The regulatory landscape for global financial institutions continues to increase in complexity. Most firms have teams in place to deal with BCBS 239, MiFID II (which is now delayed at least a year), ESMA Regulatory Technical Standards and various evolving requirements for transaction reporting. We see several areas of regulatory activity where planning seems to be just getting started, but here is where substantial progress needs to be made by firms in 2016:
There have been a tremendous number of fintech startups established in the past several years, with three areas garnering much of the attention: peer-to-peer lending, bitcoin, and blockchains, or distributed ledgers, the technology underlying bitcoin. Global regulators are now catching up to the peer-to-peer lending industry, have been on top of cryptocurrencies for some time but are far behind in terms of their understanding the implications of blockchain technology, separate and apart from bitcoin. Firms such as R3CEV, Digital Asset Holdings, and Ripple Labs are racing ahead with blockchain initiatives for banks that in many cases will need regulatory consent to become viable. Before banks can deploy blockchain-based products, some of which are forecast to save the industry billions of dollars, they are going to need to have their regulatory ducks lined up. The problem is that no one knows what those regulatory ducks are right now.
Fourth European Union Anti-Money Laundering Directive
This Directive was signed in June of 2015 and EU Member States will have until June of 2017 to integrate its requirements into national law. That means 2016 is the year that compliance policies and procedures need to be set.
Sections of the Directive take a “get serious” tone – “senior management” must provide approval for establishing business relationships; this “need not, in all cases imply obtaining approval from the board of directors.” But senior management is carefully defined as “an officer or employee with sufficient knowledge of the institution's money laundering and terrorist financing risk exposure and sufficient seniority to make decisions affecting its risk exposure.” While there are many ways a bank or other obliged entity can meet this challenge, it seems that implementing four-eye reviews will become the rule, not the exception, in client onboarding.
Another area of the “get serious” tone is increased sanctions for non-compliance. Regulators of Member States must be able to impose administrative measures and sanctions where provisions of the Directive are breached. “These measures and sanctions shall be effective, proportionate and dissuasive.” Most importantly, “Member States shall ensure that where obligations apply to legal persons, sanctions can be applied to the members of the management body or to any other individuals who under national law are responsible for the breach.” So personal liability has now been extended from MLROs to a broader range of personnel responsible for preventing money laundering and terrorist financing. In the United States, the Yates Memo will have a similar effect.
Broadly speaking, stricter procedures throughout the onboarding and ongoing KYC process are going to be required. The Directive has a couple of other more specific requirements that place a greater burden on the onboarding process. First, the Directive has eliminated a bank’s ability to conduct Simplified Due Diligence (SDD) on certain customers and products. SDD can only be justified on the basis of risk of the relationship or transaction, which means that something that was previously automatic (and clearly lower cost) now may require human judgement that will increase costs. Second, Enhanced Due Diligence (EDD) must now be conducted in a much wider set of circumstances revolving around customer risk, product risk, geographical risk and domestic PEPs. This will require significant procedural changes to banks’ onboarding “rule books” and will also increase the cost of onboarding and refresh. Finally, there are wide-ranging beneficial ownership requirements, which we assess separately here:
Perhaps the most overwhelming new regulation that financial institutions in Europe and the United States will need to deal with are changes to beneficial ownership collection requirements imposed by the Fourth EU Money Laundering Directive and FinCEN (Financial Crimes Enforcement Network). Before outlining the responsibilities of financial institutions, it is important to note that the Directive mandates that all Member Countries establish an Ultimate Beneficial Ownership registry which will be interconnected and publicly accessible. The goal here is to increase transparency – companies will be required to hold information about their beneficial ownership and to make this information available to third parties via the register.
Once the registries are established, collecting beneficial ownership information on EU domiciled companies should be straightforward, but will require additional steps in the onboarding and remediation processes. (The UK has already started building their registry; UK companies are already required to file information about “persons with significant control” with Companies House.) It will be interesting to see if many companies shift their domiciles to less transparent jurisdictions in response to these new regulations.
In July 2014 FinCEN issued a Notice of Proposed Rulemaking to amend the Bank Secrecy Act “to help prevent the use of anonymous companies to engage in or launder the proceeds of illegal activity in the U.S. financial sector.” In other words “financial institutions will have to identify and verify any individual who owns 25% or more of a legal entity, and an individual who controls the legal entity.” It’s been 18 months since this Notice was published (to howls of complaints by US financial institutions due to the costs of collecting this information without a registry) and it seems that definitive guidance is likely to come out this year. This will be a huge change to onboarding and remediation efforts both in terms of process and cost that US financial institutions will need to prepare for in 2016.
In summary, since the financial crisis the regulatory pressure on financial institutions has been relentless. There’s no sign of this changing anytime soon. New regulations will affect profitability, new product development, and banks’ ability to compete in the new fintech landscape. Technology solutions that can help meet regulatory requirements will continue to be in high demand.
By Steve Goldstein, CEO, Alacra.