state of regulatory reform 2018: a special report...7 beyond the sandbox: fintech set for new phase...

State of Regulatory Reform 2018: A Special Report This annual report covers our predictions for 2018; learn from our team of journalists at Thomson Reuters Regulatory Intelligence about what regulatory events will shape the year and how you can best stay prepared.

Consolidate and filter relevant regulatory developments,

mitigate the risk.

.For more information contact your representative or visit us online at risk.tr.com

Thomson Reuters Regulatory Intelligence FeedsReceive a customized content feed that ensures you only spend time reviewing information tailored to your organization, and empowers you to manage business risk based on all of the facts

™ simplifies your research process.

How doyou navigate the regulatory landscape?

3risk.thomsonreuters.com

AMERICAS

5 U.S. FINANCIAL FIRMS FEEL RELIEF AS DEREGULATION GATHERS STEAM

7 BEYOND THE SANDBOX: FINTECH SET FOR NEW PHASE OF GROWTH, REGULATION

10 U.S. BANKS FACE YEAR OF KYC CHALLENGES

14 INTERNATIONAL DIVERGENCE POSES RISKS, COMPLIANCE CHALLENGES IN U.S.

16 SYSTEMIC-RISK REGULATION EASES AS U.S. STABILITY COUNCIL LOSES CLOUT

18 U.S. INVESTMENT ADVISERS FACE RISING DATA DEMANDS

21 U.S. INSURANCE OVERSIGHT PENDULUM SWINGS BACK TO STATES

23 CANADIAN REGULATORS TARGET BANK CONDUCT, FINANCIAL PLANNERS, GOVERNANCE

EUROPE AND THE MIDDLE EAST

25 BREXIT: PREPARING FOR A WORLD WITHOUT PASSPORTING

27 MIFID II TRANSACTION REPORTING: GREAT EXPECTATIONS MEET GRIM REALITY

30 CONTINENTAL EUROPEANS STRUGGLE WITH MIFID II PREPARATIONS

31 DIGITAL MARKET ABUSE HAS EMERGED FROM THE DARK WEB

33 HIGH-END MONEY LAUNDERING IS TOP AREA OF RISK FOR UK REGULATOR

35 QUESTIONS REMAIN ABOUT READINESS FOR NEW EU DATA PROTECTION RULES

38 UAE ASSERTS ITS CENTRAL REGIONAL ROLE

ASIA-PACIFIC

40 TECHNOLOGY THEMES TO LOOM LARGE IN SINGAPORE

43 HONG KONG FACES UP TO FINTECH/REGTECH CHALLENGES

44 FATF MUTUAL EVALUATION SET TO GIVE HONG KONG MIXED REPORT

46 TRADE REPORTING, CLEARING TO TAKE SPOTLIGHT IN ASIAN OTC MARKETS

49 BASEL III PACKAGE FINALIZED BUT COULD SPELL END OF REFORMS; FRTB DELAYED TO 2022

52 ASIAN SATELLITE MARKETS TO FOCUS ON AML/CTF, DATA PRIVACY

54 AUSTRALIA HERALDS SHIFTING ENFORCEMENT LANDSCAPE

TABLE OF CONTENTS

CONTRIBUTORS

Dubai Peter Shaw-Smith

London Alexander Davidson Lindsey Rogerson Rachel Wolcott

New York Antonita Madonna Henry Engler Richard Satran Bora Yagiz

Perth Nathan Lynch

San Diego Jason Wallace

Singapore Patricia Lee Trond Vagen

St Louis Brett Wolf

Toronto Daniel Seleanu

Editors Alexander Robson in London

Randall Mikkelsen in Boston

http://risk.thomsonreuters.com

https://www.linkedin.com/in/peter-shaw-smith-184a525/

https://linkedin.com/in/alexander-davidson-2518186/

https://linkedin.com/in/rachelwolcott/

https://linkedin.com/in/antonita-madonna-90300212/

https://linkedin.com/in/henry-engler-29133/

https://linkedin.com/in/richard-satran-80b51143/

https://linkedin.com/in/bora-yagiz-frm-a60692/

https://linkedin.com/in/nathlynch/

https://linkedin.com/in/jasonswallace1/

https://linkedin.com/in/patricialeesc/

https://linkedin.com/in/trond-vagen-42a4694/

https://linkedin.com/in/amlwolf/

https://linkedin.com/in/daniel-seleanu-2097762b/

https://linkedin.com/in/alexanderrobson/

https://linkedin.com/in/alexanderrobson/

https://linkedin.com/in/randall-mikkelsen/

https://linkedin.com/in/randall-mikkelsen/

4 State of Regulatory Reform 2018: A Special Report

Around the world, regulators and the financial services industry will be racing to keep pace with the rapid development of digital technology. Most urgent will be the stability and money-laundering risks presented by cryptocurrencies, the transformative potential of blockchain, and the threats to cyber security.

The EU’s Markets in Financial Instruments Directive II (MiFID II) finally arrived on January 3 but it will be some while before regulators take any action over non-compliance: a last minute mini-flood of waivers, extensions and consultations were announced to offset many of the looming pressure points.

Those expecting the European Securities and Markets Authority (ESMA) to use its product-banning powers straight out of the gate must await the outcome of yet another consultation on contracts for difference and binary options to see if ESMA is willing to walk the walk on investor protection.

Likewise, the six-month “breathing space” granted at the eleventh hour for issuers who had failed to get a legal entity identifier (LEI) has pushed back any supervisory investigations on transaction reporting till at least Q3 2018. Although the UK Financial Conduct Authority’s statement that it would be “in touch” with vendors about missing issuer LEIs should leave firms in no doubt that there will be no further extension.

One possible early consequence of MiFID II could be if the predicted evaporation of research coverage materializes as a result of the new rules on research costs. If research on smaller companies did dry up, it would present a serious threat to the likely success of the EU’s ambitious Capital Markets Union.

Financial services firms must also grapple with the General Data Protection Regulation from May 26. Described by some European politicians as an even bigger compliance challenge than MiFID II, it is the biggest overhaul of data protection rules in two decades. The penalties for non-compliance will be severe.

In the United States, Trump’s early vow to “dismantle” financial regulations hindering the economy has been translated into a blueprint for action. It promises relaxed banking regulations, including the Volcker rule’s ban on proprietary trading, stress testing and the supervisory process. Regulators are also aiming to ease oversight of capital standards, both among smaller banks and insurers.

Investment regulators are expected to collaborate on a new fiduciary standard with broader industry application than the Labor Department’s delayed rule for retirement accounts.

U.S. enforcement agencies have created new units and bolstered technological capability to be tough on investor protection, financial crime and money laundering. On the other hand, they are offering forbearance when companies make efforts to cooperate.

Congressional efforts to win a broad repeal of the 2010 Dodd-Frank Act face political obstacles. The real change is coming through the executive branch, which is wielding its bureaucratic tools to carry out its agenda within existing law.

Regulators worldwide have sounded warnings about cryptocurrencies but in an effort to stay relevant some are moving to bring them into the financial system. This year will see the results of the launch of bitcoin futures trading on U.S. derivatives markets, for example, even as securities regulators are poised to crack down on unregistered bitcoin financings.

U.S. regulators have also moved into the realm of digital financial services by creating a charter process for online banks. In the UK, regulatory “sandboxes” are serving to encourage digital services and bring them under the supervisory umbrella.

INTRODUCTION

2018 is going to be the year that theory becomes practice for many compliance officers and regulatory professionals, and a year in which the post-financial crisis push for regulatory harmony yields to international divergence.

After years of preparations, major regulations will take effect or have already done so in the European Union and their effects will be felt far beyond the member states. The pendulum is swinging the other way in the United States, where President Donald Trump’s administration will be implementing a deregulatory agenda it spent its first year preparing.


AMERICAS

U.S. FINANCIAL FIRMS FEEL RELIEF AS DEREGULATION GATHERS STEAMThe question pending for U.S. financial firms in 2018 is not whether they will get regulatory relief from post-crisis reforms, but how much.

President Donald Trump has renewed his determination to slash financial regulations, and the U.S. Treasury has set out a long list of proposed changes to the regulatory framework. The relief will flow mostly from the federal agencies that oversee these financial firms, rather than U.S. congressional lawmakers.

The executive-branch strategy is no accident. What jumps out in Treasury’s proposals is how little depends on congressional action. The approach bows to the current political climate — getting anything done legislatively is hard given the polarized state of the union and competing priorities of the Trump administration.

Another pragmatic step has been Treasury’s engagement with the regulators responsible for oversight. Many of the newcomers have had a say in the proposed changes. Moreover, the new “referees” are like-minded in believing the 2010 Dodd-Frank Act needs tweaking.

“You can do a lot without Congress,” said Michael Alix of PwC in New York. “These agencies have already the power under pre-existing statutes, and there is a lot of power in changing the referees.”

Of the five primary regulatory bodies, all but one has seen a change at the top – the Federal Deposit Insurance Corporation, with chair Martin Gruenberg’s term having ended in November, has still to find a replacement. A sixth agency, the Consumer Financial Protection Bureau, a Dodd-Frank creation whose founding director stepped down in November, also acted swiftly on leadership priorities of the Trump administration following the departure.

In terms of likely regulatory changes, several stand out.

VOLCKER, STRESS TESTS, LIQUIDITY AND SUPERVISION

For big banks the Volcker rule has been a thorn in their side, and nearly all regulators believe the rule’s proprietary trading ban needs fixing. Changes agencies have the power to make include eliminating the presumption that any position held over 60 days must be proprietary. Regulators can also expand banks’ leeway in determining reasonable inventory levels for market making. Also, compliance functions for Volcker

REUTERS/Kevin Lamarque



may be revised to reflect the risk profile of each institution, rather than a one-size-fits-all approach. These are all areas where regulators can act. The challenge will be in getting five agencies to agree on any changes; that might take some time.

Closely related to Volcker are the myriad rules on liquidity, which some say lack coherence and are duplicative. The liquidity coverage ratio (LCR) is one such requirement. Randal Quarles, the Fed’s new vice chair, has said the LCR should be “a backstop” measure, not a primary capital requirement. There is support for a possible recalibration of the measure, he said.

Stress testing is another likely relief area. Greater transparency over the “qualitative” aspect of such reports and a decrease in the number of tests are likely. The Federal Reserve in December proposed changes to the stress-testing process that would give lenders significantly more information about how their portfolios may perform during potential market shocks.

The supervisory process will also be reviewed, and for the largest banks, this may be more important than regulatory changes.

“Supervision is about dealing with culture,” Quarles told a banking panel. “Engaging on changing the tenor of supervision is likely to be the biggest part of what I do.”

A vital part of any shift in supervision will be the tailoring of oversight to the risk profile of each institution. Again, big banks will be most affected. With William Dudley, the New York Fed chief, leaving in mid-2018, his replacement, along with Quarles, will be in the lead on supervision.

“No one can argue that the character of regulation shouldn’t be tailored to the firms regulated,” Quarles said. “Size is only one factor.”

Small and mid-sized banks nevertheless are due some relief. They have lobbied hard for raising the Dodd-Frank $50 billion systemic risk threshold, arguing the arbitrary figure unfairly punishes many that pose little danger to the system.

In response, there is now bipartisan political support to raise the threshold to $250 billion. Lawmakers also want to exempt banks with assets under $10 billion from the Volcker rule. Even the toughest critics in Congress will have a hard time arguing that smaller institutions should not get relief.

CAPITAL MARKETS, SHIFT ON ENFORCEMENT

In a separate report, Treasury outlined a broad range of 91 technical fixes aimed at boosting stock, bond and derivatives markets. All but nine can be put into effect by the federal regulatory agencies, primarily the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC).

Craig Phillips, chief architect of Treasury’s reform plans, told a banking conference: “I think we have tremendous buy-in from the SEC and CFTC.”

Apart from proposals aimed at recalibrating derivatives regulation, improving oversight of clearinghouses, and fostering greater capital formation and transparency in the U.S. Treasury market, there is also the question of enforcement priorities. For the SEC, the agency’s priorities in 2018 include greater emphasis on protecting retail investors from fraud as well as holding individuals more accountable for wrongdoing.

The agency has also created two new units: one dedicated to cyber security and technology-related issues such as blockchain, and the other, a retail strategy task force, designed to apply analytics and technology to combat Main Street investor fraud.

Both the SEC and CFTC have shown restraint when going after public companies. Numerous no-action relief letters from CFTC demonstrate the new approach: do not overburden industry with complex rules that are difficult to meet. The SEC, meanwhile, has scaled back enforcement actions against public firms, preferring to focus on “Main Street” and fraud against smaller investors.

If the trends continue as expected, both agencies might need to clarify where they stand on fighting fraud among major players on Wall Street.

LARGE ASSET MANAGERS OFF THE HOOK, FOR NOW

A sigh of relief went up among asset managers in October when Treasury unveiled its proposals for the sector. The message was simple: asset management is different from banking; the risks therefore to the financial system are not what some previously argued. This speaks to the interests of larger insurers and others who have long made the case that they should not be tarred by the same regulatory brush as banks.

It does not mean, however, that risks might not lurk within the non-bank sector. Ever-loftier markets on Wall Street, and growth in products such as exchange-traded funds and cryptocurrencies, are causing some to worry that the next crisis might emerge from such quarters.

REUTERS/Chip East


BEYOND THE SANDBOX: FINTECH SET FOR NEW PHASE OF GROWTH, REGULATIONReady or not, a new era of financial technology, or “fintech”, has left its experimental stage and now faces a world that goes along with being big enough to draw attention to the risks it poses.

There are worse problems; the scrutiny is a sign that financial technology is succeeding in transforming the industry. The inevitable regulatory actions that accompany tumultuous change have been gathering momentum.

The past year in bitcoin shows how quickly the cryptocurrency segment of the fintech sector has gone from a notorious past as a favorite vehicle for contraband markets to the mainstream of regulated finance. Markets will start to see how that works out in 2018.

Two U.S. moves that will have an enduring impact took place over a single week near the close of the year. The U.S. Commodity Futures Trading Commission (CFTC) allowed bitcoin futures trading on two major U.S. markets. Coincidentally, the Securities and Exchange Commission’s (SEC) new “cyber unit” charged its first fraud case related to a cryptocurrency capital-raising mechanism known as an initial coin offering, or ICO.

The moves marked a sudden, unexpected shift in the regulatory landscape.

With little intervention from regulators, the value of a bitcoin had reached thousands of dollars and more than $3 billion has been piled into unregulated ICOs. Increasingly regulators are paying attention to the transformative change for the first time in the post-crash era. No longer simply reacting to each other’s moves, the industry and its regulators are working together on innovation, informed by lessons of the recent past.

“In banks, regulation has been the biggest topic over the last 10 years—but it is morphing into regulation plus innovation—and it’s starting to change the status quo,” said Ruth Wandhöfer, global regulatory and fintech strategist for Citigroup in London.

In the pivot to the future the lessons from the crash have not been lost. Traditional firms have moved cautiously into fintech. But regulators have started to move quickly to stay abreast of systemic risks. They know that even small tech applications can quickly scale into big problems, as happened when technology helped speed the approval of mortgages that turned out toxic and nearly sank the financial system in 2008.

The CFTC’s approval of trading in bitcoin futures, still a dust-speck in the global economy, came with a level of red-flag

REUTERS/Phil McCarten



waving rarely seen with a new product. Chairman Christopher Giancarlo warned of possible “market dislocations due to flash rallies and crashes and trading outages” with “unique risks” that are “unlike any the commission has dealt with in the past.”

This warning was sounded for a high-margin product only indirectly linked to bitcoin: the futures contract is settled in cash, not bitcoin, which eliminates the chance for traders to use leverage to accumulate enough bitcoin to cheaply manipulate prices.

STAYING RELEVANT IN FINTECH

Despite the concerns, regulators are seeing a need to remain relevant in fintech, in which bitcoin is merely the most visible in a large suite of products and services that employ the same model of transformative, and potentially disruptive, innovation.

Using the “network effect”, fintech creates sophisticated cloud-based financial products not possible in the old world of standalone systems.

Bitcoin is based on powerful encryption to create digital certificates for use in transactions. It is a simple idea, based on complexity. Similar models for fintech have put artificial intelligence, big data, automated “robo” financial advice and peer-to-peer lending on the fast track toward adoption over the cloud. Big banks have launched blockchain initiatives

using the technology behind bitcoin to create digital systems for data storage and transaction-tracking.

To be sure, the term fintech is confusing, since finance has always been an early adopter of technology.

FINANCE, REGULATORS CATCHING UP TO SILICON VALLEY

But fintech differs from past waves of financial technology in that it has been led mostly by technology entrepreneurs entering finance. Banks missed out as they turned inward in the post-crash era, at a peak time for cloud-computing adaptation, big data and smartphones.

Regulators missed a beat as well. Their oversight has focused more than ever on banks’ and brokers’ practices in the post-crisis era, and they paid little attention to the “non-bank” firms offering new financial products entering the market on a relatively small scale.

What is more, in the tech industry’s Silicon Valley culture, the art of finding ways to grow under, or around, the regulatory radar is a top skill. Electronic payments giant PayPal, for example, can be seen as a prototypical fintech success story, built largely outside the banking world.

But a string of mishaps by a number of fintech “category killers” growing larger without controls has drawn scrutiny. The Lending Club and Betterment, leaders in online lending

REUTERS/Jim Urquhart


and robo advising, respectively, were both slammed for significant disclosure failures for investors. Another, the top online insurer, Zenefits, saw its market valuation shrink from $4 billion to less than $1 billion amid charges it was operating without proper licensing.

Now, much larger tech firms with more experience dealing with global regulators have taken direct aim at the growing sector of “regtech.” They are offering compliance and other back-office services over their cloud platforms. The scope of their ambitions is large.

Amazon and Google became finalists in the open bidding to operate a market surveillance system mandated by the SEC. The consolidated audit trail, or CAT, is the largest-ever financial database, designed to track billions of daily trades down to the level of hundreds of millions of individual accounts.

That the tech giants were beaten out by a little known Thesys Technologies, a fintech spinoff of a Wall Street trading firm, was taken by some as a sign that the financial services industry from which Thesys was spawned has regained its innovative edge in a much-sought technology venture. Those efforts will bear watching this year.

Regulators have also become increasingly tech proficient, deploying tools such as big-data analysis and artificial intelligence in enforcement cases and automated disclosures such as CAT. Banking regulators at state and federal levels are racing to be the first to offer online-bank charters. The U.S. Department of Labor has shown strong support for automated advice as a way for firms to meet its new fiduciary requirements, helping to spur nearly every major Wall Street firm to introduce some form of “robo advice” in the past two years.

U.S. regulators are working to balance the carrot and stick of eased regulation and enforcement – as they did with bitcoin – to support prudent innovation and capital growth.

This has proven difficult. For example, it has been hard to create regulation-free incubators in the fragmented U.S. market, said David Beam, a Mayer Brown partner in Washington who specializes in fintech.

“The U.S. market is really about commerce, not sandboxes,” Beam said, drawing a contrast with the UK idea of creating specific regulatory protections allowing new firms to innovate.

The CFTC’s Giancarlo has cited the availability of “no-action” relief from regulatory intervention as a tool that can provide sandbox-style protections. The agency has also has launched LabCFTC, a unit that engages directly with fintech and regtech businesses to foster innovation and whose digital currency research played a part in the rollout of bitcoin trading.

REUTERS/Carlo Allegri

The Consumer Financial Protection Bureau’s Project Catalyst incubator launched five years ago, however, has issued only one “no-action” letter to give an innovating firm an assurance against regulatory interference.

Growing firms eventually need to leave the sandbox. The protection of a regulator only goes so far. Regardless of how they are hatched, firms must be ready for what Wandhöfer called “a whole new ecosystem” on their own. They must sustain themselves in a world of digital currencies and transformative forms of technology in which banks and regulators are still there but play a smaller role.



U.S. BANKS FACE A YEAR OF KYC CHALLENGESA year of know-your-customer (KYC) headaches for U.S. financial institutions is shaping up, with the U.S. Treasury Department’s customer due diligence (CDD) rule entering force and a new standard for correspondent-banking information being rolled out. Journalistic disclosures are also casting a spotlight on offshore tax havens.

“2018 is likely to be the year that bankers get to know their customers VERY well,” said Rob Rowe, a lawyer with the American Bankers Association.

Regulators have made clear they not only take seriously the new CDD rule, which comes into force in May, but they also have expectations that go beyond the four corners of the document.

The rule outlines existing customer identification and KYC expectations associated with suspicious activity reporting. It also adds requirements to collect information about beneficial ownership of legal entities and obliges institutions to understand the nature and purpose of relationships to develop customer risk profiles.

The goal of the beneficial ownership requirement is to peer behind the veil provided by shell companies that has long impeded law enforcement authorities seeking to identify assets linked to criminal activity.

The rule seemed to require banks to collect information about anyone owning 25 percent or more of an entity. However,

banks will need to dig deeper when doing business with “high-risk” clients. They will need to follow a lower ownership threshold, officials representing the Federal Reserve Board and Treasury’s Financial Crimes Enforcement Network (FinCEN) told an industry conference last year.

Bankers, already grumbling about the costs of implementing the CDD rule, were unpleasantly surprised when they heard the new interpretation. Some quickly decided to stick with the 25 percent threshold anyway – and claim their portfolios are not high-risk – as they await promised formal guidance from regulators.

But compliance professionals would be wise to think again if they expect sympathy or lax enforcement from regulators regarding the due diligence rule and the KYC measures it requires. As part of the rule-making process, FinCEN made clear the importance of these obligations by making them the “fifth pillar” – another core element – of institutions’ AML programs.

As one regulatory professional said of the CDD rule, “the banks should already be doing these things”. U.S. lawmakers and regulators have a strong appetite for tighter controls regarding beneficial ownership transparency, in part due to criticism the international AML standard-setting Financial Action Task Force (FATF) has levied against the United States for more than a decade.

REUTERS/Russell Boyce


PARADISE PAPERS

Banks have gotten an unanticipated assist in meeting the challenges of knowing more about their customers. In early November, the International Consortium of Investigative Journalists released a mountain of leaked documents exposing the use of tax havens, revealing for public scrutiny the murky financial dealings of some of the world’s most wealthy and powerful people and companies.

This latest batch has been dubbed the Paradise Papers. Similar in impact to the Panama Papers of 2016, the latest offerings can spotlight risk for banks with exposure to opaque offshore shell companies that can be used to mask illicit transactions.

Although more data is expected from the Paradise Papers, the initial releases exposed some secretive tax avoidance practices. Such practices are perhaps best described as meriting scrutiny, rather than plainly illicit. The leaked data comes largely from legal services provider Appleby, which was founded in Bermuda and has branches in tax havens worldwide. The data reaches as far back as 1950. Appleby has denied wrongdoing and said the firm was the victim of hacking.

At first, the revelation of millions of documents naming secretive offshore clients might seem just another source of reputation and regulatory risk. But experts say banks can manage the risk by running the names revealed by the leaked

data against their customer bases and updating KYC files. Suspicious activity, either by commission or omission, should be reported to authorities.

The fact a customer controls an entity created by Appleby is “interesting but not suspicious” from an AML perspective, said a senior compliance official at a large U.S. bank. It is a single fact that could, as part of a pattern, point toward suspicion.

Banks would also be well-advised to let their examiners know what they have been doing with the Paradise Papers data. “Bragging about good work is never a bad thing,” the regulatory official said.

Beyond the value of the data as a KYC tool, the many headlines produced by the Paradise Papers disclosure have added to momentum in the U.S. Congress for greater financial transparency.

Congress members are now seriously weighing movement on a bill that would force U.S. legal entities to register the names of their ultimate beneficial owners, or UBOs, with FinCEN and make the information available to law enforcement and banks, said two sources with firsthand information.

“The chances of passage have gotten much better,” Rowe said.

REUTERS/Brendan McDermid



NEW WOLFSBERG CORRESPONDENT BANKING QUESTIONNAIRE

Bankers will also have a fresh, detailed template for carrying out KYC work.

The Wolfsberg Group of the world’s largest banks in October released a detailed, uniform questionnaire aimed at reducing the costs associated with conducting effective due diligence when offering correspondent banking services as part of cross-border clearing relationships.

Some senior compliance officials associated with the Wolfsberg Group hope the new 110-question questionnaire will ease or even reverse a recent trend in which many large banks have felt compelled to curtail correspondent banking activity because compliance costs outweighed revenues, a trend commonly known as “de-risking.”

Banks wishing to do business with the Wolfsberg members will need to complete the questionnaire and many will likely have to bolster their KYC practices to satisfy the demands of the largest banks.

The Wolfsberg banks were still adjusting their policies and procedures as they rolled out the questionnaire, which is housed with the data-sharing utility maintained by the SWIFT payment message network.

MONEY STILL A SQUEEZE

Although banks have built up resources for their KYC efforts, they still see a squeeze.

A Thomson Reuters survey last year found that financial institutions with $10 billion or more in revenue increased their average spend on KYC-related procedures to $150 million in 2017, up from $142 million in 2016. Meanwhile, the number of KYC compliance professionals at these institutions grew to an average of 307, from 68 in 2016.

But despite these steps, more than a third of firms reported that scarce resources remained their biggest challenge in conducting KYC and customer due diligence processes.

REUTERS/Robert Pratta


No one can help you know your customer like Thomson Reuters.World-Check Risk Intelligence Trusted around the globe, World-Check powers a range of compliance solutions that enables fast effective remediation to help safeguard organizations from financial and reputational damage.

risk.tr.com/worldcheck


https://risk.thomsonreuters.com/en/products/world-check-know-your-customer.html

INTERNATIONAL DIVERGENCE POSES NEW RISKS, COMPLIANCE CHALLENGES IN U.S.It used to be that the United States was the one feared internationally for its cross-border regulatory reach. That distinction may now be shifting to the European Union, with a series of new regulations coming into force that will affect markets globally.

Underscored by a U.S. unwinding of post-crisis reforms, a trend of putting national interests first threatens to erode global regulatory harmonization and coordination. That will require U.S. firms to pay even closer attention to international requirements.

“The regulatory cycle across major transatlantic jurisdictions is diverging: the United States is rolling back its regulatory effort, the UK is experimenting, and the EU continues to push its financial regulation out,” said Andrei Kirilenko, director of the Center for Global Finance and Technology at the Imperial College Business School, in London.

The divergence is looming in areas ranging from financial technology to prudential standards and derivatives markets.

Much has been made of MiFID II, a sweeping set of EU regulatory reforms focused on trading venues and structures, and of the compliance challenges for many outside the bloc as the regime took hold on January 3. One of the more

vexing requirements is the unbundling of research costs, which requires firms to explicitly charge. This applies to any company with European clients. U.S. broker-dealers needed a last-minute reprieve from Securities and Exchange Commission rules that would effectively have barred them from meeting the MiFID standards.

The EU is also moving ahead on other fronts which will force non-European countries to adapt their compliance processes and functions. For example, there is the General Data Protection Regulation (GDPR) which applies to all companies processing the personal information of EU residents regardless of where those firms are located.

The GDPR’s data privacy rules are different and much more restrictive than those imposed by regulators outside the EU. They come into sharp focus for financial firms battling against cyber crime, and in other processes where customer data is involved.

Many U.S. firms may be unready, even unaware that they will likely be subject to the new EU regulations which take effect in May. For any U.S. company with a customer who holds an EU-member passport, the rules apply. This includes dual passport holders.

The financial penalties for non-compliance are severe.

REUTERS/Ethan Miller



Then there is the spread of “ring fencing” pools of bank capital in various ways. Many say the United States started the trend by forcing large foreign bank organizations to set up intermediate holding companies to maintain certain amounts of capital. The EU has now retaliated with similar rules for non-EU banks. Added to the mix are UK regulations separating retail businesses from other parts of the institution.

All of this is happening within the context of U.S. authorities taking their feet off the regulatory accelerator under the agenda of President Donald Trump. With new officials commanding the helm at nearly every U.S. agency, regulatory relief is coming. The question is how much, and how much U.S. firms will be subject to stricter international standards.

Then there is Brexit, Britain’s planned departure from the EU, which carries its own set of regulatory and compliance challenges.

Unclear about just how Brexit it will play itself out, U.S. firms headquartered in London are making contingency plans to relocate staff and operations to Frankfurt and Paris, two alternative hubs only too happy to open their doors to wary Americans. The complexity and costs that could emerge from a European financial market that is splintered into various capital pools are prompting concern, given the uncertain terms of Britain’s exit from the EU.

As financial technology developments gather pace, major market regulators have also adopted differing regulatory approaches. The UK has opted for regulatory “sandboxes” that allow experimentation under regulatory supervision. This has served to bring the fintech firms under a regulatory

umbrella, which also implies a measure of protection against established rivals. The United States has so far taken a mostly hands-off approach to regulating the rapidly changing industry, in line with its philosophy of stimulating capital formation. The EU, meanwhile, is moving ahead with a regulatory agenda.

Another example of EU extraterritorial reach with an impact on U.S. firms is proposals by the European Commission that would allow the European Central Bank and the European Securities and Markets Authority (ESMA) to regulate entities outside the EU.

Specifically, the U.S. Commodity Futures Trading Commission (CFTC) is concerned about plans that would empower ESMA to demand on-site inspections of U.S. businesses such as the Chicago Mercantile Exchange and other swaps trading venues without informing the CFTC. Another proposal would enable the ECB to impose additional regulations on those same U.S. businesses, also without informing the U.S. regulator.

“Such overlapping and uncoordinated regulation by the EU would be disruptive, expensive and detrimental to the U.S. trading markets and economy,” said Christopher Giancarlo, CFTC head.

Lastly, there is the issue of major London clearing houses possibly relocating to other EU members, or even to New York, further fracturing liquidity and adding to business costs.

Few will gain from an unraveling of the financial system, and the risks to the world economy will only grow once a new crisis unfolds, economists warn.

REUTERS/Stephen Hird



SYSTEMIC-RISK REGULATION EASES AS U.S. STABILITY COUNCIL LOSES CLOUTU.S. regulation of systemic risk is relaxing, with the main body for overseeing risky institutions facing a weaker mandate and Congress also working to loosen the reins.

The Treasury Department characterized the trend with its outline for the future of the Financial Stability Oversight Council (FSOC), which is responsible for identifying financial institutions with the potential to threaten the economy if they fail.

The department’s goals were laid out in an installment of its recommendations to Congress and executive branch agencies on implementing President Donald Trump’s deregulatory agenda. It recommended significant alterations to the council’s process for designating non-bank financial institutions as systemically important, as outlined in the 2010 Dodd-Frank Act. Such designation requires the institution to face stricter financial and reporting standards.

The effort came as Congress also worked to relax the standards under which banks themselves are designated as systemically important financial institutions, or SIFIs.

The Treasury report sought to address concerns voiced by industry participants and congressional Republicans that the council’s process is opaque and non-specific. The council has also been criticized as acting inconsistently and arbitrarily in

designating non-bank companies, such as major insurers, as “too big to fail”.

Additionally, Treasury criticized what it said was excessive discretion given to the council in its designation process. In that it echoed a U.S. District Court’s reversal of insurer MetLife’s SIFI designation on the grounds that the council’s action was “arbitrary and capricious.”

The Treasury report recommend ways to increase the accountability and transparency of the council, improve on its engagement with the non-bank financial companies under SIFI review, cultivate closer cooperation with primary regulators and boost the analytical rigor of the designation process.

FSOC, A REGULATORY LINCHPIN

The FSOC, which is chaired by the Secretary of the Treasury, was created under Dodd-Frank as an independent and collaborative regulatory body bringing together the heads of various financial regulatory agencies. It has been seen as an important forum that facilitates communication and information-sharing among regulators.

The FSOC’s primary goal is to detect, evaluate and mitigate risk buildup in the financial system. The council has the power to designate a non-bank institution or the U.S. subsidiary of a foreign bank as a SIFI on the basis of potential material


financial distress faced by that entity. Alternatively, it may find that an entity threatens U.S. financial stability because of the nature, scope, size, scale, concentration, interconnectedness, or mix of its activities.

These companies then become subject to additional supervision by the Federal Reserve and to enhanced prudential standards such as risk-based capital requirements and leverage limits, liquidity requirements, overall risk management requirements, resolution plan and credit exposure requirements, and concentration limits.

As such, the council acts as a critical component in the balkanized U.S. financial regulatory system by monitoring growth of activities both in the core banking system, and outside it, in the “shadow banking” area.

Treasury’s recommendations would substitute this prescriptive risk-oversight structure with a greater reliance on market forces.

“Emphasis should be placed on market discipline rather than government supervision and regulation to address risks posed by these firms,” the Treasury report said.

ACTIVITIES-BASED APPROACH

The report urges the council to adopt an “activities-based” approach where financial activities or products are given priority over “firm-specific” measures such as asset size.

Such an activities-based approach has been used in the past in assessing the asset management and money market mutual funds sectors, in contrast with its size-based assessments of the banking sector and insurance industry assessments.

In asset management, the council has analyzed risks in liquidity and redemption, leverage, operational functions, securities lending, resolvability and transition planning, and the industry’s interaction with money market funds and hedge funds. It created a working group to obtain better data and to develop understanding of the leverage risk found in some hedge funds.

In the end, FSOC decided against designating asset managers as potential SIFIs. At the same time, it highlighted a need for effective risk management practices to ensure that funds are able to meet redemption requests from investors, along with clearer guidelines about the extent to which funds can hold assets with very limited liquidity.

Likewise, the council held that the activities and practices of money market funds make them vulnerable to destabilizing runs. It recommended reforms to address that sector’s structural vulnerabilities, such as the lack of explicit loss-absorption capacity, and the first-mover advantage that could cause liquidity risks.

The Treasury report says the council should slap a SIFI label on a firm only as a last resort, following a cost-benefit analysis

of the additional regulatory burden it would face. The analysis is to consider harm to the economy in the form of decreased competition and higher prices for non-bank financial products such as annuities and life insurance.

The recommendations omit consideration of potential costs to the wider economy resulting from the lack of such designation.

MEASURING RISK

In an attempt to improve the FSOC’s analytical rigor, the Treasury report also makes a number of recommendations pertaining to how it measures risk.

These recommendations relate chiefly to quantifying the likelihood of distress of non-bank companies, the impact of potential asset “fire sales,” and the measurement of mitigating factors such as value of high-quality collaterals used in repurchase agreements.

The recommendations, however, are already ingrained in the council’s guidance on evaluating non-bank companies for SIFI designation.

The report also asks FSOC to establish a clear “off-ramp” for firms carrying an SIFI label. This would give firms the opportunity to ascertain the reasons behind a designation and to hammer out a roadmap to avoid the SIFI label in the following annual evaluation.

Such a process could help designated firms make necessary changes and avoid the court battles endured by insurers AIG, MetLife, and Prudential as they fought off their SIFI labels. Prudential is the only insurer to remain with a SIFI designation.

Firms could also gain more insight into the council’s expectations and decision-making through the recommended release of meeting minutes, along the lines of the Federal Reserve’s Federal Open Market Committee.

CENTRAL ROLE

Despite its recommendations overhauling the risk assessment system, the Treasury Department has reserved a central regulatory role for FSOC under the Trump administration.

In earlier reports addressing the administration’s deregulation agenda, the department has said the FSOC should “retain primary oversight responsibility for systemic risk in the U.S. financial system,” and that its “statutory mandate should be broadened so that it can assign a lead regulator as primary regulator on issues where agencies have conflicting or overlapping jurisdiction.”

The financial industry will be watching to see how thoroughly and quickly the Treasury report is implemented. It will also be watching to see how the stability council balances this broad mandate with the procedural expectations imposed on its process for identifying risky institutions, and whether the limitations will impede its ability to prevent a risk buildup.



U.S. INVESTMENT ADVISERS FACE RISING DATA DEMANDWith U.S. regulators increasingly relying on data analytics to spot improprieties and lapses, investment advisers will have to produce more data in regulatory examinations and annual filings in 2018.

Compliance professionals who have experienced recent Securities and Exchange Commission (SEC) exams say registered advisers under examination must be prepared to produce large volumes of data to fulfill document requests.

In addition, most advisers will be disclosing more information about their firms and clients in annual filings. This year’s annual amendment of Form ADV, due at the end of the first quarter, includes revisions intended to fill data gaps that the SEC has identified and to facilitate the agency’s risk monitoring initiatives.

The rising demands will require both extra preparation and organization to meet.

EXAM DEMANDS

The SEC touted a 20 percent increase in the number of adviser examinations it conducted last year, with a goal of an additional 5 percent in fiscal year 2018, despite requesting a slightly lower budget. The SEC has been using what it bills

as a “forensic tool” called the national exam analytics tool (NEAT) in an attempt to make exam process more efficient through technology. NEAT allows the examination teams to access and systematically analyze years of trading data in a very short time frame.

SEC exam officials say the large increase in the data they are seeking, both in advance of and during the actual examination, will tell an important story that allows the exam team to be much more effective.

Beyond aiding the SEC’s exam process, the request list can also be used by firms, as a model for a pre-exam exercise.

To assist in the preparation a recent document request list can be obtained through a simple internet search or a request to a compliance attorney or consultant. In some cases, firms have compiled a summary of request lists from various SEC regional offices. The regional offices may have slight variations but a majority of the requests are shared among the offices.

Regardless of when an audit notification comes, going through a current SEC request list will allow the firm to have the correct data and in the preferred format ready for production. The process also helps identify who is responsible for each item, the location and format of supporting documentation and how that particular subject is addressed in the firm’s policies and procedures.


Adapt to evolving Integrated Risk Management needsTake confident action on critical challenges with a consolidated, enterprise-wide view of risk. Rely on Thomson Reuters Connected Risk to manage and mitigate risk with confidence by utilizing internal and external data more effectively. Organizations benefit from a holistic enterprise-wide view of risk through advanced mapping and an extensible interconnected data model underpinned by streamlined workflows.

With Connected Risk, organizations are able to make informed decisions with greater ease and efficiency, delivering a focused view of their risk, compliance and audit landscape.

Discover more at: risk.tr.com/connected-risk



SEC officials also suggest that firms perform data integrity checks before handing over data, that they keep the data in the original format, involve the IT department when possible, offer examiners real-world time-frames for document production and produce sample reports early instead of holding all the information until a complete report can be presented.

FORM ADV DATA

The Form ADV amendments are aimed at improving the required disclosures of SEC-registered advisers while enhancing the SEC’s monitoring capabilities.

Any adviser filing an initial Form ADV or an amendment to an existing Form ADV is now required to provide responses using the revised forms. The fiscal year for most advisers ends with the calendar year, meaning compliance with respect to Form ADV updates will be no later than the annual amendment filing in March 2018.

Advisers must provide enhanced information in several areas, including regulatory assets under management attributable to various client types, wrap-fee programs and separately managed accounts (SMAs). In addition, advisers must indicate whether they use an outsourced chief compliance officer, disclose firm social media pages and give details about their 25 largest branch offices.

The enhancements requiring the most extensive data management may be the new information needed for separately managed accounts and the breakdowns by client of regulatory assets under management. Advisers should verify their technology systems can generate the information required for the amendment ahead of the deadline, especially when it may require a download from account custodians.


U.S. INSURANCE OVERSIGHT PENDULUM SWINGS BACK TO STATESOne year into President Donald Trump’s administration, the regulatory wish lists of U.S. insurers are being gradually ticked off as federal and international oversight eases. Meanwhile, state regulators are getting ready to pick up some of the slack.

Trump’s deregulatory push already has loosened requirements for U.S. insurers in several ways: They won support from the administration for a reprieve from potentially having to meet the tough capital requirements of the EU’s Solvency II standards. An agency review has stalled final implementation of the Department of Labor’s fiduciary rule, which affects life insurance industry sales practices. Insurers MetLife and AIG have been relieved of their status as systemically risky, and the U.S. Treasury has outlined a path to reduce the overall federal role in insurance regulation.

Federal oversight of the state-regulated insurance sector had increased significantly following the financial crisis of 2008. The 2010 Dodd-Frank Act authorized a series of checks on the industry from various federal agencies including the newly-created Financial Stability Oversight Council (FSOC), and the Federal Insurance Office and Labor Department.

The Trump administration is returning some of that new authority to the states. The

Treasury Department said in an October report on the future of insurance regulation that state regulators were best-placed to oversee the sector. It also said the FSOC should end its evaluation of insurers as “too big to fail” and that systemic risk should be measured by activities, not the size of the firm.

STATES RECLAIM AUTHORITY

State regulators, however, are seizing on some of the initiatives being discarded at the federal level. This puts them in an unfamiliar role after years of chafing at increased federal attention to the industry.

The National Association of Insurance Commissioners (NAIC), which represents U.S. state regulators in setting industry standards, is developing macro-prudential risk assessment tools. This basket of tools includes a group capital requirement calculation that would help state regulators measure risk and the financial health of insurance groups.

The group capital calculation was expected to be ready for 2020, but the NAIC is accelerating its efforts to complete the task, given the changing federal role. The standard also has potential importance to the U.S.-EU bilateral insurance agreement, aimed at granting regulatory equivalency to insurers operating in the other’s region. The agreement was drawn up just before Trump took office in 2017, but signed by the Trump administration.

REUTERS/Gary Cameron



The U.S. Treasury has since rejected the idea that a clause in the bilateral agreement would subject U.S. insurers to EU group-capital standards if the United States fails to adopt its own such standards within five years.

The state regulators’ body, however, sees the capital standards clause as requiring action, and it is pushing ahead with its own group calculation standard. The macro-prudential focus is spearheaded by the NAIC’s Financial Stability Task Force, which is analyzing post-financial crisis regulatory reforms for gaps. That role will only increase in future years, according to Julie McPeak, the Tennessee insurance commissioner and the 2018 president of NAIC.

State regulators will use these macro-prudential initiatives to explore potential improvements in regulatory tools to evaluate issues such as liquidity, threat to economic stability and consumer protection. Making substantial progress on the group capital calculation efforts and other risk monitoring tools will be high on the state regulators’ agenda for 2018.

It will fall to state regulators to meet the challenge of making sure giant insurers do not take on big new risks that would threaten the economy as federal oversight is loosened. The near-failure of AIG in 2008 sent shockwaves across the globe and led to strict regulatory supervision of the company, which in turn resulted in high compliance costs totaling about $150 million per year.

State regulators are up to the task, McPeak said. “We have long believed that the more appropriate approach to address systemic risk within the insurance sector is to first work with the insurance regulators to address any concerns,” she said.

PLAYING OUT QUICKLY

The Treasury report’s recommendations on insurance regulations are expected to play out quickly.

For example, Prudential’s de-designation as a systemically important financial institution (SIFI) could come early in 2018. The report emphasized that federal agencies should focus on identifying activities by companies that increase systemic risk, rather than on classifying institutions as systemically risky based on their size.

Prudential is the only remaining insurer with a SIFI tag, but that is not expected to survive long if the FSOC falls in line with the Treasury recommendations.

The report’s recommended trimming of the Federal Insurance Office’s authority for monitoring the sector is already under way. Instead of having broad monitoring authority, the report sees the office serving as a liaison between the FSOC and the state regulators, and acting as a representative of the U.S. state regulatory system at international negotiations.

The report also had specific recommendations for state regulators. For example, it urged them to focus on data security standards, a goal expected to hasten implementation of state standards now being developed. The NAIC has adopted as a model a data security standard in line with New York’s regulation, which went into effect in early 2017.

HEALTH, FLOOD INSURANCE CHALLENGES

Among challenges the sector will face this year, the state of the individual health insurance market continues to pose a problem, with the Trump administration slicing out cost-sharing subsidies to insurers operating in an already weak and imbalanced Affordable Care Act marketplace. State regulators have cautioned about a tougher healthcare market for 2019, given the level of uncertainty regarding congressional decisions. But they also expect more flexibility in regulating the marketplace as federal agencies turn over more power to them.

Also at issue is the entry of private issuers in the flood insurance market. Following a year of heavy losses for providers of flood insurance and more claims settlements for the federal National Flood Insurance Program, Congress will face continuing pressure to allow more private entrants into the market. However, with lawmakers unable to agree on a long-term solution to reauthorize or change the existing federal program that had piled on $25 billion in debt, the wait to amend federal regulations could be long.


CANADIAN REGULATORS TARGET BANK CONDUCT, FINANCIAL PLANNERS, GOVERNANCECanada’s regulatory landscape in 2018 will be dominated by financial consumer protection and systemic risk concerns stemming from housing inflation and from household indebtedness at levels considered unsustainably high. Additionally, authorities will continue efforts to set up a national securities regulator and reach agreement on best-interest standards for investment advisors, but those initiatives are unlikely to conclude in 2018.

BANK CONDUCT INVESTIGATION

The Financial Consumer Agency of Canada (FCAC) will report findings this year from an extensive review of bank business practices. Expected in the first quarter, the findings could prompt federal action on consumer protection reforms already under consideration, as well as potential enforcement against the country’s largest banks.

The investigation followed widespread reports by current and former bank staff describing patterns of extreme sales pressure from management. Hundreds of frontline employees from Canada’s largest banks told CBC News in 2017 that managers coerced them to mislead clients into buying high-cost products, including credit, which placed customers at a financial disadvantage. The banks have denied any wrongdoing.

REGULATING FINANCIAL PLANNERS

Ontario, with the country’s biggest financial markets and the most-influential market regulators, is developing legislation to oversee the financial planning profession. The proposed

framework will require financial planners to hold a recognized credential and meet specified proficiency standards, regardless of which financial products they sell or what registrations they hold.

The new framework will restrict all other titles related to financial planning, with a goal of limiting confusion and misrepresentation. The Ontario Ministry of Finance also plans to introduce a centralized public registry listing individual financial planners’ registration status, credentials and disciplinary history.

The Financial Planning Standards Council of Canada, which articulates professional standards and offers voluntary certifications, will likely be recognized as the primary credentialing body.

Financial planners in the province will be overseen by the newly created Financial Services Regulatory Authority (FSRA). The authority is to replace the Financial Services Commission of Ontario, which is being phased out under recommendations from an expert committee tasked by the government in 2016 with hardening Ontario’s financial consumer protection framework.

The provincial government plans to submit legislation on the financial planner framework in the second quarter of this year, with detailed regulations published by year’s end, including lists of recognized and prohibited titles.

MORTGAGE STRESS-TESTING

Canada’s world-leading household indebtedness, driven by years of explosive housing price growth in Toronto and

REUTERS/Mark Blinch



Vancouver, remains the most critical vulnerability in the country’s financial system. To help cool housing markets and discourage high-risk borrowing, Canadian lenders will this year enforce stricter mortgage qualification stress-testing requirements issued by the national bank regulator, the Office of the Superintendent of Financial Institutions (OSFI).

The new restrictions will reinforce an initial round of tightening from 2016, which showed some success in reducing the proportion of high-risk, high-ratio loans among new mortgages in 2017.

NATIONAL SECURITIES REGULATOR

Canada’s long-delayed goal of establishing a national securities regulator, to replace its 13 independent-but-harmonized provincial jurisdictions, is unlikely to move forward this year. Despite a 2016 agreement to launch the Cooperative Capital Markets Regulatory Authority (CCMRA) by June 2018, the participating provinces and federal government have failed to vote on enabling legislation.

Additionally, major capital market jurisdictions Québec and Alberta continue to reject participation, citing sovereignty concerns. The Québec Court of Appeal ruled last year that the proposed framework would unconstitutionally limit provincial law-making authority, setting the stage for a new battle before the Supreme Court of Canada.

Ontario Minister of Finance Charles Sousa, a leading figure in the decades-long effort, recently said that unanimous buy-in from the provinces “has proven to be unworkable”.

Pending a final Supreme Court decision, continuing preparations will include additional stakeholder consultation

on draft legislation, as well as refining the cooperative system’s bureaucratic structure.

BEST-INTEREST STANDARDS

Canadian provincial securities regulators will work on developing a set of targeted reforms aimed at improving client-advisor relations, after abandoning efforts to implement a national best-interest standard in 2017. Despite a near-consensus regarding some prescriptive reforms, provincial authorities disagreed on the need for an overarching standard to guide all client obligations in Canada.

Authorities have, however, demonstrated urgency in addressing conflict-of-interest management, particularly through compliance reviews focused on incentives favoring the sale of certain products over others. Supervisors will continue targeting suitability assessment practices, protection of elderly clients and compliance with enhanced disclosure requirements.

BANK GOVERNANCE REFORM

The OSFI will finalize bank governance reforms aimed at reducing the regulatory burden faced by boards of directors. The reforms will give boards more flexibility in how they meet prudential standards, clarify the delineation of responsibilities between the board and senior management, and consolidate all governance expectations into a streamlined guideline.

The OSFI’s goal is to ensure bank directors have sufficient supervisory “bandwidth” to focus on institutional safety and soundness. The principles-based reforms will emphasize the achievement of prudential outcomes, rather than prescriptive requirements for how to meet those objectives.

REUTERS/Mark Blinch


EUROPE AND THE MIDDLE EAST

BREXIT: PREPARING FOR A WORLD WITHOUT PASSPORTING2017 marked a turning point for financial services firms as they gave up on UK politicians agreeing a Brexit deal which would allow them to continue to passport services into Europe. They shifted efforts instead to securing continued market access after March 2019.

Equivalence, enhanced equivalence, outcomes-focused equivalence and mutual market access have all been proposed to varying degrees by market participants seeking a way forward. Many trade associations and industry groups are holding fast to a belief that international standards, such as those set by the International Organization of Securities Commissions (IOSCO) and the Basel Committee, will help to deliver continued market access.

Legal certainty on contracts remains a serious concern for industry and regulators alike. With little sign of any grandfathering agreement being reached, both insurance and derivatives providers face the prospect of “repapering” hundreds of thousands of contracts during 2018.

A YEAR OF POLITICAL STALEMATE, POSTURING

The glacial pace of political progress is fast becoming moot for the industry. The major banks lined up in 2017 to tell the House of Lords EU Financial Affairs sub-committee inquiry into financial regulation and supervision post-Brexit that the time for politicians – on both sides of the Channel – to influence their business decisions was fast running out.

Baroness Falkner of Margravine, chair of the sub-committee, urged the UK government to make haste in agreeing a transition period.

“The more the government waits, the more the value of such a period irreversibly declines. A trickle of banks and insurers have started to implement their contingency plans ahead of the suspension of access to the Single Market in March 2019. The government must urgently negotiate a transition period to stop this trickle turning into a flood,” she said.

In evidence to peers, however, both Sir Jon Cunliffe, deputy governor for financial stability at the Bank of England, and Andrew Bailey, chief executive of the Financial Conduct Authority (FCA), made clear their opinion that simply announcing a period of transition would be of little use without agreeing the final destination firms need to reach.

REUTERS/Neil Hall



REGULATORS PROMPT CRYSTALLIZATION OF THINKING

The Bank of England’s decision to make more than 400 firms produce fully thought-through plans for how they would cope with the so-called “cliff-edge” scenario of a hard Brexit in July 2017 set in train detailed planning exercises at all major banks on how to ensure a seamless transition for clients.

In evidence to the Lords sub-committee, Sally Dewar, regional head of regulation at JPMorgan, said the bank would begin implementing plans to ensure post-Brexit business continuity for its clients in the first quarter of 2018. When he appeared before the sub-committee on November 29, John McFarlane, chairman of Barclays, said the bank was already in discussion with Irish regulators about locating some of its business in Ireland ahead of the March 2019 deadline.

The European Insurance and Occupational Pensions Authority (EIOPA) has also called on the firms it regulates to draw up plans for a no-deal Brexit.

“I believe that it is now more than crucial that all insurance groups properly access the risks of a ‘cliff-edge’’ scenario to their business and consider all possible solutions to mitigate them under the available regulatory framework,” Gabriel Bernardino, EIOPA chairman, said in speech in Frankfurt on November 22.

The three European supervisory authorities (ESAs) have been united and vocal in warning the industry that “letter-box” offices will not be tolerated. Location shopping by firms hoping for an easier supervisory ride in a particular EU27 location has also been stamped on by the ESAs. McFarlane told the Lords sub-committee in November that a representative from the EU had been present during the bank’s discussions with the Irish regulator.

CONTINUED CONCERN ABOUT FRAGMENTATION, RISING COST

A further concern for the industry is the European Securities and Markets Authority’s (ESMA) July 2017 letter to the EU Commission requesting powers to police not only third-country-based central counterparties but also credit rating agencies, trade repositories, benchmarks, and “possibly trading venues, and data providers”.

In October, Xavier Rolet, then chief executive of the London Stock Exchange (LSE), told ESMA’s annual conference in Paris that forcing a relocation of euro clearing from London would add significant cost for customers. The cost to LSE customers would be around £80 billion, Rolet said, while the International Swaps and Derivatives Association (ISDA) said in June that moving euro clearing would lead to an increase of 15 to 20 percent in initial margin or cash that had to be set aside against a trade in case of a default.

UK NEEDS INTERNATIONAL SUPPORT TO SECURE OUTCOMES-FOCUSED DEAL

The debate about how the UK will continue to interact with the EU after Brexit becomes ever-more involved. Jeroen Dijsselbloem, head of Eurogroup, said in April that for the EU27, continued cross-border trade meant that equivalence with EU rules would need to be reassessed regularly.

Andrew Bailey, chief executive of the FCA, said he would prefer to see an equivalence arrangement based more on common outcomes. Industry trade groups are also pushing for an outcomes-based approach. The International Regulatory Strategy Group (IRSG), a joint venture between TheCityUK and the City of London Corporation, wants to see mutual recognition of regulatory regimes used as the basis for a post-Brexit deal for financial services.

The United States has voiced unease at attempts to amend existing EU equivalence arrangements ahead of Brexit, or force relocation of euro clearing to the Continent. Interventions such as that by Christopher Giancarlo, then acting chairman of the U.S. Commodity Futures Trading Commission, in May, are helpful to UK regulators and aid IRSG’s attempts to foster a post-Brexit access agreement underpinned by mutual adherence to international standards and supervisory cooperation.

Any such deal would, however, be dependent on agreeing a dispute resolution system, and that remains in the hands of politicians. The slow moving political process means banks and insurers cannot rely on an agreement to ensure contractual continuity after March 2019 and will have to begin “repapering” contracts. According to the Bank of England, some six million UK policyholders’ insurance contracts will be affected. Derivatives and swaps contracts booked through London will also have to be redrawn, a process that could take up to nine months.

REUTERS/Neil Hall


MiFID II TRANSACTION REPORTING: GREAT EXPECTATION MEETS GRIM REALITYEighty days away from the Markets in Financial Instruments Directive II’s (MiFID II)application date, Ana Fernandes, manager of the UK Financial Conduct Authority’s (FCA) markets reporting team, found herself answering questions from industry members that left her very worried.

Fernandes had just given a talk at a conference devoted to MiFID II transaction reporting requirements, in which she stressed the critical importance the FCA attached to this data, explained how it was used and outlined the regulator’s expectations for data quality, when audience members asked questions that betrayed a lack of basic knowledge about the new regime.

One asked: “You say lapsed [legal entity identifiers] can be reported, but DTCC is telling us lapsed LEIs will be rejected.”

Fernandes responded: “DTCC is a trade repository. We don’t use trade repositories, we use [authorized reporting mechanisms]. Transaction reporting is not [European Market Infrastructure Regulation] data. It’s article 26 of MiFIR, not EMIR. I hope that is clear at this point in time. Transaction reporting is not post-trade transparency. It’s not trade reporting under EMIR.”

The next question was: “Is there [Transaction Reporting User Pack (TRUP)] guidance which you used to have for MiFID I, which was quite useful? And out of these 26 mandatory fields, how many of these fields are mandatory?”

At this point, Fernandes looked bewildered.

“I’m getting worried. I am getting very worried,” she said. “First of all, there is no more TRUP. The TRUP is the [European Securities and Markets Authority] guidelines. The FCA cannot do guidance, because it’s Level 3. It’s a regulation. We are limited to what we can say. The TRUP as you know it will go on January 3. It will not be there for MiFID/R. Twenty-six fields is the current regime. MiFID I. OK? Sixty-five fields is the new regime. You meant 65, right? It’s all in the reporting guidelines that ESMA published over a year ago.”

Fernandes had started her talk by describing a race to the January 3 MiFID II finish line, but it appeared to dawn on her that some market participants either had not left the changing room or had run down the wrong path. It is to be hoped they were the exception, not the rule.

THE PERILS OF SLOPPY IMPLEMENTATION

About 10 days after Fernandes had given her talk, the FCA published a final notice fining Merrill Lynch £34.5 million for trade reporting failures under the EMIR. There is a clear

REUTERS/Issei Kato



difference between EMIR trade reporting and MiFID/R transaction reporting but the Merrill Lynch final notice contains some lessons for those firms under the impression that a last-minute MiFID II transaction reporting solution will get them over the line.

Merrill Lynch failed to submit 68.5 million trade reports for exchange-traded derivatives (ETD) transactions between EMIR go-live on February 12, 2014 and January 2016 when, in response to an FCA query, it discovered that reports in relation to particular categories of transactions were not being reported due to the error in its system’s static data table.

The final notice described a number of management mistakes Merrill Lynch made during its EMIR implementation process, and afterwards, that caused the 68.5 million trades to go unreported.

Merrill Lynch delayed implementation until November 2013, two and a half months before EMIR go-live. Implementation was rushed and the mistakes made in building its reporting system went undetected, because the firm failed to undertake appropriate pre-implementation testing.

The team responsible for EMIR reporting was understaffed for a full eight months after go-live and there was no post-implementation testing or quality control. The FCA also found senior managers had not looked at EMIR reporting, despite the fact this was part of their responsibilities, and ETD reporting had been labeled high-risk.

Such sloppiness cost Merrill Lynch £34.5 million and perhaps adds extra significance to some of Fernandes’ other observations at the same conference. She stressed the importance of taking advantage of fully resourced transaction reporting teams, not just to meet the deadline, but also to be constantly monitoring and correcting mistakes:

“Please don’t underestimate the fact that the momentum is now and straight after January 3 for monitoring and correcting things that are not going well. You’ve got the resources in place. You’ve got your projects. The more you leave to later, the harder it’s going to be to reconstruct the scenario and obtain the resources to sort the problem. Make sure that the monitoring is absolutely taking place all the time and corrections are being made quickly.”

HIGH EXPECTATIONS

The FCA considers the transaction reporting data to be critical to its ability to tackle market abuse. Firms have had an extra year to prepare and the FCA has high expectations for quality data. Firms should stand ready to detect and correct mistakes.

“I’m not going to deny that the appetite for this data is immense, because this data is very rich and it will tell us a lot of things. Therefore there is a high expectation on January 3 to see better what is happening. There will be a lot of eyes on this data. I can assure you that. A lot of eyes. That means that data quality is key for this. Because you have more people looking at it, it is more likely issues will arise and issues will be identified. Stand ready to correct the information and make sure the information is accurate and complete,” Fernandes said.

In case anyone had missed the point about the importance of monitoring data quality and accuracy in reports already submitted, Fernandes reminded delegates:

“Don’t think that when the file has been pushed to the ARM, or eventually to the FCA, that it’s been done correctly and it’s job done. It’s not like that. We do expect you to constantly look at that information.”

The FCA does not want firms making the same kinds of mistakes Merrill Lynch made in its EMIR and also its MiFID I reporting, for which it received two big fines.

The FCA’s final notice on Merrill Lynch’s EMIR reporting failures also underscored another big lesson for firms: poor compliance is a senior management issue, not an IT glitch.

The advent of the Senior Managers and Certification Regime means that, next time round, in addition to a fine there could be some serious personal consequences for senior managers responsible for overseeing implementation and continuing compliance for big regulatory change projects such as EMIR and MiFID II. Failure to take MiFID II seriously could be career-ending.

REUTERS/Carlos Barria


There’s one clear path to MiFID II compliance.

We are the trusted MiFID II data, solutions and services provider.

Tap into the proven, flexible and trusted solutions that have made us a leader in buy-side and sell-side MiFID II compliance. Trusted answers from Thomson Reuters.

mifidii.tr.com



CONTINENTAL EUROPEANS STRUGGLE WITH MiFID II PREPARATIONSOn January 3, 2018, the Markets in Financial Instruments Directive I (MiFID I) was replaced by MiFID II, introducing a new regulatory structure that will bring significantly more convergence to the European market place. Differences in stages of implementation among member states, continued gaps in regulatory guidance and slight variations in the ways in which various member states are transposing the directive into their national laws mean compliance with MiFID II across Europe is likely to vary considerably from country to country, and from business to business.

In the months running up to the implementation deadline, market participants across the board reported challenges relating to nearly all significant areas of MiFID II, including best execution, research unbundling, trade transparency and reporting, product control, and governance.

In terms of best execution, the challenges ranged from conceptual questions concerning how to define and decide on best execution, particularly in non-equity products, to more practical technological and data management challenges about how to put the requirement into practice. With respect to research unbundling, developing a research valuation

methodology that allows market participants to put an accurate price on research is a major challenge, while even in the last months before the implementation, many firms were yet to decide whether research payments would be absorbed or pushed back onto clients through a research payment account (RPA).

At this stage, the expectation is that most firms will choose to take the cost of research onto their own books on a flat-fee basis. Some, however, expect pricing models to evolve toward a more flexible model that incorporates elements from the RPA structure, and that will more accurately reflect the costs and added value of specific pieces of research.

While some firms have spent years on MiFID II implementation projects, others started mere months ago, leaving serious questions about their compliance status come January 3. At the same time, however, not all regulators across Europe have been as proactive in driving the implementation of the new rules in their respective jurisdictions.

As regulators and market participants have tackled MiFID II at different speeds, from a quality perspective, the implementation of MiFID II looks decidedly uneven across financial institutions in different member states.


DIGITAL MARKET ABUSE HAS EMERGED FROM THE DARK WEB Financially motivated threat actors have expanded their criminal repertoire to include stealing insider information or promulgating fake news in collusion with short sellers to commit market abuse. These threats pose big challenges for exchanges and regulators, because even if such abuse is detected, cyber criminals are difficult to catch and prosecute.

In 2017, hacks at the U.S. Securities and Exchange Commission (SEC) and at Deloitte clearly demonstrated cyber criminals’ appetite for insider information to aid them in potentially committing market abuse and other kinds of fraud. Investors and listed companies can incur losses on the back of this kind of abuse, and so far there has been little they can do about it.

Cyber-security experts tracking cyber criminals have said it is unclear what financially motivated threat actors do with the information they steal, because experts can only see how threat actors are penetrating networks, not what they do with the insider information. They said, however, that access to insider information that could profoundly impact the stock price of hundreds of publicly traded companies would put these threat actors at a considerable trading advantage.

FAKE NEWS AND MARKET ABUSE

Private investigators working on behalf of listed companies in the UK and Germany have been able to show how fake news has been promulgated on blogs or on Twitter in collusion with short sellers to manipulate their share price.

The London Stock Exchange is now exploring how to detect and combat this abuse. The German regulator BaFin is also investigating cases where false or misleading news has been spread to affect share price. U.S. and French regulators have been able to catch and take enforcement action against individuals spreading fake or misleading information. No one has yet been able to prosecute groups promulgating fake news in collusion with short sellers, however, even though evidence has been provided to regulators by private investigators hired by listed companies.

What investigators at Kroll, for example, have found is blogs published anonymously and in collusion with short traders. These anonymous blogs are polemical with misinterpretation of financial information. They use partial truths and bad logic to give an unfavorable view of a company’s performance and thus create a negative view in the market.

The schemes can also ensnare algorithmic traders into doing all the dirty work. Algo traders trading on news feeds, keyword



searches and sometimes even Twitter and other social media platforms unwittingly pick up this fake news and start to trade on it.

Algos may push the price down or the fake news may create enough negative sentiment on its own to affect share price negatively. At that point, the traders colluding with the fake news publishers short the stock.

TRACKING FINANCIALLY MOTIVATED THREAT ACTORS

In February 2017, cyber security firm FireEye identified a threat group specifically targeting individuals involved with corporations’ SEC filings. Another threat group uses similar tactics to steal mergers and acquisition-related intelligence. These threat actors also hack into consultants, investor relations firms, law firms and investment banks in search of information related to their clients.

Financially motivated threat actors are more sophisticated than the average hacker. They are familiar with business deals, corporate communications and their impact on financial markets. They target individuals who have access to companies’ most confidential information and steal it.

FireEye has identified two financially motivated threat groups that seek to steal insider information.

A group it calls FIN 4 has targeted the email accounts of individuals privy to the most confidential information

at more than 100 companies. FIN4 has been operating for at least five years and focuses on compromising the accounts of individuals who possess non-public information about merger and acquisition deals and major market-moving announcements, particularly in the healthcare and pharmaceutical industries. FIN4 has targeted top executives, legal counsel, outside consultants and research analysts, among others.

Another group, which FireEye dubbed FIN 7, uses spearphishing — phishing targeted at specific individuals — to target senior managers involved with SEC filings for their organization. The criminals send a spoofed email that looks as if it originated from EDGAR (the SEC’s electronic data-gathering, analysis and retrieval system) and lures them to click on a malicious document claiming to be about changes to form 10-K.

FIN7 has targeted at least 11 organizations in the financial services, transportation, retail, education, IT services and electronics sectors.

Regulators take the view that it is financial institutions’ and exchanges’ responsibility to ensure their cyber security is sufficient and that suspicious transactions are flagged. Given the nature of the threat, however, that will not be easy.


HIGH-END MONEY LAUNDERING IS TOP AREA OF RISK FOR UK REGULATORHigh-end money laundering is one of the two greatest areas of risk, according to the UK government’s national risk assessment (NRA) update published in October 2017. The other area is cash-based laundering. The Financial Conduct Authority (FCA) has contributed significantly to the NRA update and has encouraged firms to review it.

In its first annual review of 100 firms’ anti-money laundering (AML) and sanctions systems and controls in September 2017, the FCA said it was focusing on the areas which presented the highest risk. Among financial sectors, retail banks remain exposed to the highest volume of criminal activity and are at high risk of money laundering, with relatively high terrorist financing risk, the NRA update said.

In a November 2017 speech, Karina McTeague, director of retail banking supervision at the FCA, said the regulator was looking closely at how retail banks were addressing such issues as financial crime and AML and also how they were implementing and embedding the Senior Managers and Certification Regime (SMR). That regime, which is to be extended to so far unaffected FCA-regulated sectors this year, has a prescribed senior management responsibility for financial crime.

Wholesale banking and capital markets, already covered by the SMR, are exposed to high risks of money laundering. There are known correspondent banking risks, together with the risk of large sums being laundered through capital markets, and the relative lack of controls, the NRA update said.

Wealth management and private banking are similarly exposed to high money laundering risks, given the sector’s exposure to the proceeds of political corruption and tax evasion and continuing regulatory concerns, it said.

Other areas, such as insurance, present a relatively low money laundering risk, the update said. In a response to the independent panels’ 2016/17 annual reports, the FCA agreed it was important for firms to take a proportionate approach to AML compliance. Such work was most effective when it remained focused on the outcome of reducing financial crime rather than procedure, it said.

The treatment of politically exposed persons is one area where proportionality applies. The Money Laundering Regulations require firms to apply enhanced due diligence to higher-risk politically exposed persons (PEPs), and, in view of recent FCA guidance, those holding prominent UK functions should generally be treated as lower-risk due to the anti-corruption regime in place in the UK, the NRA said.

REUTERS/Ueslei Marcelino



Information-sharing may help firms with due diligence. The Joint Money Laundering Steering Group has helped financial institutions to improve the prioritization of risks. The Criminal Finances Act provides further reinforcement for the public-private sector sharing of information, creating a legal gateway to allow firms to share information and to submit joint suspicious activity reports, according to the NRA update.

In its first guidance on private sector information sharing, published in November last year, the Financial Action Task Force (FATF) said information sharing was critical to combating money laundering and terrorist financing. Respondents should be able to provide additional targeted information requested by the correspondent banks on specific customers and transactions, but FATF said sometimes this was impossible.

Restrictions on the sharing of information sometimes left correspondent banks unable to apply AML/counter-financing of terrorism controls, and led to the suspension of the business relationship, FATF said. This could delay processing or even mean the termination of the correspondent banking relationships, exacerbating de-risking, the international standard setter said.

“To avoid such a scenario, appropriate mechanisms should exist to allow respondent financial institutions to share the requested information with correspondents,” FATF said.

Even with their best efforts, there are limitations to what firms can achieve with due diligence. As lawyers pointed out, on the basis of new data made public from the Paradise Papers, banks may decide on a risk-sensitive basis to run checks for some of their higher-risk customers and to re-categorize lower risk customers. Even then, as the Fourth Money Laundering Directive (4MLD) acknowledges, it can be impossible to discover the true beneficial owner.

“There may be cases where no natural person is identifiable who ultimately owns or exerts control over a legal entity”, recital 13 of 4MLD says.

The Fifth Money Laundering Directive (5MLD), implementing amendments to 4MLD, will bring more transparency. The European parliament and council in mid-December 2017 reached a political agreement on the amendments. Beneficial ownership registers will be public, virtual currencies exchanges will be regulated, and information exchange between supervisors will be enhanced. Once the agreement has been endorsed, member states have up to 18 months to transpose the new rules in their national legislation.

Amid the changing regulatory environment, banks are restructuring their compliance arrangements to ensure that they address AML and financial crime in the most effective way. In the next three years, wholesale banks will shift financial crime in or out of compliance, the FCA said in a note on its November 2017 review of its compliance function. One trend is financial crime will move into its own function, with separate reporting lines into senior management. The main technology risks facing compliance systems relate to cyber crime, and particularly preserving control of bank data.


QUESTIONS REMAIN ABOUT READINESS FOR NEW EU DATA PROTECTION RULES The General Data Protection Regulation (GDPR), which will come into effect on May 25, 2018, aims to harmonize data protection laws across the European Union.

Broadly speaking, the regulation captures any entity that processes personal data in the context of the activities of an establishment or of any organization within the EU. That definition could include anything from a fully functioning subsidiary undertaking to a single individual sales representative, regardless of where they are based.

This means that a company outside the EU which is targeting consumers in the EU will be subject to the GDPR, which is not the case save in particular circumstances. It will also capture an extremely broad range of activities, as it applies as soon as personal data is processed.

From a content perspective, many provisions in the GDPR are not that new: euro zone countries have had fairly extensive data protection legislation in place for decades. The regulation retains the same core rules as its predecessor, the Data Protection Directive, and continues to regulate the processing of personal data through compliance with six general principles governing the processing.

Several old requirements have been tightened up, however, while at other points, new requirements have been put in place, including the concepts of privacy by design and privacy by default. In addition, the new regime introduces an accountability provision that means organizations must not only comply with the six general principles, but must also be able to demonstrate that they comply with them.

Most importantly, the penalties for getting it wrong have been significantly increased under the GDPR. From May next year, breaches of the provisions could result in fines of the higher of up to 20 million euros or up to 4 percent of the annual worldwide turnover of the group to which the offending company belongs.

Before the GDPR, many companies only paid lip service to data protection regulations, but this combination of a much higher level of expected enforcement and the risk of higher sanctions, coupled with a broad extraterritorial reach, is pushing the GDPR to the top of board agendas.

As a regulation, the GDPR is directly effective in all member states without the need for further national legislation. In practice, however, there are more than 70 areas where flexibility clauses have been introduced that allow member states to adopt their own national rules, for example, because

REUTERS/Katarina Stoltz



certain EU member states have constitutional rules in these areas, or because these issues fall outside the EU’s legislative competence. What that means is there are still areas in which organizations will face inconsistent regulatory requirements from one member state to the next and full harmonization is still some way off.

Among the national derogations permitted under the GDPR are: requirements about the processing of employee data; freedom of information requests; the appointment of data protection officers; processing of information about criminal offences; and the right to be forgotten.

So far, only Austria and Germany have passed the final stage of the legislative process. The German Data Protection Amendment Act has made such extensive use of the flexibility clauses that the text has been subject to significant criticism from the European Commission, with some suggesting the act could be subject to further revision.

Meanwhile, differences between the resources and attitudes of supervisory authorities could also result in variations in enforcement. Such divergence could present a compliance

challenge for companies that operate across borders. Under the GDPR one-stop shop arrangement, businesses that carry out cross-border processing should be primarily regulated by the supervisory authority in the jurisdiction in which they have their main establishment.

That does not necessarily mean, however, they are subject to just one supervisory regime. There are instances where the “one-stop shop” arrangement does not apply, for example, where processing is based on a legal obligation or public function condition, and other supervisory authorities can ask to take control where the processing mainly relates to their jurisdiction.

Given the sheer amount of work left to be done and the fact the legislative process in many countries has yet to conclude, it is unlikely there will be full compliance by May 25, 2018.


REUTERS/Pawel Kopczynski

After just nine hours, employees forget about 64% of what they learn in traditional training courses. Thomson Reuters Compliance Learning courses are interactive, engaging – and memorable. They’re also convenient, allowing your staff to access training from anywhere at any time. Whether you do business locally or worldwide, our courses cut through the noise of constantly evolving regulations, empowering your employees to make compliant decisions that protect your business from risk.

Learn more about Compliance Learning at risk.tr.com/eLearning.

How can you engage staff in their compliance responsibilities if their compliance training isn’t engaging?


UAE ASSERTS ITS CENTRAL REGIONAL ROLEIn February 2017, the Central Bank of the United Arab Emirates (UAE) introduced new capital rules with transitional implementation until 2019. The new rules should significantly strengthen the tier 1 and overall capital base for UAE banks, according to Steve Punch, director, financial risk management at KPMG.

“Circular 52 also introduced a capital conservation buffer of 2.5 percent, which is mandatory, and a D-SIB [domestic systemically important bank] buffer of 2 percent, which applies to three local UAE banks. While all banks meet these additional requirements, boards and management will need to review funding and capital allocations more attentively going forward,” he said.

Other regulatory reform initiatives on the agenda included requirements for leverage ratio, new counterparty credit risk requirements and over-the-counter (OTC) derivatives reform, all of which were aimed at providing additional soundness and credibility to the local banking sector.

“Banks were also recently required to undergo an independent macroeconomic stress test as well as an independent assessment of their AML and sanctions

compliance framework [AML assessment], both initiatives rolled out by the Central Bank,” Punch said.

“Again, the results from the stress-testing exercise and AML assessment are paramount for acting as early warning signals both for individual banks, and for the regulator,” he said.

Across the Gulf Cooperation Council (GCC), driven by the unabated and relentless pace of policy development from the Basel Committee, regulators had a lot on their hands, he said.

“GCC regulators are undertaking major reforms, similar to the UAE Central Bank. For example, one GCC regulator recently embarked on a major review of their rulebooks and has developed draft requirements for market risk, interest rate risk in the banking book, [internal capital adequacy assessment process], and liquidity modules that reflect the recent Basel guidelines on these topics.”

International financial reporting standard (IFRS) 9 and Basel III will continue to be a focus of regional banks’ attention. “[IFRS 9] has had a major effect on GCC banks, [and] will also likely greatly impact regulators. The latter may need to upskill their resources in quantitative analysis to enable an improved identification of impacts and ensure that reporting from banks [is] well understood,” Punch said.

REUTERS/Jumana El Heloueh



“It is unfair to say that risk models in the GCC region are unsophisticated. They have excellent banks and excellent people. They do need to beef up oversight. [IFRS 9] will have an impact on our business. It will decrease the profitability of banks and make them less attractive for investors,” said Fathi ben Grira, chief executive of Menacorp, Dubai.

In the past year, the financial regulator had been boosting regulation at the Abu Dhabi Global Market (ADGM) to attract more businesses to set up shop in the free zone, said Ahmed Kalo, compliance and AML manager at Dubai’s Rasmala Investment Bank.

“It may be premature at this stage to predict any local competition in UAE between the [Dubai International Financial Center] and ADGM, especially since DIFC is already well-established since 2005 and ADGM’s role in banking and financial services is still at [the] early stages of development,” Kalo said.

The ADGM, however, appears determined to make fintech a central plank of its future.

“The array of ADGM initiatives evidences that the UAE is determined to drive through a policy of regulatory reform to

establish an environment in which it plays a pivotal role as the key fintech hub in the MENA region through which innovative fintech service providers can develop, hone and launch their products,” said Paul Rowland, senior partner, Invictus Risk Solutions LLP.

Kalo said de-risking had become problematic in the region, especially in terms of correspondent banking. “The crackdown on financial crime has been on the rise on a global scale. Correspondent banks — international banks that clear smaller banks’ foreign currency transactions through big financial centers — began detaching from [banks] that [were] infected with [illicit] money or [were] locally sanctioned.”

He said that, following a boycott imposed on Qatar by four GCC members led by Saudi Arabia in June, enhanced due diligence requirements had been imposed on six Qatari banks by the UAE Central Bank and the DIFC regulator, the Dubai Financial Services Authority, leading several financial institutions to avoid doing business with them, regardless of the transaction currency involved.

REUTERS/Matthew Childs



ASIA-PACIFIC

TECHNOLOGY THEMES TO LOOM LARGE IN SINGAPORETechnology-related themes will be prominent in a number of the Monetary Authority of Singapore’s (MAS) regulations in 2018.

The wider use of technology in the financial services sector and the infiltration of financial technology (fintech) startups will see MAS reassess some of its existing regulations, chief of which will be the Technology Risk Management (TRM) Guidelines.

“MAS is expected to revisit the guidelines to enhance and make them more relevant to different categories of financial institutions based on the activities they carry out. It is already working with the Association of Banks in Singapore,” said Eunice Tan, local principal at Baker McKenzie Wong & Leow in Singapore.

The Cybersecurity Bill, issued in July 2017, is likely to be a main consideration when the TRM Guidelines are revised, she said.

Data privacy is expected to come under MAS’s radar. The Personal Data Protection Commission (PDPC) in July 2017 consulted on two aspects of the personal data privacy law:

to allow personal data to be collected and used for legal and business purposes without the need to seek consent from the individuals concerned and where an individual has been notified of the purposes, for the collection, use and disclosure; and a mandatory breach notification regime where organizations are required to notify affected individuals and the PDPC of a data breach which poses risk or harm to the affected individuals.

“MAS is likely to take into consideration the outcome of the proposed changes to the data privacy law and it may consider incorporating them into some of its existing regulations,” Tan said.

NEW GUIDELINES FOR DIGITAL ADVISORY PLATFORMS

As digital advisory platforms and algorithm-driven processes become more prevalent, particularly in the larger financial institutions and insurance companies, MAS may issue a new set of guidelines in 2018 to clarify how existing regulations would be applied when financial institutions use such platforms and processes, Tan said. These new guidelines will be an extension to the regulations MAS proposed in June 2017, which sought to regulate digital advisory services, mainly on robo-advisers and digital wealth management.

REUTERS/Thomas White


The success of last November’s Fintech Festival organized by MAS will see a bigger push by the regulator in the coming year to encourage financial institutions in the city-state to make financial technology an important aspect of their regulatory compliance processes. A number of announcements made by Ravi Menon, MAS’ managing director, at the Fintech Festival will be watched closely.

MAS launched a S$27 million artificial intelligence and data analytics grant as part of the S$225 million “Financial Sector Technology & Innovation Scheme”. The grant is expected to entice more financial institutions to adopt AI and data analytics in their internal processes in the coming year.

The grant is in line with MAS’ own initiative in transforming the way it works through smarter use of data and analytics tools to enhance its supervision of financial institutions and surveillance of risks.

Since 2016 MAS has been encouraging financial institutions to develop and share their application programming interfaces (APIs) openly, as that will allow them to work with other service providers. More than 270 open APIs have so far been made available by the Singapore financial industry and this number is expected to increase. Open APIs seek to benefit both financial institutions and fintech startups.

KYC UTILITY

Also expected to take the spotlight are two KYC utilities. The first, described as a “banking KYC shared-service utility”, is slated for launch in 2018, according to Menon. This utility will be using distributed ledger technology to assist banks in carrying out customer due diligence (CDD).

MAS is exploring a second utility, described by sources pitching for the project as a “centralized effort”. It aims to allow not only banks, but also other types of financial institutions such as fund managers and insurance companies that want to conduct CDD, to tap into this “golden source of data”. It is unclear whether the second utility will also be launched in 2018.

CRYPTOCURRENCIES AND DIGITAL TOKENS

Cryptocurrencies and digital tokens will also be closely watched. While MAS is unlikely to regulate cryptocurrencies in the immediate term, the introduction of AML/CFT requirements targeting cryptocurrency intermediaries seems imminent in 2018, said Nizam Ismail, head of financial services at RHTLaw Taylor Wessing in Singapore. A proposal to license cryptocurrency exchanges in Singapore is also a likely development in 2018, he said.

Digital tokens, also known as initial coin offerings, structured as securities would continue to be closely monitored by MAS, Nizam said. The general requirements to publish prospectuses and the licensing requirement for markets or intermediaries will apply if digital tokens involve securities.

While MAS is making a strong push to encourage financial institutions to adopt fintech, it also wants to ensure that it gets the regulation right. Menon pointed out the importance of striking a balance between understanding new forms of technology and new business models, and being aware of potential risks, while not stifling innovations.

Fintech developments, he said, are forcing regulators to review the way regulation is done and regulators may, increasingly, have to take a more risk-specific and activity-based approach.

“This means setting thresholds for when regulation kicks in, calibrating regulatory requirements to specific risks and applying these requirements to activities rather than entities,” Menon said.

SHARING INFORMATION TO COMBAT CYBER CRIME

The wider use of technology has also given rise to the risk of cyber crime. The opening of the Financial Services Information Sharing and Analysis Center (FS-ISAC) Asia-Pacific regional office in Singapore in November last year will allow countries to exchange information and expertise.

“The center’s operations and the regional intelligence reports it produces will help Asia-Pacific countries to deal better with cross-border cyber crimes,” said Sopnendu Mohanty, MAS’ chief fintech officer.

By the end of the Fintech Festival in November 2017, MAS had signed a total of 16 fintech cooperation agreements with different jurisdictions. Such cooperation is expected to continue.

“These agreements facilitate information sharing on fintech trends and regulatory issues. They also have a referral mechanism that supports Singapore fintech startups in overseas markets, and facilitates overseas startups to set up in Singapore as a gateway to Asia,” Menon said.

While MAS is not expected to make further changes to its AML/CFT rules following a slew of amendments in the last few years to its various notices and guidelines, it may review the national risk assessment (NRA) in 2018, said Jason Tan, partner, AML and sanctions services at KPMG in Singapore. The last NRA was conducted in 2013 and published in 2014.

The findings from the Financial Action Task Force (FATF) mutual evaluation of Singapore in 2016 may see Singapore put greater focus on enforcement action related to terrorist financing, and asset forfeitures, Nizam said. In 2018, MAS will also focus on enhanced supervision, enforcement and “naming and shaming” for egregious breaches, particularly in the light of the 1 Malaysia Development Berhad (1MDB) case, he said.

The 1MDB case has also heightened awareness on several aspects of compliance. For example, boards of directors are



likely to put AML at the top of their top agenda, Tan of KPMG said.

“The focus will be on management oversight and culture, and the effectiveness of AML/CFT controls at financial institutions,” he said.

As more banks come to a point of cost rationalization, wider use of technology at financial institutions has become a reality. For instance, machine learning will increasingly be used for customer transactions and name-screening purposes, among others.

“This may change how AML compliance will be performed, and the change will be very fast in the next two years compared to what we saw in the last five years,” Tan of KPMG said.

SEVERALS BILLS IN FORCE

2018 will see the implementation of the Securities and Futures (Amendment) Bill following the passage of the bill in January 2017. The bill will have far-reaching implications given the wide range of areas it covers, Nizam said. They include the regulation of over-the-counter (OTC) derivatives; the widening scope of regulated activities (which will involve redefining debentures and collective investment schemes); the revamping of the accredited investor scheme (which involves the tightening of the wealth criteria for accredited investors, and putting in place an “opt-in” regime

REUTERS/Edgar Su

for accredited investors, among others); a new regime for financial benchmarks; and a tighter regime for market abuse.

MAS has also proposed the removal of the representative notification requirement for representatives that only deal with accredited or institutional investors.

“This is likely to take effect if the proposal is pushed through,” Nizam said.

The Singapore Variable Capital Company (S-VACC) Bill may also be implemented in 2018 following consultation on the structure which encourages redomiciliation of funds, including venture capital funds.

The Payment Services Bill, which remains in public consultation, is likely to be implemented by 2018, Nizam said.

“This will bring far-ranging changes to the payments framework. It will regulate the entire value chain of payment services in Singapore. Many activities previously unregulated will soon be regulated,” he said.


HONG KONG FACES UP TO FINTECH/REGTECH CHALLENGESStartups aiming to disrupt the market with fintech or regtech solutions will continue facing unique challenges in Hong Kong, with its fragmented, sector-specific regulatory regime and market dominance by large, established financial institutions.

Hong Kong has four main financial regulators — the Securities and Futures Commission (SFC), the Hong Kong Monetary Authority (HKMA), the Insurance Authority (IA) and the Mandatory Provident Fund Schemes Authority (MPFA).

This presents a higher market entrance cost for startups, as well as difficulties in determining which regulatory regime will apply to any given fintech solution. In 2017 the HKMA, SFC and IA set up fintech sandboxes which were intended to be interoperable. The authorities have also signed a number of agreements on fintech “bridges” to other jurisdictions, such as the UK, to try to lower the entrance barriers for startups.

In banking, the marketplace is dominated by large, established players: some 29 of the world’s 30 global systemically important financial institutions (G-SIFIs) have a presence in the territory. As a result, Hong Kong is not a place where technological change is driven by smaller fintech market disruptors, but rather by existing institutions partnering up, or investing in, fintech startups. This makes the pace of disruption slower and perhaps less innovative than in other jurisdictions, said Etelka Bogardi, partner at law firm Norton Rose Fulbright in Hong Kong.

“This dominance of incumbent financial institutions is evidenced by some of the regulatory responses, such as the fact that unlike, for example, the UK or Singapore, the regulatory sandboxes are available only to institutions that are

already licensed or those that have partnered up with licensed financial institutions,” she said.

Additionally, non-traditional players seeking to work with established financial services providers sometimes find that beyond their innovation teams, incubators and open application programming interface (APIs), those institutions are still run as before, and are not set up to deal with fintech developers, said James Lloyd, Asia-Pacific fintech leader at EY in Hong Kong.

Regulators also need to keep up with the rapidly changing landscape in financial technology. In Hong Kong, as well as other parts of Asia, they have so far proved fairly forward-looking, said Carl Wegner, managing director and head of Asia at R3. Within distributed ledger technology (DLT), the HKMA and the Monetary Authority of Singapore (MAS) late last year announced they would set up a world-first cross-border trade finance platform based on DLT.

“They are spending lot of time on [understanding] how DLT works,” Wegner said.

Several Asian regulators had already sent staff to become certified in the subject matter. “If you are going to regulate something, you have to understand it,” he said.

Still, the overarching challenge for the financial industry and regulators alike will be to ensure that the pace of innovation is not encumbered by inflexible regulation, while maintaining a high standard of customer protection.

REUTERS/David Loh



FATF EVALUATION SET TO GIVE HONG KONG MIXED REPORT Hong Kong’s anti-money laundering (AML), know-your-customer and broader financial crime regime is likely to receive a mixed report card when the Financial Action Task Force (FATF) undertakes the territory’s mutual evaluation set for October.

On the plus side, the city has been more active and commercially practical about pointing out to financial institutions that AML is more than a tick-the-box exercise, said Bill Majcher, head of EMIDR, a local risk management and cyber security firm. “There appears to be a growing awareness that much more can be done to be more commercial while at the same time offering more common-sense solutions to financial crime and money laundering,” he said.

Specifically, Hong Kong is likely to get credit for the introduction of the Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance (AMLO), which came into force in 2012. Other positive developments include various proposed amendments to the AMLO and the local Companies Ordinance. The proposed amendments, which impose statutory customer due diligence (CDD) and recordkeeping requirements for designated non-financial

businesses and professions (including solicitors) and enhance the transparency of beneficial ownership of Hong Kong companies, are expected to become effective before the next evaluation.

“The widening of the regulatory ambit for AML compliance will no doubt be seen as a positive development by the FATF and, if administered properly, may put Hong Kong in a better light when compared with some of its APAC counterparts,” said Paul Dorrans, consultant with law firm Simmons & Simmons in Hong Kong.

The Securities and Futures Commission (SFC) and the Hong Kong Monetary Authority (HKMA) have stepped up their enforcement efforts in the recent years. The SFC has made AML and counter-terrorism financing (CTF) an enforcement priority and a focal point for its supervisory activities, and with sound results, as instances of identified non-compliance with AML guidelines have significantly reduced in recent years.

“These are significant developments which have attracted a lot of attention in the market. The FATF need only examine the three-fold increase in the number of suspicious transaction reports (STRs) filed since the AMLO came into effect in 2012 for evidence of the solid progress made in this area,” Dorrans said.

REUTERS/Bobby Yip


“Major stakeholders, especially financial institutions, are very much alive to AML risks and have demonstrated a good understanding of their reporting obligations,” he said.

There is likely to be some criticism of the very low levels of STRs filed by the territory’s professional services firms, said Nigel Morris-Cotterill, a counter-money laundering strategist.

“Hong Kong is the first major offshore center to have a mutual evaluation report since the release of the so-called Panama Papers and Paradise Papers. The fact that Mossack Fonseca, in particular, had an active office in Hong Kong will mean that inspectors will have in mind questions as to effective KYC and CDD, especially in relation to non-resident shareholders and directors. They may draw a distinction between legitimate holding companies and companies that have no or no significant commercial purpose,” he said.

REUTERS/Edgar Su

REUTERS/Bobby Yip

The FATF is likely to criticize Hong Kong for a lack of currency controls at its borders, particularly with visitors from mainland China and the vast sums of cash they bring over unchecked. Hong Kong also remains vulnerable to trade-based laundering, particularly in relation to funds relating to goods that never enter the jurisdiction, Morris-Cotterill said.



TRADE REPORTING, CLEARING TO TAKE SPOTLIGHT IN ASIAN OTC MARKETSMandatory trade reporting and clearing will take the spotlight in Asia’s over-the-counter (OTC) derivatives markets in 2018 as regulators begin to require market participants operating in their territories to undertake their obligations.

Singapore will continue with the next phase of mandatory trade reporting on October 1, 2018, which will apply to equity and commodity derivatives booked or traded in Singapore by banks and merchant banks. Booking location and trading desk location fields must also be reported by specified persons under the Singapore OTC derivatives reporting rules from the same date, said Tom Jenkins, partner, financial services at KPMG China.

South Korea will begin mandatory trade reporting in the second half of 2018.

While Hong Kong rolled out the second phase of mandatory trade reporting (which covered interest rates swaps and non-deliverable forwards) on July 1, 2017, market participants in the territory will continue to remediate issues pertaining to reporting next year, Jenkins said.

HKMA TO FOCUS ENFORCEMENT ACTION ON TRADE REPORTING

Trade reporting will likely come under the scrutiny of the Hong Kong Monetary Authority (HKMA) following indications in its 2016 annual report of its intent to focus on enforcement action against material contraventions of OTC derivatives rules from 2018 onwards, according to Jenkins.

“I think … it is because of the scope and complexity of reporting, and the fact that the number of institutions that are impacted is greater than those impacted by clearing. Under Hong Kong’s reporting rules, not only trades booked in a Hong Kong regulated entity but also trades conducted in Hong Kong which are booked in an affiliate must be reported,” he said.

The Hong Kong regulators have so far not indicated whether the third phase of reporting will be launched in 2018. Jenkins said this is unlikely given that a number of other rule changes are on the agenda for 2018.

REUTERS/Bobby Yip


MARGIN RULES FOR NON-CENTRALLY CLEARED DERIVATIVES

More Asian banks are expected to comply and post initial margin for uncleared trades in 2018, following the global phase-two margin rules implementation for uncleared derivatives in September 2017, said Frederic Shen, head of global treasury business management at OCBC Bank in Singapore.

Major financial centers such as the United States, the EU, Hong Kong, Singapore and Australia will move to the next phase of margin rules implementation in September 2018, Jenkins said. February 2018 will mark the end of a six-month transition period for margin rules implementation in South Korea.

On March 1, 2018, the Australian Prudential Regulation Authority’s risk mitigation requirements, which complement the margin rules, will take effect, Jenkins said. These risk mitigation requirements address topics such as portfolio reconciliation, portfolio compression, trade documentation and dispute resolution. Australia had already introduced its margin rules for uncleared derivatives.

2018 will also see more variation margin rules come into force in non-netting jurisdictions as they attempt to align with global variation margin standards, Shen said.

MANDATORY CLEARING

Mandatory clearing in Singapore, expected to commence in the second half of 2018, will apply to certain interest rate swaps, Jenkins said.

As more products are likely to be cleared through CCPs in 2018, a major concern about the impact of Brexit on central clearing looms large as LCH, being London-based, is a major CCP for swaps, Shen said.

“[The concern is because] there is a push by European regulators to have a European CCP clear Euro swaps [to be] regulated by [them],” he said.

REUTERS/Chaiwat Subprasom



Our enhanced background checks leave nothing to chance.Thomson Reuters Enhanced Due Diligence We deliver detailed background checks on any entity or individual, anywhere in the world. Using in-house research, our reports provide comprehensive and well-structured information, identifying key issues relating to bribery, corruption, and financial crime, among others.

risk.tr.com/edd

https://risk.thomsonreuters.com/en/products/enhanced-due-diligence.html?utm_source=jumbotron/eddutm_medium=banner/eddutm_campaign=edd


BASEL III PACKAGE FINALIZED BUT COULD SPELL END OF REFORMS; FRTB DELAYED TO 2022 As at end-November 2017, discussions on the Basel III capital reforms hit a quandary due to a tussle between EU and the United States over the latter’s hesitation to implement the Fundamental Review of the Trading Book (FRTB) and the EU’s disagreement (led by France and Germany) on the output floor recommended by the Basel Committee on Banking Supervision (BCBS). The discord was unexpectedly resolved when the Group of Central Bank Governors and Heads of Supervision (GHOS) met on December 7, 2017 to endorse the remaining elements of the Basel III requirements.

The final package which the GHOS agreed to includes the introduction of an output floor of 72.5 percent to be phased in over a five-year period commencing from 2022; revised credit valuation adjustment and operational risk frameworks; a leverage ratio surcharge for global systemically important banks; and confirmation that implementation of FRTB will be delayed until 2022.

BASEL III A COMPROMISE PACKAGE

While there was a sense of relief that the Basel III package was finally agreed upon by the Basel member states, there is disappointment among some.

“It’s such a big compromise in many areas. It doesn’t make everybody happy. I don’t think there is much enthusiasm from different jurisdictions; it’s very much a compromise package,” said Simon Topping, regulatory partner at Hong Kong-based KPMG China.

Keith Pogson, senior partner, financial services at EY in Hong Kong however pointed out that financial stability and computational ease are two main components to bear in mind when considering the big picture. A more common approach which is one-size-fits-all will produce a better outcome for financial institutions, particularly the large global banks, better known as global systemically financial institutions (G-SIFIs), he said.

“You know what you are dealing with and your operations globally have a common approach. That is going to have a better outcome for regulators and institutions rather than having multiple frameworks,” he said.

REUTERS/Toru Hanai



BASEL COMMITTEE FAILED TO REFLECT ASIAN VIEWS

The final Basel III package agreed by the GHOS at the December 7 meeting also failed to reflect Asian views, Topping said. What had been agreed to by European and American regulators at the Basel Committee are very different for Asia, he said.

“It’s difficult to come up with something that suits everyone. So what you have is a common approach which does not really suit anyone. A lot of Asian countries will have to think hard about how to implement it [Basel III]. There are parts there that are really not suitable for Asia,” he said.

For instance, the Basel Committee agreed that the risk weight for low loan-to-value residential mortgages will be between 20 to 25 percent under the new standardized approach. This is one area which some Asian jurisdictions will have difficulty implementing locally, Topping said. He cited Hong Kong as an example where banks under the current standardized approach are required to set aside 35 percent risk weight for residential mortgages. The Hong Kong Monetary Authority, he said, is unlikely to want to reduce the risk weight for residential mortgages from 35 percent to between 20 to 25 percent.

END OF REGULATORY REFORM?

The Basel III package which the GHOs have finally agreed upon has led to two different views about the fate of the Basel Committee. Some believe that the outcome of the Basel III negotiations could spell the end of regulatory reforms.

“Basel III is final but [the] Basel [rule-setting process] is also finished. Everything is done except sovereign exposures, which is too political to solve. I don’t think there is any appetite for regulators to continue meeting to consider any further changes or initiatives. That’s it. The next 10 years we are going to see implementation. That is going to be interesting,” Topping said.

Others, however, took the view that the Basel Committee will continue to have a role to play in the rule-setting process.

“At the G20 and G7 level, central banks and finance ministers will continue to see the benefits of having consistent standards for the global banking industry,” Pogson said.

Unlike the insurance industry, the banking industry has higher levels of standardization because of the interconnectedness of the world’s banking systems. This means that it is important that G-SIFIs adopt a similar capital calculation framework, Pogson said.


“There remains a job, a role for some form of banking forum, whether it is the BCBS or whatever that may be, to help achieve the level of consistency,” he said.

Discussions in the United States about how Trump is going to deal with de-regulation, and similar discussions in Europe about local tailoring all fall against the backdrop of a need for some kind of consistency in regulation, Pogson said.

“Whether there is room for customisation or whether it is one-size-fits-all for non-G-SIFIs, it is an interesting discussion. But the less complex nature of the non-G-SIFIs, and the consequences around whether there is a need for non-G-SIFIs to implement similar standards recommended by the Basel Committee is an area worthy of further thought,” he said.

MORE THAN ONE CAPITAL FRAMEWORKS

It remains to be seen whether the banking industry will end up with two or more capital frameworks: one for G-SIFIs and one or more for the rest.

But the chances for the leading financial centres of Asia such as Australia, Hong Kong, Japan and Singapore to adopt the final package of Basel III are high, Pogson said, adding they will have to make sense of it and decide whether they are going to implement the full package “lock, stock and barrel” or build in their own considerations.

“Whether they [Asian regulators] want to alter the output floor, that is within their sovereign power,” he said.

IMPLEMENTING BASEL III IN THE NEXT 10 YEARS

As each country puts Basel III into local legislation in the next 10 years, some countries will face challenges from their legislators who may not agree with what their representatives at the Basel Committee had agreed to.

“Whatever the Basel Committee has agreed upon has no legal effect. It is up to each country to implement it. Legislators in each country are going to do what is right for their countries. They are not bound by what the Basel Committee has said. In countries like the U.S., France and Germany, and probably many in Asia, the legislators will look at it all over again. They are not going to rubber stamp it just because it is agreed at the Basel level,” Topping said.

ASIA MAY SET COMMON STANDARDS

Topping took the view that Asian regulators are likely to go their own way given that what the Basel Committee has agreed upon is not suitable for implementation in Asia.

“It’s quite likely that Asian regulators will ask: Is this [Basel III final package] right for our market? This could be the issue that will unite Asian jurisdictions a bit more. Maybe it’s time for Asia to come up with common standards. This could be the thing that will drive Asian countries to cooperate more and work closely together,” he said.

ASIAN REGULATORS WILL NOT DISADVANTAGE ASIAN BANKS

Hong Kong, Singapore and Australia announced in 2017 that FRTB implementation would be pushed back to 2020. Given the latest developments at the Basel level on December 7, further announcements from some Asian jurisdictions are expected in 2018.

“Asian regulators will not disadvantage their own banks by implementing FRTB ahead of the U.S. or Europe as FRTB imposes significant additional risk weighted assets on the market risk exposure of banks,” said Dr Frederick Shen, head of global treasury business management at OCBC Bank.



ASIAN SATELLITE MARKETS TO FOCUS ON AML/CTF, DATA PRIVACYSoutheast Asian regulators are expected to focus on issues from data privacy to anti-money laundering, counter-terrorism financing and senior management accountability.

The recent adoption of senior management accountability regimes in the UK and Hong Kong has put the spotlight on culture and individual accountability. Regulators have increasingly come round to the idea that a corporation’s culture is unlikely to be improved by punishing a firm for a regulatory breach that ultimately was conducted by an individual. By holding individuals accountable, regulators hope to encourage firms to boost their culture, and, over time, to improve banks’ relationships with their customers.

Rebuilding the customer trust lost during the financial crisis and following the widespread mis-selling of financial products remains vital to the long-term viability of an Asian banking sector that is increasingly threatened by more high-tech alternatives to traditional banking. As financial institutions continue to be affected by cyber attacks, customer loyalty will only be afforded to those firms that are nimble, and able to keep up with the pace of innovation in technology.

At the same time as technological innovation is lowering both costs for cross-border transactions and the threshold for financial inclusion across the region, the abundance of data made available through technology has also alarmed regulators. Taking a cue from the planned implementation of the EU General Data Protection Regulation (GDPR) in May 2018, which is set to affect many financial institutions across the region, regulators around Asia have also used the opportunity to beef up their own data privacy regimes.

Singapore, Indonesia, China, Malaysia and South Korea have in recent years tightened their guidelines on risk management and outsourcing, as part of an effort to ensure financial institutions’ customer and operational data remains secure.

Some governments, such as Indonesia, have passed laws intended to keep data “onshore” and prevent firms from sharing customer data across borders. A recent law in Indonesia requiring firms to locate their data centers in the country by the end of October 2017 is a sign of more to come, experts believe.

Across the border, Bank Negara Malaysia would also like to introduce more restrictive outsourcing regulations, amid concern in the industry that this might lead to restrictions on the transfer of data across borders as well.


While some governments are choosing to stop data from flowing, as in Indonesia, there are also a number of regional initiatives underway to set common standards.

The Asia-Pacific Economic Cooperation (APEC) forum is looking to negotiate a cross-border privacy regime, and there are also some working groups considering the issue within the Association of Southeast Asian Nations (ASEAN).

The moves to restrict the flow of customer data across borders are in sharp contrast to the approach governments in the region have taken to tackling money laundering and the financing of terrorism.

In response to the higher threat of terrorism in Asia since the collapse of Islamic State in the Middle East, financial intelligence units from across the region have signed up to a real-time information-sharing platform to use innovations such as blockchain, encryption and virtual reality to share counter-terrorism data.

Authorities are eager to prevent battle-hardened ISIS fighters from gaining access to funds to launch terrorist attacks in Asia. Recent events in Marawi in the Philippines have highlighted the threat that this poses, and intelligence sources have also identified parts of Eastern Malaysia and Indonesia as high-risk areas for housing cells of ISIS-linked extremists.

In response to the need for stronger tools than traditional transaction monitoring, one of the more recent regulatory initiatives has involved the use of big data to analyze payment data from non-financial sources, such as the sale of high-risk or dual-use items in hardware stores. Authorities are also considering the use of public-private partnership models between law enforcement agencies and financial institutions to identify and respond to terrorism financing threats.



AUSTRALIA HERALDS SHIFTING ENFORCEMENT LANDSCAPE Cyber risk, counter-terrorism financing, technology, senior management accountability and a heightened enforcement climate will be among the biggest themes in Australian financial regulation during the next 12 months. The year ahead will see the closure of a series of major enforcement actions, including the third major benchmark-rigging case against Westpac and the resolution of the Commonwealth Bank (CBA) money laundering litigation.

All of this will come against the backdrop of an unprecedented royal commission into the financial sector, which will play out throughout 2018. In addition, regulators will be focusing on the risks associated with the tech-driven disruption of financial services as well as the continued threat of cyber attacks.

In general, technology will be a pervasive influence in the year ahead as regulators and financial institutions grapple with the threats and opportunities associated with “fintech” and “regtech” innovation. The Australian Securities Exchange (ASX), for example, is set to pioneer the use of distributed ledger technology (DLT) to power the next generation of its post-trade infrastructure, following a two-year trial of the platform.

On the financial intelligence front, the Australian Transaction Reports and Analysis Centre (AUSTRAC) will look to

use encryption, DLT and other innovations for real-time information sharing between the public and private sectors.

CYBER AND TECHNOLOGY RISK

The systemic risks associated with a major cyber attack will continue to trouble regulators throughout 2018. The Australian Securities and Investments Commission’s (ASIC) market integrity team will be focusing its compliance efforts on technology, cyber resilience and conduct risk in the coming year.

The conduct regulator will continue to raise awareness of technology risks and the need for cyber resilience programs. It will also send self-assessment questionnaires to market intermediaries to ensure they are aware of their obligations in this area.

ASIC’s supervision teams will focus their efforts on the technology and operational risks among the major licensees. The regulator will also conduct compliance reviews into technology-dependent licensees.

The regulator is concerned that a major cyber attack could spiral out of control, undermining an organization and destabilizing the markets. This in turn would damage investor trust and confidence in the financial system.

On the technology front, ASIC will continue to explore the impact of DLT, or blockchain, in the markets. Both the ASX and the Sydney Stock Exchange (SSX) are exploring the

REUTERS/Daniel Munoz


potential in this area. The ASX will open a consultation in March on its plans for a new post-trade platform based on DLT technology, to replace its ageing SMARTS infrastructure.

Looking ahead, ASIC is expecting to see intense interest in blockchain technology among operators of financial market infrastructure, financial institutions, financial services providers and fintech players.

Blockchain technology is likely to be used to facilitate foreign exchange remittance payments, securities settlement systems, debt issuance programs and digital identity platforms. ASIC said it expected the “range of potential applications” of blockchain to continue to expand.

CHANGES IN REGULATORY LEADERSHIP

Financial institutions will begin 2018 with a level of trepidation following the leadership changes at the helm of the country’s two major financial regulators. The new appointments at ASIC and AUSTRAC come as both agencies signal an intention to continue their more active enforcement presence, backed by strong political support.

Nicole Rose, the new chief executive of AUSTRAC, will guide the agency through a challenging period. In addition to being part of the move to the Home Affairs “super ministry”, Rose will be responsible for leading the agency through the CBA enforcement case, which is set to be the largest civil enforcement matter in Australian history. Rose is likely to advocate behind the scenes for the extension of the AML/CTF framework to cover lawyers, accountants, real estate agents, jewelers and other gatekeeper professions.

REUTERS/David Gray

At ASIC, new recruit James Shipton will take up the chairman’s role from February 2018. The market is watching closely to see what temperament Shipton adopts on a range of issues, including supervision, enforcement and litigation. Shipton is viewed as a politically neutral candidate with an array of skills and experience. He joins ASIC as a recognized expert on financial law, a former regulator and an experienced investment banker.

The industry expects ASIC to take a more assertive line on enforcement than it did under his predecessor. Greg Medcraft made it clear as he left the regulator last year that he was disappointed with the industry’s response to his collaborative approach to resolving regulatory issues, such as benchmark rigging and consumer mis-selling.

Following Medcraft’s “litigation-lite” tenure at ASIC, enforcement is expected to be a defining feature of Shipton’s leadership. To bolster this capacity, the year ahead will see the appointment of an additional ASIC commissioner with expertise in litigation and enforcement.

SENIOR MANAGEMENT ACCOUNTABILITY

The Australian Prudential Regulation Authority (APRA) will press for greater senior management accountability in 2018 as it rolls out the Banking Executive Accountability Regime (BEAR). The regime will establish a class of directors and senior executives within authorized deposit-taking institutions (ADIs) who are referred to as “accountable persons”.

These executives will have to register with APRA prior to taking up their duties. Banks will also have to develop accountability statements and maps that set out the roles



and responsibilities of each accountable person.

APRA will hire five new full-time staff and receive an additional A$1 million in litigation funding to build up its capacity to enforce the new regime. The BEAR framework will also give the prudential regulator new investigative powers and the ability to hold senior banking executives to account, including the imposition of bans.

The new laws will also introduce a stronger penalty regime in the event that senior managers fail to meet their obligations under the accountability regime. APRA will expect executives to behave in a manner that is “consistent with protecting the ADI’s prudential standing and prudential reputation”. Accountable executives will need to maintain sound governance arrangements, prudent management practices and ensure their organization maintains a healthy financial position.

The implementation deadline of mid-2018 is expected to prove challenging for firms and the regulator. In the next six months the regulator will need to consult with businesses on their preparation for the implementation of the regime and possibly issue guidance. APRA will also need to prepare reporting and data management systems and processes to accommodate the accountable persons register and the submission of accountability maps and accountability statements.

APRA will also consider extending key aspects of the BEAR framework to other regulated entities, such as insurers and superannuation entities. If it decides this is appropriate, accountability maps and statements may be introduced with prudential standards, rather than requiring specific legislation to be passed.

DEFERRED PROSECUTIONS

One of the major enforcement changes in 2018 will be the introduction of a deferred prosecution agreement (DPA) scheme for major corporate offences. The proposed framework will apply to a range of corporate offences, including AML/CTF failures, sanctions breaches, foreign bribery offences, false accounting and dealing with the proceeds of crime.

The broad DPA regime will be incorporated in legislation to overhaul Australia’s foreign bribery laws, which is expected to pass into law easily with bipartisan support. DPAs are used in the United States and the UK as a way to resolve serious corporate offences quickly. They allow companies and prosecutors to strike a voluntary agreement to “defer” a prosecution in return for specific actions taking place. If the terms of the DPA are met the prosecution is discontinued.

The deferred prosecution model will require a company to take specific action to address the harm caused by the offending. Parties to a DPA will need to take steps such as providing compensation to victims, disgorging illicit profits and implementing improved compliance programs. Companies that enter into a DPA will also have to cooperate with a related investigation.

The implementation of a DPA scheme is expected to help Australia to meet its international obligations to combat corruption, money laundering and related criminal conduct. Under the new system there will be an incentive for companies to self-report serious corporate offences, such as bribery and corruption.

REUTERS/Jason Reed


THOMSON REUTERS REGULATORY INTELLIGENCENAVIGATE THE GLOBAL REGULATORY ENVIRONMENT WITH CONFIDENCE

Thomson Reuters Regulatory Intelligence delivers a focused view of the global regulatory environment, empowering compliance professionals to make well-informed decisions to manage regulatory risk using the most comprehensive and trusted intelligence available.

This solution cuts through the complexity and sheer volume of content within the regulatory environment by providing clarity on what is most important for your organization, in a cost-effective way.

• A full and up-to-date view of the regulatory environment, from the broadest global industry perspective down to the most granular detail.

• Coverage of over 750 regulatory bodies and over 2,500 rulebooks from across the world – more than anyone else.

• Richest source of regulatory content: news, analysis, rulebooks, regulatory events and practical guidance.

• Actionable and practical information, from board level reporting to operational compliance management.

LEARN MORE AT RISK.THOMSONREUTERS.COM/REGULATORY-INTELLIGENCE



Notes

Visit risk.tr.com

S055954/1-18

Risk Management Solutions from Thomson ReutersRisk Management Solutions bring together trusted regulatory, customer and pricing data, intuitive software and expert insight and services – an unrivaled combination in the industry that empowers professionals and enterprises to confidently anticipate and act on risks – and make smarter decisions that accelerate business performance.

For more information, contact your representative or visit us online at risk.thomsonreuters.com

REUTERS/Eddie Keogh

http://risk.tr.com


state of regulatory reform 2018: a special report...7 beyond the sandbox: fintech set for new phase...

Documents