1

Alleviating Compliance Pressures Changing Landscapes & Malaysian Considerations

Ang Swee LeongDirector & Regional Head, AML/CFT & IT Compliance, CIMB

2

Some thoughts & topics for discussion

Evolution of StandardsBanking Compliance and Regulatory Financial TransparencyFuture of Sanctions

• Global Regulations have extended beyond the traditional scope• Compliance encompasses:

– Laws & Regulations– Standards & Guidelines

• The nexus of principle based laws to standards & prescriptive requirements poses several challenges:

– Analysis and interpretation– Speed of responses & implementation

Introduction

Evolution of Key “Broadly Endorsed” Standards (for Sound Financial Systems*)

• Fiscal & Financial Transparency• Monetary and Financial Transparency• Data Dissemination

• Banking• Insurance• Securities (incl. OTC & derivatives)• Pensions & Annuities• Payments & Settlements

Macroeconomic Policy & Data Transparency (Good Practices) Financial Regulation and Supervision

Institutional & Market Infrastructure• Corporate Governance Market Infrastructure• Accounting, Auditing & Assurance• AML/CFT Insolvency/Credit

* Standard setting bodies include (but are not limited to BIS, FATF, IMF IOSCO, IAASB, etc

Banking Compliance and Regulatory Landscape Today Key Areas of Regulatory Focus

– Current ½ dozen priorities are expected to remain unchanged, and are similar– Business Partnering with Business Units are a priority to address industry/business regulations, as well as,

to mitigate money laundering risk via more robust KYC– Conduct Risk is also key: covering product transparency, secrecy/privacy and conflict managment

Current Risks Priorities: Future Risks Priorities Source :PWC

Banking Compliance and Regulatory Landscape Today Increased Regulations & Effort to Track & Change• 80% of all Firms will spend at least ½ a day changing policy

• Each ½ day change could result in 7-14 hours of changes/correction at the front line per month per annum

Firms which spend more than 10 hours a week tracking & reporting regulatory changes

Source :Thomson Reuters

Malaysian Compliance and Regulatory Landscape

Effective 1 Jan 2017 :• Malaysia’s FI

Compliance Framework

• OECD Tax/Financial Transparency Exchange of Information

Source :Accenture

Banking Compliance and Regulatory Landscape Today Increased stature and complexit y of compliance, influencing Fis’ decision making.

Evolution of regulatory framework, covering expended role and greater liability

Fostering a compliance conduct & culture becoming a key priority for FIs.

Limited compliance talent pool. FIs are considering alternate approaches, shared services and outsourcing.

Automation & Management Information is becoming an inevitable necessity.

1

2

3

4

5

Responses to Increased expectations in Compliance

“Revisiting Risk”

Conduct Risk

Bank Secrecy/Data Protection

Trends Description

The inability of banks to manage risk in rogue trading, benchmark rigging, product mis-selling, insider dealing and misconduct has led banks to focus on staff conduct and increase automation.

Fearing of regulatory enforcement and financial burden of compliance, FIs are from high risk segments, products and countries. Examples include:

international banks exiting from MSBs, including restrictions on correspondent banks Malaysia: exit from timber and other natural resource industries Middle East: reduced participation and services by USD/GBP/EUR clearing participants

Operational or occasional lapses of data loss, leakage Banks are require to strengthen the Banks are also at risk due to reliance on service providers

Digital banking& Fin Tech

Digital banking has extended horizontally across operations, technology, legal as well as compliance. Banks are required to invest on compliance related preventative and detective controls.

Foreign Regulators have extended expectations beyond traditional audits and security assessments Simulations & Stress Tests are becoming the norm

AML/CFT, Sanctions and Proliferation Prevention

Malaysia’s Current State• Generally robust, well developed framework

• Still in Development/Progress:

– Controls for Legal person/arrangements

– Timeliness & accuracy of registrars

– Transition for rule-to-risk based approach

• Enforcement, cooperation & prosecution will evolve

• “Corporate Veil” should not undermine preventive, investigative nor enforcement measures

• Increased supervision and monitoring expected of Off-shore Institutions, TCSP* & DNFBP*

• More needs to (and will) be done to mitigate the transnational risks

* Trust Company Serice Providers & Designated Non Financial Business and professions

“Malaysia’s coordinated strategies [for] an effective AML/CFT system is a part of integrated efforts to attain developed nation status by 2020, including … a shared culture of AML/CFT compliance amongst government and private sector stakeholders”

Evolution of AML/CFT risk & controls• Rule-based/Principle

– Descriptive– Recommendations/Illustrative

• Industry/Sectoral based• Financial & Customer Indicators

– “traditional” KYC : nationality, product, activity– Regime/geographic disclosures

• Rule & indicator based Controls– Profile & Products– Thresholds & Triggers

• AML/CFT Mutual Evaluation

• Risk-based Prescriptive:– Prescriptive Definitions & Standards– Typology and attribute based

• Sub-Sectoral & Service Specific• Financial Transparency:

– KYC/CDD extend to new attributes– Bi-/Multi-lateral exchanges of Information

• Rule & learning based Controls– Technology/system based solutions are

expected (may expressed be stated)– Demographic & Behavior

• Multi-Standard based evaluation

Financial Transparency: ObligationsDefinition (OECD and Financial regulator based)

– “Timely, meaningful and reliable/relevant disclosures”

– “the objectives of policy (legal, institutional, and economic ) and the terms of accountability are … comprehensible, accessible, and timely “

• Obligations of Reporting Institutions:

– Multi-lateral and reciprocal transparency

– Preventive controls & counter-measures, where necessary (incl declining transactions)

– Awareness of clients, customers and counterparties

Financial Transparency: ObligationsDefinition (OECD and Financial regulator based)

– “Timely, meaningful and reliable/relevant disclosures”

– “the objectives of policy (legal, institutional, and economic ) and the terms of accountability are … comprehensible, accessible, and timely “

• Obligations of Reporting Institutions:

– Multi-lateral and reciprocal transparency

– Preventive controls & counter-measures, where necessary (incl declining transactions)

– Awareness of clients, customers and counterparties

Financial Transparency: Implications• Implications to the financial landscape:

– Risk-based business relationships, … and restrictions

– Prudence and caution will underlie preventive controls

(and, consequently, establishing or renewing relationships)

• Emerging trends and practices

– Extended queries for correspondent banking

– Enhanced due diligence

– Emphasis of dual goods and other proliferation indicators

The future of Sanctions & Enforcement

• Either International or Country adopted/enforcement

• Implied Participative & sometimes Unilateral:

– International Resolution based– Use of Currency & Intermediaries– Legislative, Contractual & Commercial

enforcement

• Treaty & Unilateral Enforcement

• Agnostic/Apolitical Transparency • Multi-lateral and Bi-lateral Agreements for:

– Definition of Identification & Verification & Disclosure

– Acceptance/Declining and/or Withholding/Blocking

• Broader, international and commercial Enforcement

Sanctions (noun):“an official order (including permission or approval)”“Measures (including orders and actions) to compel or prevent”

Some On-going and Practical considerations

Could Know, Should Know

1 Control,Mutiple

Objectives

Extra-Territorial

Compliance

Assurance & Confidence

Technology & Data

Summary• Increased global and multi-lateral definitions will govern the Compliance Framework

• Principles and methods remain unchanged:

– Evolution will manifest in policy, processes and system

– Standards may balance principles, rules & risk mitigation

• New channels, opportunities and risks need to be analysed, defined and translated into policies, terms & conditions

• Institutions’ & professionals’ participation in the global landscape will be defined or limited by one’s :

– Ability to define, communicate & transparently practice policy and processes

– Alignment and adoption of standards in both policy and services

19

Important NoticeThis presentation has been prepared by a representative of CIMB Group, at the request of an Institution or Association, solely for information and general discussion. Terms contained in this presentation are intended for discussion purposes only and are not to be deemed to be definitive for any commercial, legal nor regulatory purposes.. All information contained in this presentation belongs to CIMB Group and may not be copied, distributed or otherwise disseminated in whole or in part without the written consent of CIMB Group.

This presentation has been prepared on the basis of information that is believed to be correct at the time the presentation was prepared, but that may not have been independently verified. CIMB Group makes no express or implied warranty as to the accuracy or completeness of any such information.

CIMB Group is not acting as an advisor or agent to any person to whom this presentation is directed. Such persons must make their own independent assessment of the contents of this presentation, should not treat such content as advice relating to legal, accounting, taxation or investment matters and should consult their own advisers.

CIMB Group or its affiliates may act as a principal or agent in any transaction contemplated by this presentation, or any other transaction connected with any such transaction, and may as a result earn brokerage, commission or other income. Nothing in this presentation is intended to be, or should be construed as an offer to buy or sell, or invitation to subscribe for, any transaction nor securities.

Neither CIMB Group nor any of its their directors, employees or representatives are to have any liability (including liability to any person by reason of negligence or negligent misstatement) from any statement, opinion, information or matter (express or implied) arising out of, contained in or derived from or any omission from the presentation, except liability under statute that cannot be excluded.

20

Alleviating Compliance Pressures for the Community

Joyce FooDirector, Compliance Services, Asia Pacific, SWIFT

Where are we today?

22

A community issue calling for a community solution…

Financial crime is top of the agenda for banksFinancial crime is top of the agenda for banks

Significant costs at stake….

All geographies / All types of players impacted

... Yet no competitive advantage for banks

Lots of duplication…… for universal

challenges

Sanctions* ScreeningHosted solution for cost-effective compliance with sanctions regulations.

• All financial message formats

• 30+ global sanctions lists

• 300 customers in 100 countries

• 15 central banks

Sanctions TestingMaximise the effectiveness and efficiency of your sanctions environment.

• Independent assurance that your sanctions filters work correctly

• Greater control over systems/processes

• Peer benchmarking

The KYC RegistryOne global source of KYC information for correspondent banking.

• Simple, secure, standardised**

• Supported by world’s largest correspondent banks **

• SWIFT Profile

Compliance AnalyticsEnhanced understanding & management of financial crime-related risk.

• Unique, global dataset

• Interactive investigation tool

• Packaged reports• Event-driven

alerting

Community-inspired Financial Crime Compliance Solutions

24

KYC REGISTRY

The context… an unprecedented challenge to comply with KYC legal requirements

Information is unavailable or of poor quality

Complex, inconsistent requirements across jurisdictions

Cumbersome, repetitive and inefficient bilateral exchanges

25

The solution… a single source of correspondent banking information

7,000+ banks on SWIFT = 1.3M+ connections

Standardised, industry-wide solutions

User-provided, user-controlled access to qualified KYC information

Unique content: SWIFT Profile, EDD data

A standard set of KYC dataCategory I - Identification of the customer

C Licenses and Proof of Regulation, Certificate of Incorporation, et ceteraC Legal name, auditor, regulator, addresses

Category II – Ownership and management structureC Declaration of key UBO and shareholders : full names and identifying dataC Board of Directors Lists: full names and identifying data C Group structureC Annual Reports, Shareholder listings, certified group and organisational charts

Category III – Type of business and client baseC Revenue breakdown by legal entityC Operating geographies and customer verticals

Category IV – Compliance informationC Enhanced AML QuestionsC AML docs: e.g. AML Controls, Wolfsberg Questionnaire, US Patriot Act

Category V – Tax informationC TIN, GIIN,FATCA information & proof of registration, documentation

26

Community-led engagement… 12 leading banking groups support the KYC Registry

28 Sep 20151334 entitiesin 171 countries

Is your institution on board yet?

A look at where we are…

Entities registered

521

171FI Groups

Countries

2100424 APAC entities

29

“We value the ability to use a secure, automated system that ensures we are compliant with the most up-to-date sanctions lists.”

C Mohamed Isa Al Mutaweh, Chief Executive Officer & Member of the board of Directors, Al Baraka Islamic Bank

30

Sanctions Screening- SWIFT’s hosted screening service

Challenges of small institutions

Regulatory scrutiny and enforcementof sanctions policies is increasing

Increasing pressure from correspondents to be compliant

Available screening solutions complex and costly to maintain

Increasing challenges for low-volume financial institutions

SWIFT provides

• Screening engine & user interface• Sanctions List update service with

enhancements• No additional footprint• Centrally hosted and operated by

SWIFT• Real time• Simple to configure and use

A fully managed service to screen all transactions

31

Filtering engine

• Using Fircosoft:C Used by 8 of the top 10 banks globallyC Long term relationshipC Includes Fuzzy logic and String matchingC SWIFT has selected the default service and is continuously adapting the

filter to clients, market and regulators requirements

• Hosted by SWIFT:C SWIFT maintains the filtering engine for all clientsC No hardware investment from the client *C No software investment from the client *

• Providing the best in class solution for a fraction of the investment.

* If the client needs to screen any format, a connector is required and implies a small licence fee

32

Implementation options

Copy option

Transparent routing of FIN transactions to the service using FIN-Copy

Few weeks

Zero

Limited

FIN Cat 1, 2, 4, 7

Connector option

Query/response of all transaction types through API call to the service

Few Months

Limited

Unlimited

All transaction types

Your institution Your correspondent

12

3

Your institution Your correspondent

1 2

3

Scope

Flexibility

Footprint

Timeframe

Transactions Screened

Granularity on what is filtered

Installation & integration

Time to compliance

33

Screening & Audit Report

Screening Report Audit Report: • Copy of each alerted

transaction• Hit details• Comments and final

status

• Audit log of all transactions screened

• Audit log of all operators activity and decisions

Quality assurance Report

• Periodical quality assurance checks on effectiveness of the service• Verifies that lists used mirror regulatory sources• Measures exact and fuzzy matching capabilities• Provides details on filter configuration and related impact

410+Clients

120countries17

central banks

Compliance Services Overview - November 2015 35

Sanctions Testing

Effectiveness• Provide assurance that your

filter works• Measure system’s fuzzy

matching performance• Assess coverage of sanctions

lists• Align screening system to your

risk appetite

Efficiency • Reduce false positives

through iterative testing• Build optimisation tests into

your processes• Understand parameter changes• Manage and tune rules and

“good-guy” lists

Testing Meeting regulatory demands

Tuning Managing cost and resources

WITH

36

Formats

Settings

Lists

Automate • Repeat • Compare • Monitor

Definetest objective

Downloadtest files

Processtest files

Uploadhit results

Viewtest results

Peer assessment launched in Q2 2015Compliance Services Overview - November 2015

Sanctions Testing process

Compliance Analytics

Enhanced understanding and management of correspondent banking risk

Institution-wide risk assessment• Understand payment

patterns• Enhance correspondent

reviews• Align to policy

Zero footprint• Immediately accessible• Consolidated rich, accurate

dataset• Interactive tools and

reports

Mitigates emerging risk• Track relationships and

understand RMA status• Understand risk

concentration

Monitors payment flows• To and from your institution• Identify anomalies & nested

activity• Compare to peers

RMA analysis and review 38

What is RMA

RMA (Relationship Management Application) is a SWIFT mechanism to control the traffic you want to accept from your correspondents and vice-versa

39

The Benefits

Manage Correspondent Risk

Combat Money Laundering

Avoid Unwanted / Unexpected Traffic

40

RMA Analysis

Link with FIN authenticated

transactions to define the RMA status

• Three possible statuses:• Active• Dormant• Unused

Decide on the authorisations “to be

removed”

• Process and assistance to facilitate the bulk removal of selected unused RMA relationships

Data Collection

RMA Analysis

Business Evaluation

Overview of existing RMA’s inbound and

outbound

• Institution provides the list of RMA in XML

• Workshop implementation best practices

Key Findings Review

Key findings

• List “hot items” among RMA correspondence

1 2 3 4

• Analyse RMA answer messages

• Adapt list of RMA authorisations to be removed if necessary

41

RMA Clean-up

Kick-off meeting

List of authorisation

Analysis of Answers

Query generation

1 2 3 4

RMA clean-up

• Decide list of authorisations “to be deleted”

• Identify scope

• Clarify responsibilities

• Create an RMA Query message for each “unwanted” RMA authorisations to check importance of relations

• Remove “unwanted” RMA authorisations

5

Where are we going tomorrow?

FCC Roadmap : Toward three inter-connected Utilities ComprehensiveService offering

Sanctions e.g.• Transaction

screening• Sanctions Testing• List Management• Name/Client

Screening

Analytics/AMLKYC

Interconnected Utilities leveraging commonalities and data between the products & services

Financial Crime Compliance Utility

e.g.• KYC Registry• KYC Market Place

e.g.• Compliance Analytics

(evolving toward Bank-to-bankmonitoring)

• FATF 16

For ALL SWIFT users (small AND large) over time

The Sanctions Utility services

Sanctions Screening

Sanctions Testing

List management

1 2

3Customer screening

4

Power Point template - You can edit footer content by going into 'Insert' tab > 'Header & Footer' 45

www.swift.com