in the Compliance - Financial Services Research

Compliance
Evaluating
changes
Compliance
Function
in the
17
In this series of articles, we talk to Chief Compliance
Officers about how the compliance function is
changing and how they are responding to these
changes. Beyond those interviewed, a number of
additional global banks and brokers were contacted
to participate in this series – organisations categorised as global systemically-important financial institutions (SIFIs) in modern parlance – but they were
unable or unwilling to put a spokesperson forward.
Compliance is of crucial importance to every financial services organisation, but not something that
all wish to talk about publicly. It remains a sensitive
subject, particularly for those who have been hit
with sizeable fines.
Financial Services Research Issue 1 2015
Compliance has become a prominent topic at every
securities industry conference. Senior industry
figures tell us that, over the past 6-7 years, their
organisations have been required to keep pace
with an incessant wave of regulatory changes and
infrastructure project deadlines – and, in meeting
these obligations, they have been forced to allocate
a rising share of company resources to compliance
and risk management.
Compliance
Evaluating changes in the
Compliance Function
In the first in this series of articles on changing approaches to
compliance, FSR speaks to Gent Jansson, Chief Compliance Officer,
SEB
What do you understand by the term “compliance”?
What does the compliance function involve within
your organisation?
Narrowly defined, compliance refers to an organisation’s
ability to meet external and internal rules. At SEB, we also
embrace a cultural and behavioural component within our
definition of compliance that guides best practice in the way
that SEB operates – ensuring that we minimise reputation
risk by maintaining the highest possible standards in our
engagement with SEB customers and other external parties.
18
Financial Services Research Issue 1 2015
Specifically SEB’s group compliance team performs a range
of key functions within the organisation. We co-ordinate all
compliance risk management within SEB Group, scheduling compliance risk assessment exercises and preparing
compliance plans on the back of this risk assessment. If a
compliance breach (or a potential breach) is identified, we
conduct investigations into these points of concern. We
monitor changes in rules and regulations and ensure that
we have the necessary tools and information to implement
these changes in line with regulatory deadlines.
In managing this process, the group compliance team is
the first point of contact with the regulatory authorities at
national, EU or global level. Additionally, we are responsible
for developing internal rules and best practice codes that
guide SEB’s behaviour and our engagement with stakeholders. Drawing on this information, we advise SEB’s senior
management and business divisions on compliance issues.
What skill set does this require? Has this skill set
broadened in recent times?
I joined SEB as Chief Compliance Officer in 2008. Prior to
this, I was Chief Legal Counsel of the Swedish Financial
Services Authority for five years. Thus, I have a legal background personally and have spent time working within the
supervisory authorities during my previous employment.
When I joined SEB, we conducted a detailed review of compliance functions within SEB Group and took the decision
to centralise these into a Group Compliance function. SEB
Group has business interests across 18 countries and operates more than 60 different legal entities in managing its
business activities across these locations. Understandably, a
rather complex compliance structure had grown up within
SEB to monitor these activities across multiple jurisdictions, business divisions and legal entities. We believed it
important to consolidate these activities and to ensure that
our risk management and internal control functions are coordinated centrally across our business operations.
Following this restructuring, we now have approximately
40 per cent of our compliance staff stationed in Sweden,
with 60 per cent positioned in the other locations in which
SEB has business interests. We have assembled a team with
a broad range of skills to co-ordinate these activities. Given
the nature of our responsibilities it is important to have
staff with regulatory experience and close links with the
regulatory authorities. Equally, we need staff with business
expertise that are familiar with the product set and understand the relationships with customers and counterparties.
Also, as a control function we require staff with audit expertise that know how to conduct investigations and follow
up on any risk concerns that they may identify. Moreover,
as we make increasing use of technology we have assembled strong IT expertise within the compliance team.
In developing our compliance methodology, we have
drawn on a broad set of professional disciplines. An understanding of behavioural economics can provide valuable
insights into remuneration and incentive structures, for
example, and how these may affect behaviour within our
industry. For similar reasons, a sound grasp of competition
theory can assist our grasp of business strategy and team
motivation. Twenty years ago, the compliance function was
more limited in its focus and horizons – but now compliance is a truly multi-disciplinary activity that demands a
global focus.
Compliance
Has SEB allocated additional resources
to support this broadening of the
compliance function that you describe?
lists of restricted parties automatically as
soon as there is any change.
Although the global financial crisis has
driven cost-cutting and a push for higher
efficiency, SEB Group has committed additional resources to managing its compliance
obligations. For example, we have increased
expenditure on staff in the compliance
division by approximately 30 per cent over
the past five years. Moreover, expenditure
on IT and software packages has increased
substantially and this now accounts for
roughly 40 per cent of the total budget for
the compliance function.
So how do the linkages work between
Compliance, Legal, Treasury, Operations and other key divisions within
your organisation?
Inevitably, our banking competitors have
also been taking steps to recruit new
talent into their compliance teams in order
to strengthen their multi-disciplinary skill
set. This has resulted in something of a
battle for compliance expertise within our
industry. Skills in the risk management and
internal control function areas have been
in relatively short supply during the past
5-6 years and these have been areas where
staff numbers within SEB Group have expanded significantly during this period.
You mention that you have extended
use of technology to support your
compliance duties. In which areas has
this been applicable?
The second line of defence is SEB’s independent control functions, particularly the
Group’s compliance and risk management
divisions. The third line of defence is the
Group’s internal control framework, which
also carries responsibility for monitoring
the first and second lines of defence and
identifying any potential weakness.
With these foundations in place, SEB Group
Compliance is working more closely with
other departments, particularly the risk
management, treasury and the finance
divisions, than ever before. Prior to the
2008 global financial crisis, the compliance division was not substantially involved
in Group decision making around capital
adequacy planning and liquidity coverage
for example. However, subsequently this
has become one of many regulatory planning and decision making processes where
the compliance division is centrally involved.
There are robust checks and balances in
place to ensure that the compliance and risk
management teams retain necessary independence from commercial divisions within
the bank. However, there is much closer
collaboration across these areas than there
ever has been previously.
19
Could the policy formation process
be streamlined to make it easier for
financial services providers such as
SEB to manage changes in rules and
regulations?
Financial Services Research Issue 1 2015
In the anti-money laundering and counterterrorism financing areas, for example, we
have installed two specialist compliance
packages to assist our duties. One is a
specialist monitoring system that will screen
all payment transactions conducted by the
bank in order to detect any suspicious activities or payments that might be directed
to restricted parties. We also monitor
payments transactions against a range of
sanctions lists – for example those issued
by the US Office of Foreign Assets Control
– to ensure that no payments are made in
breach of international sanctions. To assist
this process, we employ a range of vendor
packages, supported by appropriate lists
of restricted persons and organisations. In
many cases, these vendor tools will update
For more than 10 years, SEB has employed
a “Three Lines of Defence” approach.
Typically, each business line will be the
owner of the risks that it confronts within
its business – whether this be financial risk,
compliance risk or other forms – and it will
be primarily responsible for managing these
risks.
Compliance
If we look back to the days before Sweden
joined the European Union in 1995, policy
formation took place principally at a
national level and our liaison was largely
with policymakers and financial regulators
in Stockholm. Projecting to the present
day, many legislative changes are driven
through global initiatives or through deliberations within the EU. Although we are an
active participant in the consultation process whenever relevant, this internationalisation of policy formation has made it
harder for a banking group headquartered
in Stockholm to influence legislation and to
shape how this is applied at local level.
20
Financial Services Research Issue 1 2015
Also, the significant weight of new legislation that has been applied to our industry makes it very difficult for any single
individual or compliance team to understand the full impact of this heavy body of
interconnected reforms. Policymakers and
regulators are reshaping the entire financial landscape, including financial stability
issues, customer protection and financial
conduct, as well as detailed reforms of
the financial infrastructure and the rules
governing their operation. Many of these
changes are taking place simultaneously
and it is very difficult to predict how their
collective impact will play out.
Since the global financial crisis, many
European jurisdictions have moved towards
rules-based approaches to regulation.
Principles-based approaches, which some
financial authorities applied selectively prior
to 2008, have largely fallen out of favour.
With this development, there is a danger
that regulatory compliance is reduced to
meeting a check-list of rules, leaving limited
scope for firms to use their experience and
discretion in order to target risk concerns
that are most acute. This trend may increase the administrative burden involved in
regulating our industry, but will not necessarily result in a safer banking sector from a
prudential standpoint.
Many have inferred from the global financial crisis that principles-based approaches
to financial regulation are inappropriate and
do not work. We believe it is important to
challenge that assumption. It is questionable whether a heavily-prescriptive rulebook
is appropriate for managing a complex
financial services environment that is heavily
interconnected with global markets.
Evaluating changes in the
Compliance Function
Continuing our series of articles on changing approaches to compliance,
Mark Gem, Chief Compliance Officer at Clearstream, tells FSR that his
organisation aims to set a standard in its compliance duties which
ensures that it remains beyond justifiable criticism before the market
and the clients that it serves
Historically, the priority of many compliance officers was
to ensure that their organisation complied with applicable law and regulation. However, at Clearstream we do
not feel that this standard is sufficient to guide our activities in modern times – and, in the wake of the global
financial crisis, neither is it sufficient to ensure public
Compliance
confidence in how the financial services
industry operates.
In the post-trade segment, the industry has
typically relied on the first regulated intermediary in the custody chain performing its due
diligence and monitoring duties effectively
– and then other firms further down the
value chain have relied heavily on this initial
judgement when doing business with that
customer or counterparty. Events of the past
5-6 years have reminded us that the industry
needs to be less complacent in its approach.
We have chosen to set a standard in our
compliance duties which dictates that we
remain beyond justifiable criticism before the
market and before the clients that we serve.
This demands that compliance becomes
more risk-based and suggests a behavioural
or ethical component, dictating that we
maintain standards of service and behaviour
that align with the expectations of legislators
and financial supervisors, our shareholders,
our customers and a broader global public.
Changing importance of the
compliance function
Industry associations have been working
closely with financial supervisors and other
key participants to establish an appropriate set of standards for the securities
services industry – standards that aim to
ensure equivalence and comparability when
providing safekeeping and asset servicing
across multiple jurisdictions globally.
Given the international reach of the securities services business, such compliance
standards may be hard to apply when
services are delivered cross-border. For
example, there may be a mismatch between
the domestic standards applied by a global
custodian in its home jurisdiction and the
standards applied by the sub-custodians
that it may employ to deliver settlement,
safekeeping and asset servicing functions
across its global network.
To address this question, we believe that
the custodian should meet the compliance
standards applicable to its business activities in its own domestic market, but must
also aim to meet the standards of its subcustodians, infrastructure entities or other
third-party providers to which it delegates
functions across its global network. After
all, the sub-custodian is ultimately exposed
to the conduct of the custodian’s clients
and may later be held to account.
An important issue for our compliance division has been how best to manage the drive
for greater disclosure of account information – accompanied in some instances by a
21
In designing this set of standards, we must
Managing complexity across
global networks
Financial Services Research Issue 1 2015
Over the past 5-6 years, there can be
no doubt that the securities industry has
attached additional importance to the
compliance function, recognising its importance in identifying risk and eliminating
financial crime. With this shift, the industry
is adopting a new generation of compliance managers that have a detailed current
knowledge of the products and services
that we offer, the potential risks and costs
attached to delivering those solutions, and
a firm understanding of the needs and
expectations of key stakeholders (customers,
shareholders, policymakers and financial
supervisors, a broader public).
recognise that the risks borne by a firm
delivering settlement and asset servicing
around the world may differ substantially
from the risks borne, for example, by a payments bank in processing a cash payment
between two international counterparties. If
a payments bank has concerns about either
counterparty, it may decline to process the
transaction; and when the transaction is
concluded – whether processed successfully
or aborted – it probably has no further exposure to either counterparty. In contrast, the
situation of a securities custodian is often
very different because ownership interests in
securities exist whether or not the underlying owner attempts an instruction. Consequently, it may be difficult for the securities
services provider to terminate its service to
a client without being in breach of contract
– and discovery that it has a problem may
be just the start of its concerns. The task of
resolving this problem and closing out its risk
and liability may be a complex process.
Compliance
push for client assets to be held in segregated account structures – with our desire
to maximise the efficiency benefits that we
can deliver to clients within a secure safekeeping environment. The challenge is to
retain a balance between existing account
holding structures – for example, omnibus
account structures which have enabled
financial intermediaries to deliver significant
efficiencies to asset owners and which are
fundamental to the efficiency benefits that
the Eurosystem predicts will be delivered by
T2S – and the appetite of financial supervisors to have greater visibility of investor
holdings through to beneficial owner level.
believe to be in the best interests of the industry – or we are likely to find black letter
regulation applied by the financial authorities. Often too much time has been spent
in railing against regulation by our industry
and trying to convince regulators not to
regulate – and too little time has been spent
in establishing effective standards of behaviour which ensure that financial regulators
do not need to regulate.
On this note, it may be useful to draw comparisons with other industries. For example,
the auto industry has in many instances
embraced regulation – even when some of
In the post-trade segment, the industry has typically relied on the first regulated intermediary in
the custody chain performing its due diligence and monitoring duties effectively – and then other
firms further down the value chain have relied heavily on this initial judgement when doing business
with that customer or counterparty. Events of the past 5-6 years have reminded us that the industry
22
Financial Services Research Issue 1 2015
needs to be less complacent in its approach.
In our contributions to this debate, we
have made it clear that a well-intentioned
push from financial authorities for transparency should not translate into a drive for
greater disclosure simply for the sake of it.
Simply collecting an expanding database
of client names and holdings information is
not an effective mechanism for mitigating
and eliminating financial crime. It is vital
that custodians and financial infrastructure
entities play a central role in eliminating
tax evasion, money laundering and market
abuse – and we must be vigilant to ensure
that we are not used as vehicles to propagate this type of financial crime. But there
is little value in collecting client names and
holdings details simply for its own sake.
Concluding thoughts
All too often regulation has been introduced
when policymakers have made a judgement
that the financial services industry has been
too slow to sort out its own problems. In
practice, we have the choice of establishing
our own standards – standards that we
these regulatory changes were not initially
welcomed – utilising this as a trigger to drive
product development and innovation. The
development of hybrid engines and other
fuel-saving technology are obvious examples.
So too, securities services providers must embrace the opportunities offered by regulation
to design new products and services and to
differentiate oneself from one’s competitors.
In significant part, compliance is about
knowing how products and services are
best delivered and how the business can
operate most effectively. This is just as
important as a detailed knowledge of rules
and regulations pertaining to securities
operations. Ultimately for the banking industry, this centres on answering some key
questions: “Are we serving our customers
and stakeholders effectively? And, are we
acting in a way that is socially beneficial?”
The failure of the banking industry to ask
itself these questions is fundamental to
explaining why it has taken so long to build
legitimacy in public eyes after the 2008
financial crisis.
Compliance
Evaluating changes in the
Compliance Function
Continuing our series of articles on changing approaches to
compliance, FSR speaks to Jean-Marc Eyssautier, Chief Risk and
Compliance Officer, CACEIS
Has the importance attached to the compliance function increased within your organisation over the past
6-7 years? If so, what have been the reasons for this?
Since the 2008 financial crisis there has been more pressure
on risk and compliance within the financial services industry
and this trend has been replicated within CACEIS. As an
asset servicing specialist and fund depositary, changes in
legislation have made it ever more important that we have
rigorous and robust risk and compliance functions in place.
In practical terms, managing the heightened levels of
regulatory oversight that we have witnessed since 2008
has centred, in significant part, on strengthening the due
diligence on every new client with which we have dealings
at CACEIS. Each new customer that we onboard will pass
before the Risk and Compliance Committee for approval
before we will begin working with that organisation.
What does the composition of your Risk and
Compliance team look like? And how are you utilising
its resources across your working week?
If we consider the broad scope of these responsibilities,
which includes risk management, compliance, depositary
and legal functions, we are collectively talking about more
than 300 people, which represents more than 10 per
cent of the overall staff of the bank. Over the past five
years, I estimate that these numbers have increased by
approximately 20 per cent – which, for reasons that I have
outlined, may be somewhat lower than the expansion of
Risk and Compliance that has taken place at some of our
competitors.
23
As a depositary bank, we have given detailed attention to
the implications of the fund depositary obligations under
AIFMD and UCITS V. More than ever before, this lays a
burden at the door of the depositary bank to prove that it
has conducted detailed due diligence on any sub-custodian
In the aftermath of the collapse of Lehman Brothers, depositary banks in the French market were required by the Paris
courts to compensate asset management clients for the
loss of assets that had been posted with Lehman Brothers
(in its role as prime broker) as collateral. Even though there
was widespread knowledge on the part of clients of prime
brokers that assets posted as collateral were being re-used
(or re-hypothecated) by the prime broker, the depositary
bank was compelled by the Paris courts to provide full restitution of these assets to the fund manager client. With this
decision, and the regulatory overhaul that took place since
then, there is a concern within the fund depositary community that the depositary bank is being required to stand as
insurer of fund assets held in safekeeping, whether these sit
with the fund depositary or a sub-agent.
Financial Services Research Issue 1 2015
This said, within CACEIS we have not made major changes
to our approach to compliance, nor to the way that our risk
and compliance functions are structured. Collectively our
leading clients have entrusted CACEIS with assets worth
billions of euros for many years. Asset safety and asset
protection have always been central to what we do and,
when compared with some financial services organisations,
we were well prepared for the step up in regulatory oversight that our industry has witnessed since 2008. We have
long had specialist teams committed to financial security,
to managing anti-money laundering, fulfilling know-yourcustomer requirements, ensuring we are compliant with
embargoes, and so on. These high levels of asset protection
and regulatory compliance are the essence of what we do
as an asset servicing specialist.
or infrastructure entity to which it delegates operational
activities. The fund depositary also has detailed responsibilities for overseeing the activities of fund management
clients that it serves and ensuring that they deploy adequate skills and means in the conduct of their business.
This demands that the fund depositary has significant
transparency (or “look through”) to the fund manager’s
internal structure and operations.
Compliance
If we look at how resources are committed, a major share of our staff time and
resources, 50 per cent, are dedicated to
conducting due diligence and KYC on new
clients. A sizeable additional share, 25 per
cent, is committed to ensuring that we are
compliant with embargoes, anti-money
laundering requirements and other necessary checks on payments and transactions.
The remaining share will be dedicated to
various ad hoc challenges raised by the
activities of our product and sales areas,
the activities of the network management
group and other day-to-day commitments
associated with the activities of the bank.
requirements and we have also built
technology in-house when this matches
our needs more effectively. One important
consideration is that the technology that we
employ to support our Risk and Compliance
responsibilities must be independent from
the technology that we employ to support
delivery of commercial services.
An important step that we have taken over
the past 4-5 years, is to ensure that the
Risk and Compliance division is involved at
an earlier stage in decisions around project
design and implementation. In times past,
there were some instances when product
A point of particular importance, from CACEIS’ standpoint, is that it should not be the business of
fund depositaries to serve as insurers of risk for those sitting further up the investment value chain.
We are here to offer expert fund services and to help clients manage their risk, particularly in the
post-trade arena. However, it is not for us to stand as a financial back-stop for the fund management
industry.
24
Financial Services Research Issue 1 2015
Are you making greater use of
technology to support these activities
than you were five years ago?
We have been confronted with such a
significant increase in transaction and payment flows, and an ever expanding range
of compliance obligations, that it is difficult
to be compliant without making strategic
use of technology to support our activities.
We use a range of vendor packages, and
internal build when necessary, to ensure
that we are monitoring trade and payment
flows, screening for any proscribed counterparties and monitoring for any illegal or
irregular activity. As a fund depositary, we
are required to supervise the activities of
our fund management customers and to
ensure that they are themselves compliant.
Use of technology is essential in fulfilling
these commitments.
Typically there has been no single vendor
package that will fulfil all of these functions. We have selected market-leading
vendor packages when these meet our
developers were well advanced with a project before Risk and Compliance were consulted. By providing an opinion at an early
point, this can avoid time and resources
being committed to a design that may then
need to be amended at a later point.
Much has been made of the pressures
on the financial services industry created by a heavy body of regulatory
changes and new legislation over the
past 6-7 years. Can you identify ways
that policymakers and financial supervisors could make it easier for CACEIS
to keep pace with these regulatory and
legislative changes and to meet your
necessary implementation commitments?
There has been a progressive phase of deregulation that emerged particularly from
the US and the UK in the 1980s and has extended broadly up to the onset of the 2008
financial crisis. Subsequently, this trend has
been reversed, with financial authorities
Compliance
tightening controls around investment and
the delivery of financial services. This has
been supported by a wide body of new
legislation.
A point of particular importance, from
CACEIS’ standpoint, is that it should not be
the business of fund depositaries to serve
as insurers of risk for those sitting further
up the investment value chain. We are here
to offer expert fund services and to help
clients manage their risk, particularly in the
post-trade arena. However, it is not for us
to stand as a financial back-stop for the
fund management industry.
So too, with the enforcement of embargoes.
While we recognise the need to be compliant and to assist our clients this obligation, there are instances where, as a provider of financial services, we are also being
asked to serve as a kind of law enforcement
officer and auditor of the compliance standards of our customers and counterparties.
How do you believe this regulatory
environment will evolve in the five
years ahead?
Following from my previous comment, I am
optimistic that policymakers and market
participants can find a meeting of minds
whereby this heavy body of new legislation
will gradually calm down in times ahead. We
may face another 2-3 years of new legislation but, it is important this stabilises over
time – otherwise shareholders may no longer
be willing to finance future development of
the business. Constantly adding additional
legislation should not be seen as an effective
solution; rather, it is vital for the competent
authorities to focus on enforcement of existing rules, applying proportionate and effective penalties for those that fail to comply. It
is important to ensure that every stakeholder
plays by the book. If not, there is already a
broad range of action that can be taken by
the financial authorities to ensure that further
breaches do not occur in the future.
Evaluating changes in the
Compliance Function
What do you understand by the term “compliance”?
What does the compliance function involve within
your organisation?
25
The fundamental purpose of the compliance & ethics
function is to protect Euroclear group against legal and
ethical risk. Traditionally compliance has been viewed as an
internal control function designed to ensure that a company adheres to rules and regulations. But this view has
evolved over the last few years and we see compliance as
Financial Services Research Issue 1 2015
Continuing our series of articles on changing approaches to
compliance, Olivier Goffard, Head of Compliance and Ethics at
Euroclear, talks to FSR about how his team is protecting Euroclear
against legal and ethical risk and performing a vital educational
role in developing an ingrained knowledge of compliance and ethics
fundamentals among Euroclear staff
Compliance
substantially more than this – as a division
that brings value to Euroclear, in terms
of positioning compliance to deliver high
quality services to our stakeholders, and to
maintain high legal and ethical standards.
What skill set does this require?
The skill set is constantly evolving and has
broadened substantially over the past 4-5
years. Until about five years ago, the compliance & ethics function formed part of the
legal division within Euroclear group. How-
exemplary standards. With this in mind, we
offer a range of classroom and on-the-job
e-learning modules, for example, testing
staff knowledge of market abuse, money
laundering and other elements of financial
crime and guiding staff in how to identify
these types of malpractice. These training
modules are typically based on real-life
scenarios. Consequently, if a staff member
identifies something that may look suspicious, they will have the ingrained knowledge and confidence to alert a compliance
officer so this may be investigated further.
In Belgium, we are one of the few countries
We offer a range of classroom and on-the-job e-learning modules, testing staff knowledge of market
abuse, money laundering and other elements of financial crime and guiding staff in how to identify
these types of malpractice. These training modules are typically based on real-life scenarios.
Consequently, if a staff member identifies something that may look suspicious, they will have the
ingrained knowledge and confidence to alert a compliance officer so this may be investigated
further.
26
Financial Services Research Issue 1 2015
ever, now compliance is an independent
division. Typically, we view ourselves as the
second line of defence protecting Euroclear
against legal and ethical risk. However,
in managing some responsibilities – for
example, in ensuring that we are compliant
with anti-money laundering requirements,
sanctions and embargoes – we represent a
first line of defence for the organisation.
In fulfilling this role, we employ 25-30 full
time staff with a diverse range of technical
expertise and professional backgrounds.
This includes qualified lawyers, accountants
and internal audit specialists, communications and public relations staff, operations
specialists and people from a product or
commercial sales background. We have
multinational expertise within the team,
with 12 different nationalities represented.
More broadly, we play an important educational role within Euroclear, raising internal
awareness among Euroclear staff of how to
maintain the highest legal and ethical standards. And most importantly, how to identify
behaviour that may compromise these
where the compliance function is closely
regulated. In fact, The National Bank of Belgium and FSMA have issued a joint circular
that sets out guidelines for our activities,
detailing amongst others our responsibilities
as a compliance division, the procedures
that we should apply, our reporting obligations to financial supervisors and audit
committee, and what safeguards should be
put in place to ensure the independence
of the compliance function is preserved. In
addition, compliance officers are required
to attain certification from the regulatory
authorities in order to practice.
Has the resources allocated to the compliance division increased over the past
4-5 years?
During this period, Euroclear has substantially increased the resources allocated to
compliance functions. This reflects the
additional importance accorded to these
roles within Euroclear group, but also by
our customers and counterparties. When
a client or prospect visits Euroclear for due
Compliance
diligence, commonly the compliance functions are high on their agenda. Inevitably,
this also marks a response from senior
management to the surge in new legislation that has been applied to the financial
services industry over the past five years.
This is reflected both in new staff appointments and significant expenditure on
software and technology. The business that
we oversee has become increasingly complex – monitoring market abuse and trading
anomalies, breaches of sanctions, money
laundering by criminals, cash transfers to
terrorist organisations, and so on. In many
cases these criminals are well educated and
well resourced, employing IT specialists,
lawyers and financial engineers to ensure
that they are not detected. To match this
sophistication it is important that we use
state-of-the-art technology and software
packages to facilitate our duties. Specialist
software packages have been developed to
screen transactions and counterparties, to
identify irregular behaviour or patterns of
malpractice. We have deployed these selectively on a best-in-market basis – and have
also developed our own internal systems in
cases where there is no vendor package on
the market that meets our requirements.
So how do the linkages work between
Compliance, Legal, Treasury, Operations and other key divisions within
your organisation?
We do see signs that policymakers are
taking steps to ensure that legislation is applied consistently across EU Member States.
In recent decades, the European Parliament
has passed a range of Directives governing
the delivery of financial services. These
Directives are then enacted (via national
implementing legislation) at Member State
level, potentially resulting in gold-plating
with minor nuances from one Member State
to another as legislation is interpreted differently and applied in a slightly different way.
To minimise these inconsistencies, we note
a stronger appetite among EU policymakers
to develop regulations that will be applied
in a common way across EU Member States.
When we consider the application of data
protection rules across the EU, for example,
the Data Protection Directive – which has
governed the processing and transfer of
personal data since 1995 – has been enacted in slightly different ways across 28+
EU Member States. This has presented major
compliance challenges for companies active
in multiple EU markets, which must ensure
they are processing personal data in line
with domestic legislation in each market. To
address these inconsistencies, the European
Commission is deliberating over the introduction of a European General Data Protection Regulation which will have standardised
application across EU Member States.
27
We have developed a database, known
as LICA (which stands for Legal Internal
Controls and Accountabilities), that enables us to monitor the key legal and ethical
risk controls that individual departments
have set in place to ensure that we retain
exemplary compliance standards as an
Much has been made of the pressures on
the financial services industry created by
a heavy body of regulatory changes and
new legislation over the past 6-7 years.
Can you identify ways that policymakers
and financial supervisors could make it
easier for Euroclear to keep pace with
these regulatory and legislative changes
and to meet your necessary implementation commitments?
Financial Services Research Issue 1 2015
In performing this role, we do not view ourselves simply as a policeman or gatekeeper
within Euroclear. Rather, our approach is to
serve as a trusted partner to other divisions
and business lines within the company,
providing safeguards to all Euroclear staff –
and of course to our senior management,
customers and shareholders – that highest
standards of protection against legal and
ethical risk are in place.
organisation. This establishes a spirit of
accountability within each of these departments, demanding that business owners
take responsibility for their own controls. To
verify this, business owners will be required
to demonstrate on a regular basis that their
control framework is effective – and the
compliance division, in our “second line of
defence” capacity, will test these internal
controls to verify that this is the case.