer.

RegulatoryConsistent with the pattern of recent years, regulation and regulatory change was top of the agenda for compliance recruitment in 2016. In the permanent market, the focus was on hiring individuals at the senior VP level who have expert knowledge of policies. In particular, candidates with good knowledge of MiFID II were in demand due to the need to ensure that the necessary resources are in place in time for its implementation in January 2018.

Similar trends were witnessed across the contracting market. The first half of the year saw increased hiring across MiFID II, the Market Abuse Regulation (MAR) and Senior Managers Regime (SMR) due to their upcoming implementation. Hiring slowed towards the second half of the year as firms were looking to transition these people from temporary to permanent positions

in order to cut costs. Typical rates within this area ranged from £700 - £1,000 per day.

SurveillanceWith the MAR coming into effect across the EU in July 2016, the world of surveillance was very busy, particularly in H1 2016. Most banking clients were looking for individuals with excellent product knowledge, especially in the equities, fixed income, money markets and FX businesses. Not only did we see a big uptake in core product surveillance roles, we also experienced more demand for those individuals with lexicon and voice surveillance experience. A number of larger banks were seeking to improve systems and develop bespoke lexicons to ensure that they were reporting accurately on all instances of market abuse and impropriety. This led to more demand for quantitative and technically-minded individuals who were able to bridge the gap between IT and compliance.

MonitoringCandidates with thematic monitoring experience remain highly sought after. Individuals with audit backgrounds who have moved into a first or second line role have found the market increasingly productive with a range of opportunities available.

Financial crime complianceThe need for financial crime professionals was a consistent requirement for companies in 2016. This demand is the result of a variety of factors, including regulatory pressure and changes in legislation, as well as many firms diversifying portfolios in order to generate profits in what was a difficult year for markets.

AMLGeneral AML vacancies were the focus of mid-sized firms, as larger firms continue to split responsibilities into more specialist positions. These vacancies have largely been at the AVP/VP level and encompass sanctions, transaction monitoring and enhanced due diligence (EDD) responsibilities. Smaller companies, including challenger banks, also increased the size of their AML teams as

Looking back, looking forward

Morgan McKinley’s specialist compliance team take a look back at the hot areas of compliance recruitment in the UK in 2016, whilst

offering their predictions on compliance hiring in 2017

CAREER CORNER

they continue to gain traction and generate business from more household names. For permanent opportunities salaries range from £50,000 - £75,000 for AVP Level and £75,000 - £120,000 for VP Level. The equivalent contract roles will pay £250 - £350 per day (AVP) and £350 - £500 per day (VP).

SanctionsSanctions-related roles, including screening and advisory, were heavily recruited for in 2016, with the majority of vacancies coming from global investment banks. As these firms have a global footprint and large volumes of “high risk” clients who may do some business or may be associated with SDN’s or specific jurisdictions, the need for screening SWIFT payments for potential hits has become essential in order to reduce the susceptibility to large regulatory fines. Because of this, risk assessment skills are essential to these roles as judgment calls need to be made on each transaction

EDDMuch like generalist AML positions, EDD roles have remained consistent. However, in 2016 the skillset required has changed. There is now a heavy emphasis on investigative ability such as those from a governmental

agency (i.e. SOCA or the NCA). Performing in depth risk assessments on PEPs, sanctions, ABC or CTF issues requires more than just a KYC analyst. A financial Intelligence and even journalistic background with financial services is advantageous.

As a team, we see 2017 continuing in the same way that 2016 left off, with a continuous hiring stream in the AML/financial crime space and also a steep increase in regulatory hiring, particularly within GDPR & MiFID II projects.

If you wish to see more market updates, salary surveys, regulatory blogs or have any recruitment-related questions or needs, please contact the compliance team at Morgan McKinley.

Morgan McKinley is a global recruitment firm which was established in 1988. The Group employs more than 800 people across Australia, China, France, Hong Kong, Ireland, Japan, Singapore, the United Arab Emirates, and the United Kingdom. The core business recruits professionals in the following specialist disciplines: Tax, Projects and Change, IT PMO, IT Data & Applications, IT Development, Core Finance, Senior Finance, Specialist Finance, Risk, Compliance, Sales & Marketing and Office Support (and Engineering in Ireland).

inCOMPLIANCE®

14inCOMPLIANCE®

15

I have been recruiting within compliance for over five years and have witnessed significant changes in the industry

in that time alone. One thing is for certain: the demand for good regulatory professionals continues to grow.

Whether you are interested in getting into your first compliance position, are an experienced compliance practitioner looking to further your career, or are taking on an ICA qualification, this article should provide some insight into what employers are looking for and how you may want to target opportunities.

Choosing complianceI have spoken with a wide range of compliance professionals, from both a candidate and client perspective. All have different personalities and approaches to regulatory and business standards, usually dependent on their sector. However, they all have broadly similar goals in mind, namely, “the customer”, and keeping the company they work for trading compliantly.

We have all heard the out-dated term “business prevention unit”. I met recently with a CFO who used this term, and suggested that compliance is "a bit like drawing the short straw and having added responsibilities, plus it’s an expensive resource for something we can do ourselves”. This got me thinking: although the term may have been used light-heartedly, does the profession still have this stigma?

I have first hand experience of the fact that compliance used to be a back-office function. I am sure most of you have also experienced this for yourselves. Some of you may also have colleagues

who were moved into compliance from other business areas rather than being made redundant. On the one hand, it is great that companies aren’t making redundancies! On the other, such practices raise the question of whether regulatory requirements are truly being understood and met by everyone in the team.

From a recruitment perspective (and I am aiming this at the junior to mid-level) it is important for us as recruiters to find professionals who choose to be in compliance, rather than those who may have had their hand forced. Likewise it is important for companies to ensure that the right people are in these areas. After all, the FCA expects suitable and robust policies and procedures to be embedded into businesses, which includes advising the business and boards on emerging regulation, identifying operational training needs, and shaping the right culture. Unless you truly understand and buy into compliance from the start, getting the right message across, whilst building and maintaining trust within the business, is easier said than done.

However, I have seen a positive change. I do believe that employers are taking regulatory requirements more seriously. For example, I have noticed a growth in companies hiring to increase team sizes and, broadly speaking, compliance teams are not getting smaller. Moreover, these days we have chief compliance officers / compliance directors sitting on boards and reporting to the chief exec. Indeed, recruiting a credible compliance leader is high on the agenda for start-ups or companies expanding into other markets.

Going back to my meeting with the

CFO, although their remark about the “business prevention unit” may have been a passing comment, they did eventually point out that managing and adhering to FCA requirements is a full time job in itself and, actually, if they are to trade with customers, retail or institutional, they need to show that they value regulations enough to have a dedicated compliance officer on site.

We’ve come a long waySomeone once said to me that: “a good compliance department will always be there. They’ll have good systems and controls in place no matter what regulatory changes occur”. But I do wonder if this was the case 15 years ago.

I took the liberty of speaking to a number of experienced professionals who were around before the FSA/FCA was formed. Back then compliance didn’t necessarily have a voice. Instead, it was down to a responsible “compliance officer” trying to convince their colleagues that they ought to conduct business in a certain way because it was the right thing to do.

Thankfully things are very different now. The FCA has positively impacted our industry by introducing the likes of TCF, which led to conduct risk, which got some companies thinking about the associated reputational risks to their business, all of which have influenced companies to roll these focus areas out internally, in turn driving recruitment needs for industry specialists.

For example the industry currently needs specialists in financial promotions, data protection and records/information management, and financial crime. In fact, apart

CAREER CORNERCAREER CORNER

EvolutionChris Fields considers how the role of the compliance officer has developed and how this affects the career progression of both

current and future compliance practitioners

ICA Fellows’ Dinner

28 March 2017 | Pullman | St Pancras | London

We are delighted to invite all ICA Fellows to our inaugural Fellow’s Dinner. We would like to hear the views of our longest serving members as to how we, as a professional body, can support our members more successfully.

We'd love to get your views on the future development and strategies of the Association, as well as provide you with a great opportunity to network with other Fellows.

As senior practitioners within the industry, we truly value your contribution and we hope you can join us.

There is no charge to attend this event and places are allocated on a first come, first served basis.

inCOMPLIANCE®15

from that the latter, some of these have been flying under the radar until now, but with the General Data Protection Regulation (GDPR) coming into force, the need for these professionals is coming ever more into focus, which we expect will drive salaries up.

Most recently, the senior managers regime (SMR) and the senior insurance managers regime (SIMR) have been in the spotlight. A number of compliance leaders I have spoken with believe that mentalities are changing, which is making their job easier, and truly making the compliance profession a “business partnering role” (I am generalising somewhat as this does already exist in some companies).

The value of qualificationsSo how does all of this link recruitment? We’ve already touched on certain directives shaping key areas that you may want to pursue: GDPR, the Fourth Money Laundering Directive, marketing, and SMR (for the more experienced readers). But ultimately it comes down to looking where you’ll be most needed and actually doing what you enjoy,

which will play to your strengths and skills. I have seen candidates shape very successful careers out of a single compliance discipline, such as financial promotions. I appreciate that everyone will have different paths, but the fundamentals remain the same.

It doesn’t matter how experienced you are, recruiters and employers still look for relevant professional qualifications, as well as how consistent your experience is. And as far as the ICA’s position and recognition within the industry is concerned, most compliance professionals I speak to know, have heard, or – better still – have an ICA qualification. This supports my earlier comment on having true compliance professionals in your team.

One of the topics that often comes up when I’m talking to a hiring manager is exactly this: “It’s not essential, but if they have a professional qualification then even better”. Subconsciously, seeing those three letters next to your name makes a difference.

Remain current and sharpMy advice to you is to attend regulatory

events and meetings, to remain current and sharp with industry topics. Understand what your peers are doing and what their thoughts are. Make sure that you can evidence that you are looking at regulatory developments and news outside of work. An ICA qualification is the best way to do this.

The most respected compliance leaders I know do this and have openly said that this is what they look for when they are hiring.

As a final thought, what you do doesn’t need to be “business as usual” all of the time. Be innovative. Stand out for doing the simple things well. That, with the right approach to educating the company you work for about compliance, will make you stand out and will ultimately progress your career.

Chris Fields manages senior compliance appointments for Broadgate Search. contact him on

Chris.Fields@broadgatesearch.com

CAREER CORNERCAREER CORNER

ICA Fellows’ Dinner

28 March 2017 | Pullman | St Pancras | London

We are delighted to invite all ICA Fellows to our inaugural Fellow’s Dinner. We would like to hear the views of our longest serving members as to how we, as a professional body, can support our members more successfully.

We'd love to get your views on the future development and strategies of the Association, as well as provide you with a great opportunity to network with other Fellows.

As senior practitioners within the industry, we truly value your contribution and we hope you can join us.

There is no charge to attend this event and places are allocated on a first come, first served basis.

inCOMPLIANCE®

16

ICA ANNUAL CONFERENCE

Compliance: Making a difference

James Thomas previews the forthcoming ICA Annual Conference

In the face of a relentless stream of “bad news” stories it is important to remember the essential contribution that compliance professionals make towards their firms’

success, to emphasise the value of this contribution within today’s challenging business climate, and to acknowledge the benefits of compliance to wider society. Compliance is as significant as it has ever been, not only for the avoidance of regulatory and reputational penalties but, increasingly, for leveraging positive business opportunities.

Today, compliance professionals don’t simply manage regulatory risk; they contribute to the wider strategic goals of a firm. With that in mind, the theme of the ICA’s 9th annual conference is “Making a Difference”. The conference will focus on the truly positive aspects of compliance: the ongoing opportunities for the compliance function to influence key stakeholders and outcomes in order to drive businesses forward.

Moreover, the event will not only highlight the contribution of senior compliance practitioners towards strategic decision-making in firms; it will also emphasise the potential for practitioners at all levels to have a positive impact on both business cultures and outcomes.

In the morning session, delegates will hear the perspectives of compliance thought leaders (see Conference highlights), while the afternoon will feature a series of optional practical workshops focused on the development of useful soft skills, including guidance on running teams and on building your professional profile.

The conference offers an excellent opportunity to learn, share experience with colleagues, celebrate how far the profession has come, and uncover new ideas for its continuing development. We hope to see you there!

The conference will take place on Wednesday 29 March 2017, Pullman, St Pancras, London, 09:00 - 13:00. Additional afternoon workshops will take place until 15:30.

Attending the ICA Annual Conference is worth 6 CPD points.

For further details, and to reserve your place, go to: http://www.int-comp.org/events/ica-events/ica-annual-conference/

Conference highlights• In his keynote address, Richard Bistrong CEO, Front-

line Anti-Bribery LLC and Former FCPA Violator & FBI/UK Cooperator, will outline the importance of, and approaches to, Demonstrating the real value of effective compliance.

• Kyril Farbman, European Compliance Director, McDonald's, Rowland Jack, Founder, I Trust Sport, and Tim Glasby, Compliance Manager and MLRO, Europe at Travelers, will provide diverse multi-sector perspectives on Making a difference through compliance.

• Former Olympus CEO turned whistleblower, Michael Woodford, will offer key insights into corporate governance, fraud and whistleblowing, drawn from his experience in bringing to light the £1bn Olympus scandal.

• Talent, targets and reducing corruption: a discussion about how the people make the difference (speaker TBC)

Join the conversation on Twitter #ICAconf

How do we as regulatory and financial crime compliance professionals make a dierence?

At this year’s ICA Annual Conference we will be focusing on the truly positive aspects of compliance: the ongoing opportunities for the compliance function to influence key stakeholders and outcomes in order to drive businesses forward.

Today, compliance professionals don't simply manage regulatory risk: they also contribute to the wider strategic goals of a firm.

For further information on speakers and topics of discussion, and to book your place, please visit www.int-comp.org/annual-conference

How do we as regulatory and financial crime compliance professionals make a dierence?

At this year’s ICA Annual Conference we will be focusing on the truly positive aspects of compliance: the ongoing opportunities for the compliance function to influence key stakeholders and outcomes in order to drive businesses forward.

Today, compliance professionals don't simply manage regulatory risk: they also contribute to the wider strategic goals of a firm.

For further information on speakers and topics of discussion, and to book your place, please visit www.int-comp.org/annual-conference

inCOMPLIANCE®

18inCOMPLIANCE®

19

GIVING BACK

Compliance has grown considerably as a profession in recent years, both in terms of numbers employed and in profile. This owes much to advances in standards

and competences. However, a further factor has been the development and expansion of a community of compliance professionals. Generating and sustaining such a community relies upon individuals “giving back” in one way or another.

I spoke with four ICA Fellows to discover how they have given back and what this has brought them in terms of personal and professional benefits. I also asked them how individuals can support the continuing growth of the profession, and why this remains as important as ever.

Personal and professional developmentGiving back may take several forms (see Box) and, similarly, the underlying motivations (and the resulting rewards) can be diverse. Fereda Sands explains how she first got involved in activities outside of her “day job”. “One of my former bosses encouraged me to start giving back and I’ve been doing so ever since,” she recalls. “It’s important for me as a compliance professional to try to gain some exposure for the profession as a whole. I also want to highlight that the Caribbean region has done so much to ensure that its financial services industry is up to par. But on a purely personal level, when you give back the professional networking and exposure that you get is invaluable. You can’t put a dollar figure on it.”

Barbara Neiger describes the motivation behind her work as “intrinsic”. “Ever since I started my university studies after high school I wanted to write a book and to teach from that textbook,” she explains. “What keeps me motivated now is the reward you get back from the students. I currently supervise three masters students and the ideas they have, and their passion and enthusiasm, untainted by experience, is extremely rewarding. Moreover, the questions that you get asked are completely different: they challenge me, and force me to think in a generic and systemic way.”

As well fulfilling this long-held personal ambition, her contribution towards the growth of the profession through writing, teaching, speaking at conferences and developing international standards has, naturally, also resulted in business opportunities. “I work as an independent consultant, so reputation is important to me. Speaking at conferences

and developing international standards not only gives back to the community but has also helped to reaffirm my reputation, and from that strong reputation further opportunities arise through meeting new people and networking,” she adds.

For Dean Rowan, the motivation is a similar mix of the professional and the personal. “Dealing with the multifaceted and often unrelated issues I encounter in my various capacities has helped to broaden my thinking and allowed me to solve problems in quite unique and new ways,” he explains. “More particularly it has helped me to build relationships at the most senior levels, and gets me in a position to have a voice that actually gets heard.”

Pro bono work also offers him a great sense of personal satisfaction. An example of this is the voluntary work he has undertaken in Ethiopia, working with various government ministries towards elevating the skills and competences within the Ethiopian financial services market and bringing these in line with international best practice standards. “I wrote a 22-page road map which was presented in Parliament,” he explains, “and I’m now working with the Vice Governor of the central bank and the State Minister to pull together a detailed plan. Fundamentally I am trying to assist the country, and that’s very rewarding. My suggestion to all professionals is that stepping beyond your day-to-day responsibilities and moving into a capacity where you can share your skill and experience is not only personally gratifying, it brings value to the next generation of professionals. My goal is to make a genuine difference.”

Supporting future generationsFundamentally, “giving back” in this way is key to the current and future health of the compliance profession as a whole.

In 2016, Marios Skandalis became the first ever compliance professional to be named Banker of the Year – Cyprus, by Acquisition International (UK). “It is actually a pleasant breakthrough for a compliance professional to have won this award,” he explains, “as it rightly positions the compliance function where it stands today and that is within the top category of business functions and sectors of the professional community.”

The award came as the culmination of a three-year programme aimed at transforming the culture at Bank of Cyprus, and within the financial sector in Cyprus more generally, towards a culture of values. Independent recognition

Community matters There are many opportunities for personal and professional growth through giving back to the compliance community,

as James Thomas reports

inCOMPLIANCE®19

of his efforts provides not only a standard for others in the community to aspire to, but also a legacy for future generations of compliance professionals to pick up and build upon. Indeed, as Mr Skandalis says: “Cultural transformation itself doesn’t have an end. It’s an open-ended objective. You must always make sure you take steps forward, but there is no final destination, because in order to maintain this level of culture and values embedded in staff members you need to constantly keep awareness levels high and remind people that the institutional governance is not based merely on rigid policy frameworks or procedural frameworks but rather on values.”

Similarly, Ms Neiger’s contribution is strongly focused on supporting the next generation of professionals, and imparting upon them the skills and knowledge to carry compliance forward. She teaches two Masters-level classes at Lauder Business School. “Teaching is perhaps not what one might immediately think of as ‘giving back’ to the community,” she suggests, “but it is one of the most effective ways in which you can shape awareness, instead of always doing so through scandals and media reports. For this part of my career I want to assist the next generation of managers to perform and to lead legally-compliant teams for the benefit of all stakeholders.”

A further way in which giving back can safeguard the future of the profession is through the creation of support structures that allow professionals to share experience and knowledge on an ongoing basis without fear of negative consequences. As Ms Sands explains: “I got involved with the CRCA because I think as a region we need to stay together, not least because we get so much more done when working together as colleagues, as opposed to competing against each other.” Mr Rowan agrees that associations and voluntary organisations can offer valuable “safe spaces” for knowledge exchange and collaborative work. “The Bahrain Compliance and Anti-Money Laundering group provides a good forum for networking as well as a very safe environment for talking with your colleagues in a non-competitive manner to share how you’re doing with common issues,” he says.

How can I get involved?So what steps should you take if you want to get involved in giving back? “First of all, join your local association,” says Ms Sands. “Then you can volunteer on one of the committees, to participate, or to speak at an event. There are many options and, depending on how many hours you have to commit to it, we can find a place for you.”

At a time when compliance professionals are busier than ever, some may be discouraged from taking on extracurricular responsibilities. The message, however, is that while giving back may not work for everyone, with an organised approach such activities can be a positive complement to your day-to-day work. “It depends on your own capacity to take on challenges, and yes there is a risk that you can spread yourself too thin,” says Mr Rowan. “However, I have a group of like-minded professionals who care about doing something important. They sit around me and support me and provide assistance.”

For Ms Neiger, “it’s really a question of what you’re passionate about”. As a self-employed individual, the key for her has been to stay organised and to maximise the use of her time by outsourcing any functions that are not within her core competence. “I know

exactly what I do not want and I will say ‘no’ to certain things if I’m asked to them. It’s a question of time consumption,” she says. “And remain focused by doing one thing after the other – multitasking is time consuming.” She also suggests that individuals concerned about the time commitment should “start at a small scale” for example through giving external guest lectures on your core experience. “Start small,” she says, “but start.”

If you have been involved in "giving back" and would like to share your experience, contact: jthomas284@btinternet.com

GIVING BACK

BOX: Different approaches

Barbara Neiger is a Consultant and founder of neiger.C adisory e.U. She is a Lecturer in Corporate Governance and Corporate Compliance Practice at the Lauder Business School and Managing Partner and Co-Founder of IACRG Services GmbH. She is

Co-author of ISO 37001 Anti-bribery management systems and ISO 19600 Compliance management systems. She is a regular speaker at international conferences and is a member of the Austrian Compliance Association.

Dean Rowan is Chief Risk and Compliance Officer for an Investment Bank and Chairman of the Bahrain Compliance and AML Officers. He is Regional Director of The Professional Risk Managers International Association (PRMIA), which is the ICA equivalent in the

risk world, and an Advisory Board Member for the ICA. He is also an Advisory Board Member for two Bahrain Universities (Ahlia University and PolyTechnic University). He is a frequent professional speaker, market commentator and author, and undertakes pro bono work in Central East Africa.

Fareda Sands is Vice President, Compliance Department at Credit Suisse, and is currently President of the Bahamas Association of Compliance Officers (BACO) and a Director of the Caribbean Regional Compliance Association (CRCA). At a domestic level,

BACO supports the compliance community in the Bahamas through organising lunches, seminars and workshops, which provide both an opportunity to learn and to network. At a regional level, the CRCA’s annual conference covers compliance issues geared specifically to the Caribbean.

Marios Skandalis is Director of Group Compliance at Bank of Cyprus. He founded, and chairs, the annual International Compliance Forum, which takes place in Cyprus with participants from all over the world. He is also the Executive Vice Chairman

of the Board of Transparency International (Cyprus), through which he co-ordinates a number of transparency and anti-corruption events and activities. He has been a keynote speaker at major European anti-financial crime forums and conferences. As Vice President of the Institute of Certified Public Accountants of Cyprus, he has founded a compliance technical committee composed of the chief compliance officers of the major corporations in Cyprus to support the compliance obligations of qualified accountants in Cyprus. He also writes for the local and international press.

THE PANAMA PAPERS

inCOMPLIANCE®

20inCOMPLIANCE®

21

“Offshore tax haven”… what a supremely evocative designation! It conjures up scenes from

1950s-era films of pre-revolutionary Cuba... delightfully rakish raconteurs flaunting opaquely-generated wealth, which they’ve stashed away in SPVs bearing innocuous names... hot jazz (“bah-bah loo!”) and chilled cocktails laced with rum and Angostura bitters... “Taxes? What taxes? All my taxes are away on holiday – ha, ha, ha!”

Recent leaks – typified by the Panama Papers of last year – have largely dispelled this romanticised view of offshore tax havens as being “intriguingly dodgy yet exclusive”. Instead, the popular attitude towards the “offshore-osphere” is currently better described as “righteously indignant and offended”. In the words of Juan Carlos Varela, President of Panama: “It is clear that the affair shined a light into the dark corners of global finance and sparked a worldwide reform agenda. Despite the unfortunate name, the Panama Papers has been good for Panama as well as for the world.”1

PrecedentsThe Panama Papers was by no means an unprecedented event. Quite the contrary; it was only the most recent in a series of similar instances in which pilfered – hacked or otherwise illicitly-removed – proprietary information with compromising and/or sensational implications was divulged to the general public and/or to interested governmental (primarily tax) authorities (see Figure 1).

In this respect, if the definition

articulated by Nassim Nicholas Taleb in “The Black Swan” (2007)2 is to be applied, the Panama Papers scandal was by no means a “black swan” event. Rather, this was an enormous grey or perhaps even white swan. Previous similar events include:• “Cablegate” (2010) – In late

November 2010, WikiLeaks began releasing classified cables that had been sent to the US State Department by 274 of its consulates, embassies, and diplomatic missions from around the world. Dating from December 1966 to February 2010, these cables contained diplomatic analyses from world leaders, and assessments by American diplomats of their host countries and officials.3

• Offshore Leaks (2013) – This disclosure could be described as a full dress rehearsal for the Panama Papers. In April 2013, an International Consortium of Investigative Journalists (ICIJ) report was released, disclosing details of 130,000 offshore accounts. It detailed the results of an ICIJ investigation based on a cache of 2.5m secret records obtained by ICIJ Director, Gerard Ryle. In producing this document, the ICIJ collaborated with journalists from around the world to produce a series of reports published in connection with the ICIJ’s “The Global Muckraker.”4

• Luxembourg Leaks or “LuxLeaks” (2014) – In November 2014, the ICIJ brought to light a financial scandal based on its investigations into confidential information on tax rulings in Luxembourg, which were organised by PricewaterhouseCoopers from

2002 to 2010 to benefit the firm’s clients. This investigation resulted in the disclosure of tax rulings for over three hundred multinational companies based in Luxembourg. The scandal attracted international attention to tax avoidance schemes in Luxembourg and elsewhere, and contributed to the implementation of measures to regulate tax avoidance schemes beneficial to multinational companies.5

• Swiss Leaks (2015) – In February 2015, the ICIJ website released “Swiss Leaks: Murky Cash Sheltered by Bank Secrecy”, detailing the results of an investigation conducted by over 130 journalists in Paris, Washington, Geneva, and in 46 other countries. The report alleged that, between November 2006 and March 2007, €180.6bn passed through HSBC accounts held in Geneva by over 100,000 clients and 20,000 offshore companies. The data for this period came from files surreptitiously removed from HSBC Private Bank in late 2008 by Hervé Falciani, a former employee, which he subsequently handed over to French authorities. The ICIJ’s “Swiss Leaks” report concluded that the bank profited from its clients’ tax evasion practices.6

Two equally vital questionsA favourite didactic question of lawyers and financial forensics professionals in explaining their methodologies is: cui bono? (i.e. to whose benefit?). But when judging the overall utility of offshore tax havens to the global economy, a second

Coming to the surface

One year on from their release, Vladimir Berezansky considers the impact of the Panama Papers

THE PANAMA PAPERS

inCOMPLIANCE®21

(sadly often ignored) question must also be considered: cui detrimento? (i.e. to whose detriment?). Neither of these questions is rhetorical, and they are equally vital to an adequate assessment of the broader significance of offshore tax havens.

One reason why offshore tax havens are ignored and/or discreetly accessed by so many “upstanding” citizens of so many Western democracies is a collective failure of logic regarding their tangible and measurable detriment to the global economy. Indeed, invoking a concept as arguably insubstantial as “detriment to the global economy” – beyond the ranks of those professionally sensitised – can be a tough slog even today, much less a decade or two ago when the problems engendered by offshore tax havens first began to fester and multiply. A major inhibiting factor in assessing the relative benefits and detriments of offshore tax havens to the global economy is the continuing absence of reliable statistics regarding the total amount of funds and/or in-kind assets that correspond to this category. Putatively sound estimates range between $21tn and $32tn7, but the implied margin of error in such estimates renders them essentially useless for any purpose other than shock value.

To be clear, offshore tax havens have entirely legitimate and beneficial business purposes. But these circumstances are often forgotten, usually as a result of collective emotional whiplash caused by careening from the “intriguingly dodgy yet exclusive”

perceptions (as parodied above) to the “righteously indignant and offended” mindset that takes hold after yet another scandal or exposé – especially on the scale of the Panama Papers – erupts via the world’s media outlets.

Low- or no-tax havens and relative national advantageTo revert briefly to basic principles: every sovereign nation has essentially complete discretion over its domestic revenue-generating infrastructure (i.e. articulating the type and rates of taxes, customs duties, administrative fees, etc that shall apply within its territorial borders and to its citizens). One of the many legitimate policy goals of a nation’s revenue-generating infrastructure is enhanced competitiveness designed to attract foreign investment.

Not surprisingly, national governments tend to shape their revenue-generating infrastructures to encourage foreign investment that is most consistent with the contours of their domestic economies. Territorially large nations with big populations tend to use their tax codes to encourage so-called foreign direct investment (FDI) in large-scale infrastructure projects, often on a jointly-managed basis in which issues such as project cost allocations, technology transfers (if relevant), and profit sharing arrangements are carefully detailed.

A geographically smaller, more remote and/or less populated country usually needs to compete for foreign investment (often as a major supplement

to its domestic revenue base) in “niche” sectors of the global economy, i.e. by emphasising its specific history, culture and geography as a tourist destination and by heavily promoting natural resources and products that might be either unique or of high value-added net worth (such as rare gems, cutting edge electronics, Swiss watches, etc).

From Watergate to 9/11During the three decades beginning approximately with the Watergate Scandal and ending quite abruptly with 9/11, Western governmental investigators, law enforcement authorities and regulators – primarily those focused on enforcing tax, banking and securities markets regulations – became increasingly aware of the trend towards “anonymising” the seed funds and the proceeds of criminal activity within the legitimate funds flows of entirely legal business and commercial activity.

During this period, the realisation that profits generated from longstanding and well-known international criminal structures – those engaged primarily in narcotrafficking, the “white slave” trade (as it was then known) and other illicit commercial activity such as smuggling – were viewed largely as a nuisance that required appropriately aggressive intervention by law enforcement and the prosecutorial power of all affected nations. The policy construct that drove Western and other national governments to take measures deemed necessary at this time could be described as not dissimilar to a

inCOMPLIANCE®

22inCOMPLIANCE®

23

farmer’s approach to weed control or a homeowner’s struggle with rodents and insects.

Compliance to the rescue!With 9/11 and related terrorist-instigated tragedies such as the 07/07 bombings in London, Western governments rapidly recalibrated their national security and law enforcement strategies. The ease with which international terrorist groups such as al-Qaeda were able to “anonymise” their funds was suddenly identified as a global security threat, and sweeping measures were demanded for addressing this threat immediately and definitively. Hence, the innocuous-sounding Watergate-era mantra “Follow the money” morphed into the increasingly invasive and sweeping (i.e. extraterritorial) policy imperatives now known as Anti-Money Laundering (AML), Know Your Client (KYC) and, most especially, Countering (or Combating) the Financing of Terrorism (CFT).

On so many different levels 9/11 was a watershed moment in world history. This includes, of course, the virtual conscription and militarisation of the middle and back offices of licensed and regulated financial institutions, and the emergence of compliance as a conceptually-distinct function and area of expertise. Indeed, it would not be a distortion to assert that compliance, in macroeconomic terms, was a demand-driven function for which there was initially no supply. Specifically, the unprecedented and fundamentally innovative regulatory obligations created by the post-9/11 esprit de guerre and imposed on major

global banks – eventually, on the entire financial services sector – created (or perhaps identified) a vacuum that needed to be filled; and it was filled by the compliance function.

Following the 9/11 call to arms, another decade was needed to achieve full articulation and deployment of financial regulatory compliance as a comprehensive array of robust internal policies and procedures designed to mitigate assessed degrees of exposure to specifically identified regulatory (and, over time, reputational and other) risks. By the time of the 2008-2009 global financial crisis, most banks, investment firms, insurance companies and other licensed financial institutions at least understood what “global best practices” required of them in their respective markets, even if meeting such exacting standards was not a fully achieved goal in specific instances.

Concentric circles of influenceLed primarily by the US and UK investigative and financial regulatory authorities, North American, Western European and mature Asian global banks, securities exchanges and capital markets undertook and fulfilled a comprehensive programme aimed at ensuring the continuity and interconnectedness of domestic financial regulatory regimes for individual nations.

Back when fundamental principles and metrics for robust compliance enforcement mechanisms were being promulgated by national legislative initiatives, international efforts such

as the Wolfsberg Group, the Financial Action Task Force (FATF / GAFI) and the Basel Accords were fostering cross-border consensus on relevant financial regulatory standards to facilitate maximum uniformity and efficiency of multinational banking and securities market activities.

It is important to understand that this process began first between and among financial services regulators and licensed financial institutions in the US, the UK, Western Europe and several mature Asian markets. The first concentric circle beyond this “inner core” consisted of the mainly contiguous large emerging market players in Latin America, Eastern Europe / Eurasia, the Middle East and Asia. Only after the gradual integration of this second concentric circle was well underway did the influence of global best practices finally reach the more far-flung jurisdictions, including many – but not all – of the offshore tax havens.

Progress towards harmonising most of the world’s major, second-tier and outlying banking and financial services markets was anything but linear or uniformly successful. To the present day, for example, FATF / GAFI continues to identify (“name and shame”) so-called “high risk and non-cooperative jurisdictions”8 and builds consensus towards full implementation of global best practices within a tolerable bandwidth of local diversity.

Not surprisingly, offshore tax havens have been among the most reluctant – even recalcitrant, at times – jurisdictions to import and implement robust financial regulatory compliance. Over time, the “pincers” of bottom-

THE PANAMA PAPERS

Figure 1: Volume of data compared to previous leaks

©Süddeutsche Zeitung, SZ.de, April 2016, reproduced with permission

inCOMPLIANCE®23

up momentum – most especially, the aggressive extraterritoriality of certain national players (primarily the US and the UK) – in combination with top-down pressures exerted by a growing array of international and continental / regional organisations – including, quite recently, the Multilateral Convention on Mutual Administrative Assistance in Tax Matters9 and its implementing mechanism, the Common Reporting Standard (CRS) – have borne tangible results throughout much of the offshore world of tax havens.

The foregoing notwithstanding, one cannot afford the luxuries of naïveté or rudimentary linear thinking. The processes of multilateral (institutional) and cross-border (bilateral national) brow-beating of a steadily diminishing number of recalcitrant offshore jurisdictions into compliance with a gradually increasing minimum threshold for qualifying as having adopted global best practices are meeting with increasingly stiff resistance. This should surprise no one. As discussed previously, there are no truly reliable – much less proven – estimates of the amount of offshore wealth that exists. Certainly this “dark matter” of our global financial universe includes enough funds to coerce key persons and institutions to forbear from cutting off the Hydra’s last head.

Eruption and aftermathThe timing of the Panama Papers scandal was quite fortuitous and possibly instrumental in focussing global public attention on the heretofore little-noticed world of offshore tax havens. Given the interplay of disparate forces eventually coalescing on the “offshore-osphere” as an object of collective concern, the overall impact of the Panama Papers might have been blunted had this scandal erupted any earlier. As considered previously, there was nothing conceptually novel or distinctive about the Panama Papers (except for the volume of data divulged).

Approaching the one-year mark of this scandal’s spectacular explosion, it seemed at first as though most of the immediate fallout would be surprisingly meagre. After the initial eruption of the offshore island’s dreaded “righteously

indignant and offended” volcano, the native population, fearing the worst, took to their boats and relocated for an indefinite period to several neighbouring inhabited islands of the “intriguingly dodgy yet exclusive” archipelago... and waited.

A few of the braver souls among the displaced population undertook occasional exploratory forays to their home island, where they found clear evidence of the volcano’s damage. Government investigators and an evidently large contingent of law firms and auditors had left unmistakeable traces of their ravages: the Prime Minister of Iceland had abruptly resigned from office; and the Presidents of Argentina and Russia as well as the Prime Ministers of Pakistan and (at the time) the UK all felt themselves compelled to issue blanket denials of illegal relationships with the devastated offshore island. In the aggregate, a ponderous amount of structural damage had occurred, to be sure; but with each succeeding visit, the recon teams were bringing gradually more encouraging reports back to the displaced population.

But just a day or two before their offshore island was to be declared once again safe to inhabit, the natives were horror-struck to learn that an even more powerful earthquake on the Brazilian mainland had wrought far more devastation than the volcano which had originally forced them from their homes.

At the time of writing, Panamanian prosecutors have arrested the founding partners of Mossack Fonseca, the firm at the centre of the Panama Papers leak. According to Kenia Porcell, Panama’s

Attorney General, the decision to arrest Ramón Fonseca Mora and Jürgen Mossack was related to the Panamanian bank regulator’s seizure of FPB Bank in connection with its alleged involvement in Latin America’s largest ever corruption investigation, Lava Jato, or “Operation Car Wash”. Lava Jato is a Brazilian bribery probe involving prosecutors in numerous jurisdictions who are investigating allegations of systematic bribery of public officials by Petrobras (Petróleo Brasileiro SA), Brazil’s state-run oil company, and Odebrecht, a Brazilian-listed engineering company (the largest of its kind in Latin America).

Regardless of where these investigations may ultimately lead, there seems little room for doubt that the Golden Age of the “offshore-osphere” has waned, and those who continue to make use of their “tax optimisation” features now have the burden of proving that their decisions are at least legal, if not perhaps entirely ethical.

Vladimir Berezansky was one of the first foreign professionals to bring Western (US, UK, EU) regulatory compliance

leadership to the Russian/CIS/CEE financial services market. He has experience in Russia/CIS and Eastern Europe, as well as Cyprus, Switzerland and in London’s financial markets. Among his specialisations, he is a recognised expert in structured offshore Russian wealth.

THE PANAMA PAPERS

1. The Miami Herald, 2 January 20172. See inCOMPLIANCE issue 27, p.193. https://en.wikipedia.org/wiki/United_States_diplomatic_cables_leak 4. https://en.wikipedia.org/wiki/Offshore_Leaks 5. https://en.wikipedia.org/wiki/Luxembourg_Leaks 6. https://en.wikipedia.org/wiki/Swiss_Leaks 7. See, e.g., https://trofire.com/2015/07/31/the-worlds-wealthy-are-hiding-

up-to-32-trillion-in-offshore-accounts- 3/8. http://www.fatf-gafi.org/publications/high-riskandnon-

cooperativejurisdictions/?hf=10&b=0&s=desc(fatf_releasedate)9. http://www.oecd.org/tax/automatic-exchange/international-framework-

for-the-crs/10. http://www.bbc.com/news/world-latin-america-38947440 and http://

www.comp-matters.com/article.php?id=173252#.WKdDO4VOK7U

inCOMPLIANCE®

24inCOMPLIANCE®

25

4MLD

Coming into focusMatt Timmons and Keily Blair consider the emergence and

evolution of corporate disclosure requirements under the 4MLD

inCOMPLIANCE®25

4MLD

As part of a sweeping tide in global regulatory and legislative reform concerning corporate transparency, the Fourth Money Laundering

Directive (4MLD) seeks to bolster corporates’ defences against tax evasion, money laundering and terrorism. By June 2017, all European Economic Area (EEA) member states must have implemented their obligations under the Directive. Although the EU advocates taking a “risk-based approach” to compliance with 4MLD, the reality is that the implementation of the Directive has far-reaching implications for financial institutions and other businesses operating across the EEA, in particular in relation to tax transparency.

4MLD applies to a wide range of entities that are deemed to be at risk of being involved in money laundering or terrorist financing (“obliged entities”). The list of obliged entities includes credit and financial institutions, auditors, external accountants and tax advisers, estate agents, certain legal professionals (when they participate in any financial or real estate transaction), trust or company service providers, providers of gambling services, and persons trading in goods to the extent that payments are made or received in cash in an amount of €10,000 or more (often referred to as “high value dealers”).

At the same time as considering country-by-country reporting (CbCr), legislative changes as a result of base erosion and profit shifting (BEPS), and the requirement to disclose tax strategy, in-house teams now face a new compliance demand, designed to complement the broader trend of disclosure regarding the way UK and global businesses are structured and governed.

UBO registers 4MLD increases both the scope and the depth of the existing anti-money laundering regime. One of its more onerous provisions is the requirement that member states implement a new Ultimate Beneficial Ownership (UBO) register to apply to all companies and LLPs (in some cases LPs and Trusts). As 4MLD is a Directive, as opposed to a Regulation, member states must enact their own domestic legislation to implement it. This will create local divergences complicating compliance for corporations with a footprint across the EEA. These businesses must now comply with up to 31 UBO registers, each with differing requirements and local nuances, such as filing and public disclosures.

To date not all member states have released legislative proposals, which will further complicate the job of in-house teams charged with compliance. For example, Luxembourg

has yet to provide concrete proposals; Spain has a newly-elected government and although legislation is promised it has not been forthcoming; and the Swedish government has promised a consultation paper to be released early in 2017. In those jurisdictions where draft or proposed legislation has been published it is clear that there are already differences emerging.

United KingdomSince April 2016, UK businesses have been required to comply with the people with significant control (PSC) regime. This required all UK companies/LLPs (whether UK- or foreign-parented) to disclose who ultimately controls and owns the business. Despite this existing requirement, a review of public filings to date would indicate that the PSC regime has not been properly understood and there is still some way to go before companies are compliant with 4MLD. A consultation on the implementation of the Directive along with proposed amendments to the PSC regime concluded on 10 November 2016.

Germany Expected implementation of 4MLD into national law will occur during the first half of 2017. The published consultation proposes that:• A 25% threshold is applied for holding of shares or voting

rights in respect of being identified as a beneficial owner• Information on beneficial ownership will be maintained on

the transparency register• Information to be provided on the register will include:

first name, surname, full date of birth, residence of the beneficial owner and the extent of interest in the entity in question

• Where information on the beneficial owner is not available from any other existing public register, the legal representative of a corporate entity is obliged to obtain information in respect of the identified beneficial owner. They are also required to update the register and confirm annually that the information on the register is correct and up to date.

The Netherlands The current proposed positions are: • There will be a public register and the information

disclosable on that register in respect of identified beneficial owners will be similar to the UK requirements

• Users will have to register online, will be charged a fee to inspect the records, and users other than specifically-designated authorities will only have access to limited beneficial owner information

• Similar to the UK, in exceptional circumstances the details of identified beneficial owners will not be disclosable Circumstances will be assessed on a case-by-case basis

• The submission of beneficial ownership information will rest with the company and beneficial owners are obliged to cooperate

• Failure to submit, late-submission or incorrect / incomplete submission of data is likely to give rise to a financial penalty and/or criminal penalties.

The implementation of the Directive has far reaching implications for financial institutions and other businesses operating across the EEA

inCOMPLIANCE®

26inCOMPLIANCE®

27

France A Government Ordinance was published on 1 December 2016 and Governmental and Ministerial Decrees are currently under discussion.

Further changes The regulatory landscape on anti-money laundering and anti-terrorist financing is constantly changing. The EU Commission has recently set out further proposed amendments to 4MLD in relation to beneficial ownership, as follows: • Beneficial ownership information of trusts is required in the

member state in which a trust is administered• Recognising a distinction between categories of legal entities

engaged in: a) the management of trusts as a business with a view to gain profit and b) other categories, for example trusts set up to preserve and set conditions on the use of family assets, charitable aims or for other purposes beneficial to the community. In respect of category b) entities, the Commission has considered that beneficial ownership information should only be made available to those demonstrating a legitimate interest

• Introducing an ownership threshold of 10%, for entities that present a specific risk of being used for money laundering and tax evasion

• Ensuring compulsory public disclosure of a limited set of information on beneficial owners of firms and legal entities engaging in profit-making activities.

The relationship between 4MLD and tax transparencyAlthough 4MLD ostensibly focuses on managing the risks faced by organisations in connection with money laundering and terrorist financing, it is clear that the disclosure requirement in relation to the beneficial ownership has a knock-on impact on tax transparency. The scope of what constitutes a crime for the purposes of 4MLD has been increased to include tax-related crimes.

The cross border exchange of information between national tax revenue and enforcement agencies (e.g. Serious Fraud Office, Companies Registries) along with real-time reporting of changes in control and ownership (both proposed under the 4MLD) will drive greater collaboration between in-house legal, corporate secretarial and tax teams. Ensuring sound governance of legal entities along with the management and integrity of legal entity data will be critical to maintain compliance. Utilising technology such as legal entity management systems and embedding the functionality these systems offer, cross-function, will be an important tool in securing a successful collaboration.

It will be necessary for internal governance and compliance to have an appreciation of tax risk across their organisations.

In-house tax teams will need to maintain consistent and accurate disclosure alongside other reporting requirements, whether that is CbCr, FATCA or Common Reporting Standard.

UBO registers and the automatic exchange of information will provide global authorities with visibility over taxpayers’ wealth and holding structures. This increased transparency is likely to lead to queries from tax authorities who are gearing up to use the unprecedented amount of information they will receive to tackle non-compliance.

HMRC certainly believes that the huge amount of information that tax transparency will provide is going to “flush out” significant levels of non-compliance. With this in mind, new legislation is being introduced under which UK taxpayers with offshore interests will have a statutory obligation to correct any tax irregularities. If they fail to do so by 30 September 2018, the penalties will be up to 200% of the tax at stake, along with a potential additional penalty based on 10% of the relevant offshore asset.

What should organisations do?Businesses and their advisers must be aware of the implementation timetable for 4MLD in their relevant jurisdictions. In order to ensure compliance with 4MLD they must:• Understand its application to legal entity structure and

control across the overall organisation• Navigate local divergences • Set up controls for ongoing compliance • Consider changes to disclosure requirements (including the

UK PSC regime).

With the cost of getting this wrong swelling both for taxpayers and service providers, compliance is more important than ever. Failure to comply with the ever-increasing list of obligations may lead to unwanted regulatory attention, potential reputational damage along with criminal and financial penalties for senior management, directors and shareholders.

Matt Timmons is a Director in the Entity Governance & Compliance team and Keily Blair is a Director in the Regulatory and Commercial Disputes team at PwC

4MLD increases both the scope and the depth of the existing anti-money laundering regime

4MLD

It will be necessary for internal governance and compliance to have an appreciation of tax risk across their organisations

inCOMPLIANCE®27

CLIENT ONBOARDING

Riddle me this:

• I attend compliance, anti-money laundering (AML), fraud and tax conferences

• I monitor financial enforcement sites and regulatory watchlists

• I subscribe to money laundering alert magazines and journals

• I am a member of a recognised compliance association or body

• I subscribe to compliance solutions providers for politically exposed persons (PEP), sanctions and adverse media screening

• My firm is well-established and provides quality services to clients

• I have extensive knowledge of know your customer (KYC) and client due diligence (CDD) documentation for onboarding new clients

• I move millions of dollars annually through the banking system.

Who am I? I have posed the above question to several AML trainees and to date only one person has come up with the correct response. If you guessed “a criminal” then you are in this select class.

Where am I going with this? Relying on a “tick-box” approach to your client onboarding process adds little value to your compliance and AML program when criminals can cleverly tailor themselves and their applications to suit your institution’s requirements. By presenting you with exactly what you want, they can gain entry into your institution with relative ease. Coupled with this is the myth that a stringent

application of the AML laws of one’s jurisdiction prevents illicit proceeds from infiltrating a financial institution (FI) or system. In applying a “tick-box” approach, how then does an FI and its compliance team readily identify and manage money laundering, terrorist financing and other compliance risks posed by a prospective client?

True storyLast year I visited a well-established FI – of which I’ve been a client for over a decade – to make a modest investment. My KYC documentation was duly updated, complete with a copy of a recent salary slip, which was supplied as requested. I also provided a utility bill, which was in my husband’s name, as were all other bills, except the one for my mobile phone, which bore a previous address. This was explained to the accounts executive who told me that my husband must provide a declaration addressed to the FI confirming that I resided with him at our address (yes, you read that right!).

Somewhat incredulous, I dismissed the suggestion as a joke and facetiously asked: “What if I don’t want my husband to know about this investment?” For me, it mattered not that he was fully aware; I questioned how such an insistence would properly manage risk. Apparently the joke was lost on the executive, who further requested that I submit a copy of his ID. Of course, I quickly sobered up and in my best professional voice said that this was onerous and unnecessary considering: 1. the FI had a copy of my marriage

certificate on file;

2. my husband had no beneficial interest in this investment;

3. I was a long-established client and known professional with no criminal history;

4. my source of funds and wealth were clearly understood and could be substantiated; and

5. I had provided them with all other KYC and CDD documentation.

The guidance of the compliance officer was sought. After being presented with my assessment of the situation, her conclusion was that they were merely “following the law”. The flustered accounts executive suggested that I should not have indicated that the address on the mobile bill was out of date (its submission would certainly have checked their box!). With that, I decided to take my business elsewhere and happily completed their suggestion sheet!

ChallengesAs a fellow compliance professional, I was compelled to think about how this situation could have turned out differently, since compliance, risk and AML professionals are facing a gargantuan amount of pressure and a myriad of challenges, the likes of which our counterparts of 8-10 years ago never confronted. Today, we are constantly plagued by threatening terms like “de-risking”, “Panama Papers”, and “FATCA”. Add to that the lack of CDD and risk assessment software; external pressures (such as the Common Reporting Standard and the EU’s Fourth Money Laundering Directive);

In my honest opinionKaluwa Maitre-Avril takes a frank look

at client onboarding procedures

inCOMPLIANCE®

28inCOMPLIANCE®

29

CLIENT ONBOARDING

Entity name: ABC LIMITEDRisk calculated by: JANE DOE Date: 2/14/17

Business activity risk

Business category Insert “Y” Letter rating Score

Regulated/licenced asset management/investing activities Y L 1

Professional consultancy services M 0

Mining/fine art/jewellery H 0

Country risk

Country category Insert "Y" Letter rating Score

Equivalent regulations/heavily regulated Y L 1

Obscure AML/CFT legislation/regulations Y M 2

Sanctions and embargoes H 0

Client risk

Client category Insert "Y" Letter rating Score

Regulated intermediary/licensed entity Y L 1

Politically exposed person H 0

Product/service risk

Products/services categories Insert "Y" Letter rating Score

Personal/corporate demand deposits/custodian services Y L 1

Reliable/eligible introducer status L 0

Trusts services/wealth planning or structuring M 0

Debit/credit cards Y H 3

Method of introduction/delivery channel risk

Method of introduction/delivery channel Insert "Y" Letter rating Score

Eligible/reliable introducer Y L 1

Existing customer or employee M 0

Walk in/unknown H 0

Transaction size risk

Estimated largest transaction amount Insert "Y" Letter rating Score

$5M and over Y H 3

Number of monthly transactions Insert "Y" Letter rating Score

1 to 10 Y L 1

Low 0-33%

Medium 34-66% Total weighting 45.27%

High 67-100% Recommended risk rating Medium

Example 1: Sample risk rating sheet

inCOMPLIANCE®29

CLIENT ONBOARDING

Example 2: Weighting breakdown

Category Weighting

Business activity risk 0.30

Client risk 0.25

Country risk 0.20

Transactions size risk 0.10

Method of introduction risk 0.05

Product and services risk 0.10

increasing compliance costs; enigmatic sanction regimes (e.g. concerning Iran); lack of integrated client data due to outdated legacy systems; over-eager and demanding business development or sales teams… the list goes on. Some, if not most, of us are fearful of incurring personal fines or, worse, jail time; incurring regulatory fines and sanctions for corporate breaches; or losing correspondent banking relationships and services. Others have turned into robots, mindlessly checking and unchecking boxes.

The question is: how does one face these challenges and fears confidently when onboarding new clients?

The answer? Apply risk management practices that add value to your role and institution, as the reality is that FIs are in business to make a profit. Construct a robust compliance risk management framework that complements and supplements your institution’s overall strategy, covering issues of regulatory compliance, internal/independent audits and compliance risk management practices, among others. From this, separate action plans can be developed to target specific areas of your overall compliance program to

include AML, KYC, CDD and suspicious activity reporting.

Develop a risk profiling process In the absence of sophisticated and expensive CDD software to perform this type of analysis, you can use simple methods if operating in a manual environment. Even now I use what I call a “Whodunnit?” list. This is a list of only five questions, which generates a simple but coherent profile of the client, its business activities, its reason for wanting your FI’s products and services, the jurisdictions it operates in or from, associated entities, principals and expected transactional activity, etc, gleaned from reviewing the client application file.

I strongly suggest you undertake this exercise no matter how manual or automated your environment is, especially if new application volumes are not significant. When completed, the “Whodunnit?” list should provide a quick snapshot of the applicant for business to isolate important risk factors, which can be fed into a risk assessment tool. Your “Whodunnit?” list should cover the following:1. Who is the client? – For example,

is it a regulated/licenced entity or a PEP? In your summary, note the sources of wealth and expected funds. What risk does this client pose (e.g. licenced FI vs realtor vs lawyer vs wine producer vs seller of precious metals and jewels vs public mutual fund etc)? Who are the principals? Are they acting as trustees or fiduciaries, or are they the true beneficial owners?

2. What are the business activities?3. What jurisdictions are involved?

– This should include jurisdictions

of residence, business, operations and expected sources of funds (e.g. Seychelles, Russia, the UK).

4. How were they introduced and/or met? – For example, was this via a well-known intermediary; a walk-in; using online searches; face-to-face meeting, etc?

5. What is the expected transactional activity and does it make commercial or business sense based on the clients, their business activities, intended purpose for the account, and/or the industry within which they operate?

Create or use a risk assessment toolYou can then feed this data into a risk assessment tool such as a risk rating spreadsheet if you are not lucky enough to have software to perform this function or do not use your legacy system’s risk assessment module for whatever reason. This sheet should score and measure specific risk factors, which can fall under the categories shown in condensed form in Example 1. Each factor is scored from 1 to 3 based on the individual risk assigned to it. Each category score should be risk weighted and aggregated to 100 (as illustrated in Example 2) to arrive at the final recommended risk rating (e.g. low, medium, high, ultra-high). You can tailor the sheet, risk factors and categories to suit your specific industry, FI, and products and services.

Remember the key is to identify, assess and manage risks posed by new clients to your institution, to make money safely, and to bar those who pose an unmanageable or significantly high risk.

Kaluwa Maitre-Avril is a CCO of a private bank and a consultant

Construct a robust compliance risk management framework that complements and supplements your institution’s overall strategy

Apply risk management practices that add value to your role and institution, as the reality is that FIs are in business to make a profit

inCOMPLIANCE®

30inCOMPLIANCE®

31

CUTLURE AND CONDUCT

Judgement is a difficult thing, as we’ve seen recently at a national level after election and referendum results have left many agonising over the quality of decision-

making and debate. Everything seems to stand and fall on the quality of many individual judgements. It is the same in compliance: decisions are key to successful and respected performance, and good decisions rest upon the quality of the underlying judgements.

The ICA’s new Code of Conduct, published late last year, emphasises the absolute importance of making quality judgements as the core of our professional “weight”, value and standing. So the Code’s first section is entitled “Judgement” and has three elements. The first, integrity, we considered last month, as this forms the overarching principles for the entire Code. This month we consider the second and third elements1, which read:

2. … protect and ensure their independence and alert senior management or regulators should this be compromised. They must understand that the integrity and effectiveness of compliance is founded on independence of thought and judgment.

3. … take difficult decisions. This requires exercising mature judgment in balancing competing priorities and conflicts of interest, interpreting “grey” areas, making fine judgements and decisions and then acting with the appropriate degree of sensitivity.

These work well together and are about the position from which we make judgements, the way in which we make judgements, and the things that we ought to take into account.

A fresh perspectiveFirstly, the value of compliance is that it brings an independent and distinctive point of view to the business process. If compliance is only there to rubberstamp someone else’s decision, usually from the line, then really as a function and profession it adds very little value and may rightly be held in low esteem. But if we can bring a fresh and new perspective, which is valued in the decision-making process, then compliance can be seen as a strategic function.

But this perspective is not just about interpreting what the regulator says, which has been the traditional safe position of compliance. Instead it is about setting any interpretation within a broader context of wider standards and practices, and providing a range of options drawn from experience about what is practical and may be achievable. A compliance officer needs to bring to bear an understanding of overseas best practices, as well as insights from relevant enforcement cases, regulatory speeches, guidance, peer group sharing, and information from many other formal and informal sources (such as from the ICA or, for example, from this magazine).

Above all, compliance should have sufficient market knowledge and understanding to be in a position to recommend a range of business opportunities, some of which may come out of an in depth understanding of the relevant rules and an appreciation of how the regulator is wishing to steer the industry in the short, medium and long-term. Recently, we have seen new trends in signposting – such as “sandboxing” – where regulators are seeking to give the space for firms, to some extent through the agency of their compliance officers, to experiment and develop while being monitored in real time without the straitjacket of prescriptive rules. Also, through “Dear CEO” letters and thematic guidance, the regulator is deliberately giving encouragement to certain products or practices, as well as making it clear that other avenues are “no go”. We have seen this in the SIPP market and more recently in the newly-authorised debt advice services. This is a sign of a more mature and confident regulator, which is good for everyone and should improve outcomes for both consumers and markets.

The mark of a true professional

David Jackman outlines the importance of good and independent judgement in decision-making

Verifying the validity of information and the veracity of conventional board dashboards and audit MI is so important in this age of fake news and “alternative facts”

inCOMPLIANCE®31

CUTLURE AND CONDUCT

The final point is about independence. We might all say that compliance is independent at all times, but this ignores the reality of business pressures and the need to get various authorisations completed to a timescale. Who does the compliance officer work for? Is it the firm? Is it regulator? Is it the consumer? Of course, it’s a combination of all three. This puts the compliance officer in an invidious position at times, but it is important to make clear to colleagues, especially at the senior management level, that the value of compliance comes from the ability to say the uncomfortable truth; something like the famous dictum for journalists: “speak truth to power”. Compliance’s value is derived from its privileged position of setting out what would be detrimental to the firm and to consumers. We are the firm’s self defence mechanism, and to neuter this mechanism is to render compliance ineffective. When independence works well it contributes to a healthy firm and when it is undermined, as reputedly happened in the run-up to the 2008 crash, the resulting blindness can be enormously costly.

No shortcutsSecondly, it is clear from the above that preserving independence does not make decision-making any easier. In fact, it has long been my crusade to emphasise that compliance and regulation is inherently complicated and that shortcuts and quick fixes, while always highly-attractive, only serve to undermine the quality and credibility of compliance and governance. It is not just ticking boxes that we need to leave behind, it is the widespread conception in both business and compliance that there is an easy answer to be had and that a cheap, off-the-shelf, plug-and-play solution is always available. How on earth we think that decision trees will provide an answer, or that one-hour annual training is enough, is quite extraordinary. Scenarios need to be worked through, various competing options calibrated, a wide range of regulatory or non-regulatory sources referenced, and logical, structured, constructive challenge and debate carried through at every level.

It also goes without saying that verifying the validity of information and the veracity of conventional board dashboards and audit MI is so important in this age of fake news and “alternative facts”. Shedding light on a grey area or conflict of interest, or balancing competing priorities is a tall order and requires a disciplined, intellectual approach

and practical methodologies (of which compliance does not have sufficient number). Many judgements are indeed fine judgements or close calls and it is the absolute core skill of compliance to dissect these delicate threads and weave a

realistic and durable solution… and then to sell it to others and monitor its introduction.

Setting the agendaSo the agenda for compliance is:• Finding more suitable and relevant sources of information• Weighing up their usefulness in the light of practical

experience, benchmarking or published guidance• Applying new ideas in a structured and disciplined way• Identifying and testing “deciding principles”• Making others aware of the decision-making process used• Building in methods of real-time monitoring to evaluate

success• Finding new techniques of calibration and evaluation• Devising tools to assist the decision-making process.

This is, as the Code identifies, often a sensitive and delicate process requiring honed skills and not blunt instruments, and we should not apologise for this. I quite understand that in certain circumstances compliance officers have to make tough and snap decisions. It is in those pressured moments that they both test and demonstrate their accumulated experience, the depth of their learning and practiced powers of their judgement. These are the marks of a true professional.

David Jackman is an ICT tutor and ICA strategic advisor. He is the author of The Compliance Revolution (Wiley 2015) and Director, The Ethical Space Ltd. He was formerly FSA Head of Ethics and Training and Competence. www.intotheclearing.com

1. For the rest of the Code see https://www.int-comp.org/membership/ethics/

If we can bring a fresh and new perspective, which is valued in the decision-making process, then compliance can be seen as a strategic function

It is not just ticking boxes that we need to leave behind, it is the widespread conception in both business and compliance that there is an easy answer to be had and that a cheap, off-the-shelf, plug-and-play solution is always available

inCOMPLIANCE®

32inCOMPLIANCE®

33

CF10 is the designation given by the UK’s Financial Conduct Authority (FCA) for the

compliance oversight control function within the UK financial services sector. The role is not understood by everyone and some people even think that it is not that “fun”. It’s time to put that right!

I recall attending an interview for the role of Head of Compliance at a small and rapidly-growing hedge fund. The role was very well paid with many benefits including bonuses, share options, flexible working hours and a great location. You will be surprised to learn, then, that I declined the subsequent job offer. The reason? The company wanted me to be the CF10 from day one of starting.

One should be diligent before agreeing to be guardian angel for a company that one doesn’t know well; particularly as the sins of that company can be revisited on the CF10. The role of CF10 is one you grow into as your knowledge of the business, its people, processes and the regulations that apply to it expand over time. Like every control function, the CF10 requires a high degree of skill and experience with a specific knowledge of the regulatory oversight that applies.

Fit and properMuch in the same way that a guardian angel has to earn her wings and golden harp; the CF10 needs to earn the right to hold this position by undertaking a “fit

and proper” person assessment by the FCA. This is a long and often arduous administrative process, which begins with an “FCA connect” application.

Once the FCA is satisfied that you’ve been through enough hoops to earn your CF10 wings, you will be the holder of a prestigious and highly-responsible function (a significant control function). Much like a guardian angel, your role is to protect and guide your company (and its employees) to walk the straight and narrow path of FCA rules and regulations. Remember: with great power comes great responsibility (as Spiderman always reminds us). You can and will be held responsible for the transgression of your flock in the framework of your CF10 functions.

Earning your wingsSalima Nanji considers the role and responsibilities of the CF10

SKILLS

One should be diligent before agreeing to be guardian angel for a company that one doesn’t know well; particularly as the sins of that company can be revisited on the CF10

inCOMPLIANCE®33

This is a very serious undertaking and you must know what you are signing up for. You are now entering into a brave new world. Although there is only one CF10 per company the role is not as glamorous as you might think. You will now be confronted by the competing demands of many.

Internal demands1) The business – Your function cannot be outsourced but you can be helped by a compliance team or an external consultancy. Your job is to ensure that your firm adopts good business practices; training staff to take ownership and responsibility commensurate with their role. You will set values and standards by drafting policies and procedures, and ensuring adherence to them (think of these as your "Commandments"). The role of a CF10 cannot be performed in isolation. Reinforcing accountability within the (first line) business is key. You must instil the mantra “we are all in it together”.

2) Senior management – You must elicit support in creating a good culture in the firm by encouraging executives to “set the tone from the top”. Ensure senior management fosters best practices, thereby setting an example and helping you facilitate compliance work.

As for all guardian angels ethics and integrity must be the cornerstone of your activities. But being "good" is not enough for the CF10 guardian angel. You will need to create audit trails, monitor, create reports, escalate (where appropriate) and document to prove that you’ve been good – a bit like Santa making a list and checking it twice to see who’s been naughty and nice!

You will have to demonstrate this good behaviour to the Board of Directors, the Audit & Risk Committee, the CEO and, ultimately, the almighty FCA. In order to please this group and demonstrate your CF10 credentials you will have to provide proactive advice, direction and guidance.

Your fellow colleagues and line manager may not comprehend or acknowledge the multitasking and organisational acumen required to fulfil your role as their guardian angel. In fact they may see you as a do-gooder that’s out to stop their fun.

External demands1) Multiple regulations – Guardian angels only have Ten Commandants to deal with. Not so for the CF10 guardian angels. The ever-increasing number of regulations creates a challenge to understanding, adherence and implementation. Take the example of regulations applying to asset managers:• As of the end of 2016 the CF10

needs to understand and implement “Undertakings for Collective Investments in Transferable Securities” (UCITS V)

• Every financial services firm has recently had to implement the new Market Abuse Regulation

• The Fourth Money Laundering Directive is due to come into force this year

• In 2018, CF10s will need to prepare for the Markets in Financial Instruments Directive (MiFID II).

The list goes on... and once you get a second to breathe, you will need to look beyond the letter of the law, the rules and regulations to put in place numerous best practices that the FCA provides as guidance in speeches, policy documents and standards.

Bearing in mind Brexit and the current economic context in the UK, the situation becomes yet more complicated and uncertain. Brexit could result in a de-harmonisation of regulation within Europe as the UK could work towards its own interpretation. Furthermore, the UK may choose to implement compliance-relevant laws that are dissimilar and stricter where regulation is designed to be harmonious and applicable in all

member states. 2) Multiple regulators – Guardian

angels only have to deal with the one omnipotent God. CF10s have to deal with twin peak regulatory structures of the Prudential Regulation Authority (PRA) and FCA.

While the PRA is a subsidiary of the Bank of England and regulates almost 2,000 firms, the FCA regulates all firms, including those regulated by the PRA.

It has been noted that the FCA has far greater enforcement powers than its predecessor, the Financial Services Authority (FSA). CF10s are more likely to get their wings clipped through severe fines, bans or even imprisonment, as the regulator focuses ever more upon individual accountability. For example, in March 2015 the FCA fined Anthony Wills, Compliance Officer at the Bank of Beirut, £19,600 and the Bank itself £2.1m. In another example, in 2015 Jeremy Kraft, former Compliance Officer of Martin Brokers (Interbroker Deal), was fined £105,000 and David Caplin (Former CEO) £210,000 for failings related to LIBOR.

The company of angelsThe role of a CF10 is to protect the company and its employees. Remember: compliance experts are in demand and RegTech is emerging as “the next big thing”. In order to meet the challenges outlined above, one should adopt innovative approaches and solutions and should seek to make efficient use of both people, resources and technology. Failure to do so could be catastrophic for all concerned. As CF10 you will need many skills to retain your wings and stay aloft on your cloud while you pluck on the harp strings. But, above all, remember that mantra: “we are all in it together”.

Salima Nanji is a lawyer and has provided legal and compliance services for a range of multinational companies. She

holds a controlled function and works in the financial services industry in London

SKILLS

You will need to look beyond the letter of the law, the rules and regulations to put in place numerous best practices that the FCA provides as guidance in speeches, policy documents and standards

inCOMPLIANCE®

34

FINANCIAL INCLUSION

inCOMPLIANCE®35

The Fragile States Index, published by the Fund for Peace, ranks 178 countries to determine their stability. The index is based on the results of 12 key political, social and economic

indicators and over 100 sub-indicators. It is a useful tool to identify nations that are (or are on the brink of being) deemed as fragile states. These are essentially countries where the political or economic system has disintegrated to such an extent that the government no longer has control over justice, law and order. According to the most recent report, published in June 2016, the top eight nations that fall in the category of “very high alert” are1:• Somalia• South Sudan• Central African Republic• Sudan• Yemen• Syria• Chad• Democratic Republic of Congo

The need for regular remittancesNot a day goes by without our hearing of the refugee crisis or seeing images of men, women and children fleeing from warzones. As militia loot businesses and factions rob and kill people, civilians are forced to leave their homelands and cross borders. If it is not civil war, then it is famine or drought that drives families to forsake the familiar for the unknown. Against their wishes, the daily struggle for food, clothing, shelter and medicine compels them to leave their homes. It is not surprising that many of the countries listed above have seen a surge in refugees leaving their borders.

This is where regular remittances sent by the diaspora to their families and friends living in fragile states go a long way towards alleviating living conditions. They also play a key role in enabling families to decide whether they should flee their homes to take on the life of a refugee. There is a growing demand, from thousands of migrants, for a functioning remittance mechanism that enables them to send money home. Conversely, there is also demand from traders in the home country wanting to pay for basic food and medicine imports. These parties are constrained by the collapse of the financial banking system and the dearth of a functioning payment, settlement and remittance framework.

The growth in demand has, however, coincided with an increasing trend of “de-risking”, i.e. the “phenomenon of financial

institutions (FIs) terminating or restricting business relationships with clients or categories of clients”.2 FIs have been quick to close the correspondent accounts of banks and money transfer operators (money exchangers / MTOs) in countries that they categorise as “high risk”. Pressure from other correspondent banks or law enforcement, lack of confidence in the MTO’s AML procedures, low profitability, and reputational risk have been the main drivers behind this. Rather than facing punitive penalties from regulators, FIs prefer to avoid the risk. One can hardly criticise them for doing so. If large multinational banks have come under the heavy hand of the US regulatory authorities, it is highly unlikely that smaller institutions will be spared.

Seeking a solutionAgainst this backdrop, the recent stance taken by the World Bank to support remittance flows to Somalia is commendable. In June 2016, the World Bank appointed Abyrint, a management consulting firm based in Oslo, as the Central Bank of Somalia’s trusted agent to regulate and supervise its money transfer businesses.3 Abyrint specialises in the “rebuilding of institutions, governance and administrative systems in fragile states.”4 It is critical that such skillsets and knowledge transfer take place to mitigate the threat of money laundering and terrorist financing in a nation that has been ostracised by the financial community. The World Bank is also involved in helping the Central Bank of Somalia to draft guidelines for the regulation and supervision of its money transfer business.

More solutions are required to ensure that remittances and financial aid reach households and communities. While small amounts of $100 would scarcely attract the attention of terrorists, they can go a long way towards providing food security, access to medical care, and a functioning educational system in fragile states. Desperate times call for desperate measures. It is therefore ironic that the inability to pay for food, medicine, and shelter can propel rational men (and women) to anti-social activities that may culminate in terrorism.

One model that could serve to rebuild the financial sector involves designating a centralised, authorised bank in the fragile state to be the intermediary for all inward remittances (Figure 1). Ideally, this should be an institution with a widespread network of branches. The bank should be under the management of World Bank personnel or firms that it appoints as trusted

A basic means of survival

In the midst of the ongoing refugee crisis, Deepa Chandrasekhar considers the imperative to facilitate remittance frameworks in

fragile states

inCOMPLIANCE®35

FINANCIAL INCLUSION

agents, to eliminate the risk of corruption. Close supervision from them is required to ensure the diaspora, overseas financial institutions and multinational aid agencies that the money reaches the ultimate beneficiary. Such a framework would require the blessing of the Central Bank in the fragile state, as well as international organisations such as the US Office of Foreign Assets Control (OFAC), the United Nations Security Council, the European Commission, the UK's Office of Financial Sanctions Implementation (OFSI), and other similar bodies. The centralised institution should be connected to the SWIFT and it should be reiterated that monies remitted through the approved intermediary would not be subject to sanctions or punitive measures by overseas regulators. An upper monetary threshold (e.g. $250 - 500 per recipient) can be imposed, so that inward remittances are more likely to be for the purposes of family support as opposed to financing anti-social activities.

The onus is on the centralised intermediary to build a database of the beneficiaries and ensure that a basic KYC procedure is put in place. Some primitive means of identification would need to be devised to facilitate the onward flow of funds. In war-stricken countries, where national identification numbers are non-existent or have been destroyed, this could be ascertained by capturing thumb impressions along with the account holders’ signatures, and providing a unique bank identification record number.

Infrastructure issuesIt is well-known that nations that are deemed to be fragile states lack the infrastructure of the formal banking system. Traditional delivery channels such as ATMs, internet banking and mobile banking are visibly absent. The question then arises as to how to transfer the funds to recipients who live in villages or towns far away from where the centralised intermediary is located. The solution could be to use the widespread branch network of the centralised intermediary bank. Another alternative would be to use a network of registered and trained licensed money transfer companies or post offices, which have a large outreach network including remote locations. They have traditionally been agents of domestic money transfers in several under-developed countries where the financial banking infrastructure is inadequate to deliver remittances.

In fragile states with a functioning telecommunications network, telephone companies could be pressed into offering their mobile phone networks for transmitting credit. This could be in the form of prepaid communication services for the relatives of the diaspora, or for disbursal of cash through the telephone

operator’s network of agents. This is similar to the M-PESA model in Kenya, pioneered by Safaricom, in which recipients would go to the M-PESA agent with their identification documents to register and withdraw money. As security was a major issue in certain communities, the Safaricom agent used to be dispatched to a designated police station in a high-risk area, “to give beneficiaries easy access to the cash … allowing them to use it immediately to buy their food.”5

A humanitarian needGiven the growing importance of remittances as a means of subsistence, it is imperative for governments of fragile states to accept the help of a neutral body such as the World Bank and explore ways of creating a basic framework for payments and settlements. From an economic perspective, it shores up depleted foreign exchange reserves and enhances the formalisation, transparency and robustness of the banking sector. From a social perspective, it could be a small step in staunching the outflow of refugees by providing them with the basic means of survival. Last, but not the least, it is a humanitarian gesture to the next generation of mankind.

Deepa Chandrasekhar is the Chief Compliance Officer and MLRO of United Gulf Bank B.S.C., Bahrain. The views expressed in this article are hers alone and do not represent those of the organisation.

1. http://fsi.fundforpeace.org/2. http://www.worldbank.org/en/topic/

financialmarketintegrity/publication/world-bank-group-surveys-probe-derisking-practices

3. http://www.worldbank.org/en/news/press-release/2016/06/10/world-bank-makes-progress-to-support-remittance-flows-to-somalia

4. http://www.abyrint.com/5. http://odihpn.org/magazine/mobile-phone-based-

cash-transfers-lessons-from-the-kenya-emergency-response/

Figure 1: A centralised intermediary model

Aid agency/Diaspora in the Host country

Ultimate beneficiary/family

in the home country

Point of remittance transfer• Banks• Money exchange houses

Transfer interface• SWIFT

Recipient of remittance transfer in home country• Centralised, authorised

Intermediary bank

Network of branches/money transfer

operators/post offices/mobile operators

inCOMPLIANCE®

36inCOMPLIANCE®

37

CORRUPTION

2016 is regarded by some as a record year for bribery cases against companies, with a huge number of fines and prosecutions being brought in jurisdictions

around the globe.1 Many of these involved public officials, governments and/or state-owned entities through the provision of kickbacks or facilitation payments. Perhaps the “game-changer” in 2016 was the Panama Papers, a massive leak of documents from Panama-based law firm, Mossack Fonseca, containing information on thousands of offshore entities. Allegations of the use of offshore entities in Panama for illegal purposes, including corruption, followed.

Against this background, Transparency International’s 2016 Corruption Perceptions Index was published on 25 January of this year. In launching the report, Robert Barrington, Executive Director of Transparency International UK, outlined the continuing fight against bribery and the urgent need for committed action to thwart corruption. Transparency International’s vision is of “a world in which government, business, civil society and the daily lives of people are free of corruption” and the organisation has been working towards this aim since 1993. This year’s Corruption Perception Index is the 21st edition. The Index aggregates data from a number of different sources to capture perceptions of business people and country experts of the level of corruption within the public sector. Countries and territories are given a score of 0 – 100, where a “0” equals the highest level of perceived corruption and “100” the lowest. The 176 countries/territories evaluated are then ranked in the Index according to score. Those with the highest levels of perceived corruption are at the bottom of the Index.

The resultsKey headlines from 2016’s Index make for interesting reading (see Box 1). In particular, Mr Barrington highlighted to the following themes:• More countries have moved down the ranking than have

moved up, demonstrating increasing perceived levels of corruption

• The Index highlights declines in the Middle East, with Qatar being the biggest faller, by 10%

• Six EU countries, up from four in 2015’s Index, now score less than 50 out of 100

• The global average score is 43• 69% of countries score below 50 out of 100.

What does this mean?Transparency International argues that: “corruption and inequality feed off each other, creating a vicious circle between corruption, unequal distribution of power in society, and unequal distribution of wealth. As the Panama Papers showed, it is still far too easy for the rich and powerful to exploit the opaqueness of the global financial system to enrich themselves at the expense of the public good.”

These results will inevitably prompt discussion and questions about the efficacy of current efforts to reduce bribery and corruption, both at a governmental level and within firms.

Following Robert Barrington’s introduction, Edward Lucas, Senior Editor at The Economist, led a lively and informative panel discussion involving David Green, Director, UK Serious Fraud Office (SFO); Cobus de Swardt, Managing Director, Transparency International; Nathalie von Taaffe, Former EMEA Head of Anti-Corruption and Sanctions at Credit Suisse; and David Stulb, Global Leader Fraud Investigations & Dispute Services, Ernst & Young.

David Green opened the discussion with thoughts on some of the SFO’s high-profile cases touching on bribery and corruption concerns in 2016, including Rolls-Royce and Airbus. The discussion centred around the growing focus on firms in respect of bribery and corruption issues and the scale of some of these related investigations.

Audience participation was strong, with a number of

An ongoing struggleWith perceived levels of bribery and corruption on the increase,

Ruth Hutchinson reports from the launch of Transparency International’s 2016 Global Corruption Perceptions Index

These results will inevitably prompt discussion and questions about the efficacy of current efforts to reduce bribery and corruption, both at a governmental level and within firms

inCOMPLIANCE®37

CORRUPTION

questions posed covering a wide range of relevant topics. One question challenged Transparency International’s Cobus de Swardt to comment on the Index’s exclusive focus on public corruption and whether any attempt to include views on perceived levels of corruption in the private sector would be of value. Mr de Swardt suggested that, given that the index is based on perceptions, the specific inclusion of perceived private sector corruption would be unlikely to materially change the results.

There were several questions regarding the potential impact of the US Trump administration. For example, could the new administration derail global efforts to reduce bribery and corruption? The panel offered a range of views, with a general consensus being that global impact would be modest, but that the future approach taken to enforcement activity in this area in the USA would depend on who Trump appoints to fill enforcement-related roles.

The FutureThe panel then turned to consider what the future holds. Nathalie von Taaffe pointed out the increasing emphasis being placed upon personal accountability, noting that the UK regulator is moving towards this approach not least through the introduction of the Senior Manager’s Regime. She added that other enforcement actions have demonstrated the regulator’s desire for personal accountability and whilst this has not as yet been seen in anti-bribery and anti-corruption actions specifically, it is only a matter of time before it is. Further to this, David Green and

David Stulb both agreed that more and larger enforcement actions are also a strong possibility from regulators around the globe.

Facilitating the dialogue, Edward Lucas highlighted the disparity revealed by the Index between perceived levels of corruption in some parts of the world when compared to others, and led the panel to debate what challenges this posed to firms operating internationally. This brought about an interesting discussion on whether global firms can ever operate on a truly level playing field where they may be held to a higher account in respect of anti-corruption in their home jurisdictions than competitor firms operating in jurisdictions where methods of corruption and bribery to win business may be commonplace and remain culturally acceptable. The panel acknowledged this is clearly an ongoing challenge. Firms must understand and assess the jurisdictional risks they face in their business. The role of the risk based approach to these types of business relationships would be key to a compliant firm when evaluating its strategic goals.

In closing, Robert Barrington emphasised the importance of the continuing fight against corruption, highlighting the interconnection between corruption and inequality. In the words of José Ugaz, Chair of Transparency International: “In too many countries, people are deprived of their most basic needs and go to bed hungry every night because of corruption, while the powerful and corrupt enjoy lavish lifestyles with impunity.”

Ruth Hutchinson is Head of Financial Crime Compliance Training, Education & Development at International Compliance Training

Box 1: Movers and ShakersTop 101. Denmark2. New Zealand3. Finland4. Sweden5. Switzerland6. Norway7. Singapore8. Netherlands9. Canada10. Germany10. Luxembourg

11. United KingdomBottom 10166. Venezuela167. Guinea-Bissau168. Afghanistan169. Libya170. Sudan171. Yemen172. Syria173. North Korea

1. http://blogs.wsj.com/law/2017/01/30/2016-a-record-year-for-bribery-cases-against-companies-but-not-individuals/

Enforcement actions have demonstrated the regulator’s desire for personal accountability and whilst this has not as yet been seen in anti-bribery and anti-corruption actions specifically, it is only a matter of time before it is

Transparency International argues that corruption and inequality feed off each other, creating a vicious circle between corruption, unequal distribution of power in society, and unequal distribution of wealth

INTELLECTUAL PROPERTY THEFT

inCOMPLIANCE®

38inCOMPLIANCE®

39

The world is becoming ever more interconnected thanks to the internet. This poses unique

opportunities for criminals and terrorists to raise monies through selling counterfeit and pirated goods or through online piracy (music, films, software, e-books, broadcasting etc).

Intellectual Property (IP) has weak laws and even weaker enforcement globally, making it an easy way to make money. Terror groups such as Hezbollah and D-Company have exploited this for some time. In some countries – such as India – the market for counterfeit luxury products is growing at a compounded annual growth rate of almost 40-45% and was estimated to be worth $839m in 2015.1

Size and scale of the problemIn April 2016, the Organisation for Economic Co-operation and Development (OECD) estimated that imports of counterfeit (fakes with or without the original brand name or logo of a trademark) and pirated (e.g. a Nike sub-contractor overproducing and selling illegally) goods are worth nearly half a trillion dollars a year ($461bn), or around 2.5% of global imports (this excludes online piracy). Moreover, postal parcels are the top method for shipping bogus goods (accounting for 62% of seizures over 2011-13), reflecting rampant online transactions. According to the International Anti-Counterfeiting Coalition, more than 90% of the banks used by online counterfeiters

to process credit card payments are Chinese.2 Separately, payments processed in the US using credit cards or PayPal (in China it's Alipay [50%] and Tenpay [20%]3) make their way into these Chinese banks.

However, not all buyers are innocent. While some are indeed fooled into buying cheap fakes through e-retailers operating from locations such as China, using websites designed to look like legitimate retail sites, others do so knowingly for the brand value and good quality. Spotting fakes online, or even in the flesh, is becoming difficult, with low prices often being the only clear indicator. Even this can be camouflaged through discounts attributed to “manufacturing defects”. Fake goods are even sold in the more respectable marketplaces such as eBay, Alibaba group, and Amazon. In variations of this scheme4, the fake goods (e.g. counterfeit watches) are sold elsewhere (e.g. another website) with payments settled through a legitimate storefront in these online marketplaces purportedly for the sale of other legal goods (e.g. pencils). (Moreover, goods may not actually move, i.e. criminals may only use the payment platform to settle their dues.) Interestingly, nearly one-third of paid search ads for designer handbags are placed by fraudulent sellers.5

Online piracy is also a major activity, funding terrorism, for example, by the D-Company in India. Nearly half of the top 150 sites are from the US, 11 from Canada, 9 from Panama and 6 from Pakistan, and the top 100 sites make

$521m annually.6 It is an area dominated by tech-savvy youths, who make money through advertisements on sites and not directly through downloads. With the help of established ad networks such as Doubleclick and Adsense, pirate sites are not only displaying ads for gambling and dating companies, but also ads for multinationals, including McDonald's, Hyatt Hotels, Netflix and Ticketmaster.7 The revenue generated by online piracy has remained consistent, or on a slight increase, as websites that are shut down or degraded are replaced almost immediately by new sites. Experts believe that this may be impossible to stop. The UK's IP Crime Report 2015/16 states that, within the online piracy sector, IPTV/Kodi, torrent sites and stream ripping are seen as the main threats.

Finally, cybersquatting – registering well-known company/brand domain names to resell them at a profit or to sell advertising on those sites – generates illegal revenue in the millions of dollars annually, costing trademark holders more than $1m per brand, every year.8

The Deep Web The Deep Web is believed to be 500 times the size of the surface web9, containing 96% of the total content on the world wide web. Most fake websites are on the Deep Web and cannot be found through ordinary Google searches. They are set up through privately-registered domain names with fake contact details on WHOIS, hosted on servers in countries with weak enforcement, and paid

Dirty money seeping through banks

Banks have largely ignored IP theft. However, they may be facilitating their clients’ insidious commercial transactions, opening up a dragnet for themselves, warns Rohan Bedi

INTELLECTUAL PROPERTY THEFT

inCOMPLIANCE®39

for using Bitcoins/anonymous prepaid cards. The webpages are protected from Google and other searches by: 1) using meta tags that prevent indexing, 2) hiding content on a database behind a search engine on the website, and 3) password-protected content.

The smarter IP criminals will simply password-protect their content requiring registration, with the landing page not saying much other than a login option, putting it out of the classification of “public domain” data. The actual URL would be something that does not make sense – something like “www.ete78k0l.com” – with a masked forward domain name for customers – like “www.nikeshoes-usa.com” – to fool them. Busting the operation would require undercover operations by investigators/law enforcement posing as customers, assuming they get hold of one of the emails marketing the products.

Naturally, selling in the Deep Web is preferred by criminals as they have a larger market of potential customers who they can fool into believing they have arrived at a genuine online shop. These days criminals use creative marketing strategies focused on a consumer’s buying habits. Criminals will grant URL access to their sites through email marketing (typically via spam email, although the smarter ones avoid the email being treated as spam, for example by a “drip” email campaign, and avoid emailing investigators), first requiring registration for access to the content, and potential customers would use a normal web browser such as Google Chrome or Internet Explorer. IP criminals are also using fake profiles on social media sites such as Facebook, unauthorised mobile apps, and paid search advertising to steal customers and sell them fake/illegal goods via weblinks to their Deep Web sites.

Moving to the opaque Dark WebHowever, as these Deep Websites are taken down by authorities and, more importantly, conventional payment options are shut off, IP criminals will increasingly use the Dark Web to establish outlets to sell their goods online using Bitcoin/other cryptocurrencies, accessible only using

the TOR browser (or on I2P or Freenet) and catering largely to those who willingly search for good quality fakes/illegal goods. Illegally-obtained bank client databases would also typically be sold on the Dark Web.

Criminals will also remain in the Deep Web opening and shutting new websites rapidly, after every e-marketing campaign, and restricting settlements to cryptocurrencies or using less respectable debit/credit card payment service providers (set up in poorly-regulated financial centres) as the better ones such as PayPal drop them and banks refuse to directly process their debit/credit card payments. They will also continue to settle their illegal sales made elsewhere using the payment platforms of their storefronts on online marketplaces.

The needle in the haystackSearching for these websites selling fake or illegal goods has its own challenges. On the Deep Web, normal search engines or even metasearch engines (aggregators) won’t help to detect these websites, even with Boolean searching (i.e. using "AND" or "OR"). Special search engines that ignore meta tags that stop indexing have to be used. Technologies that help harvest data from the Deep Web, which is on databases behind a website’s own search engine, have to be used. Where content is password-protected, investigators potentially need to pose as online customers (assuming they manage to identify these and establish contact) or, if they are law enforcement, hack the website where legal to do so.

On the Dark Web, although specialised search engines now exist, such as “Onion Link” and “Not Evil”, it is not clear how comprehensive these are and they are limited to a single platform (i.e. TOR). The US defence authorities are also building their own search engine, called "Memex", covering both the Deep and the Dark Web and non-traditional (such as, multimedia) content, albeit it will specifically not search content that is password-protected (i.e. no hacking). However, separately, enforcement has made good progress by using hacking to identify people in the Dark Web, and through the use of Bitcoin Blockchain evidence.10

Banks need to take the next step in KYCAs the above suggests, it is difficult for banks and other FIs to monitor whether their clients are selling fake or illegal goods, or conducting any illegal commerce such as child pornography or child abuse via the web. Specialised firms exist offering services to help screen for any illegal or illicit activity in the online world. Banks need to start using such third party services on a risk-based basis. Regulations already enshrine this requirement. Regulatory focus will follow.

Dr Rohan Bedi is a Fellow of the ICA (FICA), see rohanbedi.com

1. ASSOCHAM, 2014, “Fake luxury market in India to double by 2015: Analysis”

2. Schiefelbein, Mark, 2015, “Chinese banks a haven for Web counterfeits,” Los Angeles Times, Associated Press

3. Hendrichs, Matthias, 2015, “Why Alipay is more than just the Chinese equivalent of PayPal,”

4. Teicher, Ron, 2016, “Merchants easily fooled by hijacked e-payments”, paymentssource.com

5. NetNames, 2017, https://www.netnames.com/industries/fashion-and-luxury-brand-protection/

6. Kurmanath, K V, 2015, “How online piracy ‘industry’ is a box-office wrecker,” The Hindu

7. Lindvall, Helienne, 2013, “Pirate sites are raking in advertising money from some multinationals”, The Guardian

8. NetNames, 2017, https://www.netnames.com/industries/fashion-and-luxury-brand-protection/

9. Worldtrademarkreview.com, 2016, “The Deep Web, darknets, Bitcoin and brand protection”

10. Motherboard.vice.com, 2016, “7 Ways the Cops will Bust you on the Dark Web”

inCOMPLIANCE®

40

OPINION????????????????????????????

inCOMPLIANCE®41

WHY COMPROMISE BETWEENCOMPLIANCE OBLIGATIONSAND CLIENT EXPECTATIONS?

Quickly understand corporate structures and

beneficial owners with visual analytics

More trusted UK and global information

providers than any other KYC solution

Automated single or batch informaiton

collection to accelerate your KYC processes

Robust and comprehensive audit trails,

delivering assurance when you need it most

f i n d o u t m o r e

encompasscorporation.com • 0333 772 0002 • info@encompasscorporation.comf o l l o w u s

Next generation RegTech solution Encompass turns AML/CTF compliance into competitive advantage.

With Encompass, KYC checks and onboarding processes can be completed up to 10 times faster and with significantly lower costs. One aggregated platform provides a single point of access to all the information providers you use and trust.

Consistent and robust policy adherence is now possible using the unique power of KYC policy automation to ensure your business is regulator ready.

HOW CAN ICA’S CORPORATE PACKAGES HELP YOU?Bring your in-house team into the global community

Our Corporate Packages will provide you and your sta­ with a wide range of resources to support your education and continuous professional development (CPD).

Sta­ can gain access to over 7,000 pieces of online learning including regular news updates, bulletins, webinars, podcasts and our bi-monthly magazine inCOMPLIANCE®.

All of these resources can aid the development of a well-informed, positive and proactive compliance culture within your company.

For further information, please visit www.int-comp.org/corporate-package to download our Corporate Package brochure or to request a call back from a representative of ICA to discuss how we can tailor our packages to suit your organisations' needs.

inCOMPLIANCE®41

WELLS FARGO

Rotten to the core?In the wake of the Wells Fargo fake accounts scandal

numerous questions remain to be answered about the role of governance, risk management and compliance at the bank,

writes Richard Griffith

inCOMPLIANCE®

42inCOMPLIANCE®

43

The Wells Fargo scandal made the headlines in both the mainstream and specialist press last year. As the furore surrounding the case has begun to recede, now

is a good time to reflect on some of the deep-rooted core failures that allowed these fraudulent actions to fester for around 10 years.

According to news reports the problems at Wells Fargo arose because the bank’s sales targets and employee bonus structure were tied to the number of accounts that staff were able to open, and executives would set unattainable sales targets. Put simply, corporate executives were turning a blind eye to fraudulent activity because they were making money. As former employees have suggested, it was a common practice, known throughout Wells Fargo, to push sales (accounts) to meet the goals set by executives and get compensated for it.¹

However, what is not clear is exactly when the core principle of “doing good ethical business” at Wells Fargo was compromised and replaced with an apparent drive for profit maximisation at the expense of clients’ best interests. Questions have been asked, such as “how did this happen?”, “why did this happen?” and “who is responsible?”. Yes, the former CEO, John G Stumpt, took the overall blame but over 5,300 employees were fired² for doing what they were pushed to do by his executives.

Moreover, how did Wells Fargo’s internal control functions – such as its whistleblowing programme and its governance, risk management and compliance functions – fail to expose the bank’s illegal sales practices for 10 years?

The need for governanceGood governance is essential for any business to function, especially for financial institutions such as Wells Fargo, which must operate within strict regulatory guidelines. Having a well-structured governance programme within the organisation will enhance the ability to identify infractions before they become widespread and potentially affect the culture of the organisation. Looking from the outside in, where was Wells Fargo’s corporate governance? Why did the bank’s fraud issue last so long? How did it cover the problem up? And why did 5,300 employees lose their jobs?

Wells Fargo failed on this very basic issue of governance, lacking the ability to regulate itself and to protect those employees who looked beyond the unethical business practices and reported to the proper internal authorities. Multiple open source reports³ have stated that, as early as 2007, or even earlier, several employees had attempted to report these fraudulent infractions only to be later fired or forced to quit. These violations were not isolated events, but were committed across the entire branch network. Moreover, it is likely the corruption reached the executive level of management, which in turn had an overwhelming influence on how human resources and the local and regional compliance management handled the reporting and overlooked the fraudulent practices for personal or professional gain.

Risk managementRisk management is another important aspect of compliance. In my view, Wells Fargo's executive management encouraged the fraudulent and unethical behaviours in order to meet financial goals. If this were an isolated case within a single

branch, then one could assume that that particular branch had played the odds of financial gains over the risk involved in committing fraud. However, that was not the case, and the practice lasted for at least ten years.

Again, from the outside looking in, it appears that Wells Fargo’s overall business culture was one of “profit before risk”, with sales staff crossing the line between ethical and unethical behaviour, driven by the search for profit with little regard to the ramifications of being caught. Again, we must return to the basic questions: where were the internal risk management checks and balances? What were compliance doing for the ten years that these activities were occurring? Why was there no risk management oversight when unethical, fraudulent behaviours became “normal” business culture in Wells Fargo’s executive strategic planning and goal projection?

Corruption within compliance?Compliance with regulatory guidelines is a crucial element in any corporation. Wells Fargo is a prime example of the failure to implement stringent internal guidelines and to function within the boundaries outlined by the regulations. Clearly, without such regulations, some corporations remain unable to police themselves and to refrain from crossing the line between ethical and unethical behaviours as profit drives their strategic planning and target goals.

Applying any regulatory rules requires a corporation to have a well-established compliance division within its infrastructure, which is well-defined and populated by compliance professionals who are above personal corruption. Again, one has to ask, “how did Wells Fargo end up in this situation”? Was there corruption within the bank’s compliance division? If so, for how long? And how did it get corrupted?

The questions are many. The answers, as yet, have proved elusive.

Richard Griffith retired from the US Navy with a background in International Business and Human Resource Management. He is a member of the International Compliance Association.

WELLS FARGO

ICA Certificate in Anti-CorruptionA new certificate that will set you apart from your peers in an area of significant global concern.

What will you learn?

• Understanding corruption• The craft of corruption• Who are the stakeholders?• High-risk countries, industries and customers• Anti-corruption legislation• Enforcement• An holistic approach to corruption risk mitigation• Future trends and the rise of the anti-corruption professional

Find out more at www.int-comp.org/anti-corruption or get in touch with our training provider, ICT, on +44 (021) 362 7534 or at ict@int-comp.com

ICAA326

You can also attend a

workshop as part of this course at the ICA Annual Conference on 29th March in London.

See website for details.

1. http://www.wsj.com/articles/how-wells-fargos-high-pressure-sales-culture-spiraled-out-of-control-1474053044; https://hbr.org/2016/09/wells-fargo-and-the-slippery-slope-of-sales-incentives

2. http://www.nytimes.com/2016/09/17/business/dealbook/wells-fargo-warned-workers-against-fake-accounts-but-they-needed-a-paycheck.html?_r=0; http://www.chicagotribune.com/business/ct-wells-fargo-executive-fake-accounts-20160914-story.html

3. http://money.cnn.com/2016/10/18/investing/wells-fargo-warned-fake-accounts-2007/ http://www.nytimes.com/2016/09/17/business/dealbook/wells-fargo-warned-workers-against-fake-accounts-but-they-needed-a-paycheck.html?_r=0

inCOMPLIANCE®43

OPINION????????????????????????????

ICA Certificate in Anti-CorruptionA new certificate that will set you apart from your peers in an area of significant global concern.

What will you learn?

• Understanding corruption• The craft of corruption• Who are the stakeholders?• High-risk countries, industries and customers• Anti-corruption legislation• Enforcement• An holistic approach to corruption risk mitigation• Future trends and the rise of the anti-corruption professional

Find out more at www.int-comp.org/anti-corruption or get in touch with our training provider, ICT, on +44 (021) 362 7534 or at ict@int-comp.com

ICAA326

You can also attend a

workshop as part of this course at the ICA Annual Conference on 29th March in London.

See website for details.

Head OfficeWrens Court | 52-54 Victoria Road |

Sutton Coldfield | Birmingham | B72 1SX | UNITED KINGDOMTel: +44 (0) 121 362 7747 Fax: +44 (0) 121 240 3002

Email: ica@int-comp.org www.int-comp.org

International Compliance Association CPD - 1 point

Advice to Readers

inCOMPLIANCE® is published by the International Compliance Association. Reproduction, copying, extraction, or redistribution by any means of the

whole or part of this publication must not be undertaken without the written permission of the publishers.

inCOMPLIANCE® is distributed as a free member benefit to all members of the International Compliance Association.

Articles are published in good faith without responsibility on the part of the publishers or authors for loss occasioned to any person acting or refraining

from action as a result of any views expressed therein. Opinions expressed in this publication should not be regarded as the official view of the ICA or as the

personal views of the Editorial Board members of inCOMPLIANCE®.

All rights reserved in respect of all articles, drawings, photographs etc published in inCOMPLIANCE® anywhere in the world. Reproduction or imitations of these

are expressly forbidden without permission of the publishers.

Printed in England

ICAM408