Compliance Evaluating changes Compliance Function in the 17 In this series of articles, we talk to Chief Compliance Officers about how the compliance function is changing and how they are responding to these changes. Beyond those interviewed, a number of additional global banks and brokers were contacted to participate in this series – organisations categorised as global systemically-important financial institutions (SIFIs) in modern parlance – but they were unable or unwilling to put a spokesperson forward. Compliance is of crucial importance to every financial services organisation, but not something that all wish to talk about publicly. It remains a sensitive subject, particularly for those who have been hit with sizeable fines. Financial Services Research Issue 1 2015 Compliance has become a prominent topic at every securities industry conference. Senior industry figures tell us that, over the past 6-7 years, their organisations have been required to keep pace with an incessant wave of regulatory changes and infrastructure project deadlines – and, in meeting these obligations, they have been forced to allocate a rising share of company resources to compliance and risk management. Compliance Evaluating changes in the Compliance Function In the first in this series of articles on changing approaches to compliance, FSR speaks to Gent Jansson, Chief Compliance Officer, SEB What do you understand by the term “compliance”? What does the compliance function involve within your organisation? Narrowly defined, compliance refers to an organisation’s ability to meet external and internal rules. At SEB, we also embrace a cultural and behavioural component within our definition of compliance that guides best practice in the way that SEB operates – ensuring that we minimise reputation risk by maintaining the highest possible standards in our engagement with SEB customers and other external parties. 18 Financial Services Research Issue 1 2015 Specifically SEB’s group compliance team performs a range of key functions within the organisation. We co-ordinate all compliance risk management within SEB Group, scheduling compliance risk assessment exercises and preparing compliance plans on the back of this risk assessment. If a compliance breach (or a potential breach) is identified, we conduct investigations into these points of concern. We monitor changes in rules and regulations and ensure that we have the necessary tools and information to implement these changes in line with regulatory deadlines. In managing this process, the group compliance team is the first point of contact with the regulatory authorities at national, EU or global level. Additionally, we are responsible for developing internal rules and best practice codes that guide SEB’s behaviour and our engagement with stakeholders. Drawing on this information, we advise SEB’s senior management and business divisions on compliance issues. What skill set does this require? Has this skill set broadened in recent times? I joined SEB as Chief Compliance Officer in 2008. Prior to this, I was Chief Legal Counsel of the Swedish Financial Services Authority for five years. Thus, I have a legal background personally and have spent time working within the supervisory authorities during my previous employment. When I joined SEB, we conducted a detailed review of compliance functions within SEB Group and took the decision to centralise these into a Group Compliance function. SEB Group has business interests across 18 countries and operates more than 60 different legal entities in managing its business activities across these locations. Understandably, a rather complex compliance structure had grown up within SEB to monitor these activities across multiple jurisdictions, business divisions and legal entities. We believed it important to consolidate these activities and to ensure that our risk management and internal control functions are coordinated centrally across our business operations. Following this restructuring, we now have approximately 40 per cent of our compliance staff stationed in Sweden, with 60 per cent positioned in the other locations in which SEB has business interests. We have assembled a team with a broad range of skills to co-ordinate these activities. Given the nature of our responsibilities it is important to have staff with regulatory experience and close links with the regulatory authorities. Equally, we need staff with business expertise that are familiar with the product set and understand the relationships with customers and counterparties. Also, as a control function we require staff with audit expertise that know how to conduct investigations and follow up on any risk concerns that they may identify. Moreover, as we make increasing use of technology we have assembled strong IT expertise within the compliance team. In developing our compliance methodology, we have drawn on a broad set of professional disciplines. An understanding of behavioural economics can provide valuable insights into remuneration and incentive structures, for example, and how these may affect behaviour within our industry. For similar reasons, a sound grasp of competition theory can assist our grasp of business strategy and team motivation. Twenty years ago, the compliance function was more limited in its focus and horizons – but now compliance is a truly multi-disciplinary activity that demands a global focus. Compliance Has SEB allocated additional resources to support this broadening of the compliance function that you describe? lists of restricted parties automatically as soon as there is any change. Although the global financial crisis has driven cost-cutting and a push for higher efficiency, SEB Group has committed additional resources to managing its compliance obligations. For example, we have increased expenditure on staff in the compliance division by approximately 30 per cent over the past five years. Moreover, expenditure on IT and software packages has increased substantially and this now accounts for roughly 40 per cent of the total budget for the compliance function. So how do the linkages work between Compliance, Legal, Treasury, Operations and other key divisions within your organisation? Inevitably, our banking competitors have also been taking steps to recruit new talent into their compliance teams in order to strengthen their multi-disciplinary skill set. This has resulted in something of a battle for compliance expertise within our industry. Skills in the risk management and internal control function areas have been in relatively short supply during the past 5-6 years and these have been areas where staff numbers within SEB Group have expanded significantly during this period. You mention that you have extended use of technology to support your compliance duties. In which areas has this been applicable? The second line of defence is SEB’s independent control functions, particularly the Group’s compliance and risk management divisions. The third line of defence is the Group’s internal control framework, which also carries responsibility for monitoring the first and second lines of defence and identifying any potential weakness. With these foundations in place, SEB Group Compliance is working more closely with other departments, particularly the risk management, treasury and the finance divisions, than ever before. Prior to the 2008 global financial crisis, the compliance division was not substantially involved in Group decision making around capital adequacy planning and liquidity coverage for example. However, subsequently this has become one of many regulatory planning and decision making processes where the compliance division is centrally involved. There are robust checks and balances in place to ensure that the compliance and risk management teams retain necessary independence from commercial divisions within the bank. However, there is much closer collaboration across these areas than there ever has been previously. 19 Could the policy formation process be streamlined to make it easier for financial services providers such as SEB to manage changes in rules and regulations? Financial Services Research Issue 1 2015 In the anti-money laundering and counterterrorism financing areas, for example, we have installed two specialist compliance packages to assist our duties. One is a specialist monitoring system that will screen all payment transactions conducted by the bank in order to detect any suspicious activities or payments that might be directed to restricted parties. We also monitor payments transactions against a range of sanctions lists – for example those issued by the US Office of Foreign Assets Control – to ensure that no payments are made in breach of international sanctions. To assist this process, we employ a range of vendor packages, supported by appropriate lists of restricted persons and organisations. In many cases, these vendor tools will update For more than 10 years, SEB has employed a “Three Lines of Defence” approach. Typically, each business line will be the owner of the risks that it confronts within its business – whether this be financial risk, compliance risk or other forms – and it will be primarily responsible for managing these risks. Compliance If we look back to the days before Sweden joined the European Union in 1995, policy formation took place principally at a national level and our liaison was largely with policymakers and financial regulators in Stockholm. Projecting to the present day, many legislative changes are driven through global initiatives or through deliberations within the EU. Although we are an active participant in the consultation process whenever relevant, this internationalisation of policy formation has made it harder for a banking group headquartered in Stockholm to influence legislation and to shape how this is applied at local level. 20 Financial Services Research Issue 1 2015 Also, the significant weight of new legislation that has been applied to our industry makes it very difficult for any single individual or compliance team to understand the full impact of this heavy body of interconnected reforms. Policymakers and regulators are reshaping the entire financial landscape, including financial stability issues, customer protection and financial conduct, as well as detailed reforms of the financial infrastructure and the rules governing their operation. Many of these changes are taking place simultaneously and it is very difficult to predict how their collective impact will play out. Since the global financial crisis, many European jurisdictions have moved towards rules-based approaches to regulation. Principles-based approaches, which some financial authorities applied selectively prior to 2008, have largely fallen out of favour. With this development, there is a danger that regulatory compliance is reduced to meeting a check-list of rules, leaving limited scope for firms to use their experience and discretion in order to target risk concerns that are most acute. This trend may increase the administrative burden involved in regulating our industry, but will not necessarily result in a safer banking sector from a prudential standpoint. Many have inferred from the global financial crisis that principles-based approaches to financial regulation are inappropriate and do not work. We believe it is important to challenge that assumption. It is questionable whether a heavily-prescriptive rulebook is appropriate for managing a complex financial services environment that is heavily interconnected with global markets. Evaluating changes in the Compliance Function Continuing our series of articles on changing approaches to compliance, Mark Gem, Chief Compliance Officer at Clearstream, tells FSR that his organisation aims to set a standard in its compliance duties which ensures that it remains beyond justifiable criticism before the market and the clients that it serves Historically, the priority of many compliance officers was to ensure that their organisation complied with applicable law and regulation. However, at Clearstream we do not feel that this standard is sufficient to guide our activities in modern times – and, in the wake of the global financial crisis, neither is it sufficient to ensure public Compliance confidence in how the financial services industry operates. In the post-trade segment, the industry has typically relied on the first regulated intermediary in the custody chain performing its due diligence and monitoring duties effectively – and then other firms further down the value chain have relied heavily on this initial judgement when doing business with that customer or counterparty. Events of the past 5-6 years have reminded us that the industry needs to be less complacent in its approach. We have chosen to set a standard in our compliance duties which dictates that we remain beyond justifiable criticism before the market and before the clients that we serve. This demands that compliance becomes more risk-based and suggests a behavioural or ethical component, dictating that we maintain standards of service and behaviour that align with the expectations of legislators and financial supervisors, our shareholders, our customers and a broader global public. Changing importance of the compliance function Industry associations have been working closely with financial supervisors and other key participants to establish an appropriate set of standards for the securities services industry – standards that aim to ensure equivalence and comparability when providing safekeeping and asset servicing across multiple jurisdictions globally. Given the international reach of the securities services business, such compliance standards may be hard to apply when services are delivered cross-border. For example, there may be a mismatch between the domestic standards applied by a global custodian in its home jurisdiction and the standards applied by the sub-custodians that it may employ to deliver settlement, safekeeping and asset servicing functions across its global network. To address this question, we believe that the custodian should meet the compliance standards applicable to its business activities in its own domestic market, but must also aim to meet the standards of its subcustodians, infrastructure entities or other third-party providers to which it delegates functions across its global network. After all, the sub-custodian is ultimately exposed to the conduct of the custodian’s clients and may later be held to account. An important issue for our compliance division has been how best to manage the drive for greater disclosure of account information – accompanied in some instances by a 21 In designing this set of standards, we must Managing complexity across global networks Financial Services Research Issue 1 2015 Over the past 5-6 years, there can be no doubt that the securities industry has attached additional importance to the compliance function, recognising its importance in identifying risk and eliminating financial crime. With this shift, the industry is adopting a new generation of compliance managers that have a detailed current knowledge of the products and services that we offer, the potential risks and costs attached to delivering those solutions, and a firm understanding of the needs and expectations of key stakeholders (customers, shareholders, policymakers and financial supervisors, a broader public). recognise that the risks borne by a firm delivering settlement and asset servicing around the world may differ substantially from the risks borne, for example, by a payments bank in processing a cash payment between two international counterparties. If a payments bank has concerns about either counterparty, it may decline to process the transaction; and when the transaction is concluded – whether processed successfully or aborted – it probably has no further exposure to either counterparty. In contrast, the situation of a securities custodian is often very different because ownership interests in securities exist whether or not the underlying owner attempts an instruction. Consequently, it may be difficult for the securities services provider to terminate its service to a client without being in breach of contract – and discovery that it has a problem may be just the start of its concerns. The task of resolving this problem and closing out its risk and liability may be a complex process. Compliance push for client assets to be held in segregated account structures – with our desire to maximise the efficiency benefits that we can deliver to clients within a secure safekeeping environment. The challenge is to retain a balance between existing account holding structures – for example, omnibus account structures which have enabled financial intermediaries to deliver significant efficiencies to asset owners and which are fundamental to the efficiency benefits that the Eurosystem predicts will be delivered by T2S – and the appetite of financial supervisors to have greater visibility of investor holdings through to beneficial owner level. believe to be in the best interests of the industry – or we are likely to find black letter regulation applied by the financial authorities. Often too much time has been spent in railing against regulation by our industry and trying to convince regulators not to regulate – and too little time has been spent in establishing effective standards of behaviour which ensure that financial regulators do not need to regulate. On this note, it may be useful to draw comparisons with other industries. For example, the auto industry has in many instances embraced regulation – even when some of In the post-trade segment, the industry has typically relied on the first regulated intermediary in the custody chain performing its due diligence and monitoring duties effectively – and then other firms further down the value chain have relied heavily on this initial judgement when doing business with that customer or counterparty. Events of the past 5-6 years have reminded us that the industry 22 Financial Services Research Issue 1 2015 needs to be less complacent in its approach. In our contributions to this debate, we have made it clear that a well-intentioned push from financial authorities for transparency should not translate into a drive for greater disclosure simply for the sake of it. Simply collecting an expanding database of client names and holdings information is not an effective mechanism for mitigating and eliminating financial crime. It is vital that custodians and financial infrastructure entities play a central role in eliminating tax evasion, money laundering and market abuse – and we must be vigilant to ensure that we are not used as vehicles to propagate this type of financial crime. But there is little value in collecting client names and holdings details simply for its own sake. Concluding thoughts All too often regulation has been introduced when policymakers have made a judgement that the financial services industry has been too slow to sort out its own problems. In practice, we have the choice of establishing our own standards – standards that we these regulatory changes were not initially welcomed – utilising this as a trigger to drive product development and innovation. The development of hybrid engines and other fuel-saving technology are obvious examples. So too, securities services providers must embrace the opportunities offered by regulation to design new products and services and to differentiate oneself from one’s competitors. In significant part, compliance is about knowing how products and services are best delivered and how the business can operate most effectively. This is just as important as a detailed knowledge of rules and regulations pertaining to securities operations. Ultimately for the banking industry, this centres on answering some key questions: “Are we serving our customers and stakeholders effectively? And, are we acting in a way that is socially beneficial?” The failure of the banking industry to ask itself these questions is fundamental to explaining why it has taken so long to build legitimacy in public eyes after the 2008 financial crisis. Compliance Evaluating changes in the Compliance Function Continuing our series of articles on changing approaches to compliance, FSR speaks to Jean-Marc Eyssautier, Chief Risk and Compliance Officer, CACEIS Has the importance attached to the compliance function increased within your organisation over the past 6-7 years? If so, what have been the reasons for this? Since the 2008 financial crisis there has been more pressure on risk and compliance within the financial services industry and this trend has been replicated within CACEIS. As an asset servicing specialist and fund depositary, changes in legislation have made it ever more important that we have rigorous and robust risk and compliance functions in place. In practical terms, managing the heightened levels of regulatory oversight that we have witnessed since 2008 has centred, in significant part, on strengthening the due diligence on every new client with which we have dealings at CACEIS. Each new customer that we onboard will pass before the Risk and Compliance Committee for approval before we will begin working with that organisation. What does the composition of your Risk and Compliance team look like? And how are you utilising its resources across your working week? If we consider the broad scope of these responsibilities, which includes risk management, compliance, depositary and legal functions, we are collectively talking about more than 300 people, which represents more than 10 per cent of the overall staff of the bank. Over the past five years, I estimate that these numbers have increased by approximately 20 per cent – which, for reasons that I have outlined, may be somewhat lower than the expansion of Risk and Compliance that has taken place at some of our competitors. 23 As a depositary bank, we have given detailed attention to the implications of the fund depositary obligations under AIFMD and UCITS V. More than ever before, this lays a burden at the door of the depositary bank to prove that it has conducted detailed due diligence on any sub-custodian In the aftermath of the collapse of Lehman Brothers, depositary banks in the French market were required by the Paris courts to compensate asset management clients for the loss of assets that had been posted with Lehman Brothers (in its role as prime broker) as collateral. Even though there was widespread knowledge on the part of clients of prime brokers that assets posted as collateral were being re-used (or re-hypothecated) by the prime broker, the depositary bank was compelled by the Paris courts to provide full restitution of these assets to the fund manager client. With this decision, and the regulatory overhaul that took place since then, there is a concern within the fund depositary community that the depositary bank is being required to stand as insurer of fund assets held in safekeeping, whether these sit with the fund depositary or a sub-agent. Financial Services Research Issue 1 2015 This said, within CACEIS we have not made major changes to our approach to compliance, nor to the way that our risk and compliance functions are structured. Collectively our leading clients have entrusted CACEIS with assets worth billions of euros for many years. Asset safety and asset protection have always been central to what we do and, when compared with some financial services organisations, we were well prepared for the step up in regulatory oversight that our industry has witnessed since 2008. We have long had specialist teams committed to financial security, to managing anti-money laundering, fulfilling know-yourcustomer requirements, ensuring we are compliant with embargoes, and so on. These high levels of asset protection and regulatory compliance are the essence of what we do as an asset servicing specialist. or infrastructure entity to which it delegates operational activities. The fund depositary also has detailed responsibilities for overseeing the activities of fund management clients that it serves and ensuring that they deploy adequate skills and means in the conduct of their business. This demands that the fund depositary has significant transparency (or “look through”) to the fund manager’s internal structure and operations. Compliance If we look at how resources are committed, a major share of our staff time and resources, 50 per cent, are dedicated to conducting due diligence and KYC on new clients. A sizeable additional share, 25 per cent, is committed to ensuring that we are compliant with embargoes, anti-money laundering requirements and other necessary checks on payments and transactions. The remaining share will be dedicated to various ad hoc challenges raised by the activities of our product and sales areas, the activities of the network management group and other day-to-day commitments associated with the activities of the bank. requirements and we have also built technology in-house when this matches our needs more effectively. One important consideration is that the technology that we employ to support our Risk and Compliance responsibilities must be independent from the technology that we employ to support delivery of commercial services. An important step that we have taken over the past 4-5 years, is to ensure that the Risk and Compliance division is involved at an earlier stage in decisions around project design and implementation. In times past, there were some instances when product A point of particular importance, from CACEIS’ standpoint, is that it should not be the business of fund depositaries to serve as insurers of risk for those sitting further up the investment value chain. We are here to offer expert fund services and to help clients manage their risk, particularly in the post-trade arena. However, it is not for us to stand as a financial back-stop for the fund management industry. 24 Financial Services Research Issue 1 2015 Are you making greater use of technology to support these activities than you were five years ago? We have been confronted with such a significant increase in transaction and payment flows, and an ever expanding range of compliance obligations, that it is difficult to be compliant without making strategic use of technology to support our activities. We use a range of vendor packages, and internal build when necessary, to ensure that we are monitoring trade and payment flows, screening for any proscribed counterparties and monitoring for any illegal or irregular activity. As a fund depositary, we are required to supervise the activities of our fund management customers and to ensure that they are themselves compliant. Use of technology is essential in fulfilling these commitments. Typically there has been no single vendor package that will fulfil all of these functions. We have selected market-leading vendor packages when these meet our developers were well advanced with a project before Risk and Compliance were consulted. By providing an opinion at an early point, this can avoid time and resources being committed to a design that may then need to be amended at a later point. Much has been made of the pressures on the financial services industry created by a heavy body of regulatory changes and new legislation over the past 6-7 years. Can you identify ways that policymakers and financial supervisors could make it easier for CACEIS to keep pace with these regulatory and legislative changes and to meet your necessary implementation commitments? There has been a progressive phase of deregulation that emerged particularly from the US and the UK in the 1980s and has extended broadly up to the onset of the 2008 financial crisis. Subsequently, this trend has been reversed, with financial authorities Compliance tightening controls around investment and the delivery of financial services. This has been supported by a wide body of new legislation. A point of particular importance, from CACEIS’ standpoint, is that it should not be the business of fund depositaries to serve as insurers of risk for those sitting further up the investment value chain. We are here to offer expert fund services and to help clients manage their risk, particularly in the post-trade arena. However, it is not for us to stand as a financial back-stop for the fund management industry. So too, with the enforcement of embargoes. While we recognise the need to be compliant and to assist our clients this obligation, there are instances where, as a provider of financial services, we are also being asked to serve as a kind of law enforcement officer and auditor of the compliance standards of our customers and counterparties. How do you believe this regulatory environment will evolve in the five years ahead? Following from my previous comment, I am optimistic that policymakers and market participants can find a meeting of minds whereby this heavy body of new legislation will gradually calm down in times ahead. We may face another 2-3 years of new legislation but, it is important this stabilises over time – otherwise shareholders may no longer be willing to finance future development of the business. Constantly adding additional legislation should not be seen as an effective solution; rather, it is vital for the competent authorities to focus on enforcement of existing rules, applying proportionate and effective penalties for those that fail to comply. It is important to ensure that every stakeholder plays by the book. If not, there is already a broad range of action that can be taken by the financial authorities to ensure that further breaches do not occur in the future. Evaluating changes in the Compliance Function What do you understand by the term “compliance”? What does the compliance function involve within your organisation? 25 The fundamental purpose of the compliance & ethics function is to protect Euroclear group against legal and ethical risk. Traditionally compliance has been viewed as an internal control function designed to ensure that a company adheres to rules and regulations. But this view has evolved over the last few years and we see compliance as Financial Services Research Issue 1 2015 Continuing our series of articles on changing approaches to compliance, Olivier Goffard, Head of Compliance and Ethics at Euroclear, talks to FSR about how his team is protecting Euroclear against legal and ethical risk and performing a vital educational role in developing an ingrained knowledge of compliance and ethics fundamentals among Euroclear staff Compliance substantially more than this – as a division that brings value to Euroclear, in terms of positioning compliance to deliver high quality services to our stakeholders, and to maintain high legal and ethical standards. What skill set does this require? The skill set is constantly evolving and has broadened substantially over the past 4-5 years. Until about five years ago, the compliance & ethics function formed part of the legal division within Euroclear group. How- exemplary standards. With this in mind, we offer a range of classroom and on-the-job e-learning modules, for example, testing staff knowledge of market abuse, money laundering and other elements of financial crime and guiding staff in how to identify these types of malpractice. These training modules are typically based on real-life scenarios. Consequently, if a staff member identifies something that may look suspicious, they will have the ingrained knowledge and confidence to alert a compliance officer so this may be investigated further. In Belgium, we are one of the few countries We offer a range of classroom and on-the-job e-learning modules, testing staff knowledge of market abuse, money laundering and other elements of financial crime and guiding staff in how to identify these types of malpractice. These training modules are typically based on real-life scenarios. Consequently, if a staff member identifies something that may look suspicious, they will have the ingrained knowledge and confidence to alert a compliance officer so this may be investigated further. 26 Financial Services Research Issue 1 2015 ever, now compliance is an independent division. Typically, we view ourselves as the second line of defence protecting Euroclear against legal and ethical risk. However, in managing some responsibilities – for example, in ensuring that we are compliant with anti-money laundering requirements, sanctions and embargoes – we represent a first line of defence for the organisation. In fulfilling this role, we employ 25-30 full time staff with a diverse range of technical expertise and professional backgrounds. This includes qualified lawyers, accountants and internal audit specialists, communications and public relations staff, operations specialists and people from a product or commercial sales background. We have multinational expertise within the team, with 12 different nationalities represented. More broadly, we play an important educational role within Euroclear, raising internal awareness among Euroclear staff of how to maintain the highest legal and ethical standards. And most importantly, how to identify behaviour that may compromise these where the compliance function is closely regulated. In fact, The National Bank of Belgium and FSMA have issued a joint circular that sets out guidelines for our activities, detailing amongst others our responsibilities as a compliance division, the procedures that we should apply, our reporting obligations to financial supervisors and audit committee, and what safeguards should be put in place to ensure the independence of the compliance function is preserved. In addition, compliance officers are required to attain certification from the regulatory authorities in order to practice. Has the resources allocated to the compliance division increased over the past 4-5 years? During this period, Euroclear has substantially increased the resources allocated to compliance functions. This reflects the additional importance accorded to these roles within Euroclear group, but also by our customers and counterparties. When a client or prospect visits Euroclear for due Compliance diligence, commonly the compliance functions are high on their agenda. Inevitably, this also marks a response from senior management to the surge in new legislation that has been applied to the financial services industry over the past five years. This is reflected both in new staff appointments and significant expenditure on software and technology. The business that we oversee has become increasingly complex – monitoring market abuse and trading anomalies, breaches of sanctions, money laundering by criminals, cash transfers to terrorist organisations, and so on. In many cases these criminals are well educated and well resourced, employing IT specialists, lawyers and financial engineers to ensure that they are not detected. To match this sophistication it is important that we use state-of-the-art technology and software packages to facilitate our duties. Specialist software packages have been developed to screen transactions and counterparties, to identify irregular behaviour or patterns of malpractice. We have deployed these selectively on a best-in-market basis – and have also developed our own internal systems in cases where there is no vendor package on the market that meets our requirements. So how do the linkages work between Compliance, Legal, Treasury, Operations and other key divisions within your organisation? We do see signs that policymakers are taking steps to ensure that legislation is applied consistently across EU Member States. In recent decades, the European Parliament has passed a range of Directives governing the delivery of financial services. These Directives are then enacted (via national implementing legislation) at Member State level, potentially resulting in gold-plating with minor nuances from one Member State to another as legislation is interpreted differently and applied in a slightly different way. To minimise these inconsistencies, we note a stronger appetite among EU policymakers to develop regulations that will be applied in a common way across EU Member States. When we consider the application of data protection rules across the EU, for example, the Data Protection Directive – which has governed the processing and transfer of personal data since 1995 – has been enacted in slightly different ways across 28+ EU Member States. This has presented major compliance challenges for companies active in multiple EU markets, which must ensure they are processing personal data in line with domestic legislation in each market. To address these inconsistencies, the European Commission is deliberating over the introduction of a European General Data Protection Regulation which will have standardised application across EU Member States. 27 We have developed a database, known as LICA (which stands for Legal Internal Controls and Accountabilities), that enables us to monitor the key legal and ethical risk controls that individual departments have set in place to ensure that we retain exemplary compliance standards as an Much has been made of the pressures on the financial services industry created by a heavy body of regulatory changes and new legislation over the past 6-7 years. Can you identify ways that policymakers and financial supervisors could make it easier for Euroclear to keep pace with these regulatory and legislative changes and to meet your necessary implementation commitments? Financial Services Research Issue 1 2015 In performing this role, we do not view ourselves simply as a policeman or gatekeeper within Euroclear. Rather, our approach is to serve as a trusted partner to other divisions and business lines within the company, providing safeguards to all Euroclear staff – and of course to our senior management, customers and shareholders – that highest standards of protection against legal and ethical risk are in place. organisation. This establishes a spirit of accountability within each of these departments, demanding that business owners take responsibility for their own controls. To verify this, business owners will be required to demonstrate on a regular basis that their control framework is effective – and the compliance division, in our “second line of defence” capacity, will test these internal controls to verify that this is the case.
© Copyright 2024