In FocusCompliance-Unit
Capacity Building
By:Mohammad IbrahimFheili
The Compliance Landscape
Compliance
Failure
Exclusion
Compliance
Compliance
Compliance
Choice Obligations
AML Compliance
“Due Diligence Convention” with anarrow
definition of Jurisdiction ...
Abundance of AMLRules with
blurred Jurisdictions ...
Failure
Exclusion
Failure
Exclusion
Failure
Exclusion
Ignorance Ambiguous Uncertain Risk-Based
WeDidnotinvestenoughinlearning...UntilwestartedtogetonewakeupcallafterAnother!
AML Compliance
Choice Obligations
Regulatory Obligations Legal Obligations
Mgmt. Committee
Risk Management
Board of Directors
Board Committees
Mgmt. Committee
Risk Management
Board of Directors
Board Committees
Mgmt. Committee
Risk Management
Board of Directors
Board Committees
Mgmt. Committee
Risk Management
Board of Directors
Board Committees
External AuditorExternal AuditorExternal Auditor
External Auditor
ProactiveRe-active/ProactiveRe-active?!
Re-active?!
Choice
 Accountability
Law Makers
Law Makers Law Makers Law Makers
Compliance Has fastEvolved Not By Choice. . .
AML Compliance UnitAML Compliance UnitAML Compliance Unit
Compliance Officer
Corporate ComplianceCorporate ComplianceCorporate Compliance
Corporate Compliance
Legal UnitLegal UnitLegal Unit
Legal Unit
 Skin InThe Game!
External & InternalExternal & InternalExternal Rules
External Guidelines
 Personal Liability
 Staff (Can Disrupt the compliance process . . .!)
 Business Unit
 Senior Management
 Board of Directors
ReportRiskEvents, Collect Data, Report,Etc.
Assess
Control
Oversight
Most Risks Start
Here
Every individual comes to the organization with his/her own
personal Perception of Risk.
Every Person comes to the Organization with his/her
own Inventory of Moral Values and these have a great
influenceover the decisions he/shemakes...
Escalatingtothe BoDWon’tMeanMuch!Because...
AML Compliance
Choice Obligations
Legal Obligations: where there is a legal obligation,
a jurisdiction must be adequately defined to the satisfaction
of the partiesin dispute.
TooMuch,Too Quickly,Too Detailed, TooDemanding,...
The Classic
Areas of
Anti Money
Laundering
Parachuted
into The
World of
Anti Money
Laundering
Scopeof
Compliance
Ill-Communicated
tothe firstlineof
defense
Jurisdiction“A”Tax Administration
Confidentiality andDataSafeguard
RequirementsinPlace.
Jurisdiction“B”TaxAdministration
Confidentiality andDataSafeguard
RequirementsinPlace.
Information Reporting
in relation to Tax
Residents of
jurisdiction “B”, in
accordance with
Jurisdiction “A”’s
domestic reporting
requirements.
Information Reporting
in relation to Tax
Residents of
jurisdiction “A”, in
accordance with
Jurisdiction “B”’s
domestic reporting
requirements.
IT Platform IT Platform
Jurisdiction“A”Financial
Institutions
Jurisdiction“B”Financial
Institutions
Information Exchange, in accordance with
the underlying legal instrument and the
Competent Authority Agreement between
Jurisdictions A & B
Jurisdiction “A” Jurisdiction “B”
Account Holders are Individuals & Entities
Account Holders
Account Holders
Account Holders
Account Holders
Account Holders
Account Holders
Account Holders
Account Holders
Account Holders
Account Holders
Account Holders
Account Holders
Reportable
Accounts
Reportable
Accounts
CRS Participating
Countries
MonetaryAuthority
FinancialInstitutions
Fiscal Authority
OECD: CRSParticipatingTax Authority
C.R.S.Account Holders
Account Holders
Account Holders
Account Holders
Account Holders
Account Holders
 Financial Institutions (FIs) in participating Jurisdictions are required
to report to own-Jurisdiction Tax Authority on Reportable Accounts.
 The Burden of proof of “Tax Residency” is on the Account Holder.
 Due Diligence is required by the FI. The Account Holder is
responsible to provide the FI accurate, updated and complete
information about his/her/its (Entities) Tax Residency.
 The FI is deemed Non-Compliant by its own Tax Authority! Or … ?
 Scope of CRS Reporting by FI: on any Account Holder who is a Tax
Resident in one (or more of the) CRS Participating Countries; except
its own – A Lebanese FI does not Report on strictly Lebanese Tax Payers under CRS.
 The Monetary Authorities, in the CRS participating countries, play no
party to all this!
MonetaryAuthority
FinancialInstitutions
Fiscal Authority
USFiscal Authority
 Financial Institutions (FIs) are required to report Directly to US
Tax Authority on Reportable Accounts.
 The Burden of proof is on the FI, and the FI is held accountable,
by US Tax Authority, for “Non-Compliance”.
 Due Diligence is required. The FI, in a non-US Jurisdiction, is
deemed Non-Compliant by the US Tax Authority.
 Scope: Any country where there can be a FATCA Reportable
Account.
 The Monetary and Fiscal Authorities, in “FATCA Participating
Countries”, play no party to all this!
Account Holders
Account Holders
Account Holders
Account Holders
Account Holders
Account Holders
MonetaryAuthority
FinancialInstitutions
AsA Custodianof Personal Data
Fiscal Authority
Account Holders
Account Holders
Account Holders
Account Holders
Account Holders
Account Holders
Although the European legislator repeatedly
refers to the concept of risks for the rights and
freedoms of the data subjects, the term risk is not
defined in the GDPR; only describes the adverse
effects of the infringement of the rights of natural
persons.
MAXIMIZE PROFIT subject to:
RISK , REGULATORY, Compliance,
Reporting, Etc. Constraints
RISK . . .
 Default
 Liquidity
 Maturity
 Others . . .
REGULATORY . . .
 Basel I
 Basel II
 Basel III
 Basel IV (In the making)
 Sanctions Rules
 USA_FATCA, OECD_CRS, EU_GDPR
Requirements
 AML, Etc. . . .
Uses of Funds Sources of Funds
 Reserves
 Loans
 Securities
 Other
Investments
 . . .
 All Types of
Deposits
 Borrowings
 Other
Sources
 Equity
 . . .
Off-Balance Sheet
Legal Issues . . .
BankingModel hasbeentransformedfromProfitDriventoCompliance
Driven...
WithMultiple
Jurisdictions!
With“Asset
Data” and
“Liability Data”
AreYouCompliant?
Compliance is not a Destination; it is a process that involves continuous
learningand improvement.
Don’t Just Abide By The Rule! Build Your Organizational Capacity to
secure:
 Process Efficiency &
 Process Effectiveness, and
 Organizational Readinessto cope...
Those who
claimedto be
“Compliant”
committed a
blunder!
You
See
The
Regulator
Sees
WouldYouBeSatisfied With 99.73%Accuracy InYourCompliance?
0.27%Tolerance ForMistakes!
99.73%accuracy translates into thefollowing:
 One hour of unsafe drinkingwater everymonth
 Two unsafe landingseverydayat Chicago O’HareAirport
 50 babiesdroppedat birth bydoctors everyday
 500 incorrect operations everyweek
 20,000incorrect drugprescriptionseveryyear
 22,000checksdeductedfromthe wrong bankaccount everyhour
Compliance is about identifying the risks that the
financial institution could encounter as a result of Failing
ToComply (be it intentional or byerror);
Conduct & Document comprehensive Risks Assessment;
and the planned remedial measures in a manner
appropriateto therequirements of the compliance rule!
Compliance is Not Just About Following The written
Rules!
For many employees, the Compliance function, like any second
line functional supportgroup,speaksadifferentlanguage:
Theterminology differences canbedifficult,
Theprocessesopaquetothe business,and
Thedocumentation requirements time-consuming.
How, then, can you get front-line employees to own the risks,
thereby improvingtheir abilitytomakebusinessdecisions?
OnGoingFollowup&
Service
 Opening Accounts
 Handling Objections,
andComplaints
 Cross-Selling
 Updating Customer
Profile (CIP),
 Etc….
• Customer Risk Scoring
• Customer Due Diligence
Risk
• Transaction Monitoring
Systems
• Cash Aggregation and
Reporting Systems,
• Etc…..
“Compliance Cycle”
must betainted with
the ‘ServiceCulture’.
AND“ServiceCycle”
must becontaminated
withthe ‘Compliance
Culture’.
BUTthetwo Cycles
MUSTBE separated,
buttheData
Consolidated, and the
Cycles Converge!
OnGoingMonitoring&
Compliance
Service Cycle
Compliance Cycle
“Service Cycle” must speak to the “Compliance Cycle” and identify possible sources of
failures (i.e.,risks)
First-Line Of Defense: Are You a “Hunter” or a “Farmer”?
Does This Question Bear Any Relevance To Risk-Taking Behavior?
• There Are Two Dimensions To Every Service Offered: Benefits & Features.
• Normally, You Sell the “Benefits”, and You Contract on the “Features”.
WhoIsTheHunter?
WhoIsTheFarmer?
• Great at Handling Objections.
• Most Likely to stretch the Truth.
• They Dwell on the Benefits
• They are pretty comfortable with
risk-taking behaviour.
• Great at Dealing with Customer
Complaints.
• Can’t promise more than they can
effectively deliver.
• They are normally intimately familiar
with the Features.
• They have the tendency to be risk-
averse individuals.
GetTheFirst Line ToOwnTheseEffort
• Building a successful Compliance program isn't just about implementing a
robust Compliance system or advanced analytics. It's about enabling a
cultural shift by embedding a pervasive sense of Compliance awareness and
ownershipatevery levelof theenterprise.
• Every time an employee engages in a transaction or makes a decision, he or
sheneeds toknow:
• Willthishurtor helpthebusiness?
• Will it get the financial institution in trouble or will it strengthen business
performance?
• Employee understanding of the balance between risks (i,.e., failure to
comply) andrewardsiscriticaltosuccess.
Focus on the “Why” of Compliance!
• Employees need to understand why obligations matter; they may not see the value of it in
the performanceof theirday-to-day jobs.
• The more complex an organization is, the more essential it is to be able to translate its
corevalues into clear behavioral terms, and expectations for all employees.
• Simply focusing on compliance may help employees learn the rules, focusing on values
willhelpassure that theyalso know what to dowhenthereisn’t arulefor something!
• Focus on building a culture that will drive collaboration to manage risks and meet
obligations.
• Compliance requires being aware, thorough planning, and effective communication at all
levelsof anorganization.
• Today’s employees deserve to know why compliance initiatives matter; they want and
needto feelliketheir contributions count!
Bring ComplianceAwarenessToTheFrontLine
• Communicate the Business Value of the Compliance Program. It helps to use positive language
alignedwithbusinessgrowthandsuccess.
• Keep it Simple. Compliance terminologies and concepts aren't always easy to grasp. For instance,
an issue, an incident and a risk may mean different things to a Compliance Officer – but to the
firstline,theyoftenlook thesame.Trainingcanhelpclosetheseknowledgegaps.
• Provide Support. Front-line employees need to know that the second line of defense exists not to
police their every move anddecision, but to provide independentoversight andto support them in
becomingbetterComplianceresponsibles.
• Incentivize. One of the best ways to drive Compliance awareness into the first line is to provide
incentives. For instance, policy compliance and loss avoidance behaviour can be linked to
rewardsandrecognitionprograms.
• Embed Analytics in the Backend. Once the first line starts playing a more active role in
Compliance,thenextstepistomakesenseof theirinputs.
Participative Compliance
Full and Consistent Communication &
Coordination with all Business Units
Autocratic Compliance
I Know what to do, and I will do it all
alone. Myway orthe highway!
Effective Compliance is everybody’s business . . .
Forces @ Work
Reshaping The Practice of Compliance
“The MiXed Dynamics”
1, 2, 3, 4, 5, 6, 7, 8, 9
01.TheMiXed Dynamics
Compliance is a Fluid Industry!
• As if the “Compliance Universe” is trying to mimic the Complexity of the “Banking
Universe”! ...Workforce Complexity istheNew Normal!
• FATCA, CRS, GDPR, (what’s next?) have been globally rolled-out. Each Jurisdiction has
auniqueapproach tothem yet globalparameters.
• Organizations need to understand the nuances of classification under compliance
rules, and then based on the outcomes find the best way to collect, compile, review,
validate and communicate therequiredinformation toeachstakeholder.
…You have no choice BUTTOADAPTTOTHESPEED OFTHESE INITIATIVES.
Turnaround Time Expectations of Compliance Teams Are
Higher Than Ever!
• The old days when compliance teams could take two days to respond
to a request for information are over. …when the Board wants an
update, theyneedsanswersin seconds!
• Each Jurisdiction hasitsownrulesandformats.
• Banks with International presence might have dozens of different sets
ofrulestotackleinthe courseofcompliance!
02.The MiXed Dynamics
Fragmentation of Advisory Services . . .
• The Compliance Landscape is flooded with a colorful mix
of service providers, including accountants, boutique
firms,lawyers,andniche specialists.
• ImagineWorking AcrossMultiple Jurisdictions!
03.TheMiXed Dynamics
Resources Are Stretched . . .
• Compliance was often at the end of the queue for capital
andheadcount.
• Although this is rapidly changing, when budgets tighten,
complianceisoneof thefirsttobesqueezed.
• This Exerts YetMore(andundue)PressureOnPerformance!
04.The MiXed Dynamics
New Technology (Workflow Automation, AI Driven
Monitoring, and Big Data Analytics) Are Here . . .
• Compliance teams areengaged in DigitalTransformation,
but the laws have not been catching up with the speed of
technology, forcing compliance to adapt while remaining
in a pending situation of status quo until the regulators
catch enough speed.
05.The MiXed Dynamics
DescriptiveAnalytics DiagnosticsAnalytics PredictiveAnalytics PrescriptiveAnalytics
Risks (Intentional&
Unintentional)
Known toThe
Financial
Institution...With
continuous efforts
toIdentifymore
Non-Identifiable Risk
Non-IdentifiableRisk
WhatisNormally UsedinRisk
Identification:
• Client InformationProfile
• DueDiligence(DD)
• EnhancedDD
• Complete andUp-To-Date
Client File,
• Client Visits.
• ProperFollow Up
• Comprehensive&
ConsistentDataabout the
Market
• Etc.
Identified&
Identifiable Risks
• Expected Losses are
normally controlled or
metusingGross Income,
• While Unexpected Losses
require Capital.
Transform Your Compliance From Reactive To Proactive, and
Value-CreationDrivenUnit...YouHaveTheTools!
The more Data you collect, the much more Risks will be identified, the
better Understanding you willhave!
Increasing OurUnderstanding of Potential Outcomes (i.e.,
Impact)
IncreasingEvidenceonProbabilityof
occurrence(i.e.,Probability)
Ambiguity
Uncertainty
Ignorance
The Right Data Helps You Avoid Ambiguity, Ignorance, Uncertainty and Move in the
Directionof Effective RiskManagement ...
Effective Risk
Management
Tax Authorities Have Been Getting Much Tougher!
• The words “fraud,” “Evasion,” and “Criminal Intents” have
been what Compliance Units have to face with every day
whensearching,documenting, reviewing, rejecting, etc.
• But as well when explaining to the Boards the increase in
compliance driven processes to combat, in form and in
substance,anytaxevasion.
06. TheMiXed Dynamics
There Are Rising Demands From Third-Parties!
• The press has been increasingly interested in compliance
stories!
• Investors watch as well. Investors will steer clear of error-
strewn companies affecting at times share price value and
thus diminishedcapital-raisingpowers.
07.TheMiXedDynamics
Transformation Of The Compliance Function!
• Compliance is no longer a Backroom operation; it’s been surely moving toward “Value
Creation”!
• Compliance issurelymoving toward the leadrolewithin organizations.
• This will require a change of focus in terms of skill sets, with an emphasis on
managerial and technical skills.
• The ability to stay up-to-date, with the kind of regulatory issues that are required to
ensure compliance, is demanding too much of existing resources and it is challenging
toachieve cost efficiencies.
08. TheMiXed Dynamics
Taxing The Digital Economy!
• Unlike traditional companies, whose profits are taxed at value creation, digital
technology companies conduct most transactions electronically. This makes it
challengingto capturewherevalue iscreated, what itis,and how to measureit.
• Digitally-Driven companies operate virtually all over the world; their profits, however,
aretaxed only inthe jurisdiction wheretheyhave physical presence.
• How Digitally-Driven Financial Institutions, that only exist in virtual reality, can be
deemedFATCA, CRS and/or GDPRCompliant; ... Andbywhom?!
• Is it possible to migrate FATCA and/or CRS Reportable Accounts to Digital Banking to
evade(oravoid) tax implications?!
09. TheMiXed Dynamics
PRIMARY SECONDARY
• Employee Fraud/ Malice (Criminal)
• Payment/ settlement/delivery risk
• Technology investmentrisk
• Legal/Regulatory Risk /Public Liability
• Unauthorized activity / Employee misdeed (Willful)
• Employment Law
• Workforce disruption
• Loss or lackof key personnel
• Documentation orcontract risk
• Valuation /Pricing
• Internal/ Externalreporting andcompliance
• Project risk /Change management
• SellingRisks
• Systemdevelopment andimplementation
• Systemsfailures
• Systemssecurity breach
• Systemscapacity
• Criminal Activities
• Out-sourcing /Supplier Risk
• In-sourcingRisks
• Disaster andInfrastructuralutilities Failures
• Political andGovernment Risks
PEOPLE
PROCESSES
SYSTEMS
EXTERNAL
Andgoto
theroot-
causeof
these
possible
sourcesof
failures.
01.Inspect This!
Count the Number of Times the Letter “f” Appears in all of
the Words Before You. Finished Files Are the Result of Years
of Scientific StudyCombined WithYearsof Experience!
If You Rely on Inspection Alone, There Is No
Guarantee That You Will Get The Quality You
Desire,andImprove Performance!10
Let’s PlayALittle ...
02.Inspect This!
Count the Number of Times the Letter “F” Appears in all of
the Words Before You. Finished Files Are the Result of Years
of Scientific StudyCombined WithYearsof Experience!
If You Rely on Inspection Alone, There Is No
Guarantee That You Will Get The Quality You
Desire,andImprove Performance!10
Let’s PlayALittle ...
03.Inspect This!
Count the Number of Times the Letter “f” Appears in all of
theWordsBefore You.
Finished Files Are the Result of Years of Scientific Study
CombinedWith Yearsof Experience!
If You Rely on Inspection Alone, There Is No
Guarantee That You Will Get The Quality You
Desire,andImprove Performance!10
Let’s PlayALittle ...
1
3
You were asked by
a Zoo Keeper to
pick One animal to
take care of, for a
day, inside a 25m2
room; and alone?
Feel free:
 To ask any
question. I’m
the Animal
Keeper!
 To do what you
deem necessary
to succeed.
2
4
PretendTheseAre4DifferentTypesofClients!
Other Forces & Dynamics Reshaping Compliance
What’s driving today’s companies deeper and deeper into territories
thatmostCEOs findfrighteninglyunfamiliar!.
TheCustomers
TheCompetition
Coping WithChange
TakingCharge
Intensifying
Not-Optional
Risks
Regulations
Changing
Exponentially Increasing
AllRequireAttention ToDetails!
Performance
All Must
Converge
TechnologicalInnovationsExploding
It’sTimeYouSTOP“ComplianceByThe
Piece”,andFocusonBuildingYour
OrganizationalCapacity
LookForTheAdded-ValueInCompliance!
Organizational(ComplianceUnit)CapacityEssentials
Acknowledge theDimensions ofYourJob:Manage BothProcesses&People,and
DevelopDistinctiveOrganizational Capabilities.
ProcessResponsibilities include:
• Compliance UnitWorkPlanning
• Budgeting
• Scheduling
• Task/Work Assignment
• Identification of KPI,KRI,and KCI
• WorkImplementation &ProblemSolving
• Monitoring WorkProgress
• Evaluating &ReportingResults
PeopleResponsibilities include:
• Developing work team and individual
employeeskills &capabilities
• Motivating employees
• Coaching Employees
• Monitoring and providing feedback on day-
to-day performance
• Conducting formal performance reviews
• Developcompetentsuccessors
• Carrying out disciplinary activity
 KPI:KeyPerformanceIndicators
 KRI:KeyRiskIndicators
 KCI:KeyControl Indicators
Culture(e.g., Ethics, Values,...)
OperationalCapacity(e.g., The capacity toget the
job done. ..)
Performance(e.g., Contribution
to thebottom line. .. )
ExternalRelationsand
Perception(e.g.,Goodwill, .. .)
Functions (e.g.,Segregation of duties &
responsibilities . ..)
00.Organizational(ComplianceUnit)CapacityEssentials
CULTURE
Vision/
Mission
Values /
Beliefs
Rewards /
Incentives
The sum total of values, beliefs,
customs, traditions and meanings
developed over years that make the
organization unique, governs its
character anddrives itforward.
01.WhatMakesAnOrganization(Compliance Unit)Strong?
OPERATIONAL
CAPACITY
Governance
Leadership/
Management
Strategy
Financial
Management
Human Resources
Management Program /
Project
Management
Communication
Infrastructure
What is needed for the
organization to put its programs,
projects and activities in
operation.
02.WhatMakesAnOrganization(Compliance Unit)Strong?
PERFORMANCE
Effectiveness
Efficiency Relevance
FinancialHealth
What is needed for the
organization to meet its goals
and objectives and to become
viable.
03.WhatMakesAnOrganization(Compliance Unit)Strong?
EXTERNAL
RELATIONS AND
PERCEPTION
Rules and
norms
Legaland
political
framework
Linkages
and
networks
Ownership and
participation
The environment (political, social,
economic) in which the organization
functions; how the organization is
perceivedbyothers.
04.WhatMakesAnOrganization(Compliance Unit)Strong?
FUNCTIONS
Value-Generating
services
Promotion of
quality/standard
ofservice
Advancing
professional
practice
e.g.,Influencing the
practice and
Compliance policy
The reasons for which the
organization exists!
05.WhatMakesAnOrganization(Compliance Unit)Strong?
Capacity
Assessment
Data
Analysis
Improvement
plan
Implementation
and Performance
Measurement
Pre-cycle Validation, Evaluation.
Feedback
Descriptive
Diagnostic
Predictive
Prescriptive
06.WhatMakesAnOrganization(Compliance Unit)Strong?
07.WhatGivesYourComplianceUnitTheEdge?
People
Values
Managers
Jobs
Organizational
Resources
• Financialassets
• Physicalassets
• Human resources
• Intangibleassets
• Structural-culturalassets
Organizational
Capabilities
• Organizationalprocessesandroutines
• Accumulatedknowledge
• Actualworkactivities
Core
Competencies
Distinctive Organizational
Capabilities
Value-Creation Advantage
Performance Results
08.WhatGivesYourComplianceUnitTheEdge?
Step 1
Step 2
Step 3
Step 4
Step 5
GatherUp TheCompliance Unit Profile;the“as is”.
Identify Sources Of Advantage & Disadvantage In The Core
BusinessOf YourCompliance Unit.
Describe All The Capabilities & Competencies Of Your
Compliance Unit.
Sort & Rank The Core Capabilities & Competencies
According ToStrategicImportance.
Identify And Agree On The Key Capabilities &
Competencies.
08.HowToGiveYourComplianceUnitDistinctiveCapabilities
FocusonQuality Decisions;
notoutcomes whilebeing
resultoriented!
Itis allin yourhands...YOU
DECIDE
09.HowToGiveYourComplianceUnitDistinctiveCapabilities
Productive Engagement
ResourcesDeployed
IF THERE is a clear signal on the part of the firm to continue on serving the client, more
datawill be collected andprocessed to identify, measureandmanageRisks (i.e.,Comply).
Due
Diligence
Enhanced Due
Diligence
Risk-Based
Approach
Enhancing Organizational Capacities…
Cost
SkillsNeeds
Know-How
Analytics
Collect, Store, andProcess Data ToImprove YourDecision-MakingCapacity!
This is the Value-Creation
Process in the course of
performing and demonstrating
Compliance!
Client
Information
Profile
De-
Risking
10.HowToGiveYourComplianceUnitDistinctiveCapabilities
ItIsAboutCreatingValue!
 The notion of creating value for [Internal] customers [Sale] is critical to
understanding customer needs and expectations and setting the right
objectivesfor businessactivities.
 Value depends on the full range of support services the customer experiences
in “conducting the business”: Speed & Accuracy in Account-Opening
Procedures;ClarityinRequired ComplianceForms,etc.
AnalysingTheProcessMap...
• HowmanySteps,Duplications,andHand-Offsinyourprocess?...
Causesofdisruptions,complexityandpossibledelays.
• Whatis theapproximatetimespent“IN”and“BETWEEN”eachStep?...
TheProcessCycle-Time.
• Wherearepossible Delays?...Why?
• WherearemajorBottlenecks?...Why?
• Howmanystepsdonotaddvalueforclients?...Aretheynecessary
(i.e.,Controls)?
• Wherearepossible problemsforclientsandstaff? ...AreThey
Material?AreTheyAddressable?
From TheComfort
Of Home
Walk-InThe
Branch
Actually Purchased
TheProduct
After Sales
Service
Start Start Cycle Ended To∞(Cycle NeverEnds)
How YouWantToGoAbout Creating Value?
A. Engaging ClientsWithYourBank.
B. SellingClientsYour Bank’s Products &Services
Compliance &SellingCycle
The Process!
Controls
InternalCompliance
Rule:Bank’sPolicies &
Procedures
ExternalCompliance
Rule:Regulatory
Guidelines
Processes
ProcessesTransform
InputsIntoOutputs!
Sub-Process
Sub-Process
Sub-Process
Sub-Process
Sub-Process
Whoputswork on
you desk?
Whenworkleaves your desk,
wheredoes it go?!
Inputs
Output
The Recipient of the Output
is your Customer!
Resources
Staff,Physical, Financial, Others
ManagementProcesses
 Strategic Direction
 Business Planning
 Performance Measurement& Review
CoreProcesses
Customer, Management,
Regulatory Authority
Requirements
Compliance (internal&
external)
Direction &
Resources
Performance
Requirements
Support
Support Processes
 People Management
 SystemManagement
 Administration
 Financial Management
InitialPhase:Setting Up
(allow forhours)
MaterialsNeeded: Flip
Chart,Markers, etc
Map AlternativePaths
Use Map ToImprove Process
More WaysTo Improve …
Map ThePrimary Process
Right TeamForProcess
Yes
No
Do Over
Intermediate Phase:
Mapping(allow for hours)
MaterialsNeeded: Flip
Chart,Markers, etc.
Advanced & Final
PhaseandBeyond:
Improving
SelectTeam
SelectAProcess
Define The Process
IntroduceControl Points
List All the activities, and put them in
a logical sequence, . . . Make sure
every member of the Team is in on
this. . . . Then, Drop them on a Process
Map.
This becomes possible after you have
identified process risks, assessed
theirimpacts, risk-ranked them,....
It could be a part of a Business
Continuity Plan(BCP),...
LookforBatching
CSR seesCustomers individually
Requestssentinbatches
toAML Units Resultsreturn
inbatches!
Categoriesof Waste:You Need ToSize TheSignificance Of YourWaste!
Transport Moving “stuff”
Injuries Damage to people
Motion Unnecessary human movement
Inventory “Stuff” waiting to be done
Waiting People waiting for “stuff” to arrive
Over processing “Stuff” we have to do but doesn’t add value
Over production Producing too much “stuff”
Defects “Stuff” that’s not right and needs fixing
Staff Untapped potential
Cross-Check Objectives with Processes (Use a Matrix). Rate
Each process in terms of its contribution to each business
objectives.
Processes
BusinessObjectives
MATRIXLike it or not, there are non-value
added activities that we often engage
in!
Who is in a position to decide if an
activity addsvalueornot?
Control is an ongoing process of
data collection, data analysis,
andcorrective actions.
IsTheProcess
InControl
Corrective
Actions
YES
N0
Collect Data
Diagnosis to get to the root
cause of the problem
ProcessVariation
Natural
Variations
Natural Limits
TotalVariations OfThe Process
Un-Natural
Variations
Process Capability Study: Discover And
EliminateCausesOfUn-Natural Variations.
 Natural Variations: Anticipated
Variations
 Un-Natural Variations: Unanticipated
Variations .
MapGeneration–AnExample:RequestforPayment
• Unit Level(process request,PrepareAccountOpeningForms, etc.)
• Task Level (complete CIF, KYC, verify data, send forms for approval,
etc.)
• Action Level (information needed for the account opening, approval
authority,method tosendrequest)
“Over 30 years of Experience in Banking.
mifheili@gmail.com (961) 3 337175
Mohammad Ibrahim Fheili
He is currently serving as:
 Risk, Capacity Building And Organizational Transformation
Specialists.
 Trainer in Risk & Compliance
 University Lecturer: Economics, Risk, and Banking Operations
Served as:
 An Executive (AGM) at JTB Bank in Lebanon.
 Senior Manager & Chief Risk Officer at Group Fransabank
 Senior Manager at BankMed
 An Economist at the Association of Banks in Lebanon
 Mohammad received his college education (undergraduate &
graduate) at Louisiana State University (LSU), and has been
teaching Economics and Finance for over 25 continuous years at
reputable universities in the USA (LSU) and Lebanon (LAU).
 Finally, Mohammad published over 25 articles, of those many are in
refereed Journals (e.g., Journal of Money Laundering & Control;
Journal of Operational Risk; Journal of Law & Economics; etc.) and
Bulletins.”

Compliance at an inflection point

  • 1.
  • 2.
  • 3.
    Compliance Failure Exclusion Compliance Compliance Compliance Choice Obligations AML Compliance “DueDiligence Convention” with anarrow definition of Jurisdiction ... Abundance of AMLRules with blurred Jurisdictions ... Failure Exclusion Failure Exclusion Failure Exclusion Ignorance Ambiguous Uncertain Risk-Based WeDidnotinvestenoughinlearning...UntilwestartedtogetonewakeupcallafterAnother!
  • 4.
    AML Compliance Choice Obligations RegulatoryObligations Legal Obligations
  • 5.
    Mgmt. Committee Risk Management Boardof Directors Board Committees Mgmt. Committee Risk Management Board of Directors Board Committees Mgmt. Committee Risk Management Board of Directors Board Committees Mgmt. Committee Risk Management Board of Directors Board Committees External AuditorExternal AuditorExternal Auditor External Auditor ProactiveRe-active/ProactiveRe-active?! Re-active?! Choice  Accountability Law Makers Law Makers Law Makers Law Makers Compliance Has fastEvolved Not By Choice. . . AML Compliance UnitAML Compliance UnitAML Compliance Unit Compliance Officer Corporate ComplianceCorporate ComplianceCorporate Compliance Corporate Compliance Legal UnitLegal UnitLegal Unit Legal Unit  Skin InThe Game! External & InternalExternal & InternalExternal Rules External Guidelines  Personal Liability
  • 6.
     Staff (CanDisrupt the compliance process . . .!)  Business Unit  Senior Management  Board of Directors ReportRiskEvents, Collect Data, Report,Etc. Assess Control Oversight Most Risks Start Here Every individual comes to the organization with his/her own personal Perception of Risk. Every Person comes to the Organization with his/her own Inventory of Moral Values and these have a great influenceover the decisions he/shemakes... Escalatingtothe BoDWon’tMeanMuch!Because...
  • 7.
    AML Compliance Choice Obligations LegalObligations: where there is a legal obligation, a jurisdiction must be adequately defined to the satisfaction of the partiesin dispute.
  • 8.
    TooMuch,Too Quickly,Too Detailed,TooDemanding,... The Classic Areas of Anti Money Laundering Parachuted into The World of Anti Money Laundering
  • 9.
  • 10.
    Jurisdiction“A”Tax Administration Confidentiality andDataSafeguard RequirementsinPlace. Jurisdiction“B”TaxAdministration ConfidentialityandDataSafeguard RequirementsinPlace. Information Reporting in relation to Tax Residents of jurisdiction “B”, in accordance with Jurisdiction “A”’s domestic reporting requirements. Information Reporting in relation to Tax Residents of jurisdiction “A”, in accordance with Jurisdiction “B”’s domestic reporting requirements. IT Platform IT Platform Jurisdiction“A”Financial Institutions Jurisdiction“B”Financial Institutions Information Exchange, in accordance with the underlying legal instrument and the Competent Authority Agreement between Jurisdictions A & B Jurisdiction “A” Jurisdiction “B” Account Holders are Individuals & Entities Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Reportable Accounts Reportable Accounts
  • 11.
    CRS Participating Countries MonetaryAuthority FinancialInstitutions Fiscal Authority OECD:CRSParticipatingTax Authority C.R.S.Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders  Financial Institutions (FIs) in participating Jurisdictions are required to report to own-Jurisdiction Tax Authority on Reportable Accounts.  The Burden of proof of “Tax Residency” is on the Account Holder.  Due Diligence is required by the FI. The Account Holder is responsible to provide the FI accurate, updated and complete information about his/her/its (Entities) Tax Residency.  The FI is deemed Non-Compliant by its own Tax Authority! Or … ?  Scope of CRS Reporting by FI: on any Account Holder who is a Tax Resident in one (or more of the) CRS Participating Countries; except its own – A Lebanese FI does not Report on strictly Lebanese Tax Payers under CRS.  The Monetary Authorities, in the CRS participating countries, play no party to all this!
  • 12.
    MonetaryAuthority FinancialInstitutions Fiscal Authority USFiscal Authority Financial Institutions (FIs) are required to report Directly to US Tax Authority on Reportable Accounts.  The Burden of proof is on the FI, and the FI is held accountable, by US Tax Authority, for “Non-Compliance”.  Due Diligence is required. The FI, in a non-US Jurisdiction, is deemed Non-Compliant by the US Tax Authority.  Scope: Any country where there can be a FATCA Reportable Account.  The Monetary and Fiscal Authorities, in “FATCA Participating Countries”, play no party to all this! Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders
  • 13.
    MonetaryAuthority FinancialInstitutions AsA Custodianof PersonalData Fiscal Authority Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Although the European legislator repeatedly refers to the concept of risks for the rights and freedoms of the data subjects, the term risk is not defined in the GDPR; only describes the adverse effects of the infringement of the rights of natural persons.
  • 14.
    MAXIMIZE PROFIT subjectto: RISK , REGULATORY, Compliance, Reporting, Etc. Constraints RISK . . .  Default  Liquidity  Maturity  Others . . . REGULATORY . . .  Basel I  Basel II  Basel III  Basel IV (In the making)  Sanctions Rules  USA_FATCA, OECD_CRS, EU_GDPR Requirements  AML, Etc. . . . Uses of Funds Sources of Funds  Reserves  Loans  Securities  Other Investments  . . .  All Types of Deposits  Borrowings  Other Sources  Equity  . . . Off-Balance Sheet Legal Issues . . . BankingModel hasbeentransformedfromProfitDriventoCompliance Driven... WithMultiple Jurisdictions! With“Asset Data” and “Liability Data”
  • 15.
    AreYouCompliant? Compliance is nota Destination; it is a process that involves continuous learningand improvement. Don’t Just Abide By The Rule! Build Your Organizational Capacity to secure:  Process Efficiency &  Process Effectiveness, and  Organizational Readinessto cope... Those who claimedto be “Compliant” committed a blunder!
  • 16.
    You See The Regulator Sees WouldYouBeSatisfied With 99.73%AccuracyInYourCompliance? 0.27%Tolerance ForMistakes! 99.73%accuracy translates into thefollowing:  One hour of unsafe drinkingwater everymonth  Two unsafe landingseverydayat Chicago O’HareAirport  50 babiesdroppedat birth bydoctors everyday  500 incorrect operations everyweek  20,000incorrect drugprescriptionseveryyear  22,000checksdeductedfromthe wrong bankaccount everyhour
  • 17.
    Compliance is aboutidentifying the risks that the financial institution could encounter as a result of Failing ToComply (be it intentional or byerror); Conduct & Document comprehensive Risks Assessment; and the planned remedial measures in a manner appropriateto therequirements of the compliance rule! Compliance is Not Just About Following The written Rules!
  • 18.
    For many employees,the Compliance function, like any second line functional supportgroup,speaksadifferentlanguage: Theterminology differences canbedifficult, Theprocessesopaquetothe business,and Thedocumentation requirements time-consuming. How, then, can you get front-line employees to own the risks, thereby improvingtheir abilitytomakebusinessdecisions?
  • 19.
    OnGoingFollowup& Service  Opening Accounts Handling Objections, andComplaints  Cross-Selling  Updating Customer Profile (CIP),  Etc…. • Customer Risk Scoring • Customer Due Diligence Risk • Transaction Monitoring Systems • Cash Aggregation and Reporting Systems, • Etc….. “Compliance Cycle” must betainted with the ‘ServiceCulture’. AND“ServiceCycle” must becontaminated withthe ‘Compliance Culture’. BUTthetwo Cycles MUSTBE separated, buttheData Consolidated, and the Cycles Converge! OnGoingMonitoring& Compliance Service Cycle Compliance Cycle “Service Cycle” must speak to the “Compliance Cycle” and identify possible sources of failures (i.e.,risks)
  • 20.
    First-Line Of Defense:Are You a “Hunter” or a “Farmer”? Does This Question Bear Any Relevance To Risk-Taking Behavior? • There Are Two Dimensions To Every Service Offered: Benefits & Features. • Normally, You Sell the “Benefits”, and You Contract on the “Features”. WhoIsTheHunter? WhoIsTheFarmer? • Great at Handling Objections. • Most Likely to stretch the Truth. • They Dwell on the Benefits • They are pretty comfortable with risk-taking behaviour. • Great at Dealing with Customer Complaints. • Can’t promise more than they can effectively deliver. • They are normally intimately familiar with the Features. • They have the tendency to be risk- averse individuals.
  • 21.
    GetTheFirst Line ToOwnTheseEffort •Building a successful Compliance program isn't just about implementing a robust Compliance system or advanced analytics. It's about enabling a cultural shift by embedding a pervasive sense of Compliance awareness and ownershipatevery levelof theenterprise. • Every time an employee engages in a transaction or makes a decision, he or sheneeds toknow: • Willthishurtor helpthebusiness? • Will it get the financial institution in trouble or will it strengthen business performance? • Employee understanding of the balance between risks (i,.e., failure to comply) andrewardsiscriticaltosuccess.
  • 22.
    Focus on the“Why” of Compliance! • Employees need to understand why obligations matter; they may not see the value of it in the performanceof theirday-to-day jobs. • The more complex an organization is, the more essential it is to be able to translate its corevalues into clear behavioral terms, and expectations for all employees. • Simply focusing on compliance may help employees learn the rules, focusing on values willhelpassure that theyalso know what to dowhenthereisn’t arulefor something! • Focus on building a culture that will drive collaboration to manage risks and meet obligations. • Compliance requires being aware, thorough planning, and effective communication at all levelsof anorganization. • Today’s employees deserve to know why compliance initiatives matter; they want and needto feelliketheir contributions count!
  • 23.
    Bring ComplianceAwarenessToTheFrontLine • Communicatethe Business Value of the Compliance Program. It helps to use positive language alignedwithbusinessgrowthandsuccess. • Keep it Simple. Compliance terminologies and concepts aren't always easy to grasp. For instance, an issue, an incident and a risk may mean different things to a Compliance Officer – but to the firstline,theyoftenlook thesame.Trainingcanhelpclosetheseknowledgegaps. • Provide Support. Front-line employees need to know that the second line of defense exists not to police their every move anddecision, but to provide independentoversight andto support them in becomingbetterComplianceresponsibles. • Incentivize. One of the best ways to drive Compliance awareness into the first line is to provide incentives. For instance, policy compliance and loss avoidance behaviour can be linked to rewardsandrecognitionprograms. • Embed Analytics in the Backend. Once the first line starts playing a more active role in Compliance,thenextstepistomakesenseof theirinputs.
  • 24.
    Participative Compliance Full andConsistent Communication & Coordination with all Business Units Autocratic Compliance I Know what to do, and I will do it all alone. Myway orthe highway! Effective Compliance is everybody’s business . . .
  • 25.
    Forces @ Work ReshapingThe Practice of Compliance “The MiXed Dynamics” 1, 2, 3, 4, 5, 6, 7, 8, 9
  • 26.
    01.TheMiXed Dynamics Compliance isa Fluid Industry! • As if the “Compliance Universe” is trying to mimic the Complexity of the “Banking Universe”! ...Workforce Complexity istheNew Normal! • FATCA, CRS, GDPR, (what’s next?) have been globally rolled-out. Each Jurisdiction has auniqueapproach tothem yet globalparameters. • Organizations need to understand the nuances of classification under compliance rules, and then based on the outcomes find the best way to collect, compile, review, validate and communicate therequiredinformation toeachstakeholder. …You have no choice BUTTOADAPTTOTHESPEED OFTHESE INITIATIVES.
  • 27.
    Turnaround Time Expectationsof Compliance Teams Are Higher Than Ever! • The old days when compliance teams could take two days to respond to a request for information are over. …when the Board wants an update, theyneedsanswersin seconds! • Each Jurisdiction hasitsownrulesandformats. • Banks with International presence might have dozens of different sets ofrulestotackleinthe courseofcompliance! 02.The MiXed Dynamics
  • 28.
    Fragmentation of AdvisoryServices . . . • The Compliance Landscape is flooded with a colorful mix of service providers, including accountants, boutique firms,lawyers,andniche specialists. • ImagineWorking AcrossMultiple Jurisdictions! 03.TheMiXed Dynamics
  • 29.
    Resources Are Stretched. . . • Compliance was often at the end of the queue for capital andheadcount. • Although this is rapidly changing, when budgets tighten, complianceisoneof thefirsttobesqueezed. • This Exerts YetMore(andundue)PressureOnPerformance! 04.The MiXed Dynamics
  • 30.
    New Technology (WorkflowAutomation, AI Driven Monitoring, and Big Data Analytics) Are Here . . . • Compliance teams areengaged in DigitalTransformation, but the laws have not been catching up with the speed of technology, forcing compliance to adapt while remaining in a pending situation of status quo until the regulators catch enough speed. 05.The MiXed Dynamics DescriptiveAnalytics DiagnosticsAnalytics PredictiveAnalytics PrescriptiveAnalytics
  • 31.
    Risks (Intentional& Unintentional) Known toThe Financial Institution...With continuousefforts toIdentifymore Non-Identifiable Risk Non-IdentifiableRisk WhatisNormally UsedinRisk Identification: • Client InformationProfile • DueDiligence(DD) • EnhancedDD • Complete andUp-To-Date Client File, • Client Visits. • ProperFollow Up • Comprehensive& ConsistentDataabout the Market • Etc. Identified& Identifiable Risks • Expected Losses are normally controlled or metusingGross Income, • While Unexpected Losses require Capital. Transform Your Compliance From Reactive To Proactive, and Value-CreationDrivenUnit...YouHaveTheTools! The more Data you collect, the much more Risks will be identified, the better Understanding you willhave!
  • 32.
    Increasing OurUnderstanding ofPotential Outcomes (i.e., Impact) IncreasingEvidenceonProbabilityof occurrence(i.e.,Probability) Ambiguity Uncertainty Ignorance The Right Data Helps You Avoid Ambiguity, Ignorance, Uncertainty and Move in the Directionof Effective RiskManagement ... Effective Risk Management
  • 33.
    Tax Authorities HaveBeen Getting Much Tougher! • The words “fraud,” “Evasion,” and “Criminal Intents” have been what Compliance Units have to face with every day whensearching,documenting, reviewing, rejecting, etc. • But as well when explaining to the Boards the increase in compliance driven processes to combat, in form and in substance,anytaxevasion. 06. TheMiXed Dynamics
  • 34.
    There Are RisingDemands From Third-Parties! • The press has been increasingly interested in compliance stories! • Investors watch as well. Investors will steer clear of error- strewn companies affecting at times share price value and thus diminishedcapital-raisingpowers. 07.TheMiXedDynamics
  • 35.
    Transformation Of TheCompliance Function! • Compliance is no longer a Backroom operation; it’s been surely moving toward “Value Creation”! • Compliance issurelymoving toward the leadrolewithin organizations. • This will require a change of focus in terms of skill sets, with an emphasis on managerial and technical skills. • The ability to stay up-to-date, with the kind of regulatory issues that are required to ensure compliance, is demanding too much of existing resources and it is challenging toachieve cost efficiencies. 08. TheMiXed Dynamics
  • 36.
    Taxing The DigitalEconomy! • Unlike traditional companies, whose profits are taxed at value creation, digital technology companies conduct most transactions electronically. This makes it challengingto capturewherevalue iscreated, what itis,and how to measureit. • Digitally-Driven companies operate virtually all over the world; their profits, however, aretaxed only inthe jurisdiction wheretheyhave physical presence. • How Digitally-Driven Financial Institutions, that only exist in virtual reality, can be deemedFATCA, CRS and/or GDPRCompliant; ... Andbywhom?! • Is it possible to migrate FATCA and/or CRS Reportable Accounts to Digital Banking to evade(oravoid) tax implications?! 09. TheMiXed Dynamics
  • 38.
    PRIMARY SECONDARY • EmployeeFraud/ Malice (Criminal) • Payment/ settlement/delivery risk • Technology investmentrisk • Legal/Regulatory Risk /Public Liability • Unauthorized activity / Employee misdeed (Willful) • Employment Law • Workforce disruption • Loss or lackof key personnel • Documentation orcontract risk • Valuation /Pricing • Internal/ Externalreporting andcompliance • Project risk /Change management • SellingRisks • Systemdevelopment andimplementation • Systemsfailures • Systemssecurity breach • Systemscapacity • Criminal Activities • Out-sourcing /Supplier Risk • In-sourcingRisks • Disaster andInfrastructuralutilities Failures • Political andGovernment Risks PEOPLE PROCESSES SYSTEMS EXTERNAL Andgoto theroot- causeof these possible sourcesof failures.
  • 39.
    01.Inspect This! Count theNumber of Times the Letter “f” Appears in all of the Words Before You. Finished Files Are the Result of Years of Scientific StudyCombined WithYearsof Experience! If You Rely on Inspection Alone, There Is No Guarantee That You Will Get The Quality You Desire,andImprove Performance!10 Let’s PlayALittle ...
  • 40.
    02.Inspect This! Count theNumber of Times the Letter “F” Appears in all of the Words Before You. Finished Files Are the Result of Years of Scientific StudyCombined WithYearsof Experience! If You Rely on Inspection Alone, There Is No Guarantee That You Will Get The Quality You Desire,andImprove Performance!10 Let’s PlayALittle ...
  • 41.
    03.Inspect This! Count theNumber of Times the Letter “f” Appears in all of theWordsBefore You. Finished Files Are the Result of Years of Scientific Study CombinedWith Yearsof Experience! If You Rely on Inspection Alone, There Is No Guarantee That You Will Get The Quality You Desire,andImprove Performance!10 Let’s PlayALittle ...
  • 42.
    1 3 You were askedby a Zoo Keeper to pick One animal to take care of, for a day, inside a 25m2 room; and alone? Feel free:  To ask any question. I’m the Animal Keeper!  To do what you deem necessary to succeed. 2 4 PretendTheseAre4DifferentTypesofClients!
  • 43.
    Other Forces &Dynamics Reshaping Compliance
  • 44.
    What’s driving today’scompanies deeper and deeper into territories thatmostCEOs findfrighteninglyunfamiliar!. TheCustomers TheCompetition Coping WithChange TakingCharge Intensifying Not-Optional Risks Regulations Changing Exponentially Increasing AllRequireAttention ToDetails! Performance All Must Converge TechnologicalInnovationsExploding
  • 45.
  • 46.
    Acknowledge theDimensions ofYourJob:ManageBothProcesses&People,and DevelopDistinctiveOrganizational Capabilities. ProcessResponsibilities include: • Compliance UnitWorkPlanning • Budgeting • Scheduling • Task/Work Assignment • Identification of KPI,KRI,and KCI • WorkImplementation &ProblemSolving • Monitoring WorkProgress • Evaluating &ReportingResults PeopleResponsibilities include: • Developing work team and individual employeeskills &capabilities • Motivating employees • Coaching Employees • Monitoring and providing feedback on day- to-day performance • Conducting formal performance reviews • Developcompetentsuccessors • Carrying out disciplinary activity  KPI:KeyPerformanceIndicators  KRI:KeyRiskIndicators  KCI:KeyControl Indicators
  • 47.
    Culture(e.g., Ethics, Values,...) OperationalCapacity(e.g.,The capacity toget the job done. ..) Performance(e.g., Contribution to thebottom line. .. ) ExternalRelationsand Perception(e.g.,Goodwill, .. .) Functions (e.g.,Segregation of duties & responsibilities . ..) 00.Organizational(ComplianceUnit)CapacityEssentials
  • 48.
    CULTURE Vision/ Mission Values / Beliefs Rewards / Incentives Thesum total of values, beliefs, customs, traditions and meanings developed over years that make the organization unique, governs its character anddrives itforward. 01.WhatMakesAnOrganization(Compliance Unit)Strong?
  • 49.
    OPERATIONAL CAPACITY Governance Leadership/ Management Strategy Financial Management Human Resources Management Program/ Project Management Communication Infrastructure What is needed for the organization to put its programs, projects and activities in operation. 02.WhatMakesAnOrganization(Compliance Unit)Strong?
  • 50.
    PERFORMANCE Effectiveness Efficiency Relevance FinancialHealth What isneeded for the organization to meet its goals and objectives and to become viable. 03.WhatMakesAnOrganization(Compliance Unit)Strong?
  • 51.
    EXTERNAL RELATIONS AND PERCEPTION Rules and norms Legaland political framework Linkages and networks Ownershipand participation The environment (political, social, economic) in which the organization functions; how the organization is perceivedbyothers. 04.WhatMakesAnOrganization(Compliance Unit)Strong?
  • 52.
    FUNCTIONS Value-Generating services Promotion of quality/standard ofservice Advancing professional practice e.g.,Influencing the practiceand Compliance policy The reasons for which the organization exists! 05.WhatMakesAnOrganization(Compliance Unit)Strong?
  • 53.
    Capacity Assessment Data Analysis Improvement plan Implementation and Performance Measurement Pre-cycle Validation,Evaluation. Feedback Descriptive Diagnostic Predictive Prescriptive 06.WhatMakesAnOrganization(Compliance Unit)Strong?
  • 54.
  • 55.
    Organizational Resources • Financialassets • Physicalassets •Human resources • Intangibleassets • Structural-culturalassets Organizational Capabilities • Organizationalprocessesandroutines • Accumulatedknowledge • Actualworkactivities Core Competencies Distinctive Organizational Capabilities Value-Creation Advantage Performance Results 08.WhatGivesYourComplianceUnitTheEdge?
  • 56.
    Step 1 Step 2 Step3 Step 4 Step 5 GatherUp TheCompliance Unit Profile;the“as is”. Identify Sources Of Advantage & Disadvantage In The Core BusinessOf YourCompliance Unit. Describe All The Capabilities & Competencies Of Your Compliance Unit. Sort & Rank The Core Capabilities & Competencies According ToStrategicImportance. Identify And Agree On The Key Capabilities & Competencies. 08.HowToGiveYourComplianceUnitDistinctiveCapabilities
  • 57.
    FocusonQuality Decisions; notoutcomes whilebeing resultoriented! Itisallin yourhands...YOU DECIDE 09.HowToGiveYourComplianceUnitDistinctiveCapabilities
  • 58.
    Productive Engagement ResourcesDeployed IF THEREis a clear signal on the part of the firm to continue on serving the client, more datawill be collected andprocessed to identify, measureandmanageRisks (i.e.,Comply). Due Diligence Enhanced Due Diligence Risk-Based Approach Enhancing Organizational Capacities… Cost SkillsNeeds Know-How Analytics Collect, Store, andProcess Data ToImprove YourDecision-MakingCapacity! This is the Value-Creation Process in the course of performing and demonstrating Compliance! Client Information Profile De- Risking 10.HowToGiveYourComplianceUnitDistinctiveCapabilities
  • 59.
    ItIsAboutCreatingValue!  The notionof creating value for [Internal] customers [Sale] is critical to understanding customer needs and expectations and setting the right objectivesfor businessactivities.  Value depends on the full range of support services the customer experiences in “conducting the business”: Speed & Accuracy in Account-Opening Procedures;ClarityinRequired ComplianceForms,etc.
  • 60.
    AnalysingTheProcessMap... • HowmanySteps,Duplications,andHand-Offsinyourprocess?... Causesofdisruptions,complexityandpossibledelays. • Whatistheapproximatetimespent“IN”and“BETWEEN”eachStep?... TheProcessCycle-Time. • Wherearepossible Delays?...Why? • WherearemajorBottlenecks?...Why? • Howmanystepsdonotaddvalueforclients?...Aretheynecessary (i.e.,Controls)? • Wherearepossible problemsforclientsandstaff? ...AreThey Material?AreTheyAddressable?
  • 61.
    From TheComfort Of Home Walk-InThe Branch ActuallyPurchased TheProduct After Sales Service Start Start Cycle Ended To∞(Cycle NeverEnds) How YouWantToGoAbout Creating Value? A. Engaging ClientsWithYourBank. B. SellingClientsYour Bank’s Products &Services Compliance &SellingCycle
  • 62.
  • 63.
  • 64.
    ManagementProcesses  Strategic Direction Business Planning  Performance Measurement& Review CoreProcesses Customer, Management, Regulatory Authority Requirements Compliance (internal& external) Direction & Resources Performance Requirements Support Support Processes  People Management  SystemManagement  Administration  Financial Management
  • 65.
    InitialPhase:Setting Up (allow forhours) MaterialsNeeded:Flip Chart,Markers, etc Map AlternativePaths Use Map ToImprove Process More WaysTo Improve … Map ThePrimary Process Right TeamForProcess Yes No Do Over Intermediate Phase: Mapping(allow for hours) MaterialsNeeded: Flip Chart,Markers, etc. Advanced & Final PhaseandBeyond: Improving SelectTeam SelectAProcess Define The Process IntroduceControl Points List All the activities, and put them in a logical sequence, . . . Make sure every member of the Team is in on this. . . . Then, Drop them on a Process Map. This becomes possible after you have identified process risks, assessed theirimpacts, risk-ranked them,.... It could be a part of a Business Continuity Plan(BCP),...
  • 66.
  • 67.
    Categoriesof Waste:You NeedToSize TheSignificance Of YourWaste! Transport Moving “stuff” Injuries Damage to people Motion Unnecessary human movement Inventory “Stuff” waiting to be done Waiting People waiting for “stuff” to arrive Over processing “Stuff” we have to do but doesn’t add value Over production Producing too much “stuff” Defects “Stuff” that’s not right and needs fixing Staff Untapped potential
  • 68.
    Cross-Check Objectives withProcesses (Use a Matrix). Rate Each process in terms of its contribution to each business objectives. Processes BusinessObjectives MATRIXLike it or not, there are non-value added activities that we often engage in! Who is in a position to decide if an activity addsvalueornot?
  • 69.
    Control is anongoing process of data collection, data analysis, andcorrective actions. IsTheProcess InControl Corrective Actions YES N0 Collect Data Diagnosis to get to the root cause of the problem
  • 70.
    ProcessVariation Natural Variations Natural Limits TotalVariations OfTheProcess Un-Natural Variations Process Capability Study: Discover And EliminateCausesOfUn-Natural Variations.  Natural Variations: Anticipated Variations  Un-Natural Variations: Unanticipated Variations .
  • 71.
    MapGeneration–AnExample:RequestforPayment • Unit Level(processrequest,PrepareAccountOpeningForms, etc.) • Task Level (complete CIF, KYC, verify data, send forms for approval, etc.) • Action Level (information needed for the account opening, approval authority,method tosendrequest)
  • 73.
    “Over 30 yearsof Experience in Banking. mifheili@gmail.com (961) 3 337175 Mohammad Ibrahim Fheili He is currently serving as:  Risk, Capacity Building And Organizational Transformation Specialists.  Trainer in Risk & Compliance  University Lecturer: Economics, Risk, and Banking Operations Served as:  An Executive (AGM) at JTB Bank in Lebanon.  Senior Manager & Chief Risk Officer at Group Fransabank  Senior Manager at BankMed  An Economist at the Association of Banks in Lebanon  Mohammad received his college education (undergraduate & graduate) at Louisiana State University (LSU), and has been teaching Economics and Finance for over 25 continuous years at reputable universities in the USA (LSU) and Lebanon (LAU).  Finally, Mohammad published over 25 articles, of those many are in refereed Journals (e.g., Journal of Money Laundering & Control; Journal of Operational Risk; Journal of Law & Economics; etc.) and Bulletins.”