THE PAN ASIAN REGULATORY SUMMIT 2016 › uploads › 66 › 66f81ce9c665b… · The Pan Asian...

THE PAN ASIANREGULATORY SUMMIT 2016POST - EVENT REPORT

Contents

Hard-line enforcement action has its limits, says Hong Kong SFC chief

Hong Kong regulator says surge in company probes warrant new listing rules

After StanChart and UBS, Hong Kong regulator warns of more IPO sponsor probes

Hong Kong regulator reshuffl es enforcement division, prioritises focus areas

Regulators looking to exploit the benefi ts of technology, says SFC offi cial

Financial fi rms seek RegTech to cut regulatory chores, fi ght crime

Asia fi nancial body says China cyber security law could make risk management harder

SWIFT access links North Korea to cyber attacks and sanctions evasion

Firms should always assume they have been hacked, HK conference hears

About the authors

3

5

6

8

10

12

13

14

16

17

The Pan Asian Regulatory Summit 2016 took place in Hong Kong on 8 & 9 November 2016. Over 800 senior compliance and risk professionals attended the event over 2 days to hear from experts from Asia and across the globe on the latest regulatory trends and developments that are impacting the Asian fi nancial industry.

This report summarizes the key themes from the day, by pulling together a series of articles published on Reuters News and Thomson Reuters Regulatory Intelligence platform based on the content discussed atthe event.

2

REUTERS/Jason Lee

3

There are limits to the effectiveness of hard-line enforcement action and regulators should not be judged solely on the number of enforcement outcomes that they secure, said the head of the Hong Kong Securities and Futures Commission (SFC).

Ashley Alder, chief executive of the SFC, told the 7th Pan-Asian Regulatory Summit in Hong Kong that formal enforcement action and litigation were only part of a suite of tools that regulators have available. Alder said enforcement was generally only considered at the SFC when a matter is judged to be serious and real harm has been done to investors.

The SFC chief noted that enforcement action consumes a lot of regulatory time and resources, is subject to challenging evidential and other thresholds and cannot be relied upon to compensate victims for their losses.

“For all these reasons, enforcement is no substitute for effective gatekeeping and regular reviews of rules for the governance of listed companies and the intermediaries who interact with them,” Alder said.

The SFC official also said that if a market becomes known for a large number of enforcement actions, this can damage investor confidence and affect the jurisdiction’s overall reputation.

CONSIDERED APPROACH

Regulators across the Asia-Pacific region are taking more of a considered approach to enforcement action and moving away from the U.S.-driven model of headline-grabbing fines, the summit heard.

Tim House, partner and global head of litigation at Allen & Overy, said the trend towards larger fines was being questioned across Asia. He said these fines had only a minimal impact on the people who were directly responsible for the misconduct in question. House questioned whether penalising shareholders was an appropriate course of action when the perpetrators may have collected bonuses and moved on.

“I hope that we don’t see a major escalation in the size of fines. I think that’s driven by a very U.S.-centric approach and I think the economic impact of those fines is fundamentally wrong. It’s not a replacement for actually disciplining the wrongdoers,” House said.

Nathan Lynch, Head Regulatory Analyst, Thomson Reuters Regulatory Intelligence

HARD-LINE ENFORCEMENT ACTION HAS ITS LIMITS, SAYS HONG KONG SFC CHIEF

ASHLEY ALDER, Chief Executive Officer, Hong Kong Securities and Futures Commission & Chairman, IOSCO

OBLIGATIONS ON GATEKEEPERS

Alder told delegates that changes to the structure of listed company regulation in Hong Kong, proposed by the SFC and Hong Kong Exchanges and Clearing, were an example of the push to minimise formal enforcement action. He said the regulations would place greater obligations on gatekeepers to act responsibly and that this would, in turn, reduce the risk of enforcement action against firms.

“This is why the consultation proposals [for listing regulation changes] place an emphasis on the way in which gatekeeping decisions are made, as well as the way in which policy initiatives are pursued. This should enable the exchange and the SFC to work together to more effectively tackle some of the complex issues,” he said.

One of the main goals of the proposals is to ensure that those who have IPO gatekeeping and listing policy functions at the SFC and the HKEx work more closely together on supervision and enforcement matters, Alder said.

NEW FOCUS

Tomorrow the summit will hear from Tom Atkinson, who joined the SFC’s enforcement division in May. He is expected to reveal how the SFC’s approach to enforcement is changing under his watch.

Atkinson is expected to tell delegates that the SFC is moving away from the “broken windows” approach to enforcement, whereby all complaints are pursued, and is instead targeting its resources to focus on matters that will have the greatest market impact.

Alder said the SFC was ramping up its supervision work around corporate governance and disclosure issues, insider dealing and market manipulation. He said the number of investigations had more than doubled in the past five years, while the number of formal proceedings commenced has also doubled.

Despite this surge in activity, the SFC is committed to developing new ways to generate compliance outcomes without resorting to formal enforcement action.

“Some seem to think that most, if not all, issues can be dealt with through enforcement. It goes without saying that enforcement is a vital aspect of the SFC’s work,” Adler said. “But to suggest that enforcement is the silver bullet displays a lack of insight about the natural limitations of the enforcement tools available to us.”

In September the Hong Kong regulator received the top ranking for regulatory enforcement in Asia in the “2016 CG Watch Survey”, published by CLSA and the Asian Corporate Governance Association. The survey report said that the SFC sets the benchmark in enforcement for the Asia-Pacific region.

This is an edited version of an article that was originally published on the Thomson Reuters Regulatory Intelligence platform.

4

REUTERS/ Kevin Lamarque

Hong Kong’s securities regulator said on Tuesday the number of inquiries into market manipulation and insider trading, as well as corporate governance and disclosure issues, has doubled over the past five years, making it necessary to change listing rules in the Asian financial hub.

Speaking at the Thomson Reuters Pan-Asian Regulatory Summit in Hong Kong, Ashley Alder, chief executive of the Securities and Futures Commission (SFC), said it was too early to predict what the final listings reform will look like. He disputed claims from critics that changes would “stunt” the local equities market.

The regulator proposed an overhaul of listing rules in June that would potentially curb the regulatory powers of the city’s stock exchange and hand more authority to the SFC.

While the SFC said new rules would speed up decision-making for new listings, the proposed changes pitted international asset managers, who favoured the changes, against the city’s banks and The Chamber of Hong Kong Listed Companies, a body that represents locally listed companies.

“This is all about a more efficient, accountable and transparent process,” Alder said. Alder highlighted growing concerns over the poor quality of companies on Hong Kong’s Growth Enterprise Market, some of which had seen huge price spikes immediately after listing. He said these developments made efforts to ensure the Hong Kong market is fit for purpose all the more urgent.

“It’s very hard for me to imagine why any market regulator would be motivated to pursue policies which could stunt the healthy development of the financial centre for which it’s responsible,” Alder said. “That certainly doesn’t describe the SFC I know.”

Alder also left the door open for consideration of weighted voting rights for stock listings in the city - as opposed to the city’s long established ‘one share, one vote’ principle. The subject was a hot topic that surrounded Chinese e-commerce giant Alibaba Group Holding Ltd’s move to opt for a $25 billion listing two years ago in New York, not Hong Kong.

Alder said the regulator had never decided weighted voting rights were impossible for Hong Kong.

In 2014 Alibaba originally wanted to go public in Hong Kong with a shareholding structure that gave company insiders control even though they didn’t hold a majority of shares, breaching the ‘one share, one vote’ principle.

Alibaba co-founder Jack Ma said last week that outdated regulations in Hong Kong could hurt the appeal of the city to new economy companies looking to list in the city, and that a local site for an initial public offering of shares in Alibaba’s finance affiliate Ant Financial was not a foregone conclusion.

This is an edited version of an article that was originally published on the Reuters News wire.

HONG KONG REGULATOR SAYS SURGE IN COMPANY PROBES WARRANT NEW LISTING RULESMichelle Price, Asian Regulatory Correspondent, Reuters News

5

ASHLEY ALDER, Chief Executive Officer, Hong Kong Securities and Futures Commission & Chairman, IOSCO

6

Investors can expect to see more regulatory probes into the sponsorship of stock listings in Hong Kong, the city’s top markets enforcement official said, underlining a crackdown that has already led to two global banks being investigated.

Speaking at the Thomson Reuters Pan-Asian Regulatory Summit on Wednesday, Thomas Atkinson, recently appointed to head up enforcement at Hong Kong’s Securities and Futures Commission (SFC), said the regulator had created a temporary team dedicated to monitoring misconduct for initial public offerings.

“Corporate fraud and malfeasance pose one of the greatest threats to the integrity of the Hong Kong market,” Atkinson said. “We have received a steady stream of referrals from our corporate finance division.”

“Of particular note are those involved in misconduct of IPO sponsors: to put it very lightly, the conduct and level of professionalism demonstrated by some sponsors has left a lot to be desired,” the enforcement chief said, without disclosing any sponsor names.

“You can expect to see some more of these cases and hopefully we’ll hold these firms and senior management accountable.”

Atkinson’s tough stance comes in the wake of Standard Chartered saying last week that the SFC is investigating its role as a joint sponsor of an IPO in 2009, and could take action against its Hong Kong unit.

That disclosure came just days after UBS also said the SFC was investigating its role as sponsor of certain listings in the city. UBS could potentially face financial penalties, and could even be temporarily stripped of its ability to provide coveted corporate finance advisory services in Hong Kong.

The banks did not identify the IPOs at the centre of the probes. In 2009, Standard Chartered’s Hong Kong brokerage unit acted in only two IPOs in 2009 including the $216 million listing of timber company China Forestry Holdings Co Ltd, a listing also sponsored by UBS.

Trading in China Forestry has been suspended since January 2011, and the company is now in liquidation and delisting after the company’s auditor said it had found possible accounting irregularities.

Michelle Price, Asian Regulatory Correspondent, Reuters News

AFTER STANCHART AND UBS, HONG KONG REGULATOR WARNS OF MORE IPO SPONSOR PROBES

TOM ATKINSON, Executive Director of Enforcement, Hong Kong Securities & Futures Commission

7

REUTERS/Vasily Fedosenko

With Hong Kong the world’s hottest market for IPOs, scrutiny of listings is crucial to retain the bourse’s attractiveness to investors.

Under SFC regulations, banks can face fines and other sanctions if the listing documents of companies they are sponsoring for a market debut mislead investors.

SFC enforcement chief Atkinson said on Wednesday he has carried out a strategic review of enforcement priorities and concluded the regulator needs to focus on quality and “high-impact cases”.

“At the top of our priorities is listed company issues. We are particularly concerned about risk posed by corporate fraud and malfeasance,” Atkinson said, adding cases of fraud and corporate malfeasance have “severely damaged” Hong Kong’s reputation.

He also said an investigation into Chinese solar energy company Hanergy Thin Film, the subject of a high-profile investigation for alleged market manipulation, was still ongoing.

Atkinson was appointed in May, having previously served as the head of enforcement at Canada’s Ontario Securities Commission. He replaced Mark Steward, who left in September 2015 to join Britain’s Financial Conduct Authority.

Atkinson is shaking up the enforcement division, bringing in new directors and shifting the division’s focus, according to people briefed on the matter, who did not want to be to be named as they were not authorised to speak to the media.

Under Steward, the division cast its net widely, pursuing even minor transgressions, said lawyers and regulatory experts. Atkinson, however, is keen to wrap up many of the more than 1,000 investigations the SFC opened prior to his appointment in a bid to focus on high-profile cases, the people said.


8

The Hong Kong Securities and Futures Commission (SFC) has changed its focus and reshuffled resources to concentrate on high priority cases, said Tom Atkinson, executive director of enforcement.

Atkinson, who joined the SFC in May this year, said the regulator had in recent years seen an annual rise of 20 percent in cases and it was necessary to reassess its priorities and organizational structure.

“We carried out a comprehensive and structured strategic review of the entire enforcement division over the past few months,” Atkinson told the Thomson Reuters Pan-Asian Regulatory Summit on Wednesday.

The rapid growth in enforcement cases spurred the reorganisation, Atkinson said.

“Enforcement cases have been increasing rapidly… and are generally increasing in complexity. We could try

to double our staff every five years to cope with this trend, but even if we do this, we would still be treading water,” he said.

“We clearly need to rethink how we perform our work. We need to move from a try-to-do-everything approach to a focused approach, targeting the key risk areas.”

Atkinson said the SFC should identify cases which would have the highest impact when enforcement is initiated and at same time drop cases with little prospect of success as early as possible.

“By doing this, we will be able to bring successful enforcement outcomes to the market while the cases are still relevant, which in turn will maximise the deterrent effect of our efforts,” he said.

HONG KONG REGULATOR RESHUFFLES ENFORCEMENT DIVISION, PRIORITISES FOCUS AREASTrond Vagen, Asia Editor, Thomson Reuters Regulatory Intelligence

(From left) SIMON CLARKE, Partner, Allen & Overy; LIEF THASSIM, Co-General Counsel – APAC, Deutsche Bank; TOM ATKINSON, Executive Director of Enforcement, Hong Kong Securities & Futures Commission; MEENA DATWANI, JP, Executive Director (Enforcement & AML), Hong Kong Monetary Authority; NATHAN LYNCH, Head Regulatory Analyst,

Australia & New Zealand, Thomson Reuters Regulatory Intelligence

9

FOCUS AREAS

He said the SFC’s enforcement division would set up permanent and temporary specialised teams to focus on a number of significant risk areas: corporate fraud, corporate misfeasance, insider dealing, market manipulation and intermediary misconduct.

The corporate fraud and corporate misfeasance teams would target corporate fraud and the misuse of powers by senior managers of listed companies, and investigate types of misconduct and failings, he said. These teams would be led by experienced professionals with long track records in these areas.

The insider dealing and market manipulation team’s leader has a strong investigation background and the team comprises specialists with expertise in market analysis and investigation. This team would focus on investigating market misconduct and related offences, Atkinson said.

The intermediary misconduct team would focus on misconduct by regulated persons, including the

investigation of short selling issues, mishandling of client orders, misappropriation of client assets and investment bank malpractice.

Atkinson also said the enforcement division had set up four temporary specialised teams to tackle emerging risks.

They include a sponsor team that focuses on sponsor misconduct during initial public offerings, a GEM team that investigates irregularities in the Growth Enterprise Market, an AML team that targets know your customer/anti-money laundering control failings and a specific products team to deal with mis-selling of specific investment products.

He said the temporary teams would be disbanded once they have addressed the underlying risks and new teams would be formed to deal with other areas of concern as they arise.


REUTERS/Miro Kuzmanovic

10

The Securities and Futures Commission (SFC) has welcomed the growth of the fintech and “regtech” sectors in Hong Kong, which it said could improve security, compliance and risk management. Bénédicte Nolens, senior director for risk and strategy at the SFC, told a breakfast briefing at the Pan-Asian Regulatory Summit that the regulator was also looking to exploit the benefits of regtech.

Nolens said the delivery of regulated activities in Hong Kong through the use of technology sits within the remit of the SFC, just as it would if these services were delivered through face-to-face channels. Investment platforms such as robo-advisers, for instance, typically advise on and deal in securities, which in Hong Kong are regulated activities under the Securities and Futures Ordinance. Any entity that conducts business in Type 1 (dealing in securities) and Type 4 (advising on securities) regulated activities are required to be licensed by or registered with the SFC.

Technology-based investment platforms enter the regulatory remit and SFC licences are required to conduct this type of business. Similar requirements also apply to equity crowdfunding, peer-to-peer lending and trading platforms.

“Needless to say, we are encouraged to see Regtech innovations, especially those that can be used to achieve more efficient and effective security, compliance and risk outcomes, or that can be used by us to enhance our risk monitoring, surveillance and supervisory capabilities,” Nolens said.

“While it is clear that fintech often constitutes regulated activities and thereby intersects with the SFC’s remit, regtech may assist regulatees in ensuring compliance with our regulatory standards and may assist the SFC in performing its regulatory role,” she added.

Nathan Lynch, Head Regulatory Analyst, Thomson Reuters Regulatory Intelligence

REGULATORS LOOKING TO EXPLOIT THE BENEFITS OF TECHNOLOGY, SAYS SFC OFFICIAL

BENEDICTE N. NOLENS, Head of Risk and Strategy, Hong Kong Securities and Futures Commission

11

The SFC is considering the potential for technology to enhance its risk monitoring, surveillance and supervisory capabilities. Other areas that the SFC is watching closely include big data analytics, cognitive computing, machine learning, artificial intelligence and distributed ledger technology.

“Like most global securities regulators, the SFC is technologically neutral, which means that it is open-minded about licensed corporations and new entrants deploying technologies that achieve the right results under our rules and standards,” Nolens added.

As fintech firms automate the delivery of financial services, Nolens said they would need to develop client onboarding, authentication and fraud control technologies that are “equally or more secure” than traditional compliance controls.

They will also need to develop more advanced cyber security technologies as more investors share their personal data with fintech platforms, which creates additional cyber and data privacy risks. In addition, the growth of fintech platforms and business models typically make use of cloud computing, which triggers the need for better cloud security.

Nolens said the exponential growth in computing power, generational changes, broader access to and the decreasing cost of goods and services, and increasing disintermediation and re-intermediation, has created an ideal climate for the digital delivery of financial services.

“We are at the crossroads of significant technology-driven change in the offering of financial services,” she said. “Fintech and regtech applications are developing at a much faster pace than ever before,

creating new opportunities to achieve better investor outcomes and more efficient and effective security, compliance and risk outcomes.”

At the same time, the SFC is mindful that increasing technological innovation will create new risks and vulnerabilities that require close regulatory understanding.

Nolens said fintech start-ups need to understand and comply with all of the appropriate regulatory expectations, including those in overseas markets where their offerings are advertised.

She also said the cross-border nature of technology meant that regulators needed to communicate globally, so as to better anticipate how these new business models intersect with jurisdictional regulation.

The SFC official said regulators would increasingly explore how to best benefit from the regtech trend — for example, by better leveraging data and data analytics tools and software.

“Fintech business models empower investors to access new financial products and services, often across borders. They also enable investors to better compare the products and services offered. With this increased empowerment comes increased responsibility,” Nolens said.

She also said investors who make investments on overseas platforms that are not licensed in Hong Kong need to understand that such cross-border investments may be outside the SFC’s regulatory remit.


12

Financial services firms are increasingly turning to digital technology to meet onerous regulatory demands aimed at fighting financial fraud, creating a niche tech market that is estimated to grow to around $120 billion by 2020.

Regulatory technology, or RegTech, offers banks automated solutions that can speed up the cumbersome process of vetting clients and transactions, which is necessary to prevent money laundering and other financial crimes.

Regulators are also looking for more standardized digital transaction reports from banks to spot potential fraud more reliably and with fewer staff.

“The demand for this is enormous, everybody needs it,” said Peter Hetz, a director at Veridate Financial, whose software helps family offices and fund managers verify the identity and background of new clients and create reports for regulators.

Speaking at the Thomson Reuters Pan Asia Regulatory Summit this week, officials at the Hong Kong Monetary Authority and markets watchdog Securities and Futures Commission (SFC) said they saw major opportunities for technology to help financial firms meet growing regulatory requirements.

“Crooks will always exist, but you can reduce the risk. If you haven’t been doing your job in risk and compliance with technology, I’d be incredibly surprised,” Benedicte Nolens, head of risk and strategy at Hong Kong’s SFC, told the summit.

“It’s not only superior in a number of factors, it’s probably a lot (cheaper) and it’s certainly a lot faster” than banks’ back offices, she added.

Consultancy Quinlan & Associates estimated in a report this week that one such technology, blockchain, could cut the costs that banks incur to comply with anti-money laundering rules by $4.6 billion a year – or 32 percent of current annual costs – through reduced headcount, technology spend and regulatory fines.

Start-ups like Hong Kong-based Veridate and FixNix, which automates audit and risk tasks for small firms in India, are betting that as financial firms look to avert regulatory fines and focus on their core businesses, more of their compliance budget will go to technology.

Veridate said its automated audit process can reduce the time to sign up a new client at banks and asset managers to several minutes from weeks currently. By digitising different tasks, watchdogs can also request regular checks to make sure banks’ clients remain compliant and monitor potential risk and fraud more closely.

The SFC is launching a pilot project with 20 banks to monitor and detect systemic risk using RegTech.

In India, FixNix signed an agreement to offer its software to hundreds of community banks through the Reserve Bank of India’s technology arm.

“Having partnerships with regulators opens many doors,” said Shanmugavel Sankaran, founder and CEO of FixNix.


FINANCIAL FIRMS SEEK REGTECH TO CUT REGULATORY CHORES, FIGHT CRIMEElzio Barreto, Asia Equity Capital Markets Correspondent, Reuters News

(From Left) NATHAN LYNCH, Head Regulatory Analyst, Australia & New Zealand, Thomson Reuters Regulatory Intelligence; BENJAMIN QUINLAN, CEO, Managing Partner, Quinlan & Associates

13

The chief of one of Asia’s most prominent financial trade bodies on Tuesday said new cyber security rules in China could make it harder for foreign companies operating in the country to manage risk as cyber threats become increasingly cross-border.

Speaking at the Thomson Reuters Pan-Asian Regulatory Summit in Hong Kong, Mark Austen, chief executive of the Asia Securities Industry and Financial Markets Association (ASIFMA), said the rules marked a “worrying” development because regulators globally have to work together to address cyber risks rather than attempt to isolate their jurisdictions.

China adopted a cyber security law on Monday to counter what the government said were growing threats such as hacking and terrorism. Foreign business and rights groups expressed concern that the law could, for instance, bar foreign companies from certain sectors.

The legislation, set to take effect in June 2017, includes requirements for security reviews and for data to be stored on servers in China.

“No matter how well you cut yourself off from the rest of the world, we’re all interconnected. Favouring the development of domestic IT and forcing firms to use domestic software and not allowing firms to offshore [means] you can’t manage risk on a global basis,” said Austen.

“The threat is global. This is why we find these Chinese laws so worrying on the face of it,” he said. However the rules may become more flexible by the time they are implemented next year, he said.

Cyber security was propelled to the top of the financial services agenda in February when it emerged hackers stole $81 million from the Central Bank of Bangladesh via SWIFT, the global financial messaging system. The funds were transferred to accounts in the Philippines and Sri Lanka.

Speaking at the same event in Hong Kong, Catherine Simmons, managing director and head of Asia Pacific Government Affairs at Citi, said regulators globally would have to work more closely together to address emerging cyber threats.

“The very nature of technology and cyber threats emerging and cyber security risks, it’s cross border. Regulators are not going to just focus on their domestic markets ... they are going to have to talk to other countries about what to do. We are just seeing that discussion emerge.”


Michelle Price, Asian Regulatory Correspondent, Reuters News

ASIA FINANCIAL BODY SAYS CHINA CYBER SECURITY LAW COULD MAKE RISK MANAGEMENT HARDER

MARK AUSTEN, CEO, ASIFMA

14

Despite increasingly tough sanctions being levied against North Korea in response to its nuclear testing programme, local banks are still able to access and use the SWIFT interbank messaging system for overseas fund transfers. This has allowed the pariah state to evade international sanctions for cyber attacks against Bangladesh Bank and other entities, a UN sanctions expert said.

Stephanie Kleine-Ahlbrandt, a member of the United Nations Panel of Experts on North Korea, told the Thomson Reuters Pan Asian Regulatory Summit last week that North Korean banks’ access to SWIFT had allowed government-supported hackers to use it to seek out flaws which they would then exploit to carry out cyber attacks.

“[SWIFT] is providing messaging services right now to some designated DPRK banks, which becomes important when you look at the evasion of financial sanctions through cyber attacks,” she said.

Pointing to the cyber attack on Bangladesh Bank and the $81 million theft from its account at the Federal Reserve in New York, she said: “There’s been a subsequent attack … [by the] same actor. It’s attributed by certain cyber

companies to DPRK, [the] payout went through New York banks, and again another money laundering scheme through South-East Asia. It points out the danger of banks having access to SWIFT software services. A certain country may use that information and turn around and give it to its hackers, and then go ahead and hack the SWIFT system, which has happened on both of these occasions.”

Kleine-Ahlbrandt said the North Korean banks’ access to SWIFT had lessened the impact of a large array of financial sanctions imposed by the UN Security Council and the U.S. Treasury.

“It is very sensitive for SWIFT,” she said. “They’re trying to get their head around it, and it really leaves a lot of questions open. The secrecy involved … means that a lot of banks aren’t necessarily taking measures right now, [and] because SWIFT finds it very uncomfortable they’re not necessarily telegraphing that they have been hacked out to banks.”

She said SWIFT’s cautious response to the cyber attacks suggested there might be a commercial concern at the Belgium-based organisation that alternative messaging systems might take some of its market share.

SWIFT ACCESS LINKS NORTH KOREA TO CYBER ATTACKS AND SANCTIONS EVASIONTrond Vagen, Asia Editor, Thomson Reuters Regulatory Intelligence

(From left) BILL MAJCHER, President, EMIDR Limited; STEPHANIE KLEINE-AHLBRANDT, Finance Expert, UN Panel of Experts established pursuant to Security Council Resolution 1874 (2009); PHIL RODD, Partner, EY; JULIA WALKER, Head of Marketing Development, Risk, Asia, Thomson Reuters

15

SANCTIONS

In March this year, the UN Security Council passed resolution 2270, regarded as the most hard-hitting sanction against North Korea, and a further resolution is expected to be passed in late November.

In addition, the U.S. Treasury on November 4 published a final rule under s 311 of the USA PATRIOT Act to restrict the country’s access to the U.S. financial system. Kleine-Ahlbrandt said the many sanctions against North Korea would put plenty of pressure on institutions to engage in more extensive due diligence to ensure transactions did not expose them in any way through indirect links with North Korea.

“That’s because U.S. and European banks were appearing as corresponding banks on transactions being undertaken by DPRK front companies, mostly in South-East Asia,” she said.

“North Korea has become very adept at utilising these types of mechanisms, aliases, front companies; they are able to disguise themselves by indigenising their operations. We’ve seen a lot of exposure for Hong Kong banks, and a lot of transactions originating here. Malaysian companies, Chinese companies and other South-East Asian companies are essentially doing business on behalf of North Korean entities, either designated entities or entities that are acting on behalf of those entities.”

Another challenge for banks’ due diligence processes was that North Korea’s attempts to evade sanctions meant that they could no longer rely on screening the names of sanctioned entities against a list, she said.

“It goes to the root of some of the challenges in implementing sanctions. Almost as soon as an entity is designated, it ceases to exist. Frankly, it probably ceased to exist six months before it was designated, because politically it is difficult to designate these entities,” she said.

As a result, the due diligence task for banks will need to move from targeted financial sanctions to activity-based sanctions, which will make it more difficult and time consuming.

“It no longer involves just feeding in names, but a more sophisticated process of establishing whether an entity is acting on behalf of a designated entity,” Kleine-Ahlbrandt said.

PUBLIC/PRIVATE SECTOR COOPERATION

She said more could be done to coordinate sanctions implementation between the public and private sectors, and that firms should not be shy about asking the government for support.

“You aren’t in a position sometimes to have the intelligence necessary to act on the requirement to be depriving entities of the ability to use your accounts, when they don’t actually appear in lists,” she said. “So you need to be cooperating much more across the board. Export control, intelligence, FIUs, law enforcement, trade promotion – there needs to be a lot more intelligence-sharing within governments, between private and public sectors and also internationally. You have to constantly put pressure on your governments to provide you with the intelligence needed to be able to take action.” Under the Financial Action Task Force (FATF)’s recommendation 2, governments are required to show they are coordinating effectively with the private sector and providing it with appropriately targeted classified information.

She said a good example of how this could work was the coordinated action taken by several U.S. agencies against Hongxiang Group, a Chinese company which was accused of engaging with a North Korean company and helping it to procure illicit materials.

“Financial institutions are under such pressure right now. If you look at the Asia-Pacific region, less than one-third of the countries here have the legislation required to even freeze the assets of designated entities, let alone entities that are operating on behalf of designated entities,” she said.

“Those are essentially your partners, those are some of the countries you are working with; they are sending money through your financial institutions. It’s a huge burden to have to be accountable for those kinds of transactions.”

NO DE-RISKING

Kleine-Ahlbrandt said banks in Hong Kong in particular faced a dilemma; they could not afford to “de-risk” with regard to North Korea because the link between the two jurisdictions was China, or more specifically, Chinese companies.

“No bank anymore here, I presume, has a corresponding banking relationship with a North Korean bank, but that’s not the problem. The problem is the indirect exposure you’re going to get by offering your services to Chinese customers that engage in those types of transactions, for which now you are now being held accountable,” she said. “Their ability to access the international legitimate trade and financial system through China is going to cause a lot of headaches for you.”


16

Firms should always assume that they have been the victims of cyber crime and that their systems have been hacked, a Hong Kong police official said. Dicky Wong, a Royal Hong Kong Police Force Official, said cloud-based solutions were susceptible to cyber attacks and posed additional security concerns for businesses.

Speaking as a panelist at the Thomson Reuters Pan Asian Regulatory Summit on Wednesday, Wong said that if companies did not know where their cloud was, they could not secure the data they were placing on it.

“I am not a big fan of the cloud,” he said. “The cloud is user-friendly, but where is it?”

Wong acknowledged that budgets were tight and that resources needed to be deployed sensibly and strategically for cyber security.

His co-panelist, Jeremy Pizzala, an EY financial services cyber security partner in Hong Kong, said firms should focus on protecting their most important assets.

“Do not try and control, manage and protect everything,” he said. “Take a crown jeweled view of what your key assets are. Is it your inter-bank settlement processes, or your SWIFT network or your customer data? Focus from that ‘crown jewel’, key assets point of view as a starting point.”

Pizzala said recent moves into digital business and adoption of technological solutions had exposed some laxity, with some firms disregarding cyber security issues.

“We strongly encourage all organisations … to be very concerned with cyber security issues and bake them into the plans early and upfront,” he said. “Once you set

up digital channels, it is tougher to go back and set up the controls you need to manage and protect data and access it.”

The ethereal nature of the cloud and the risk it poses for cyber crime is made worse by the multiple players businesses have to deal with and share their data with in Asia, the panelists said.

“Asia is highly disintermediated. The insurance market is a great example,” said Leesa Soulodre, chief reputation risk officer at the RL Expert Group. “You have your own directly owned entities, your joint ventures (JV), your agents, brokers and licensees. How do you control the data that is stored across that network and protect your organization?”

Soulodre said that, ultimately, people and not technology were the financial sector’s weakest link.

“From a compliance perspective, corporates are mandating [cyber security] compliance because they do not want to open themselves up to risk. Big corporations are exposed to more risks and regulations. Yet, those down the food chain must also comply,” she said.

She said institutions should consider a number of issues before devising cybersecurity strategies and policies, including: “Is what we are about to do legal, ethical and acceptable? Is it defendable and is it sensible? And after I take that decision, does it change who I am and does that change who this organisation is?


Ajay Shamdasani, Senior Regulatory Analyst, Thomson Reuters Regulatory Intelligence

FIRMS SHOULD ALWAYS ASSUME THEY HAVE BEEN HACKED, HK CONFERENCE HEARS

(From left) JAMES MIRFIN, Managing Director, North Asia, Thomson Reuters; JEREMY PIZZALA, Partner, Financial Services Cyber Security, EY; LEESA SOULODRE, Chief Reputation Risk Officer, RL Expert Group; SHIH HSIEN LIM, Head, Information Security, Hong Kong Jockey Club;

DICKY WONG, Detective Senior Inspector of Police, Cyber Security Division, Hong Kong Police Force

17

ABOUT THE AUTHORSELZIO BARRETO, Asia Equity Capital Markets Correspondent, Reuters News

Elzio Barreto is responsible for covering equity capital markets in Asia for Thomson Reuters, including IPOs and follow on deals. Before coming to Hong Kong, Elzio covered fi nancial services fi rms and investment banking in Brazil, where the economy has expanded atChinese-like rates thanks to a surge in available credit. Elzio has been with Reuters since 2006 and before that worked for seven and a half years at Bloomberg, covering telecoms, banks and Brazil’s economy.

NATHAN LYNCH, Head Regulatory Analyst, Thomson Reuters Regulatory Intelligence

Nathan Lynch is the head regulatory analyst for Thomson Reuters’ Governance, Risk and Compliance operations in the Asia-Pacifi c region. Nathan joined Thomson Reuters’s London offi ce in 2000. He returned to Australia in 2002 and has written about regulatory affairs,anti-money laundering and compliance developments for Thomson Reuters’ Compliance Complete service across the Asia-Pacifi c region ever since.

Nathan is a member of the Australasian Compliance Institute and has presented workshops at the ACI’s annual governance, risk and compliance conference. Nathan also appears regularly in print and electronic media as a specialist commentator on fi nancial markets and regulation.

MICHELLE PRICE, Asian Regulatory Correspondent, Reuters News

Michelle Price is Asia Regulation Correspondent based in Hong Kong, where she covers a range of regulatory and enforcement issues, from antitrust and corruption probes, so the G20 post-crisis reform agenda.

Michelle joined Reuters News from Dow Jones where she was Asia editor at Financial News, the group’s institutional fi nance publication and sister publication of The Wall Street Journal, based in Hong Kong. Before moving to Hong Kong a year ago, Michelle ran Financial News’ trading and technology desk in London. Michelle has a BA. Hons in History from the University of Cambridge.

AJAY SHAMDASANI, Senior Regulatory Analyst, Thomson Reuters Regulatory Intelligence

Ajay Shamdasani is a senior regulatory analyst with Thomson Reuters’ Governance, Risk and Compliance division in Hong Kong. His focus is money laundering, FATCA, fraud, corruption, data privacy, cybercrime and Islamic fi nance in Asia. He was previously editor-in-chief of “Macau Business” magazine and deputy editor of “A Plus magazine (the journal of the Hong Kong Institute of Certifi ed Public Accountants). He attained an AB in history and political science from Ripon College in Ripon, Wisconsin, as well as JD and MIPCT degrees from the University of New Hampshire School of Law (formerly Franklin Pierce Law Center) in Concord, New Hampshire. He also holds an LLM in fi nancial regulation from the Chicago-Kent College of Law, Illinois Institute of Technology.

TROND VAGEN, SENIOR EDITOR, ASIA, REGULATORY INTELLIGENCE, THOMSON REUTERS

Trond Vagen is the Asia editor for Thomson Reuters Regulatory Intelligence, based in Hong Kong. He joined Thomson Reuters with the 2010 acquisition of Complinet, which he had been with since early 2008. Trond has been in Hong Kong since 2006 and has covered regulatory compliance issues in Asia and Europe for nearly a decade. He has previously worked for The Deal, Standard & Poor’s and Compliance Online, covering issues spanning from M&A deals and private equity in Asia to reporting on EU stock markets. He has a Bachelor of Arts in Journalism from California State University, Long Beach

Want to learn more about how Thomson Reuters Risk Management Solutions can help your organization combat regulatory challenges?

Speak to an advisor: risk.thomsonreuters.com/contact-sales

RISK MANAGEMENT SOLUTIONS FROM THOMSON REUTERSRisk Management Solutions bring together trusted regulatory,customer and pricing data, intuitive software and expert insight andservices – an unrivaled combination in the industry that empowersprofessionals and enterprises to confidently anticipate and act on risks –and make smarter decisions that accelerate business performance.

For more information, contact your representative or visit us online at risk.thomsonreuters.com

© 2016 Thomson Reuters. 11058599/11-16

http://info.risk.thomsonreuters.com/LP=7929

risk.thomsonreuters.com

THE PAN ASIAN REGULATORY SUMMIT 2016 › uploads › 66 › 66f81ce9c665b… · The Pan Asian...

Documents

Transcript of THE PAN ASIAN REGULATORY SUMMIT 2016 › uploads › 66 › 66f81ce9c665b… · The Pan Asian...