Overview of Key Compliance Topics

What topics does compliance cover?

• Financial crime; this covers Anti-money laundering, fraud, anti-bribery and corruption, sanctions and tax evasion
• Market conduct; ethical, regulatory and legal responsibilities of firms and their employees in relation to market conduct such as insider trading and market manipulation, and the consequences of breaching such
• Information security; risks and consequences of information security breaches, how to mitigate and manage such risks & employee responsibilities
• Data protection (GDPR); the legal and regulatory landscape, the risks associated with collecting, handling, storing and transferring data & how the firm manages data security
• Conduct rules; Overview of the Senior Manager and Certification Regime (SMCR), how the Conduct Rules fit into the regime & how the conduct Rules support and complement other conduct training messages
• Operational risk; what is it, how is it managed and personal responsibilities
• Risk management, treating customers fairly & creating an inclusive culture

What has been the new regulation since the Global Financial Crisis?

• These cover: Capital,
• Liquidity,
• Corporate governance,
• Transparency,
• Disclosure,
• Privacy and data protection

So how have banks responded?

Banks have responded by super-sizing compliance.

• Banks now spend 60% more on compliance than before the 2008 crisis
• While other parts of banks have slashed headcount, compliance teams have doubled their share of the workforce to 10%
• At Citibank, 30,000 of the 200,000 employees – 15% – are in compliance, risk, and control functions
• At J.P. Morgan, 43,000 employees work in what it describes as “fortress controls”
• British banks spend £5 billion per year on anti-money laundering, or AML
• 5,000 HSBC and 13,000 BNP Paribas employees work in just AML
• Standard Chartered spends $500 million a year on AML—which equals 20% of pre-tax profit
• Membership in the Miami-based Association of Certified Anti-Money-Laundering Specialists has grown from 6,000 to 70,000 people

How are banks cutting the costs of compliance?

1. One way is outsourcing compliance functions or specific projects to specialists, in areas like AML screening
2. Another is the use of technology.  Banks are looking at how many humans they can replace with technology without compromising compliance. “Regtech” has become a whole new industry.  It has been estimated that regtech revenue has grown to over $2 billion and may reach $6.5 billion by 2025.  Banks are going into partnership with hundreds of new “regtech” start-ups

What compliance challenges have been brought about by Covid-19?

Key concerns have included:

1. Technology:  Would traders have sufficient network speed and bandwidth and hardware to execute trades?  Would compliance be able to monitor trading?
2. Security: Would traders use taped phone lines as mandated?  Would information be stored on personal computers or on paper?  Would banks be able to protect data and stop cyber attacks?
3. Communication:  Could staff communicate effectively with clients without face-to-face interaction?
4. Outsourcing: Would third-party providers continue to function?  Did banks have back-ups if they could not?

How have banks responded to these challenges?

• By quickly identifying key workers who needed to come to the office.  These workers were socially distanced and spread across offices and emergency contingency sites
• Workers quickly embraced video conferencing
• From a compliance perspective, teams bombarded staff with reminders to stick to protocols as much as possible
• Most importantly, banks were able to make rapid enhancements to technology and security to adapt to home working

Going forward and expecting remote working to remain prevalent, how can banks seek to find more ways to increase flexibility without compromising security?

• Video conferencing services need to be made more secure
• Banks may move parts of their IT operations to public cloud environments. Most banks currently use their own private clouds, but in an emergency, security patches need to be rolled out physically on-site. With a public cloud, a patch can be run remotely automatically
• Banking will continue to evolve, become more complex, and need to adapt to new technologies. But given that banking will always entail risk, the need for a strong compliance function will remain constant