Volume 6 (2022-23)

Each volume of Journal of Financial Compliance consists of four 100-page issues published in both print and online. Articles scheduled for Volume 6 are available to view on the 'Forthcoming content' page. 

The articles and case studies confirmed for Volume 6 are listed below:

Volume 6 Number 1

  • Editorial
    Mario J. DiFiore, Editor, Journal of Financial Compliance
  • Practice papers
    Managing trade and communications surveillance in the new world of work
    Yasmine Li, Head of EMEA Surveillance, Global Head of Commodities Surveillance, Macquarie Group

    The COVID-19 pandemic has introduced changes in technology and the working environment which have ultimately changed the risk profile and risk manifestation within financial organisations. Alongside the ever-increasing conduct-focused regulations globally, surveillance has never been so important. As a control, surveillance frameworks and programmes must adapt to stay effective and relevant to the changing times. This paper describes the challenges and steps that can be taken to uplift surveillance practices in response to regulatory scrutiny, technology advancements and culture shifts as firms embrace hybrid and remote working set-ups.
    Keywords: artificial intelligence; AI; human trafficking; model risk management; compliance

  • Perpetual know your customer: A new approach to addressing customer due diligence
    Henry Balani, Head of Industry & Regulatory Affairs, Encompass Corporation UK

    Perpetual Know Your Customer (pKYC) represents a new and alternative approach to the traditional customer due diligence process currently practised at many regulated financial institutions (FIs) today. FIs adopt a periodic approach in identifying anti-money laundering risks within their customer base as part of a government regulated compliance process. Conventional KYC processes can be ineffective and costly in managing compliance risks, with cumbersome and complex customer onboarding processes. Increasingly, FIs see value in adopting pKYC approaches either alongside or as a replacement for their current processes. This article describes pKYC and how it differs from traditional KYC processes; the benefits and challenges to adopting pKYC; and the right use cases within an FI. pKYC is a continual approach to customer due diligence, potentially replacing traditional forms of customer onboarding. This alternative approach, while it increases operational costs within an FI, does provide benefits in terms of reduced compliance risk exposure. This reduced exposure is achieved as a result of adapting continual review processes leveraging current customer and external reference data during the review process. This article finds that not all FIs can necessarily benefit from pKYC despite the inherent advantages. FIs need to consider their current KYC process that would be appropriate for their line of business. Lines of business that have high risk portfolios and volumes are typically the best candidates for adopting pKYC, compared to FIs that have relatively static and smaller customer bases. The article also provides the reader with a framework for understanding pKYC in the context of adopting such an approach in their FIs so as to make a more informed decision.
    Keywords: surveillance; trade reconstructions; hybrid working; market abuse; conduct rules

  • Can implementing classic management theories in the KYC process help achieve high regulatory compliance?
    Sabina Ausfelt, Head of Financial Crime Prevention, JAK Medlemsbank

    Banks and other financial institutions (FIs) today face completely different challenges than they did 20 years ago. Since the Fourth Money Laundering Directive (EU 2015/849) came into force in 2014, the aim was to counter money laundering and terrorist financing. FIs have had to change their priorities and spend large sums on regulatory compliance in this area. The legal requirements found in national legislations across the EU which are based on the implementation of the EU Money Laundering Directive and associated regulations, are one of the FIs biggest challenges today. The ‘know your customer’ (KYC) process is a costly and complicated process that includes administration and alternating contacts with the customer. The process places high demands on regulatory compliance as the KYC process is governed by national legislation, directives, and regulations. The requirement for a risk-based and holistic view on the money laundering and terrorist financing (ML/TF) risks also requires that the process adapts to the outside world. This is difficult for the middle and larger financial institutions to comply with without automation. Despite the complexity of the process, the literature review conducted by the author shows that the main research focus is on technology, cost efficiency and customer satisfaction. Only a few raise the issue from a compliance perspective, and even fewer highlight both technology and compliance in the same research. With research focused on developing strategies for enhanced customer satisfaction and cost and time efficiency, what strategies are there to succeed implementing a KYC process with all attributes above at the same time as it is fully compliant with regulations, ie risk-based and holistic? By applying and implementing classic management theories into the anti-money laundering regulatory control environment, the author believes that it is possible to have a KYC process that is cost and time effective, has a high level of customer satisfaction, and at the same time is highly compliant with AML/CTF regulations.
    Keywords: KYC process; organisational learning; compliance; anti-money laundering; financial institution; AML/CTF

  • Preventing and addressing AML/CFT risks of digital finance: The European regulatory and supervisory perspective
    Joana Neto, AML/CFT Data Specialist, European Banking Authority (EBA)

    Digital finance is not a new phenomenon, yet the impact of new technologies in the financial services industry has escalated over the past years. Despite bringing disruption of products and services on both front and back end, its opportunities involve inherent risks. The ones of money laundering and terrorist financing require special attention as they can have an impact on the integrity and stability of the financial markets. This paper focuses on the interlinks between these two worlds from a regulatory and supervisory perspective, based on the recent work developed by the European Banking Authority — that currently holds the statutory objective to prevent the use of the EU's financial system for money laundering and terrorist financing (ML/TF) purposes. For that purpose, this paper analyses: the main opportunities and challenges; the causes of the identified challenges; the role of regulation and supervision in the fight against the ML/TF risks that arise from these emergent business models, services and products, in the European market; and the future of digitalisation.
    Keywords: AML/CFT; money laundering; terrorist financing; digital finance; platformisation; regulation; supervision

  • How can misconduct behaviours and abuse of position be better identified, and what are the drivers for committing fraud and theft?
    Tracey Carpenter, Insider Threat Manager, Cifas

    This paper explains the threats that the COVID-19 pandemic poses to the security of organisations from an insider threat perspective, as well as summarising some of the drivers of dishonesty and discovering how employees may be presented with the opportunity to commit fraud and theft, have an underlying motivation or be in a position to rationalise their behaviour. The paper also examines how the insider threat has evolved over time, focusing on how attitudes, greed and technology have enabled employees to defraud their employers. It also looks at how blurred lines and white lies can lead to fraudulent behaviour, as well as recommendations on how to keep your company safe from insider threats.
    Keywords: Taxonomy; compliance risk; stakeholders; strategy; objectives; value

  • New AML regulation: From ‘virtual currency’ to ‘crypto assets’ — differentiation from tokenised financial instruments and potential concerns over the perceived end of pseudonymity in the crypto sector
    Stefan Tomanek, Legal Expert and Ralph Rirsch, Team Lead, Austrian Financial Market Authority

    In adopting new regulatory measures, the EU is increasing its efforts to prevent money laundering and terrorist financing. Aside from a uniform and EU-wide ban on cash transactions over €10,000 and the establishment of a common European anti-money laundering (AML) authority, the new rules specifically tackle the growing crypto economy. While existing AML regulations already cover various business activities related to crypto-assets such as Bitcoin & Co., there is still considerable leeway for interpretation and uncertainty. The currently applicable definition of ‘virtual currencies' and demarcation issues to financial instruments subject to stricter regulatory regimes are prominent examples of this. As an answer to these issues the new term ‘crypto-asset’, introduced by the upcoming crypto regulation MiCAR, is going to be consistently used in the new anti-money laundering regulation as well as MiCAR, promising more legal clarity for the future. Meanwhile, headlines about the alleged end of ‘(pseudo)anonymity of crypto-assets' due to the new AML rules are already appearing on the European media landscape. This paper provides an overview of the potential implications of these new regulations for businesses, investors and users, as well as seeking to alleviate some of the fears of the market.
    Keywords: employee fraud; insider threat; working from home; hybrid working

  • Data risks and security in the financial sector: Adapting to a new environment
    Claudia Guagliano, Head of Innovation, Products and Technology Unit, Risk Analysis and Economics Department, and Alexander Harris, Senior Risk Analysis Officer, European Securities and Markets Authority

    Huge increases in data generation and storage volumes in recent years, coupled with technological innovations, are changing the nature of data risks in the financial sector. Several factors determine the nature of data risks: (a) the way technology is used; (b) the profile of financial sector entities and their interconnections; (c) the cyberthreat landscape; and (d) awareness and practices among legitimate users of data. How these factors are evolving in an increasingly complex digital environment is described. To manage the changing data risk profile, the EU regulatory framework is adapting. Key regulatory developments in the financial sector include the Digital Operational Resilience Act (DORA) proposal and the recent advice from the European Supervisory Authorities in relation to digital finance. More broadly, the Digital Services Act and the Digital Markets Act aim to create a safer digital space for EU citizens.
    Keywords: cybersecurity; data security; digital finance; operational risk

  • The regulatory leap into big data and machine learning: Practical advice for compliance officers
    Bo Howell, Cofounder and CEO, Joot

    The domain of big data encompasses several buzzwords, including artificial intelligence, machine learning, emerging technologies and big data itself. Across industries, new technology generates both fascination and fear, but factors that drive innovation vary widely from industry to industry. The financial services industry is characterised by an ambivalence toward innovative technology, with many financial services firms embracing it and many more regulatory compliance professionals resisting it. This paper is divided into two parts: Part 1 describes the state of regulatory technology in financial services and Part 2 offers practical advice for compliance officers seeking to implement innovative technology projects at their firms, particularly using machine learning applications. The paper concludes with suggestions for future research and practice.
    Keywords: big data; data analytics; artificial intelligence; machine learning; RegTech; Securities and Exchange Commission (SEC); small and middle-sized businesses (SMBs)

  • The effect of organisational leaders on employee voice and employee silence
    Manon de Zwart-van der Ham and Marjo van den Broek

    Employee silence has been identified as a contributor to a host of detrimental outcomes for an organisation. Employee voice is seen to contribute to an organisation's effectiveness, eg by making better decisions possible. Four main drivers play a role in a decision to speak up or stay silent. They play a role in speaking up both inside and outside the organisation. These drivers are attitude, capability, safety and social cues. Factors that play a role are role modelling, trust, the feeling ‘it is easy’ and ‘it must be worth it’. Organisational leaders play a critical role in improving the culture to speak up and increasing the number of employees who speak up. Getting employees to speak up is important for every company, whether to make the right decisions, take a stance on societal issues or to detect misconduct. This research reveals that more needs to be done than just provide reporting channels and communicate where to find the information. The recommendation is that companies work on all four drivers to battle employee silence in an organisation.
    Keywords: employee voice; employee silence; leadership; diversity of thought; speak up; culture

  • Adopting RegTech: A practical guide
    Harpreet Singh, Global Lead, Post-Trade Solutions, BCM, Luxoft Financial Services

    As the regulatory burden increased over the last decade, financial institutions aimed to consolidate their regulatory solution to improve efficiency and enhance compliance. RegTech grew as a segment with multiple vendors, financial institutions and regulators all working together to find solutions that would enable adherence to the rules. Newer technologies such as cloud, artificial intelligence (AI) and data analytics began to dominate, with further innovations making regulatory systems more foolproof. Underpinning these advancements is the ability of the RegTech system to improve data management. In return, data quality enhancements provide reliable AI and more trustworthy RegTech systems. This paper analyses insights from global regulators on RegTech and underlying technologies, and provides practical guidance for implementation.
    Keywords: RegTech; SupTech; cloud; artificial intelligence (AI); banking and capital markets; digital technology; regulatory systems; regulation; compliance; data quality; financial services; DaaS; IaaS; PaaS; SaaS