Alleviating compliance pressures for the community by Ang Swee Leong and Joyce Foo
-
Upload
swift -
Category
Presentations & Public Speaking
-
view
558 -
download
0
Transcript of Alleviating compliance pressures for the community by Ang Swee Leong and Joyce Foo
1
Alleviating Compliance Pressures Changing Landscapes & Malaysian Considerations
Ang Swee LeongDirector & Regional Head, AML/CFT & IT Compliance, CIMB
2
Some thoughts & topics for discussion
Evolution of StandardsBanking Compliance and Regulatory Financial TransparencyFuture of Sanctions
• Global Regulations have extended beyond the traditional scope• Compliance encompasses:
– Laws & Regulations– Standards & Guidelines
• The nexus of principle based laws to standards & prescriptive requirements poses several challenges:
– Analysis and interpretation– Speed of responses & implementation
Introduction
Evolution of Key “Broadly Endorsed” Standards (for Sound Financial Systems*)
• Fiscal & Financial Transparency• Monetary and Financial Transparency• Data Dissemination
• Banking• Insurance• Securities (incl. OTC & derivatives)• Pensions & Annuities• Payments & Settlements
Macroeconomic Policy & Data Transparency (Good Practices) Financial Regulation and Supervision
Institutional & Market Infrastructure• Corporate Governance Market Infrastructure• Accounting, Auditing & Assurance• AML/CFT Insolvency/Credit
* Standard setting bodies include (but are not limited to BIS, FATF, IMF IOSCO, IAASB, etc
Banking Compliance and Regulatory Landscape Today Key Areas of Regulatory Focus
– Current ½ dozen priorities are expected to remain unchanged, and are similar– Business Partnering with Business Units are a priority to address industry/business regulations, as well as,
to mitigate money laundering risk via more robust KYC– Conduct Risk is also key: covering product transparency, secrecy/privacy and conflict managment
Current Risks Priorities: Future Risks Priorities Source :PWC
Banking Compliance and Regulatory Landscape Today Increased Regulations & Effort to Track & Change• 80% of all Firms will spend at least ½ a day changing policy
• Each ½ day change could result in 7-14 hours of changes/correction at the front line per month per annum
Firms which spend more than 10 hours a week tracking & reporting regulatory changes
Source :Thomson Reuters
Malaysian Compliance and Regulatory Landscape
Effective 1 Jan 2017 :• Malaysia’s FI
Compliance Framework
• OECD Tax/Financial Transparency Exchange of Information
Source :Accenture
Banking Compliance and Regulatory Landscape Today Increased stature and complexit y of compliance, influencing Fis’ decision making.
Evolution of regulatory framework, covering expended role and greater liability
Fostering a compliance conduct & culture becoming a key priority for FIs.
Limited compliance talent pool. FIs are considering alternate approaches, shared services and outsourcing.
Automation & Management Information is becoming an inevitable necessity.
1
2
3
4
5
Responses to Increased expectations in Compliance
“Revisiting Risk”
Conduct Risk
Bank Secrecy/Data Protection
Trends Description
The inability of banks to manage risk in rogue trading, benchmark rigging, product mis-selling, insider dealing and misconduct has led banks to focus on staff conduct and increase automation.
Fearing of regulatory enforcement and financial burden of compliance, FIs are from high risk segments, products and countries. Examples include:
international banks exiting from MSBs, including restrictions on correspondent banks Malaysia: exit from timber and other natural resource industries Middle East: reduced participation and services by USD/GBP/EUR clearing participants
Operational or occasional lapses of data loss, leakage Banks are require to strengthen the Banks are also at risk due to reliance on service providers
Digital banking& Fin Tech
Digital banking has extended horizontally across operations, technology, legal as well as compliance. Banks are required to invest on compliance related preventative and detective controls.
Foreign Regulators have extended expectations beyond traditional audits and security assessments Simulations & Stress Tests are becoming the norm
AML/CFT, Sanctions and Proliferation Prevention
Malaysia’s Current State• Generally robust, well developed framework
• Still in Development/Progress:
– Controls for Legal person/arrangements
– Timeliness & accuracy of registrars
– Transition for rule-to-risk based approach
• Enforcement, cooperation & prosecution will evolve
• “Corporate Veil” should not undermine preventive, investigative nor enforcement measures
• Increased supervision and monitoring expected of Off-shore Institutions, TCSP* & DNFBP*
• More needs to (and will) be done to mitigate the transnational risks
* Trust Company Serice Providers & Designated Non Financial Business and professions
“Malaysia’s coordinated strategies [for] an effective AML/CFT system is a part of integrated efforts to attain developed nation status by 2020, including … a shared culture of AML/CFT compliance amongst government and private sector stakeholders”
Evolution of AML/CFT risk & controls• Rule-based/Principle
– Descriptive– Recommendations/Illustrative
• Industry/Sectoral based• Financial & Customer Indicators
– “traditional” KYC : nationality, product, activity– Regime/geographic disclosures
• Rule & indicator based Controls– Profile & Products– Thresholds & Triggers
• AML/CFT Mutual Evaluation
• Risk-based Prescriptive:– Prescriptive Definitions & Standards– Typology and attribute based
• Sub-Sectoral & Service Specific• Financial Transparency:
– KYC/CDD extend to new attributes– Bi-/Multi-lateral exchanges of Information
• Rule & learning based Controls– Technology/system based solutions are
expected (may expressed be stated)– Demographic & Behavior
• Multi-Standard based evaluation
Financial Transparency: ObligationsDefinition (OECD and Financial regulator based)
– “Timely, meaningful and reliable/relevant disclosures”
– “the objectives of policy (legal, institutional, and economic ) and the terms of accountability are … comprehensible, accessible, and timely “
• Obligations of Reporting Institutions:
– Multi-lateral and reciprocal transparency
– Preventive controls & counter-measures, where necessary (incl declining transactions)
– Awareness of clients, customers and counterparties
Financial Transparency: ObligationsDefinition (OECD and Financial regulator based)
– “Timely, meaningful and reliable/relevant disclosures”
– “the objectives of policy (legal, institutional, and economic ) and the terms of accountability are … comprehensible, accessible, and timely “
• Obligations of Reporting Institutions:
– Multi-lateral and reciprocal transparency
– Preventive controls & counter-measures, where necessary (incl declining transactions)
– Awareness of clients, customers and counterparties
Financial Transparency: Implications• Implications to the financial landscape:
– Risk-based business relationships, … and restrictions
– Prudence and caution will underlie preventive controls
(and, consequently, establishing or renewing relationships)
• Emerging trends and practices
– Extended queries for correspondent banking
– Enhanced due diligence
– Emphasis of dual goods and other proliferation indicators
The future of Sanctions & Enforcement
• Either International or Country adopted/enforcement
• Implied Participative & sometimes Unilateral:
– International Resolution based– Use of Currency & Intermediaries– Legislative, Contractual & Commercial
enforcement
• Treaty & Unilateral Enforcement
• Agnostic/Apolitical Transparency • Multi-lateral and Bi-lateral Agreements for:
– Definition of Identification & Verification & Disclosure
– Acceptance/Declining and/or Withholding/Blocking
• Broader, international and commercial Enforcement
Sanctions (noun):“an official order (including permission or approval)”“Measures (including orders and actions) to compel or prevent”
Some On-going and Practical considerations
Could Know, Should Know
1 Control,Mutiple
Objectives
Extra-Territorial
Compliance
Assurance & Confidence
Technology & Data
Summary• Increased global and multi-lateral definitions will govern the Compliance Framework
• Principles and methods remain unchanged:
– Evolution will manifest in policy, processes and system
– Standards may balance principles, rules & risk mitigation
• New channels, opportunities and risks need to be analysed, defined and translated into policies, terms & conditions
• Institutions’ & professionals’ participation in the global landscape will be defined or limited by one’s :
– Ability to define, communicate & transparently practice policy and processes
– Alignment and adoption of standards in both policy and services
19
Important NoticeThis presentation has been prepared by a representative of CIMB Group, at the request of an Institution or Association, solely for information and general discussion. Terms contained in this presentation are intended for discussion purposes only and are not to be deemed to be definitive for any commercial, legal nor regulatory purposes.. All information contained in this presentation belongs to CIMB Group and may not be copied, distributed or otherwise disseminated in whole or in part without the written consent of CIMB Group.
This presentation has been prepared on the basis of information that is believed to be correct at the time the presentation was prepared, but that may not have been independently verified. CIMB Group makes no express or implied warranty as to the accuracy or completeness of any such information.
CIMB Group is not acting as an advisor or agent to any person to whom this presentation is directed. Such persons must make their own independent assessment of the contents of this presentation, should not treat such content as advice relating to legal, accounting, taxation or investment matters and should consult their own advisers.
CIMB Group or its affiliates may act as a principal or agent in any transaction contemplated by this presentation, or any other transaction connected with any such transaction, and may as a result earn brokerage, commission or other income. Nothing in this presentation is intended to be, or should be construed as an offer to buy or sell, or invitation to subscribe for, any transaction nor securities.
Neither CIMB Group nor any of its their directors, employees or representatives are to have any liability (including liability to any person by reason of negligence or negligent misstatement) from any statement, opinion, information or matter (express or implied) arising out of, contained in or derived from or any omission from the presentation, except liability under statute that cannot be excluded.
20
Alleviating Compliance Pressures for the Community
Joyce FooDirector, Compliance Services, Asia Pacific, SWIFT
Where are we today?
22
A community issue calling for a community solution…
Financial crime is top of the agenda for banksFinancial crime is top of the agenda for banks
Significant costs at stake….
All geographies / All types of players impacted
... Yet no competitive advantage for banks
Lots of duplication…… for universal
challenges
Sanctions* ScreeningHosted solution for cost-effective compliance with sanctions regulations.
• All financial message formats
• 30+ global sanctions lists
• 300 customers in 100 countries
• 15 central banks
Sanctions TestingMaximise the effectiveness and efficiency of your sanctions environment.
• Independent assurance that your sanctions filters work correctly
• Greater control over systems/processes
• Peer benchmarking
The KYC RegistryOne global source of KYC information for correspondent banking.
• Simple, secure, standardised**
• Supported by world’s largest correspondent banks **
• SWIFT Profile
Compliance AnalyticsEnhanced understanding & management of financial crime-related risk.
• Unique, global dataset
• Interactive investigation tool
• Packaged reports• Event-driven
alerting
Community-inspired Financial Crime Compliance Solutions
24
KYC REGISTRY
The context… an unprecedented challenge to comply with KYC legal requirements
Information is unavailable or of poor quality
Complex, inconsistent requirements across jurisdictions
Cumbersome, repetitive and inefficient bilateral exchanges
25
The solution… a single source of correspondent banking information
7,000+ banks on SWIFT = 1.3M+ connections
Standardised, industry-wide solutions
User-provided, user-controlled access to qualified KYC information
Unique content: SWIFT Profile, EDD data
A standard set of KYC dataCategory I - Identification of the customer
C Licenses and Proof of Regulation, Certificate of Incorporation, et ceteraC Legal name, auditor, regulator, addresses
Category II – Ownership and management structureC Declaration of key UBO and shareholders : full names and identifying dataC Board of Directors Lists: full names and identifying data C Group structureC Annual Reports, Shareholder listings, certified group and organisational charts
Category III – Type of business and client baseC Revenue breakdown by legal entityC Operating geographies and customer verticals
Category IV – Compliance informationC Enhanced AML QuestionsC AML docs: e.g. AML Controls, Wolfsberg Questionnaire, US Patriot Act
Category V – Tax informationC TIN, GIIN,FATCA information & proof of registration, documentation
26
Community-led engagement… 12 leading banking groups support the KYC Registry
28 Sep 20151334 entitiesin 171 countries
Is your institution on board yet?
A look at where we are…
Entities registered
521
171FI Groups
Countries
2100424 APAC entities
29
“We value the ability to use a secure, automated system that ensures we are compliant with the most up-to-date sanctions lists.”
C Mohamed Isa Al Mutaweh, Chief Executive Officer & Member of the board of Directors, Al Baraka Islamic Bank
30
Sanctions Screening- SWIFT’s hosted screening service
Challenges of small institutions
Regulatory scrutiny and enforcementof sanctions policies is increasing
Increasing pressure from correspondents to be compliant
Available screening solutions complex and costly to maintain
Increasing challenges for low-volume financial institutions
SWIFT provides
• Screening engine & user interface• Sanctions List update service with
enhancements• No additional footprint• Centrally hosted and operated by
SWIFT• Real time• Simple to configure and use
A fully managed service to screen all transactions
31
Filtering engine
• Using Fircosoft:C Used by 8 of the top 10 banks globallyC Long term relationshipC Includes Fuzzy logic and String matchingC SWIFT has selected the default service and is continuously adapting the
filter to clients, market and regulators requirements
• Hosted by SWIFT:C SWIFT maintains the filtering engine for all clientsC No hardware investment from the client *C No software investment from the client *
• Providing the best in class solution for a fraction of the investment.
* If the client needs to screen any format, a connector is required and implies a small licence fee
32
Implementation options
Copy option
Transparent routing of FIN transactions to the service using FIN-Copy
Few weeks
Zero
Limited
FIN Cat 1, 2, 4, 7
Connector option
Query/response of all transaction types through API call to the service
Few Months
Limited
Unlimited
All transaction types
Your institution Your correspondent
12
3
Your institution Your correspondent
1 2
3
Scope
Flexibility
Footprint
Timeframe
Transactions Screened
Granularity on what is filtered
Installation & integration
Time to compliance
33
Screening & Audit Report
Screening Report Audit Report: • Copy of each alerted
transaction• Hit details• Comments and final
status
• Audit log of all transactions screened
• Audit log of all operators activity and decisions
Quality assurance Report
• Periodical quality assurance checks on effectiveness of the service• Verifies that lists used mirror regulatory sources• Measures exact and fuzzy matching capabilities• Provides details on filter configuration and related impact
410+Clients
120countries17
central banks
Compliance Services Overview - November 2015 35
Sanctions Testing
Effectiveness• Provide assurance that your
filter works• Measure system’s fuzzy
matching performance• Assess coverage of sanctions
lists• Align screening system to your
risk appetite
Efficiency • Reduce false positives
through iterative testing• Build optimisation tests into
your processes• Understand parameter changes• Manage and tune rules and
“good-guy” lists
Testing Meeting regulatory demands
Tuning Managing cost and resources
WITH
36
Formats
Settings
Lists
Automate • Repeat • Compare • Monitor
Definetest objective
Downloadtest files
Processtest files
Uploadhit results
Viewtest results
Peer assessment launched in Q2 2015Compliance Services Overview - November 2015
Sanctions Testing process
Compliance Analytics
Enhanced understanding and management of correspondent banking risk
Institution-wide risk assessment• Understand payment
patterns• Enhance correspondent
reviews• Align to policy
Zero footprint• Immediately accessible• Consolidated rich, accurate
dataset• Interactive tools and
reports
Mitigates emerging risk• Track relationships and
understand RMA status• Understand risk
concentration
Monitors payment flows• To and from your institution• Identify anomalies & nested
activity• Compare to peers
RMA analysis and review 38
What is RMA
RMA (Relationship Management Application) is a SWIFT mechanism to control the traffic you want to accept from your correspondents and vice-versa
39
The Benefits
Manage Correspondent Risk
Combat Money Laundering
Avoid Unwanted / Unexpected Traffic
40
RMA Analysis
Link with FIN authenticated
transactions to define the RMA status
• Three possible statuses:• Active• Dormant• Unused
Decide on the authorisations “to be
removed”
• Process and assistance to facilitate the bulk removal of selected unused RMA relationships
Data Collection
RMA Analysis
Business Evaluation
Overview of existing RMA’s inbound and
outbound
• Institution provides the list of RMA in XML
• Workshop implementation best practices
Key Findings Review
Key findings
• List “hot items” among RMA correspondence
1 2 3 4
• Analyse RMA answer messages
• Adapt list of RMA authorisations to be removed if necessary
41
RMA Clean-up
Kick-off meeting
List of authorisation
Analysis of Answers
Query generation
1 2 3 4
RMA clean-up
• Decide list of authorisations “to be deleted”
• Identify scope
• Clarify responsibilities
• Create an RMA Query message for each “unwanted” RMA authorisations to check importance of relations
• Remove “unwanted” RMA authorisations
5
Where are we going tomorrow?
FCC Roadmap : Toward three inter-connected Utilities ComprehensiveService offering
Sanctions e.g.• Transaction
screening• Sanctions Testing• List Management• Name/Client
Screening
Analytics/AMLKYC
Interconnected Utilities leveraging commonalities and data between the products & services
Financial Crime Compliance Utility
e.g.• KYC Registry• KYC Market Place
e.g.• Compliance Analytics
(evolving toward Bank-to-bankmonitoring)
• FATF 16
For ALL SWIFT users (small AND large) over time
The Sanctions Utility services
Sanctions Screening
Sanctions Testing
List management
1 2
3Customer screening
4
Power Point template - You can edit footer content by going into 'Insert' tab > 'Header & Footer' 45
www.swift.com