Countdown to compliance
Help is at hand for securities firms implementing ISSA’s Financial Crime Compliance Principles
This article originally appeared in Sibos Issues magazine. Make plans today to join senior compliance, operations and business professionals at this year’s Sibos in Geneva. Visit the Sibos website to register or learn more.
The practical implications of financial crime compliance have become more tangible in the securities industry since the International Securities Services Association (ISSA) proposed a three-year time frame (to end-2018) for adoption of its Financial Crime Compliance Principles (FCCP).
The adoption process requires that even long-established contractual relationships be revisited, and that their underlying documentation be redrafted into FCCP compliance. Such redrafting has to be, and has to be seen to be, a comprehensive application of due diligence.
The good news is, first, that upwards of 90% (source: ISSA) of the industry favours FCCP adoption, and secondly, that ISSA itself is committed to supporting firms through the process. Mark Gem, head of compliance, Clearstream, and chair of ISSA’s FCCP Working Group, says: “We are tasked with developing tools to help our industry get to the goal of adoption. For example, we are working on the due-diligence questionnaires that will enable people to assess the degree to which their counterparties are in compliance and developing the contractual elements that firms will need.”
ISSA is also, says Gem, “making sure that people are aware of the tools that are available to help them cross the finishing line; things like the industry utilities; things like off-the-shelf cloud-based name-streaming solutions”.
Integral to ISSA’s approach is the ambition that FCCP adoption should become a virtuous cycle, progressively achieving the global propagation of best practice. This seems realistic: if the whole industry wants and is working towards compliance, it will become very difficult for a non-compliant firm to find a non-compliant counterparty.
FCCP adoption seems already to be facilitating – indeed, encouraging – co-operation between firms. Thomas Zeeb, chief executive officer, SIX Securities Services, and incoming chairman of ISSA, says: “Our experience with financial crime compliance so far has been that it brings us closer to our clients. We find ourselves working together with our clients to ensure that any potentially questionable transactions are not entered into. Our collaborative approach has been received very positively, very welcomed.”
Our experience with financial crime compliance so far has been that it brings us closer to our clients.
Thomas Zeeb, Chief Executive Officer, SIX Securities Services, and chairman, ISSA
Perhaps the obvious question, given the securities industry’s apparently enthusiastic acceptance of both the principles and the co-operative approach to their adoption, is: how much of a burden will practical adoption impose? Discussing the three year time-frame, James Freis, chief compliance officer, Deutsche Börse Group, says: “Going from the principles to the implementation is really quite fundamental, especially for some of the bigger institutions. We know some of the steps, but actually to amend your contracts; to have your systems ready to request and evaluate more data and keep a record of that; that will take a lot of lead time.”
A matter of intent
Amending multiple contracts and systems is not a task to be taken lightly by securities services firms. But – to pose the question somewhat provocatively – couldn’t we all just save time by agreeing to behave differently, and start from there? Answer: not if the ISSA principles are to be effective to their fullest possible extent. Today’s regulatory environment is complex, sanctions seem to evolve and multiply, and even the simplest mistakes can be expensive. Zeeb says: “On the board of ISSA, we asked ourselves, how can we best manage the regulatory process going forward? How can we as an industry meet the intent of the regulatory requirements before a whole new series of legislation is created?”
The key word is ‘intent’. To comply with the letter of the law, as distinct from its intent, is to risk repeated regulatory interventions to address unforeseen ‘small-print’ infractions. Further, a clear understanding of the direction of travel among policymakers and regulators is most likely to result in meaningful change of behaviour rather than just check-box compliance.
In drafting the principles, ISSA’s intent is that they should at least draw a favourable response from regulators – and the signs are that this is happening. Olivier Goffard, head of group compliance and ethics, Euroclear Group, says: “We have already had good discussions with the International Organisation of Securities Commissions and the Financial Action Task Force. We hope that in the coming months, they might recognise the principles. Having other organisations behind the principles in addition to the many ISSA member firms will make them truly robust.” Regulatory approval, like the principle-based approach itself, can be ‘portable’ across borders. If regulators discuss and validate a set of principles, then they and the industry are saved considerable time and effort defining and implementing distinct regulatory requirements.
The fragmented regulatory environment across jurisdictions informed ISSA’s approach from the outset, as most securities services firms operate across borders, and thus face a multiplicity of regulatory requirements. “We want these to be global principles,” says Freis. If the objective is global acceptance, then all that time spent going back and re-establishing contractual relationships is a necessary commitment: it’s the process of putting in firm foundations. Zeeb says: “There is a lot to be done, but these are things that each organisation can do on its own timeline.” Given their widespread acceptance, it’s easy to forget that these are voluntary principles, and that there is no actual obligation to comply with the three-year timeline.
But as Zeeb notes: “Compliance isn’t just about facilitating relationships with regulators; it’s about protecting the enterprise and industry from criminal activity.”
No short cuts
While pursuing long-term, structural changes, inevitably short-term compliance considerations also arise. There is, Zeeb suggests, a “superficially appealing” response to pressure from regulators for full mutual disclosure between parties to a transaction.
It is to put in place “fully segregated accounts right the way through”, in place of selective segregation and omnibus accounts. This would entail “huge change” and “huge cost” over “probably ten years”. And it wouldn’t be effective. Zeeb says: “We don’t believe that such an approach addresses the core issue in disclosure. The fact that you know an account belongs to x, y or z doesn’t help. You just end up with a huge database – you’ve got the haystack and you’re looking for the needle. What you need is the appropriate filters to identify transactions, activities and scenarios that are questionable. You need a clear and agreed procedure for digging into those.”
A clear and agreed procedure between any two parties requires mutual understanding and mutual trust – over and above any mutual obligation to hand over data. It requires, one might say, an approach based on a shared set of principles. Zeeb says: “I would much prefer transparency to be created thus: we have a questionable transaction, and we all commit to ensuring that – within the bounds of our various jurisdictional regulations – we meet the requirements of disclosure. That’s collaboration focused on the exceptions and not just on the easy part of the process, which is building up the massive database.”