From the editor
Digital Future of Compliance
The McKinsey Global Institute argued in 2013 that around 40 per cent of jobs in clerical and professional services could be automated by 2025.
We believe, a further profession is to be added to this futuristic Extinction List – compliance officers.
We realize that this prediction is far from obvious. To the contrary, it seems that the financial world now needs more, not less, compliance officers, as the regulation and reporting requirements are getting more and more onerous.
An average financial services institution has to deal with so many compliance obligations that some smaller firms are actually going out of business, unable to cope. The collection of compliance challenges given below is by no means exhaustive:
National tax laws: dealing with withholding tax and general anti-tax fraud compliance.
International tax regulations (European Savings Tax Directive, OECD CRS etc).
Anti-money laundering (AML): a huge body of law exists requiring to analyze not only the client’s profile, but each sizable transaction for the source of funds (PEP? Illegal? Someone else’s money?) and the destination of payouts (Illegal? Terror financing? Bribe? etc.)
Sanctions compliance: the financial intermediary must make sure no business is done with individuals or companies on various sanction lists (OFAC, EU, home country, payment destination country etc.) – directly or indirectly.
Special rules exist to monitor high-risk groups such as public servants (PEPs) and their relatives or residents of certain problem countries.
FATCA: an elaborate set of investigatory and reporting requirements is imposed on financial intermediaries internationally, some requiring a professional level of knowledge of US tax legislation.
Dealing with information exchange requests: every year the number of laws and conventions which require financial intermediaries to divulge client data grows: MLATs, double tax treaties, account information exchange agreements etc.
The unchanging trend of the past 20 years is emergence of more regulation with which financial firms must ‘comply’.
Addressing the need to stay cost-effective and compliant at the same time, the financial industry of today has already managed to automate a great deal of information gathering, red-flagging and reporting functions. Compliance is getting more and more digital. In fact, financial institutions with huge client bases like the Bank of America or HSBC have no other way of ensuring compliance than letting the robots do the job: human effort is futile when you have to sift through millions of transactions and thousands of new client profiles a day.
Large financial institutions have already automated a great deal of compliance-focused data collection, analysis and reporting. Computers analyze client profiles and activity for ‘red flags’ which greatly helps with internal investigation and reporting of suspictious activity. Commercial software for AML compliance, FATCA compliance etc is widely available.
Compliance automation helps deal with the information flow, but many decisions are still taken by humans. And it is those human decisions by compliance officers that cause so much headache for their employers – any error can cost their organization penalties and embarrassment.
An ideal solution for the financial intermediary is to purchase and run a pre-approved compliance software package (in fact, pay a “compliance tax” of sorts) and thus automate the compliance function completely. Main features of such package would be:
law enforcement and tax authorities are granted direct access to the data – in case they need to comply with a tax info exchange request or carry out an investigation of suspicious activity highlighted by the software;
prospective clients not fitting the ‘perfect profile’ are denied the establishment of a relationship (red flags could be triggered even by negative internet publicity, besides obvious factors like an OFAC listing);
transactions displaying suspicious signs or insufficiently documented are denied, and STR is electronically transmitted to the local FIU;
account opening does not depend on production of paper documents – all corporate documents should be available via open corporate registers (already available in many countries) and personal data – from less open databases (the individual would have to allow such access for the purpose of account opening).
Some of the above sounds a bit ‘Big Brother’, but the world of regulation / compliance does indeed move in that direction. And the fact we know from dealing with regulated institutions is that their overwhelming majority wishes to sell financial products, not privacy. When banks complain about the weight of regulation, they really complain about costs and liability, not customers’ loss of privacy.
No further technological advances are needed to launch this system. The steps separating us from the new ‘digital compliance’ reality are all in the legislative domain:
Legislation is needed allowing financial service businesses to rely on pre-approved software packages for compliance and reporting. “Rely” means that their compliance duties would be considered fulfilled with no potential liability (unless malicious manipulation is proven) if an approved package is used.
Major compliance software developers would lobby for legal recognition of their specific software packages as being comprehensive for compliance, following independent audits and tests. Banks would wholeheartedly support them. Maybe an insurance policy would be prescribed, for unforseen errors or omissions.
Financial businesses should also be allowed to let government computers have a direct access into client profiles for the purposes of tax information exchange and investigations of suspicious activity and tax evasion. Bank secrecy is already a phenomenon of the past, so this step would not take long. Automatic international account info exchange is to be launched in 2017 (OECD agreement).
Finally, a successful launch of such system is dependent on more and more corporate registers getting online and also on government-run online password-protected storages available for key personal data. We are getting there.
As already said, all the described steps would be highly (although, perhaps, not so vocally) supported by the financial community eager to do away with a good part of their current compliance burden.
Privacy-focused financial intermediaries will remain, but they would carry the full and ever increasing weight of compliance duties on their shoulders, with all the legal liability which negligence could entail.
Sounds remote? Well, ten years ago you could hardly imagine that the authorities would approve a driverless car…
Contributed by the editorial staff of Justice Information Network