7 Creative Ways To Incorporate Storytelling In Compliance Online Training

Article by Learningpool

The customer experience

Authors: Kirstie Ball, Sally Dibb and Keith Spiller of the Open University Business School and Ana Canhoto of the Oxford Brookes University Business School.

The regulations around anti-money laundering (AML) place private sector organisations at the frontline of crime prevention and, in the case of counter terrorist financing (CTF), national security. Know Your Customer (KYC) and Customer Due Diligence (CDD) raise questions that concern not just regulatory compliance but also the impact of AML on core business processes and competitive advantage.

Financial services organisations monitor customer transactions both to detect suspicious activity and for marketing purposes. Customer relationship management (CRM) involves mining the information to anticipate and service customer needs over the longer term; it has proved highly effective, enabling firms to identify lucrative prospects, target messages and products, and generate revenue. As well as relying on the same data as CRM, AML employs similar statistical techniques to derive its results. CRM focuses on the attractive customers, whereas AML seeks to isolate the risky ones. The close parallels prompt questions: do organizations that know a lot about their customers through CRM prove equally competent at AML? How does AML, as it translates into operational requirements, affect the customer relationship? Recent opinion from Harvard Business School [1] suggests that business organisations have a duty to take their social responsibilities – including combating financial crime – as seriously as they do their commercial imperatives. But questions persist over the degree of responsibility and pressure that AML/CTF imposes on regulated businesses and, by extension, their customers.

Notes

1. Porter, M and Kramer M (2011) ‘Creating shared value: How to reinvent capitalism – and to unleash a wave of innovation and growth’, Harvard Business Review January – February, pp 62 – 77

Regulate Online Political ADs for Greater Political Integrity

10 March 2021, published on Transparency International

Governments must update election laws to ensure online political advertising is legitimate, its financing transparent, and microtargeting is kept to a minimum. And they need to hold platforms accountable.

Online platforms such as Facebook and Google have become prime virtual real estate for political advertising in recent years.

Such advertising has revolutionised the political process, opening up a world of opportunities for political actors to connect to voters. In turn, groups of constituents can use their own voices more effectively for civic participation. Online advertising can also help less conventional politicians with fewer resources, freeing them from reliance on wealthy donors.

Online political advertising – defined as paid digital communications that aim to influence voters’ or political office holders’ decisions on matters of public interest – has the potential to do even more.

Digital ad spending in the last general election in the US – the country with the biggest market – had hit a record US$1 billion by February 2020. By a few weeks before the November 2020 elections, at least US$3 billion may have been spent on online ads.

While online political advertising is more prominent in the US and Europe, it is quickly becoming a force to be reckoned with in other parts of the world too.

However, this potential force for good has rendered traditional political finance regulations obsolete. Six out of 10 countries worldwide do not have any restrictions on online political advertising at all. Without regulation, online political advertising threatens financial transparency and accountability in the political process.

A new report by Transparency International provides an overview of these risks and recommends five measures to help ensure that online political advertising serves the public good.

Just two companies dominate the multi-billion dollar online political advertising market worldwide – Facebook, which holds around 80 per cent of the share in social media platforms, and Alphabet (Google, YouTube, etc.) which has roughly 90 per cent in search engines. Such concentration without regulation leaves these big tech companies with enormous power in their hands.

Too often, such companies allow a high degree of opacity in online political ads. The public do not know who places an ad, who pays for it, or who it is being shown to.

The ill-effects are starting to show. From misinformation and disinformation, to cybersecurity risks and microtargeting – democracies around the world are feeling the effects of political content on digital platforms gone awry.

Disinformation – information that is deliberately false or misleading – can affect all parts of our society. Just last week, a fake YouTube channel created with the name Transparency International began paying to promote defamatory content about other anti-corruption organisations working on a case in the Democratic Republic of Congo. Platforms such as YouTube, which lack proper checks on these ads and who is behind them, not only undermine democracy and accountability but can facilitate attacks that threaten the work done by civil society organisations.

In order to realise the full potential of online potential advertising, we must first address the myriad transparency and accountability risks it poses.

Regulating online political advertising would be an important step towards removing undue influence from politics. We recommend:

  • Updating political financing regulations for the digital era, including an updated legal definition of political advertising.
  • Ensuring authentic political messaging through identity verification processes, the use of official accounts by political actors and the removal of inauthentic online content.
  • Holding online platforms and advertisers accountable for ad transparency.
  • Raising the bar for financial reporting by political actors and online platforms.
  • Restricting microtargeting and enhancing standards for trading personal data.

 

Debates about regulating online platforms often end up being about definitions: when is a platform a publisher, what counts as free speech? But when it comes to online political advertising, the important questions are more a matter of choice: Do we want a world where digital technologies serve the public interest, making politics more responsive to communities? Or are governments and tech companies happy to allow powerful and opaque vested interests to dominate the information we receive about issues that affect us all?

 

What is a Compliance Dashboard? What You Need to Know

Article by Michael Volkov

When you think of a dashboard, what comes to mind? Is it a panel containing instruments and controls that indicate the health of your vehicle, or charts that provide information and statistics? Simply, a dashboard provides a picture story in one view. Just like a car dashboard will show you your speed, RPMs, and gas level, a compliance dashboard should show you key metrics at a glance to clearly understand the health of your program.

 

What Are the Benefits of a Compliance Dashboard?

Investing in a compliance dashboard solution provides your company with the ability to integrate data collected from various systems utilized within your company. This collected data is stored in a central warehouse that can be extracted to create the visual story you wish to communicate. This would eliminate the time and resources it takes to request the data from your lines of business, analyze the data, and manually create reports.

Other key features of a compliance dashboard are the ability to filter and integrate the data to generate customized reports and to identify issues and trends in real-time. You can utilize the dashboard to measure efficiencies and inefficiencies within your organization. The collected data provides the end-user with the ability to drill down and filter the data to get the desired results to monitor key performance indicators (KPIs) and key risk indicators (KRIs) to share with management or other stakeholders. The generated reports also provide documentation of your compliance program monitoring efforts.

A compliance dashboard is utilized to tell a story. You determine what story you wish to deliver and apply the data to meet your needs.

.

Why is Having a Compliance Dashboard Important?

In today’s ever-changing regulatory environment, organizations that are subject to maintaining a compliance program must ensure their program is effective as outlined in the Evaluation of Corporate Compliance Programs issued by the Department of Justice (DOJ) in June 2020. The DOJ emphasized the use of data to track and test the effectiveness of compliance programs. More importantly, this guidance stipulates:

“Do compliance and control personnel have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions? Do any impediments exist that limit access to relevant sources of data and, if so, what is the company doing to address the impediments?”

Regulatory authorities are monitoring companies to determine how effective their compliance program is. For companies that failed to implement a viable compliance program, they collectively paid billions of dollars in penalties and were subject to criminal prosecution.

The following companies are examples of being subject to criticism and fined for not maintaining an effective compliance program:

  • Capital One recently assessed a $390M civil money penalty for failing to implement and maintain an effective Anti-Money Laundering program.
  • Sabre Corporation, a travel technology company, paid a $2.4M settlement with 27 State Attorneys General for a 2017 data breach involving hotel booking services. Sabre failed to adhere to state laws regarding data breach notification.
  • Goldman Sachs settled $3.9 billion in penalties with the DOJ and SEC to resolve FCPA charges related to the Malaysian sovereign wealth funds, 1Malaysia Development Berhard (1MDB). Goldman Sachs’ compliance and control functions failed when the culture of compliance was pushed aside over profitable deals and bribery payments.
  • Berkshire Hathaway paid $4.1 million for violating Iran sanctions because one of its subsidiaries knowingly sold products to intermediary companies in Turkey with the knowledge that the products would be resold to Iranian end-users.

With the DOJ’s compliance program guidance, it is more relevant and important to ensure your company’s compliance program is effective and works in practice, to avoid these types of violations. Compliance touches various areas within your organization—so how do you monitor to identify issues, risks, and threats before they become a problem? The compliance dashboard is your tool to centralize collected data and monitor your compliance program.

 

How to Develop an Effective Compliance Dashboard?

Create your story. Work with the various stakeholders in your company to identify the applicable compliance regulations that make up your program. Inventory the various systems and platforms utilized by the lines of business to collect and integrate the data required to make informed decisions on the effectiveness of your compliance program.

When designing your dashboard, consider the following components you wish to display to align with the strategic needs of your company and lines of business:

  • Perspective – who is the report intended for
  • Objectives of the compliance program
  • Measurements (KRIs and/or KPIs)
  • Indicators – color-coded symbols to provide a quick glance of the measured performance.

In addition, determine the best visuals that would link the data to the strategic objectives of the dashboard:

  • Heat maps
  • Charts (bar charts, line charts)
  • Trends (month over month or year to year comparisons)
  • Scorecards to monitor KPIs and trends.

Identify, track, and manage your KPIs and KRIs of every compliance process in areas such as:

  • Reputation
  • Sanctions
  • Legal
  • Financial
  • Operational
  • Regulatory
  • Third party
  • Distribution channel
  • Fraud

From the collected data, identify trends and correct these trends where necessary. Review your chosen metrics in real-time to identify issues before they become a problem, and develop snapshots to report the performance of the compliance program with the board of directors, management, and other stakeholders in your company.

Part of the storytelling is to determine the type of dashboards to design based on your business requirements. It helps to define the purpose of the dashboard, data to collect, and who will receive this report. Some examples of using a dashboard can be:

  • Strategic
    • Informational and provides an overview to the board and decision-makers to monitor the health and opportunities of the compliance program.
      • Across the enterprise or by company function (i.e., Information Technology, Human Resources, Supply chain/Distribution Channels, Operations, AML, etc.).
    • Provides a focus on high-level, measurements of performance and forecasts.
      • Indicate areas that need improvement.
      • Identify areas that are well-managed and effective.
      • Trends illustrated.
    • Presents a static snapshot of data (daily, weekly, monthly, and quarterly) that does not constantly change.
  • Analytical
    • Provide more context to the data to include comparisons and history, with performance evaluators.
    • Analyze the data to drill down to underlying details.
  • Operational
    • Monitor and measure activities and events that constantly change, such as:
      • The number of opened/closed screening alerts and the age of the alerts.
      • The number of failed quality inspections per hour of manufactured parts.
      • Employees that have completed training vs. training not completed.
    • Receive alerts through the dashboard that may require attention and respond at a moment’s notice.
    • Track for open and closed issues.

Compliance dashboards can be as simple or detailed based on the amount of data you wish to display and the message you intend to communicate. Ensure the data supports the company’s strategic plan, the information is meaningful, and is useful to the intended audience.

Leveraging Compliance Management Software and Compliance Dashboards

Compliance touches all areas within your organization. Data plays an integral role to gauge how well your company is performing. The desired result is to monitor how effective your compliance program is in real-time. The compliance dashboard helps tell your story and the right technology can go a long way in making this vision a reality.

 

By Michael VolkovFebruary 11, 2021, published on GAN Integrity

Anti-Money Laundering Acronyms

Article by KYC360

Confused by all the abbreviations and acronyms used in the world of financial crime prevention and AML compliance? Let KYC360 help…

A

ABC – Anti-Bribery and Corruption

ACAMS – Association of Certified Anti-Money Laundering Specialists

ACPR – French Prudential Supervision and Resolution Authority

AMF – French Financial Markets Regulator

AML – Anti-Money Laundering

AML/CTF – Anti-Money Laundering/Counter-Terrorism Financing Rules

AMLD – Anti-Money Laundering Directive

APG – Asia Pacific Group on Money Laundering

APTs – Asset Protection Trusts

ARS – Alternative Remittance System

ATMs – Automatic Teller Machines

AUSTRAC – Australian Transaction Reports and Analysis Centre

 

B

BIS – Basel Committee on Banking Supervision

BMPE – Black Market Peso Exchange

BO – Beneficial Ownership

BSA – Bank Secrecy Act

 

C

CCPA – California Consumer Privacy Act

CDD – Customer Due Diligence

CFATF – Caribbean Financial Action Task Force

CFT – Combating the Financing of Terrorism

CRO – Chief Risk Officer

CRS – Common Reporting Standard

CSP – Corporate Service Provider

CTR – Currency Transaction Reporting

 

D

DOJ – Department of Justice (US)

DNFBP – Designated Non-Financial Businesses & Professions

 

E

EAG – Eurasian Group on Combating Money Laundering & Financing of Terrorism

EDD – Enhanced Due Diligence

EFT – Electronic Funds Transfer

EGFIU – Egmont Group of Financial Intelligence Units

eIDV – Electronic Identification & Verification

ESAAMLG – Eastern & Southern African Anti-Money Laundering Group

EU – European Union

 

F

FATCA – Foreign Account Tax Compliance Act

FATF – Financial Action Task Force

FCA – Financial Conduct Authority (UK)

FinCEN – Financial Crimes Enforcement Network

FSRB – Financial Action Task Force Style Regional Bodies

FIU – Financial Intelligence Unit

FX – Foreign Exchange Market

 

G

GAFILAT – Financial Action Task Force on Money Laundering in Latin America

GCC – Gulf Cooperation Council

GRC – Governance, Risk & Compliance

 

H

HMT – Her Majesty’s Treasury (UK)

HNWI – High Net Worth Individual

 

I

ID&V – Identification & Verification

IVTS – Informal Value Transfer System

IBC – International Business Company

IMF – International Monetary Fund

ISIL – Islamic State of Iraq & The Levant

ISIS – Islamic State of Iraq & al-Sham

 

J

JMLIT – Joint Money Laundering Intelligence Taskforce

JMLSG – Joint Money Laundering Steering Group (UK)

 

K

KY3P – Know Your Third Party

KYC – Know Your Customer

KYCC – Know Your Customer’s Customer

KYE – Know Your Employee

 

L

LC – Letter of Credit

 

M

MiFID – Markets in Financial Instruments Directive

MOU – Memorandum of Understanding

MLRO – Money Laundering Reporting Officer

MSB – Money Service Business

MENAFATF – Middle East & North Africa Financial Action Task Force

MONEYVAL – Committee of Experts on the Evaluation of Anti-Money Laundering Measures & the Financing of Terrorism

MLAT – Mutual Legal Assistance Treaty

 

N

NGO – Non-Governmental Organisation

NPO – Non-Profit Organisation

NRA – National Risk Assessment

 

O

P

PATRIOT – The Uniting and Strengthening America by Providing Appropriate Tools required to Intercept and Obstruct Terrorism Act 2001

PEP – Politically Exposed Person

PIC – Private Investment Company

PSP – Payment Services Provider

 

R

RBA – Risk-Based Approach

RCA – Relative or Close Associate

 

S

SAR – Suspicious Activity Report

SDN – Specially Designated National

SIE – Special Interest Entity

SIP – Special Interest Person

STR – Suspicious Transaction Report

 

T

TBML – Trade-Based Money Laundering

TCSP – Trust & Corporate Service Provider

TF – Terrorist Financing

TI – Transparency International

 

U

UBO – Ultimate Beneficial Owner

UN – United Nations

Compliance Officers are Almost Never Promoted Within Their Companies – Why?

Article by Yana Afanasieva

Compliance officers are almost never promoted within their companies and have to change jobs to get ahead – it’s just statistics. Since I often help my FinTech founder clients to interview their compliance leaders and regularly give feedback about their existing teams, I think I have a perspective.

Most compliance experts believe that their success is determined by:

  • How well they know the laws and regulations, and
  • How hard they work (hard work here means long hours, lots of stress, little support, and plenty of uncertainties)

…And I’m going to argue that hard work and deep knowledge will rarely if ever get you a promotion within compliance.

Yes, you need to know the laws and put in some effort, sure, but your success and career progress within FinTech will have almost nothing to do with knowledge, stress, and long hours.

The finTech industry is very competitive, and it struggles with profitability and scaling challenges. Founders and investors alike are looking for compliance to help to solve these two problems (profitability and scale) and there is only one efficient way to approach it – manage and deliver compliance projects as agile and lean tech projects. If you look at your compliance role as a “job” and a series of tasks and activities, you’ll likely never get ahead, because you won’t be delivering what your management expects you to deliver. Management does not want perfect compliance, they want things done (yesterday), more customers, more investors, more revenues.

The compliance function is not just onboarding, scanning, monitoring, approving, or risk rating customers or producing reports (this is pre-2008 crisis old-fashioned thinking if you ask me).

In 2021 and beyond, the compliance function is normally expected to deliver 1-2 large projects a year (new license, the launch of new products, new partnership, implementation of future PSD3…) and everything that happens must be subordinated to these goals.

Let’s look at a licensing project as an example.

I’d like to suggest that the only way to efficiently and cost-effectively go about securing a financial license with all the resources, time and team constraints is to establish it as a lean-agile project and manage it as a lean-agile project.

What I mean by this is the following: you need to understand the phases of your project (the application process in this case) and what actions and deliverables will help you make progress at each phase, and you focus on what is important at each phase.

When you concentrate on the right sequence of deliverables during the right time of the licensing process, and you know your next milestone, you can track your progress better, you can plan resources better and you no longer need to chase down millions of different ghosts, perceived problems, and non-essential issues that are likely not even relevant. Plus, if you never managed a large-scale compliance project, such as securing a license, you won’t be seriously considered for the CCO role in this day and age.

You may be arguing in your head – “but that’s not compliance role to manage projects and plan resources, I need a business owner or a project manager to do that…”

Well, think again. Your management and founders think it is the compliance leader who should be driving this because they don’t fully understand the risks and consequences, so you really have two options:

  • Either you learn how to manage and deliver compliance projects as a new generation compliance leader, or
  • You will keep failing and changing jobs

Think local, act global? Designing multi-jurisdictional compliance programmes

Compliance professionals in many large organizations face a dilemma: is it possible to maintain the clarity of a single global compliance policy while complying with increasingly divergent local laws?

As many KYC360 readers will know from their own experience, having jurisdiction-specific compliance policies subordinate to global standards can be more trouble than it’s worth: the more intricate the policy structure, the more confusing it is for our colleagues. (And let’s be frank among colleagues: not even we enjoy reading long compliance documents.) At the same time, jurisdictions are increasingly passing legislation that tends towards divergence, not convergence. So is it possible to comply with all relevant laws without driving everyone crazy? This article compares different approaches across several otherwise similar markets, to highlight the issues at play.

The basic dilemma

Carrying out global business in compliance with local statutory requirements is a challenge to any corporation with cross-border operations. The emerging trend of country-specific anti-corruption laws is a significant compliance related development to be tackled in international business. The feedback received from international organizations such as the OECD when conducting their evaluation rounds has led to many jurisdictions not being satisfied with merely criminalizing bribery related offences, but also imposing an obligation for corporations to adopt a compliance program with certain minimum requirements.

In jurisdictions like the UK or the US this is already old news, and now it seems that continental Europe is following the regulatory trend. It goes without saying that the content of the regulations varies jurisdiction by jurisdiction, putting international companies in the crossfire of several different and potentially conflicting regulations.

The wide range of statutory requirements

In some jurisdictions, an adequate compliance program (for example, a proportionate policy, real implementation, a whistleblowing facility that works and a decent standard adequate level of internal controls) may be mandatory as a term of a financial services licence. In others, its existence might serve as a defence to a prosecution of a legal person under anti-corruption or fraud law (as in the UK), or at least as a mitigation of associated penalties (as in the USA). Consequently, corporations operating in these jurisdictions are usually willing to attempt to put such a system in place. (Whether those programs are any good is a different question: Eversheds Sutherland’s research shows that only 41% of managers think that their company’s anti-bribery programme works well in practice.)

However, there are many jurisdictions without any statutory obligation to adopt a compliance program. The structure and content of the legislation thus varies country by country.

Let us consider whistleblowing regulations in the Nordic countries (despite them ranking high in anti-corruption statistics) as an example. In Finland, there is no specific anti-corruption code imposing obligation to adopt a statutory anti-corruption compliance program. The Government is in the early stages of preparing legislation for protection of whistleblowers, but no bill has yet been prepared. Bribery and related offences are criminalized as in any other OECD member country, but implementing a statutory compliance program with certain checks and balances is by no means a legal obligation. In neighbouring Norway there is a statutory obligation to adopt a whistleblowing system for e.g. anti-corruption purposes (Arbeidsmiljöloven 2005). In Sweden, new legislation that entered into force in January 2017, provides for more efficient protection for whistleblowers (Lag (2016:749) om särskilt skydd mot repressalier för arbetstagare som slår larm om allvarliga missförhållanden). In Denmark, there is no special legislation protecting whistleblowers as such, but there is a statutory obligation for financial services businesses to have a whistleblowing channel in place (lov om financiel virksomhed).

More recently, some jurisdictions have gone even further: they now oblige all corporations to have compliance programs in place and prescribe key elements, with a particular emphasis on whistleblowing. It seems that the practice of adopting a separate anti-corruption code with provisions on compliance programs and whistleblowing is spreading from the UK and the US reaching continental Europe.

An example of a country that has recently followed this trend is France. Mostly inspired by the UK Bribery Act and triggered by the criticism from the OECD, the new French anti-corruption legislation known as Sapin II (Loi Sapin II pour la transparence de la vie économique”) provides a new set of legal obligations that will significantly impact companies operating in France and their directors. As of 1 June 2017, medium to large companies and their directors will be required to implement a French specific compliance program against corruption and trading in influence in order to comply with Sapin II. Further, Sapin II obliges the companies to inter alia adopt a whistleblowing procedure, due diligence of major clients, suppliers or similar and implement accounting and auditing controls. Failure to comply with these new provisions is punishable under law.

Escaping the requirements of various jurisdictions is not easy. All OECD Member Countries have undertaken to implement a wide extraterritorial jurisdiction to investigate and prosecute cross-border bribery related offences when ratifying the OECD Anti-Bribery Convention. Same applies to the UN Convention against Corruption. And if these provisions appear increasingly hard to encapsulate when they emerge from jurisdictions that are fundamentally similar (France, Sweden, Finland etc), then it’s going to be even harder to do so when they emerge from jurisdictions like Nigeria or China.

What this means for businesses is that even a remote link to some country may trigger the jurisdiction of the local authorities to investigate and prosecute a corruption related offence. Looking at the issue from the perspective of business compliance, the statutory requirements in all such potentially affected countries shall be taken into account when designing global policies.

Why would I adopt a compliance program if the law doesn’t impose any obligation to do so?

If a company operates its business only in a jurisdiction which does not impose any obligation to adopt a statutory compliance program, it is still highly recommended to adopt one. A well-functioning compliance program may help in identifying and preventing bribery, which is a criminal offence despite the non-existence of a statutory requirement to run a compliance program.

Compliance programs promote transparency in all corporate operations. These days, compliance, transparency and business ethics are seen as a competitive advantage. Companies with well-functioning compliance programs benefit from risk reduction, cost savings and sustainable growth. Anti-corruption policies and transparency drive performance. Research has shown that companies engaged in sustainability reporting significantly outperform their counterparts over the long term, both in terms of stock market and accounting performance.

How can a company with cross-border operations manage the differing regulations?

It goes without saying that the first step to efficient compliance is awareness of the affected jurisdictions, followed by awareness of the content of relevant legislation. No matter how trivial this may sound, many companies are caught in unawareness when it comes to the law applicable to their business. The most notorious jurisdiction in this regard is probably the US, which assumes the reach of its legislation and jurisdiction of its authorities to investigate and prosecute offences with regards to many foreign businesses with only a remote connection with the US. A jurisdictional link may, for example, be constituted by an interbank payment made in US dollars.

When the applicable regulations have been identified and related obligations mapped, a company should adopt a compliance program to meet the requirements of the regulations. It should be taken into account that, for example. a whistleblowing policy needs to be tailored jurisdiction by jurisdiction.

All compliance policies should be monitored, and practices audited and updated from time to time. As the business grows and expands its presence into new jurisdictions, new compliance requirements may arise. Compliance programs are by no means stable instruments of which the content remains the same for decades.

An efficient policy, put into practice, serves as an excellent tool for preventing criminal behaviour in business operations. It also promotes anti-corruption culture in a company—important because bribery is a criminal offence in all OECD and UN Member Countries, irrespective of whether there exists a statutory obligation to implement a compliance policy.

 

Marja Boman is a Senior Associate in the Helsinki office of Eversheds Sutherland. Qualified in both Finland and England & Wales, she advises corporate clients on issues around bribery, money laundering and regulatory compliance.