What’s Coming in Compliance in 2016: More focus on data and ownership, and more

Not surprisingly, many of the key hot topics and trends from 2015 will be even bigger issues in 2016, such as the accuracy and tuning of transaction monitoring and screening systems, the depth and security of data feeding into compliance programs, and independent validation procedures to convince state and federal examiners and investigators the overall program is stout. To read ACFCS’ lookback on 2015, please click here.

This year, though, could also see institutions going beyond regulatory requirements to better insulate themselves from formal or informal orders and protect top compliance officers from liability by requiring more clients to certify they are not tied to criminal or corrupt entities, push corporates to adopt anti-money laundering (AML)-type know-your-customer provisions, or “peek under the skirt” of an entity to more precisely calibrate financial crime risks.


Here are some of the potential key program and regulatory pain points for 2016, according to conversations with members, compliance officers, consultants and analysts:

Technology: This year could be the rise of the Fintechs, including companies helping banks with KYC through proprietary online search tools, data integrity, and better system functionality to weave changes in customer information or transactions back into the historical risk assessment in a more real time basis and more efficiently and quickly into suspicious activity reports (SARs).

Terror finance: Expect to see a continuation of the Paris-based Financial Action Task Force (FATF), which sets the global financial crime agenda, using its influence and recommendations to find more ways to prod governments within and without to share data on potential terror funding streams, particularly with ties to ISIS, foreign fighters or domestic and lone wolf threats.

The recent terror attacks in France, domestic lone wolf actions, along with increasing tension in the Middle East, Russia and roiling international markets in Asia could also result in compliance aftershocks in 2016, including heightened illicit capital flight from the region.

Because of the Paris attacks, banks in France and their foreign branches have already been instituting stricter procedures for risk ranking customers and inquiring about source of funds, lowering identification and monitoring thresholds for cash, checks and wires and a push for the bank to find live humans behind any convoluted ownership structures, according to a compliance officer for a large French bank.

“There is a big focus on technology in compliance,” such as automated alerts, transaction and screening systems but also more analysis of what domestic and foreign governments are asking for in terms of investigative assistance, said the person, who asked not to be named. “But we also have to ask the right questions and find the one who built the company, the one behind everything.”

Corporate transparency: In the European Union and United Kingdom, watch for the finalizing of beneficial ownership initiatives and more pressure on the US to finalize its own, weaker version of beneficial ownership rules, requiring banks to get details down to the 25 percent ownership level, but without a corresponding requirement for company formation agents.

Officer liability: Due to federal initiatives to more forcefully tie compliance failures to individuals, 2016 could see compliance staffers, senior executives and even board members chastised, penalized or banned from banking for willful, egregious or longstanding compliance failures.

Customers’ customer: As well, to better gauge risk, look for banks to require additional customer and company data, or even require certain clients to adopt AML-type responsibilities – such as large, international trading firms, third-party payments processors and businesses and charities near terror hotspots – to get a better sense of vulnerabilities to money laundering or corruption.

Cybersecurity: The year will likely see federal and state regulators tying financial crime prongs together more tightly, including AML, fraud, sanctions and cybersecurity. Authorities, particularly in New York, could prod banks to move to multifactor authentication for staff and customers for email, new and more rigorous staff monitoring and internal approval processes and require cyber expertise be embedded in all departments – not just seeing cybersecurity as an IT and technology issue.

The decisions around and resources devoted to thwarting cyber thieves have taken on increased importance as these groups in the last two years have infiltrated some of the largest banks and retailers in the United States, including JPMorgan, Home Depot, Target and also perforated choice government data nodes, such as the Office of Personnel Management.

Breach prevention: Part and parcel of a more extensive cyber defense initiative is the US Treasury and examiners prompting banks to gather and document more cyber details in SARs, with Treasury noting recently that less than 2 percent of SARs contain IP address information.

That could include more cyber training for compliance staff and a push for banks to do a cyber vulnerability and data risk assessment, to find virtual gaps before hackers can and insulate data more securely in the event a breach occurs to strengthen cyber “resilience” and “maturity.”


FinCEN’s force awakens

The aggressiveness of the US Treasury’s Financial Crimes Enforcement Network (FinCEN) is also likely to continue and even gain momentum.

During the year, FinCEN released a bevy of new proposed, resurrected and finalized rules, including a proposal to require financial institutions to capture beneficial ownership information, re-releasing an initiative to require banks and money remitters to get more details on cross-border wires, and grafting AML obligations to several parts of the investment sector, among other actions.

The bureau also got more aggressive using its powers around geographic targeting orders to increase the scrutiny and reporting requirements in the areas of trade, fashion and armored cars in states like California and Florida.

Overall, the agency hit several major milestones in 2015, issuing its first penalty in the virtual currency sector, its first penalty against a large casino and its first compliance related penalty against a bank for not realizing certain transactions were tied to judicial corruption.

Also on the corruption front, in August, The Bank of New York Mellon paid nearly $15 million to settle charges by the US Securities Exchange Commission it violated federal bribery laws by selectively awarding internships to the family members of officials with ties to a Middle Eastern sovereign wealth fund with more than $50 billion in assets.

JPMorgan Chase and a half-dozen other financial institutions are being investigated for possible FCPA violations, said one expert.

In the aftermath of the BNY Mellon penalty, expect to see federal investigators and examiners asking more questions around how banks secured deals tied to sovereign wealth funds, particularly if the country involved is known for being high on corruption lists, and low on compliance controls.

“That was the first case that involved a corruption penalty, bank and sovereign wealth fund,” but likely won’t be the last, said Thomas Fox, founder of the Houston-based boutique law firm tomfoxlaw.com, and contributor to the fcpablog.com.

“Banks usually have a lot of dealings with such funds because they have so much money for banks to invest,” in some cases billions of dollars, he said. “As well, there could be additional enforcement actions because in order to get those deals, it’s not just institutions giving favor to sons and daughters, but also nephews” and other relatives of public officials in the given fund’s jurisdiction, which could violate anti-corruption rules.

In addition, as a measure of protection for themselves, you could see more banks this year requiring certain compliance steps or assurances from corporates and other entities in order for these operations to gain a loan or account, Fox said.

For instance, that may mean a bank requiring a company to yield more details about where it operates and with what kinds of customers it has or, in a trade context, requiring the divulgence of extra details about the customer, shippers, counterparties, beneficial owners and size and per unit cost of certain items, to ensure they make sense and so the bank can run the names through PEP and sanctions watchlists, he said.

Market maelstrom

Compounding the challenges of creating strong compliance programs in banks and also pushing certain responsibilities to clients, though, could be economic and geopolitical uncertainty.

With the year beginning with turmoil in China’s markets, and a likely domino effect in US and other international markets, that could increase opportunities for criminals to spread stock scams, increase the risks of insiders engaging in fraud to make up for lost income and anyone recently out of work and desperate falling for a “work at home” money laundering scam.

“The downturn in China has affected all of the markets,” said Garry Clement, president and chief executive of Clement Advisory Group, and the former director of the National Proceeds of Crime program for the Royal Canadian Mounted Police.

“That could lead to people out of work and salaries going down immensely, leading to more frauds within organizations to make up for lost commissions,” he said. “Whenever the world economy is in a state of flux, financial crime goes up.”

At the same time, a shrinking economy could also mean banks have less money to spend on financial crime compliance departments, Clement said.

“The fact that financial institutions are going to be struggling to maintain revenue streams means it’s only a matter of time before there is some constriction in compliance departments,” he said, adding that puts more pressure on federal exam teams to find program gaps, a challenge as well due to many long-term senior examiners retiring or joining private practice.