Plenty of portents of doom were issued to the compliance officers of wealth management companies at the International Compliance Association's comprehensive conference in London last week.

Plenty of portents of doom were issued to the compliance officers of wealth management companies at the International Compliance Association's comprehensive conference in London last week.

Rachel Nagle of the US Office of Foreign Assets Control, of which compliance officers around the globe are rightly frightened, thought that "the long arm of OFAC seems to be growing longer as the years go on". With OFAC's Russo-Ukrainian regime, the worlds of sanctions and politically-exposed persons or PEPs have merged.

OFAC can use the might of American diplomatic power and dominance of the organs of world financial control to punish foreign financial institutions for "knowingly facilitating" significant transactions or financial services for specifically targeted individuals.

What is knowingly facilitating?

WealthBriefing asked Nagle whether non-US firms could break this rule if they merely operated systems that they knew would be of help to blacklisted entities without having any in mind, or whether they could only be liable if they engaged in actual "message-stripping" or some other activity that can only happen if they know or are in actual contact with the people they are helping.

Nagle replied that her organisation only counted the second activity (in which the facilitator knows the identity of the beneficiary) as “facilitating”, which may come as something of a relief to banks that deal with Russian and Middle Eastern customers.

Clerical efforts

On 13 August 2014, OFAC released a document that said "any entity owned in the aggregate, directly or indirectly, 50 per cent or more by one or more blocked persons is itself considered to be a blocked person.” The clerical effort needed to check the share ownerships of politically exposed person (PEP) clients is proving ruinously expensive even for big firms such as KPMG: will OFAC be merciful to small banks that might miss information because they cannot do as good a job? Nagle's convoluted answer could have been summed up in one word: "tough!"

The most dangerous job in the world

Sara George, the partner in charge of regulatory investigations at Stephenson Harwood, champions people who resist the dictates of regulators. She did not mince her words when describing the predicament her audience was in: "I think you are doing one of the most dangerous jobs in the world and it's particularly dangerous because quite a lot of people [like you] don't know the risks they are running.

"The environment has changed beyond recognition and the reason is this: compliance officers and money-laundering reporting officers (MLROs) are increasingly finding themselves involved in Financial Conduct Authority and Serious Fraud Office probes in the UK and CFTC and Department of Justice investigations in the US either as compelled witnesses or as suspects. This is very, very common now; it wasn't a while ago,” George said.

De-risking

The “de-risking” problem reared its ugly head on one particular panel. This refers to the withdrawal of banks and advisors from areas where regulatory risks are too high. Frequent mentions are made of the poverty in Somalia that this is causing because of banks not allowing Western Union and other money-remitters to have accounts for fear of money-laundering/terrorist finance supervisors; of banks pulling out of giving advice and the general "advice gap" that has emanated from the Retail Distribution Review programme of UK reforms; and of the decline of correspondent accounts for small banks from “risky” parts of the world generally, which is having an effect of its own on world economics.

John Flynn of Deutsch Bank said: "It's about banks and taking risks. And do you know what? Sometimes we decide that the risks are not appropriate. We can turn risks down. It's perfectly acceptable to do it."

A regulator finally names dangerous countries

In a recent punishment case, the Financial Conduct Authority banned the Bank of Beirut for the next 182 days from taking on any “high risk” customers from a country that had a transparency index [a reference to the “corruption perceptions index” of Transparency International] of 60 or less. More than 74 countries therefore qualified as “highly risky”.

"That means that they can only take business from 35 countries. That's the first time I've ever seen a regulator defining what is highly risky. Going by that, Spain is now a highly risky country that the bank can't do business with. What impact does that have on banks? It's very very difficult," Flynn said.

Source of funds - a continuous process

Matthew Russell of PwC looked at how MLROs should determine and verify the source of a high net worth customer's funds, i.e. the origin of the funds involved in a business relationship. The information, he said, may have different uses at different periods of the “customer journey”. At application for business, perhaps decreasingly so, the information serves as evidence that a new “low risk” relationship is genuine. The “onboarding” stage is an assessment of the needs of a customer and “due diligence” (including the imperative to ascertain whether he is a PEP) traditionally comes into its own here. “Source of funds” is a key part of that process.

When the customer takes on new products, his behaviour must be captured by a periodic review. At this stage MLROs are so concerned with obtaining further information from the client that they often neglect to look at the wealth of information that is available internally, i.e. what the transactions - information from the firm's own payment systems - have said about the source of funds and whether that should change the bank's attitude to the client. Firms, Russell thought, should use analytics (including network analysis) to watch for “cross-entity activity”.

Finally, “customer exit” might stem from the revelations of the previous exercise. Russell ended: "We've tried to demonstrate to our clients that the idea of source of funds is not a one-off activity, to be done at the onboarding stage. To do it effectively, it is something that works all through the life-cycle of the relationship."

Jason Hart of Cloud Solutions, the information security guru, convinced everyone that the days of trying to stop hackers from entering a banking IT system were over. The job now, he said, is to manage the intrusions as best the organisation can. He drove home his point by hacking all the iPad users in the audience and displaying their passwords on a screen.

Back your compliance officer!
If there had to be one lesson for non-compliance people to take home from this conference it would be this: every financial firm should back its compliance officer up to the hilt in the face of a regulatory enquiry. Firms only care about their reputations and the position of their senior managers when regulators threaten them with punishment, but if they pay for the compliance officer's legal costs he will have a very high chance of avoiding censure; this will have favourable knock-on effects on the firm.