Financial services institutes have been hit harder than most by new regulations. But while burdensome, compliance with the Sarbanes-Oxley Act, the Basel III code, MiFID and anti-money laundering laws (among many others) is not an issue that can be side-stepped.
Failure to demonstrate compliance can severely damage a financial services business, its reputation, its balance sheet and even the liberty of company officers who are called upon to affirm that their organization adheres to the new rules and regulations.
These threats have raised the issue of compliance to an unprecedented level on the financial services agenda. Gaining the attention of the board has perhaps been the easiest part. Actually implementing the technology and processes required to demonstrate that a bank meets the strictures of numerous mandates demands a significant level of control over its processes and the way they are monitored and audited.
Anti-Money Laundering Rules
Money laundering involves taking the proceeds of criminal activity and making them appear legal. Under rules enforced by the Financial Conduct Authority (FCA), UK financial institutions are expected to deter instances of money laundering through processes and controls that enable them to identify, assess, measure, monitor and manage the risk of a customer using their products to launder money. They must also carry out regular assessments of the adequacy of these processes and controls. Anti-money laundering (AML) processes and procedures are governed by a key principle: know your customer (KYC).
The FCA issues KYC guidelines and expects UK financial institutions to recognize and act upon the warning signs of potential money laundering activity. Financial firms in the United States must also conform to similar guidelines as defined by the Patriot Act and regulated by the Securities and Exchange Commission (SEC).
The Basel III accord is an international code of conduct that requires banks to disclose information and report credit risks. Currently, banks are required to reserve a percentage of their issued loans to absorb losses. Basel II allows for three different calculations to be used to calculate credit reserves so that banks have more freedom in making their own estimates of the probability of losses.
That, in turn, gives them more latitude to develop and use their own methods for deciding their capital requirements. However, they can be required to demonstrate how that decision was made and identify the steps that were taken – and by whom - in arriving at that decision.
MiFID is the Markets in Financial Instruments Directive of the European Union (EU). It applies to companies involved in trading financial instruments and those that offer advisory services, including investment banks, market data companies, trading platforms and exchanges.
Under MiFID, such companies must provide clear audit trails for transactions, regardless of whether they are conducted through exchanges or handled „off-book,‟ and show that they have met new rules on „best execution.‟ That involves recording and storing information for each trade – not just execution price, but also cost, speed, likelihood of execution and likelihood of settlement. MiFID came into force in November 2007.
Since this time, many institutions have struggled to implement the regulation.
The Sarbanes-Oxley Act requires any company listed on a U.S. stock exchange (including the international subsidiaries of such companies) to maintain documentation of significant business processes and their related controls.
As business processes change, the existing controls relating to the previous business process must be evaluated and, if necessary, changed to reflect the new process. Compliance with the Act also requires a company, and its external auditors, to regularly test the operating effectiveness of these controls in order to see if there has been deviation from the company’s prescribed procedures, how many of these deviations have occurred, and the underlying causes for these deviations.
In 2009, the U.S. Federal Reserve implemented „stress tests‟ on the largest banks to determine stability and risk. The stress tests are supposed to gauge a bank's financial health, specifically whether it has enough cash on hand to weather a continued economic downturn. A poor outcome on a stress test could send investors and depositors fleeing. Other countries may institute similar tests in an attempt to enforce companies to eliminate risky business practices and shore up assets.