Mohammad Ibrahim Fheili, profile picture
Uploaded byMohammad Ibrahim Fheili
PDF, PPTX141 views

Compliance at an inflection point

The document discusses the evolving landscape of compliance, particularly focusing on anti-money laundering (AML) obligations amid fragmented jurisdictional challenges. It emphasizes the importance of integrating compliance processes into business operations, fostering a culture of compliance awareness among employees, and adapting to new technologies and regulatory expectations. The text highlights the need for organizations to proactively address risks and enhance their compliance capabilities to navigate the complexities of modern financial regulations.

Embed presentation

Download as PDF, PPTX
In FocusCompliance-Unit Capacity Building By:Mohammad IbrahimFheili
The Compliance Landscape
Compliance Failure Exclusion Compliance Compliance Compliance Choice Obligations AML Compliance “Due Diligence Convention” with anarrow definition of Jurisdiction ... Abundance of AMLRules with blurred Jurisdictions ... Failure Exclusion Failure Exclusion Failure Exclusion Ignorance Ambiguous Uncertain Risk-Based WeDidnotinvestenoughinlearning...UntilwestartedtogetonewakeupcallafterAnother!
AML Compliance Choice Obligations Regulatory Obligations Legal Obligations
Mgmt. Committee Risk Management Board of Directors Board Committees Mgmt. Committee Risk Management Board of Directors Board Committees Mgmt. Committee Risk Management Board of Directors Board Committees Mgmt. Committee Risk Management Board of Directors Board Committees External AuditorExternal AuditorExternal Auditor External Auditor ProactiveRe-active/ProactiveRe-active?! Re-active?! Choice  Accountability Law Makers Law Makers Law Makers Law Makers Compliance Has fastEvolved Not By Choice. . . AML Compliance UnitAML Compliance UnitAML Compliance Unit Compliance Officer Corporate ComplianceCorporate ComplianceCorporate Compliance Corporate Compliance Legal UnitLegal UnitLegal Unit Legal Unit  Skin InThe Game! External & InternalExternal & InternalExternal Rules External Guidelines  Personal Liability
 Staff (Can Disrupt the compliance process . . .!)  Business Unit  Senior Management  Board of Directors ReportRiskEvents, Collect Data, Report,Etc. Assess Control Oversight Most Risks Start Here Every individual comes to the organization with his/her own personal Perception of Risk. Every Person comes to the Organization with his/her own Inventory of Moral Values and these have a great influenceover the decisions he/shemakes... Escalatingtothe BoDWon’tMeanMuch!Because...
AML Compliance Choice Obligations Legal Obligations: where there is a legal obligation, a jurisdiction must be adequately defined to the satisfaction of the partiesin dispute.
TooMuch,Too Quickly,Too Detailed, TooDemanding,... The Classic Areas of Anti Money Laundering Parachuted into The World of Anti Money Laundering
Scopeof Compliance Ill-Communicated tothe firstlineof defense
Jurisdiction“A”Tax Administration Confidentiality andDataSafeguard RequirementsinPlace. Jurisdiction“B”TaxAdministration Confidentiality andDataSafeguard RequirementsinPlace. Information Reporting in relation to Tax Residents of jurisdiction “B”, in accordance with Jurisdiction “A”’s domestic reporting requirements. Information Reporting in relation to Tax Residents of jurisdiction “A”, in accordance with Jurisdiction “B”’s domestic reporting requirements. IT Platform IT Platform Jurisdiction“A”Financial Institutions Jurisdiction“B”Financial Institutions Information Exchange, in accordance with the underlying legal instrument and the Competent Authority Agreement between Jurisdictions A & B Jurisdiction “A” Jurisdiction “B” Account Holders are Individuals & Entities Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Reportable Accounts Reportable Accounts
CRS Participating Countries MonetaryAuthority FinancialInstitutions Fiscal Authority OECD: CRSParticipatingTax Authority C.R.S.Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders  Financial Institutions (FIs) in participating Jurisdictions are required to report to own-Jurisdiction Tax Authority on Reportable Accounts.  The Burden of proof of “Tax Residency” is on the Account Holder.  Due Diligence is required by the FI. The Account Holder is responsible to provide the FI accurate, updated and complete information about his/her/its (Entities) Tax Residency.  The FI is deemed Non-Compliant by its own Tax Authority! Or … ?  Scope of CRS Reporting by FI: on any Account Holder who is a Tax Resident in one (or more of the) CRS Participating Countries; except its own – A Lebanese FI does not Report on strictly Lebanese Tax Payers under CRS.  The Monetary Authorities, in the CRS participating countries, play no party to all this!
MonetaryAuthority FinancialInstitutions Fiscal Authority USFiscal Authority  Financial Institutions (FIs) are required to report Directly to US Tax Authority on Reportable Accounts.  The Burden of proof is on the FI, and the FI is held accountable, by US Tax Authority, for “Non-Compliance”.  Due Diligence is required. The FI, in a non-US Jurisdiction, is deemed Non-Compliant by the US Tax Authority.  Scope: Any country where there can be a FATCA Reportable Account.  The Monetary and Fiscal Authorities, in “FATCA Participating Countries”, play no party to all this! Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders
MonetaryAuthority FinancialInstitutions AsA Custodianof Personal Data Fiscal Authority Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Although the European legislator repeatedly refers to the concept of risks for the rights and freedoms of the data subjects, the term risk is not defined in the GDPR; only describes the adverse effects of the infringement of the rights of natural persons.
MAXIMIZE PROFIT subject to: RISK , REGULATORY, Compliance, Reporting, Etc. Constraints RISK . . .  Default  Liquidity  Maturity  Others . . . REGULATORY . . .  Basel I  Basel II  Basel III  Basel IV (In the making)  Sanctions Rules  USA_FATCA, OECD_CRS, EU_GDPR Requirements  AML, Etc. . . . Uses of Funds Sources of Funds  Reserves  Loans  Securities  Other Investments  . . .  All Types of Deposits  Borrowings  Other Sources  Equity  . . . Off-Balance Sheet Legal Issues . . . BankingModel hasbeentransformedfromProfitDriventoCompliance Driven... WithMultiple Jurisdictions! With“Asset Data” and “Liability Data”
AreYouCompliant? Compliance is not a Destination; it is a process that involves continuous learningand improvement. Don’t Just Abide By The Rule! Build Your Organizational Capacity to secure:  Process Efficiency &  Process Effectiveness, and  Organizational Readinessto cope... Those who claimedto be “Compliant” committed a blunder!
You See The Regulator Sees WouldYouBeSatisfied With 99.73%Accuracy InYourCompliance? 0.27%Tolerance ForMistakes! 99.73%accuracy translates into thefollowing:  One hour of unsafe drinkingwater everymonth  Two unsafe landingseverydayat Chicago O’HareAirport  50 babiesdroppedat birth bydoctors everyday  500 incorrect operations everyweek  20,000incorrect drugprescriptionseveryyear  22,000checksdeductedfromthe wrong bankaccount everyhour
Compliance is about identifying the risks that the financial institution could encounter as a result of Failing ToComply (be it intentional or byerror); Conduct & Document comprehensive Risks Assessment; and the planned remedial measures in a manner appropriateto therequirements of the compliance rule! Compliance is Not Just About Following The written Rules!
For many employees, the Compliance function, like any second line functional supportgroup,speaksadifferentlanguage: Theterminology differences canbedifficult, Theprocessesopaquetothe business,and Thedocumentation requirements time-consuming. How, then, can you get front-line employees to own the risks, thereby improvingtheir abilitytomakebusinessdecisions?
OnGoingFollowup& Service  Opening Accounts  Handling Objections, andComplaints  Cross-Selling  Updating Customer Profile (CIP),  Etc…. • Customer Risk Scoring • Customer Due Diligence Risk • Transaction Monitoring Systems • Cash Aggregation and Reporting Systems, • Etc….. “Compliance Cycle” must betainted with the ‘ServiceCulture’. AND“ServiceCycle” must becontaminated withthe ‘Compliance Culture’. BUTthetwo Cycles MUSTBE separated, buttheData Consolidated, and the Cycles Converge! OnGoingMonitoring& Compliance Service Cycle Compliance Cycle “Service Cycle” must speak to the “Compliance Cycle” and identify possible sources of failures (i.e.,risks)
First-Line Of Defense: Are You a “Hunter” or a “Farmer”? Does This Question Bear Any Relevance To Risk-Taking Behavior? • There Are Two Dimensions To Every Service Offered: Benefits & Features. • Normally, You Sell the “Benefits”, and You Contract on the “Features”. WhoIsTheHunter? WhoIsTheFarmer? • Great at Handling Objections. • Most Likely to stretch the Truth. • They Dwell on the Benefits • They are pretty comfortable with risk-taking behaviour. • Great at Dealing with Customer Complaints. • Can’t promise more than they can effectively deliver. • They are normally intimately familiar with the Features. • They have the tendency to be risk- averse individuals.
GetTheFirst Line ToOwnTheseEffort • Building a successful Compliance program isn't just about implementing a robust Compliance system or advanced analytics. It's about enabling a cultural shift by embedding a pervasive sense of Compliance awareness and ownershipatevery levelof theenterprise. • Every time an employee engages in a transaction or makes a decision, he or sheneeds toknow: • Willthishurtor helpthebusiness? • Will it get the financial institution in trouble or will it strengthen business performance? • Employee understanding of the balance between risks (i,.e., failure to comply) andrewardsiscriticaltosuccess.
Focus on the “Why” of Compliance! • Employees need to understand why obligations matter; they may not see the value of it in the performanceof theirday-to-day jobs. • The more complex an organization is, the more essential it is to be able to translate its corevalues into clear behavioral terms, and expectations for all employees. • Simply focusing on compliance may help employees learn the rules, focusing on values willhelpassure that theyalso know what to dowhenthereisn’t arulefor something! • Focus on building a culture that will drive collaboration to manage risks and meet obligations. • Compliance requires being aware, thorough planning, and effective communication at all levelsof anorganization. • Today’s employees deserve to know why compliance initiatives matter; they want and needto feelliketheir contributions count!
Bring ComplianceAwarenessToTheFrontLine • Communicate the Business Value of the Compliance Program. It helps to use positive language alignedwithbusinessgrowthandsuccess. • Keep it Simple. Compliance terminologies and concepts aren't always easy to grasp. For instance, an issue, an incident and a risk may mean different things to a Compliance Officer – but to the firstline,theyoftenlook thesame.Trainingcanhelpclosetheseknowledgegaps. • Provide Support. Front-line employees need to know that the second line of defense exists not to police their every move anddecision, but to provide independentoversight andto support them in becomingbetterComplianceresponsibles. • Incentivize. One of the best ways to drive Compliance awareness into the first line is to provide incentives. For instance, policy compliance and loss avoidance behaviour can be linked to rewardsandrecognitionprograms. • Embed Analytics in the Backend. Once the first line starts playing a more active role in Compliance,thenextstepistomakesenseof theirinputs.
Participative Compliance Full and Consistent Communication & Coordination with all Business Units Autocratic Compliance I Know what to do, and I will do it all alone. Myway orthe highway! Effective Compliance is everybody’s business . . .
Forces @ Work Reshaping The Practice of Compliance “The MiXed Dynamics” 1, 2, 3, 4, 5, 6, 7, 8, 9
01.TheMiXed Dynamics Compliance is a Fluid Industry! • As if the “Compliance Universe” is trying to mimic the Complexity of the “Banking Universe”! ...Workforce Complexity istheNew Normal! • FATCA, CRS, GDPR, (what’s next?) have been globally rolled-out. Each Jurisdiction has auniqueapproach tothem yet globalparameters. • Organizations need to understand the nuances of classification under compliance rules, and then based on the outcomes find the best way to collect, compile, review, validate and communicate therequiredinformation toeachstakeholder. …You have no choice BUTTOADAPTTOTHESPEED OFTHESE INITIATIVES.
Turnaround Time Expectations of Compliance Teams Are Higher Than Ever! • The old days when compliance teams could take two days to respond to a request for information are over. …when the Board wants an update, theyneedsanswersin seconds! • Each Jurisdiction hasitsownrulesandformats. • Banks with International presence might have dozens of different sets ofrulestotackleinthe courseofcompliance! 02.The MiXed Dynamics
Fragmentation of Advisory Services . . . • The Compliance Landscape is flooded with a colorful mix of service providers, including accountants, boutique firms,lawyers,andniche specialists. • ImagineWorking AcrossMultiple Jurisdictions! 03.TheMiXed Dynamics
Resources Are Stretched . . . • Compliance was often at the end of the queue for capital andheadcount. • Although this is rapidly changing, when budgets tighten, complianceisoneof thefirsttobesqueezed. • This Exerts YetMore(andundue)PressureOnPerformance! 04.The MiXed Dynamics
New Technology (Workflow Automation, AI Driven Monitoring, and Big Data Analytics) Are Here . . . • Compliance teams areengaged in DigitalTransformation, but the laws have not been catching up with the speed of technology, forcing compliance to adapt while remaining in a pending situation of status quo until the regulators catch enough speed. 05.The MiXed Dynamics DescriptiveAnalytics DiagnosticsAnalytics PredictiveAnalytics PrescriptiveAnalytics
Risks (Intentional& Unintentional) Known toThe Financial Institution...With continuous efforts toIdentifymore Non-Identifiable Risk Non-IdentifiableRisk WhatisNormally UsedinRisk Identification: • Client InformationProfile • DueDiligence(DD) • EnhancedDD • Complete andUp-To-Date Client File, • Client Visits. • ProperFollow Up • Comprehensive& ConsistentDataabout the Market • Etc. Identified& Identifiable Risks • Expected Losses are normally controlled or metusingGross Income, • While Unexpected Losses require Capital. Transform Your Compliance From Reactive To Proactive, and Value-CreationDrivenUnit...YouHaveTheTools! The more Data you collect, the much more Risks will be identified, the better Understanding you willhave!
Increasing OurUnderstanding of Potential Outcomes (i.e., Impact) IncreasingEvidenceonProbabilityof occurrence(i.e.,Probability) Ambiguity Uncertainty Ignorance The Right Data Helps You Avoid Ambiguity, Ignorance, Uncertainty and Move in the Directionof Effective RiskManagement ... Effective Risk Management
Tax Authorities Have Been Getting Much Tougher! • The words “fraud,” “Evasion,” and “Criminal Intents” have been what Compliance Units have to face with every day whensearching,documenting, reviewing, rejecting, etc. • But as well when explaining to the Boards the increase in compliance driven processes to combat, in form and in substance,anytaxevasion. 06. TheMiXed Dynamics
There Are Rising Demands From Third-Parties! • The press has been increasingly interested in compliance stories! • Investors watch as well. Investors will steer clear of error- strewn companies affecting at times share price value and thus diminishedcapital-raisingpowers. 07.TheMiXedDynamics
Transformation Of The Compliance Function! • Compliance is no longer a Backroom operation; it’s been surely moving toward “Value Creation”! • Compliance issurelymoving toward the leadrolewithin organizations. • This will require a change of focus in terms of skill sets, with an emphasis on managerial and technical skills. • The ability to stay up-to-date, with the kind of regulatory issues that are required to ensure compliance, is demanding too much of existing resources and it is challenging toachieve cost efficiencies. 08. TheMiXed Dynamics
Taxing The Digital Economy! • Unlike traditional companies, whose profits are taxed at value creation, digital technology companies conduct most transactions electronically. This makes it challengingto capturewherevalue iscreated, what itis,and how to measureit. • Digitally-Driven companies operate virtually all over the world; their profits, however, aretaxed only inthe jurisdiction wheretheyhave physical presence. • How Digitally-Driven Financial Institutions, that only exist in virtual reality, can be deemedFATCA, CRS and/or GDPRCompliant; ... Andbywhom?! • Is it possible to migrate FATCA and/or CRS Reportable Accounts to Digital Banking to evade(oravoid) tax implications?! 09. TheMiXed Dynamics
PRIMARY SECONDARY • Employee Fraud/ Malice (Criminal) • Payment/ settlement/delivery risk • Technology investmentrisk • Legal/Regulatory Risk /Public Liability • Unauthorized activity / Employee misdeed (Willful) • Employment Law • Workforce disruption • Loss or lackof key personnel • Documentation orcontract risk • Valuation /Pricing • Internal/ Externalreporting andcompliance • Project risk /Change management • SellingRisks • Systemdevelopment andimplementation • Systemsfailures • Systemssecurity breach • Systemscapacity • Criminal Activities • Out-sourcing /Supplier Risk • In-sourcingRisks • Disaster andInfrastructuralutilities Failures • Political andGovernment Risks PEOPLE PROCESSES SYSTEMS EXTERNAL Andgoto theroot- causeof these possible sourcesof failures.
01.Inspect This! Count the Number of Times the Letter “f” Appears in all of the Words Before You. Finished Files Are the Result of Years of Scientific StudyCombined WithYearsof Experience! If You Rely on Inspection Alone, There Is No Guarantee That You Will Get The Quality You Desire,andImprove Performance!10 Let’s PlayALittle ...
02.Inspect This! Count the Number of Times the Letter “F” Appears in all of the Words Before You. Finished Files Are the Result of Years of Scientific StudyCombined WithYearsof Experience! If You Rely on Inspection Alone, There Is No Guarantee That You Will Get The Quality You Desire,andImprove Performance!10 Let’s PlayALittle ...
03.Inspect This! Count the Number of Times the Letter “f” Appears in all of theWordsBefore You. Finished Files Are the Result of Years of Scientific Study CombinedWith Yearsof Experience! If You Rely on Inspection Alone, There Is No Guarantee That You Will Get The Quality You Desire,andImprove Performance!10 Let’s PlayALittle ...
1 3 You were asked by a Zoo Keeper to pick One animal to take care of, for a day, inside a 25m2 room; and alone? Feel free:  To ask any question. I’m the Animal Keeper!  To do what you deem necessary to succeed. 2 4 PretendTheseAre4DifferentTypesofClients!
Other Forces & Dynamics Reshaping Compliance
What’s driving today’s companies deeper and deeper into territories thatmostCEOs findfrighteninglyunfamiliar!. TheCustomers TheCompetition Coping WithChange TakingCharge Intensifying Not-Optional Risks Regulations Changing Exponentially Increasing AllRequireAttention ToDetails! Performance All Must Converge TechnologicalInnovationsExploding
It’sTimeYouSTOP“ComplianceByThe Piece”,andFocusonBuildingYour OrganizationalCapacity LookForTheAdded-ValueInCompliance! Organizational(ComplianceUnit)CapacityEssentials
Acknowledge theDimensions ofYourJob:Manage BothProcesses&People,and DevelopDistinctiveOrganizational Capabilities. ProcessResponsibilities include: • Compliance UnitWorkPlanning • Budgeting • Scheduling • Task/Work Assignment • Identification of KPI,KRI,and KCI • WorkImplementation &ProblemSolving • Monitoring WorkProgress • Evaluating &ReportingResults PeopleResponsibilities include: • Developing work team and individual employeeskills &capabilities • Motivating employees • Coaching Employees • Monitoring and providing feedback on day- to-day performance • Conducting formal performance reviews • Developcompetentsuccessors • Carrying out disciplinary activity  KPI:KeyPerformanceIndicators  KRI:KeyRiskIndicators  KCI:KeyControl Indicators
Culture(e.g., Ethics, Values,...) OperationalCapacity(e.g., The capacity toget the job done. ..) Performance(e.g., Contribution to thebottom line. .. ) ExternalRelationsand Perception(e.g.,Goodwill, .. .) Functions (e.g.,Segregation of duties & responsibilities . ..) 00.Organizational(ComplianceUnit)CapacityEssentials
CULTURE Vision/ Mission Values / Beliefs Rewards / Incentives The sum total of values, beliefs, customs, traditions and meanings developed over years that make the organization unique, governs its character anddrives itforward. 01.WhatMakesAnOrganization(Compliance Unit)Strong?
OPERATIONAL CAPACITY Governance Leadership/ Management Strategy Financial Management Human Resources Management Program / Project Management Communication Infrastructure What is needed for the organization to put its programs, projects and activities in operation. 02.WhatMakesAnOrganization(Compliance Unit)Strong?
PERFORMANCE Effectiveness Efficiency Relevance FinancialHealth What is needed for the organization to meet its goals and objectives and to become viable. 03.WhatMakesAnOrganization(Compliance Unit)Strong?
EXTERNAL RELATIONS AND PERCEPTION Rules and norms Legaland political framework Linkages and networks Ownership and participation The environment (political, social, economic) in which the organization functions; how the organization is perceivedbyothers. 04.WhatMakesAnOrganization(Compliance Unit)Strong?
FUNCTIONS Value-Generating services Promotion of quality/standard ofservice Advancing professional practice e.g.,Influencing the practice and Compliance policy The reasons for which the organization exists! 05.WhatMakesAnOrganization(Compliance Unit)Strong?
Capacity Assessment Data Analysis Improvement plan Implementation and Performance Measurement Pre-cycle Validation, Evaluation. Feedback Descriptive Diagnostic Predictive Prescriptive 06.WhatMakesAnOrganization(Compliance Unit)Strong?
07.WhatGivesYourComplianceUnitTheEdge? People Values Managers Jobs
Organizational Resources • Financialassets • Physicalassets • Human resources • Intangibleassets • Structural-culturalassets Organizational Capabilities • Organizationalprocessesandroutines • Accumulatedknowledge • Actualworkactivities Core Competencies Distinctive Organizational Capabilities Value-Creation Advantage Performance Results 08.WhatGivesYourComplianceUnitTheEdge?
Step 1 Step 2 Step 3 Step 4 Step 5 GatherUp TheCompliance Unit Profile;the“as is”. Identify Sources Of Advantage & Disadvantage In The Core BusinessOf YourCompliance Unit. Describe All The Capabilities & Competencies Of Your Compliance Unit. Sort & Rank The Core Capabilities & Competencies According ToStrategicImportance. Identify And Agree On The Key Capabilities & Competencies. 08.HowToGiveYourComplianceUnitDistinctiveCapabilities
FocusonQuality Decisions; notoutcomes whilebeing resultoriented! Itis allin yourhands...YOU DECIDE 09.HowToGiveYourComplianceUnitDistinctiveCapabilities
Productive Engagement ResourcesDeployed IF THERE is a clear signal on the part of the firm to continue on serving the client, more datawill be collected andprocessed to identify, measureandmanageRisks (i.e.,Comply). Due Diligence Enhanced Due Diligence Risk-Based Approach Enhancing Organizational Capacities… Cost SkillsNeeds Know-How Analytics Collect, Store, andProcess Data ToImprove YourDecision-MakingCapacity! This is the Value-Creation Process in the course of performing and demonstrating Compliance! Client Information Profile De- Risking 10.HowToGiveYourComplianceUnitDistinctiveCapabilities
ItIsAboutCreatingValue!  The notion of creating value for [Internal] customers [Sale] is critical to understanding customer needs and expectations and setting the right objectivesfor businessactivities.  Value depends on the full range of support services the customer experiences in “conducting the business”: Speed & Accuracy in Account-Opening Procedures;ClarityinRequired ComplianceForms,etc.
AnalysingTheProcessMap... • HowmanySteps,Duplications,andHand-Offsinyourprocess?... Causesofdisruptions,complexityandpossibledelays. • Whatis theapproximatetimespent“IN”and“BETWEEN”eachStep?... TheProcessCycle-Time. • Wherearepossible Delays?...Why? • WherearemajorBottlenecks?...Why? • Howmanystepsdonotaddvalueforclients?...Aretheynecessary (i.e.,Controls)? • Wherearepossible problemsforclientsandstaff? ...AreThey Material?AreTheyAddressable?
From TheComfort Of Home Walk-InThe Branch Actually Purchased TheProduct After Sales Service Start Start Cycle Ended To∞(Cycle NeverEnds) How YouWantToGoAbout Creating Value? A. Engaging ClientsWithYourBank. B. SellingClientsYour Bank’s Products &Services Compliance &SellingCycle
The Process!
Controls InternalCompliance Rule:Bank’sPolicies & Procedures ExternalCompliance Rule:Regulatory Guidelines Processes ProcessesTransform InputsIntoOutputs! Sub-Process Sub-Process Sub-Process Sub-Process Sub-Process Whoputswork on you desk? Whenworkleaves your desk, wheredoes it go?! Inputs Output The Recipient of the Output is your Customer! Resources Staff,Physical, Financial, Others
ManagementProcesses  Strategic Direction  Business Planning  Performance Measurement& Review CoreProcesses Customer, Management, Regulatory Authority Requirements Compliance (internal& external) Direction & Resources Performance Requirements Support Support Processes  People Management  SystemManagement  Administration  Financial Management
InitialPhase:Setting Up (allow forhours) MaterialsNeeded: Flip Chart,Markers, etc Map AlternativePaths Use Map ToImprove Process More WaysTo Improve … Map ThePrimary Process Right TeamForProcess Yes No Do Over Intermediate Phase: Mapping(allow for hours) MaterialsNeeded: Flip Chart,Markers, etc. Advanced & Final PhaseandBeyond: Improving SelectTeam SelectAProcess Define The Process IntroduceControl Points List All the activities, and put them in a logical sequence, . . . Make sure every member of the Team is in on this. . . . Then, Drop them on a Process Map. This becomes possible after you have identified process risks, assessed theirimpacts, risk-ranked them,.... It could be a part of a Business Continuity Plan(BCP),...
LookforBatching CSR seesCustomers individually Requestssentinbatches toAML Units Resultsreturn inbatches!
Categoriesof Waste:You Need ToSize TheSignificance Of YourWaste! Transport Moving “stuff” Injuries Damage to people Motion Unnecessary human movement Inventory “Stuff” waiting to be done Waiting People waiting for “stuff” to arrive Over processing “Stuff” we have to do but doesn’t add value Over production Producing too much “stuff” Defects “Stuff” that’s not right and needs fixing Staff Untapped potential
Cross-Check Objectives with Processes (Use a Matrix). Rate Each process in terms of its contribution to each business objectives. Processes BusinessObjectives MATRIXLike it or not, there are non-value added activities that we often engage in! Who is in a position to decide if an activity addsvalueornot?
Control is an ongoing process of data collection, data analysis, andcorrective actions. IsTheProcess InControl Corrective Actions YES N0 Collect Data Diagnosis to get to the root cause of the problem
ProcessVariation Natural Variations Natural Limits TotalVariations OfThe Process Un-Natural Variations Process Capability Study: Discover And EliminateCausesOfUn-Natural Variations.  Natural Variations: Anticipated Variations  Un-Natural Variations: Unanticipated Variations .
MapGeneration–AnExample:RequestforPayment • Unit Level(process request,PrepareAccountOpeningForms, etc.) • Task Level (complete CIF, KYC, verify data, send forms for approval, etc.) • Action Level (information needed for the account opening, approval authority,method tosendrequest)
“Over 30 years of Experience in Banking. mifheili@gmail.com (961) 3 337175 Mohammad Ibrahim Fheili He is currently serving as:  Risk, Capacity Building And Organizational Transformation Specialists.  Trainer in Risk & Compliance  University Lecturer: Economics, Risk, and Banking Operations Served as:  An Executive (AGM) at JTB Bank in Lebanon.  Senior Manager & Chief Risk Officer at Group Fransabank  Senior Manager at BankMed  An Economist at the Association of Banks in Lebanon  Mohammad received his college education (undergraduate & graduate) at Louisiana State University (LSU), and has been teaching Economics and Finance for over 25 continuous years at reputable universities in the USA (LSU) and Lebanon (LAU).  Finally, Mohammad published over 25 articles, of those many are in refereed Journals (e.g., Journal of Money Laundering & Control; Journal of Operational Risk; Journal of Law & Economics; etc.) and Bulletins.”

More Related Content

PPTX
Fraud risk management
byEMAC Consulting Group
 
PDF
A.risk.perspective aml
byMohammad Ibrahim Fheili
 
PDF
Fraud Risk Assessment
byTahir Abbas
 
PPTX
Fraud risk management and interrogation techniques part ii
byEMAC Consulting Group
 
PPTX
ACCA-IIA Singapore Seminar 2015 Part 3 Fraud Risk Assessment
byBillyCheuk
 
PDF
Fraud Risk Assessment- detection and prevention- Part- 2,
byTahir Abbas
 
PPT
Fraud Cases in Auditing
byRaymond Kulzick
 
PPTX
Fraud principles1
bySevisa Isufaj
 
Fraud risk management
byEMAC Consulting Group
 
A.risk.perspective aml
byMohammad Ibrahim Fheili
 
Fraud Risk Assessment
byTahir Abbas
 
Fraud risk management and interrogation techniques part ii
byEMAC Consulting Group
 
ACCA-IIA Singapore Seminar 2015 Part 3 Fraud Risk Assessment
byBillyCheuk
 
Fraud Risk Assessment- detection and prevention- Part- 2,
byTahir Abbas
 
Fraud Cases in Auditing
byRaymond Kulzick
 
Fraud principles1
bySevisa Isufaj
 

What's hot

PPTX
Fraud Investigation
bySalih Islam
 
PDF
09/16/2009 Meeting - Fraud In A Downturn
byacfesj
 
PDF
Ua bmay2015 aml.fheili
byMohammad Ibrahim Fheili
 
PPTX
Bcu msc cg week 8 audit 290712
byStephen Ong
 
PDF
Fraud & Risk Management - A Guide to Good Practice
byArianto Muditomo
 
PDF
FRAUD, MONEY LAUNDERING AND FORENSIC AUDIT
byEMAC Consulting Group
 
PDF
Fraud and Internal Controls: A Forensic Accountant's Perspective - Bill Acuff
byDecosimoCPAs
 
PPTX
Fraud Risk and Control
byWeaverCPAs
 
PPTX
Fraud: Understanding Fraud and Our Responsibilities
byJason Lundell
 
PPSX
Fraud Risk
byF a h a d Z a f a r (Bradford MBA)
 
PPTX
Fraud Investigation Process And Procedures
byVeriti Consulting LLC
 
PPT
Fraud Awareness For Managers
byrickycfe
 
PPTX
Fraud risk management training - Elsam Management Consultants
byEMAC Consulting Group
 
PDF
AML and OFAC Compliance for the Insurance Industry
byRachel Hamilton
 
DOC
Fraud triangle
byMiss. Antónia FICOVÁ, Engineer. (Not yet Dr.)
 
PPTX
Chapter 1 the nature of fraud
byVidaB
 
PPT
Fraud And Internal Controls Linked In April 2011
byJohn Hall, CPA - Keynote Speaker Consultant
 
PDF
Fraud Prevention, Detection and Investigation in the Payday Advance Industry
byDecosimoCPAs
 
PPT
Employee Fraud Prevention and Remedies
bySSDlaw
 
PDF
Addressing Fraud Risk Management with Facts
byInfosys BPM
 
Fraud Investigation
bySalih Islam
 
09/16/2009 Meeting - Fraud In A Downturn
byacfesj
 
Ua bmay2015 aml.fheili
byMohammad Ibrahim Fheili
 
Bcu msc cg week 8 audit 290712
byStephen Ong
 
Fraud & Risk Management - A Guide to Good Practice
byArianto Muditomo
 
FRAUD, MONEY LAUNDERING AND FORENSIC AUDIT
byEMAC Consulting Group
 
Fraud and Internal Controls: A Forensic Accountant's Perspective - Bill Acuff
byDecosimoCPAs
 
Fraud Risk and Control
byWeaverCPAs
 
Fraud: Understanding Fraud and Our Responsibilities
byJason Lundell
 
Fraud Risk
byF a h a d Z a f a r (Bradford MBA)
 
Fraud Investigation Process And Procedures
byVeriti Consulting LLC
 
Fraud Awareness For Managers
byrickycfe
 
Fraud risk management training - Elsam Management Consultants
byEMAC Consulting Group
 
AML and OFAC Compliance for the Insurance Industry
byRachel Hamilton
 
Fraud triangle
byMiss. Antónia FICOVÁ, Engineer. (Not yet Dr.)
 
Chapter 1 the nature of fraud
byVidaB
 
Fraud And Internal Controls Linked In April 2011
byJohn Hall, CPA - Keynote Speaker Consultant
 
Fraud Prevention, Detection and Investigation in the Payday Advance Industry
byDecosimoCPAs
 
Employee Fraud Prevention and Remedies
bySSDlaw
 
Addressing Fraud Risk Management with Facts
byInfosys BPM
 

Similar to Compliance at an inflection point

PDF
The ripple effects of compliance
byMohammad Ibrahim Fheili
 
PDF
Managing sanctions compliance challenges
byGrant Thornton LLP
 
PPTX
AML Meets ABC Webinar Deck 2-19-14
byACFCS
 
DOCX
Compliance Risk Assessment Fall 2016 Class 4 Stephen Paine.docx
byaryan532920
 
PDF
Information Governance to Reduce Risk and Improve Compliance
byScott Swanson , CFE, CFCI
 
DOCX
Compliance Risk Assessment Fall 2016 Class 7 Stephen Paine .docx
byaryan532920
 
PDF
Adamas Compliance and Anti Moneylaundering
byAlexander Rupert Von der Vellen
 
PPT
Leveraging on Compliance Risk Management to Create Value
byEneni Oduwole
 
PDF
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
byKeith Darcy
 
PDF
Spotting the banana skins - avoiding FCA enforcement through better complianc...
byBovill
 
PDF
EFTRAC_Canada.pdf
byAnisunB
 
PDF
Webinar: Strategies to Enhance your Screening and Transaction Monitoring Proc...
byAlessa
 
PDF
De risking
byMohammad Ibrahim Fheili
 
PPT
Risk Assessment1.ppt
byMdSahedulHoque
 
PPT
Asian Financial Services Congress 2013 - The Challenge with Regulations
bySam Gibbins 紀俊森
 
PPTX
Compliance Capability
bynikatmalik
 
PPTX
Navigate the Financial Crime Landscape with a Vendor Management Program
byPerficient, Inc.
 
DOCX
Compliance Risk Assessment Fall 2016 Class 11 Stephen Paine.docx
byaryan532920
 
DOCX
Compliance Risk Assessment Fall 2016 Class 8 Stephen Paine .docx
byaryan532920
 
PPTX
State of Compliance 2013
byStephen Selby
 
The ripple effects of compliance
byMohammad Ibrahim Fheili
 
Managing sanctions compliance challenges
byGrant Thornton LLP
 
AML Meets ABC Webinar Deck 2-19-14
byACFCS
 
Compliance Risk Assessment Fall 2016 Class 4 Stephen Paine.docx
byaryan532920
 
Information Governance to Reduce Risk and Improve Compliance
byScott Swanson , CFE, CFCI
 
Compliance Risk Assessment Fall 2016 Class 7 Stephen Paine .docx
byaryan532920
 
Adamas Compliance and Anti Moneylaundering
byAlexander Rupert Von der Vellen
 
Leveraging on Compliance Risk Management to Create Value
byEneni Oduwole
 
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
byKeith Darcy
 
Spotting the banana skins - avoiding FCA enforcement through better complianc...
byBovill
 
EFTRAC_Canada.pdf
byAnisunB
 
Webinar: Strategies to Enhance your Screening and Transaction Monitoring Proc...
byAlessa
 
De risking
byMohammad Ibrahim Fheili
 
Risk Assessment1.ppt
byMdSahedulHoque
 
Asian Financial Services Congress 2013 - The Challenge with Regulations
bySam Gibbins 紀俊森
 
Compliance Capability
bynikatmalik
 
Navigate the Financial Crime Landscape with a Vendor Management Program
byPerficient, Inc.
 
Compliance Risk Assessment Fall 2016 Class 11 Stephen Paine.docx
byaryan532920
 
Compliance Risk Assessment Fall 2016 Class 8 Stephen Paine .docx
byaryan532920
 
State of Compliance 2013
byStephen Selby
 

More from Mohammad Ibrahim Fheili

PDF
Cyber security; one banker s perspective
byMohammad Ibrahim Fheili
 
PDF
Ifrs9 assessment and strategic implications
byMohammad Ibrahim Fheili
 
PPTX
Mohammad ibrahim fheili
byMohammad Ibrahim Fheili
 
PPTX
Reflection on compliance and automation
byMohammad Ibrahim Fheili
 
PDF
Mi fheili esa_risk.governance
byMohammad Ibrahim Fheili
 
PDF
Performance management framework
byMohammad Ibrahim Fheili
 
PDF
Mohammad fheili on_crs
byMohammad Ibrahim Fheili
 
PDF
139[1] التبادل التلقائي للمعلومات لغايات ضريبية
byMohammad Ibrahim Fheili
 
PDF
No more kings with fatca & crs
byMohammad Ibrahim Fheili
 
PDF
At.risk.in.consumer banking
byMohammad Ibrahim Fheili
 
PDF
Threats & Challenges Facing Financial Institutions
byMohammad Ibrahim Fheili
 
PDF
Hr governance fheili
byMohammad Ibrahim Fheili
 
PDF
My 1999 stress testing of credit risk
byMohammad Ibrahim Fheili
 
PDF
My 2010 basel accord controversy
byMohammad Ibrahim Fheili
 
PDF
Automation risk isaca2017
byMohammad Ibrahim Fheili
 
PPTX
Cyber risk fheili.mohammad
byMohammad Ibrahim Fheili
 
PDF
Retail risk fheili.mohammad
byMohammad Ibrahim Fheili
 
PDF
Hr governance fheili
byMohammad Ibrahim Fheili
 
PDF
Discover risk culture
byMohammad Ibrahim Fheili
 
PDF
Discover Risk Culture with Mohammad Fheili
byMohammad Ibrahim Fheili
 
Cyber security; one banker s perspective
byMohammad Ibrahim Fheili
 
Ifrs9 assessment and strategic implications
byMohammad Ibrahim Fheili
 
Mohammad ibrahim fheili
byMohammad Ibrahim Fheili
 
Reflection on compliance and automation
byMohammad Ibrahim Fheili
 
Mi fheili esa_risk.governance
byMohammad Ibrahim Fheili
 
Performance management framework
byMohammad Ibrahim Fheili
 
Mohammad fheili on_crs
byMohammad Ibrahim Fheili
 
139[1] التبادل التلقائي للمعلومات لغايات ضريبية
byMohammad Ibrahim Fheili
 
No more kings with fatca & crs
byMohammad Ibrahim Fheili
 
At.risk.in.consumer banking
byMohammad Ibrahim Fheili
 
Threats & Challenges Facing Financial Institutions
byMohammad Ibrahim Fheili
 
Hr governance fheili
byMohammad Ibrahim Fheili
 
My 1999 stress testing of credit risk
byMohammad Ibrahim Fheili
 
My 2010 basel accord controversy
byMohammad Ibrahim Fheili
 
Automation risk isaca2017
byMohammad Ibrahim Fheili
 
Cyber risk fheili.mohammad
byMohammad Ibrahim Fheili
 
Retail risk fheili.mohammad
byMohammad Ibrahim Fheili
 
Hr governance fheili
byMohammad Ibrahim Fheili
 
Discover risk culture
byMohammad Ibrahim Fheili
 
Discover Risk Culture with Mohammad Fheili
byMohammad Ibrahim Fheili
 

Compliance at an inflection point

  • 1.
  • 2.
  • 3.
    Compliance Failure Exclusion Compliance Compliance Compliance Choice Obligations AML Compliance “DueDiligence Convention” with anarrow definition of Jurisdiction ... Abundance of AMLRules with blurred Jurisdictions ... Failure Exclusion Failure Exclusion Failure Exclusion Ignorance Ambiguous Uncertain Risk-Based WeDidnotinvestenoughinlearning...UntilwestartedtogetonewakeupcallafterAnother!
  • 4.
    AML Compliance Choice Obligations RegulatoryObligations Legal Obligations
  • 5.
    Mgmt. Committee Risk Management Boardof Directors Board Committees Mgmt. Committee Risk Management Board of Directors Board Committees Mgmt. Committee Risk Management Board of Directors Board Committees Mgmt. Committee Risk Management Board of Directors Board Committees External AuditorExternal AuditorExternal Auditor External Auditor ProactiveRe-active/ProactiveRe-active?! Re-active?! Choice  Accountability Law Makers Law Makers Law Makers Law Makers Compliance Has fastEvolved Not By Choice. . . AML Compliance UnitAML Compliance UnitAML Compliance Unit Compliance Officer Corporate ComplianceCorporate ComplianceCorporate Compliance Corporate Compliance Legal UnitLegal UnitLegal Unit Legal Unit  Skin InThe Game! External & InternalExternal & InternalExternal Rules External Guidelines  Personal Liability
  • 6.
     Staff (CanDisrupt the compliance process . . .!)  Business Unit  Senior Management  Board of Directors ReportRiskEvents, Collect Data, Report,Etc. Assess Control Oversight Most Risks Start Here Every individual comes to the organization with his/her own personal Perception of Risk. Every Person comes to the Organization with his/her own Inventory of Moral Values and these have a great influenceover the decisions he/shemakes... Escalatingtothe BoDWon’tMeanMuch!Because...
  • 7.
    AML Compliance Choice Obligations LegalObligations: where there is a legal obligation, a jurisdiction must be adequately defined to the satisfaction of the partiesin dispute.
  • 8.
    TooMuch,Too Quickly,Too Detailed,TooDemanding,... The Classic Areas of Anti Money Laundering Parachuted into The World of Anti Money Laundering
  • 9.
  • 10.
    Jurisdiction“A”Tax Administration Confidentiality andDataSafeguard RequirementsinPlace. Jurisdiction“B”TaxAdministration ConfidentialityandDataSafeguard RequirementsinPlace. Information Reporting in relation to Tax Residents of jurisdiction “B”, in accordance with Jurisdiction “A”’s domestic reporting requirements. Information Reporting in relation to Tax Residents of jurisdiction “A”, in accordance with Jurisdiction “B”’s domestic reporting requirements. IT Platform IT Platform Jurisdiction“A”Financial Institutions Jurisdiction“B”Financial Institutions Information Exchange, in accordance with the underlying legal instrument and the Competent Authority Agreement between Jurisdictions A & B Jurisdiction “A” Jurisdiction “B” Account Holders are Individuals & Entities Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Reportable Accounts Reportable Accounts
  • 11.
    CRS Participating Countries MonetaryAuthority FinancialInstitutions Fiscal Authority OECD:CRSParticipatingTax Authority C.R.S.Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders  Financial Institutions (FIs) in participating Jurisdictions are required to report to own-Jurisdiction Tax Authority on Reportable Accounts.  The Burden of proof of “Tax Residency” is on the Account Holder.  Due Diligence is required by the FI. The Account Holder is responsible to provide the FI accurate, updated and complete information about his/her/its (Entities) Tax Residency.  The FI is deemed Non-Compliant by its own Tax Authority! Or … ?  Scope of CRS Reporting by FI: on any Account Holder who is a Tax Resident in one (or more of the) CRS Participating Countries; except its own – A Lebanese FI does not Report on strictly Lebanese Tax Payers under CRS.  The Monetary Authorities, in the CRS participating countries, play no party to all this!
  • 12.
    MonetaryAuthority FinancialInstitutions Fiscal Authority USFiscal Authority Financial Institutions (FIs) are required to report Directly to US Tax Authority on Reportable Accounts.  The Burden of proof is on the FI, and the FI is held accountable, by US Tax Authority, for “Non-Compliance”.  Due Diligence is required. The FI, in a non-US Jurisdiction, is deemed Non-Compliant by the US Tax Authority.  Scope: Any country where there can be a FATCA Reportable Account.  The Monetary and Fiscal Authorities, in “FATCA Participating Countries”, play no party to all this! Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders
  • 13.
    MonetaryAuthority FinancialInstitutions AsA Custodianof PersonalData Fiscal Authority Account Holders Account Holders Account Holders Account Holders Account Holders Account Holders Although the European legislator repeatedly refers to the concept of risks for the rights and freedoms of the data subjects, the term risk is not defined in the GDPR; only describes the adverse effects of the infringement of the rights of natural persons.
  • 14.
    MAXIMIZE PROFIT subjectto: RISK , REGULATORY, Compliance, Reporting, Etc. Constraints RISK . . .  Default  Liquidity  Maturity  Others . . . REGULATORY . . .  Basel I  Basel II  Basel III  Basel IV (In the making)  Sanctions Rules  USA_FATCA, OECD_CRS, EU_GDPR Requirements  AML, Etc. . . . Uses of Funds Sources of Funds  Reserves  Loans  Securities  Other Investments  . . .  All Types of Deposits  Borrowings  Other Sources  Equity  . . . Off-Balance Sheet Legal Issues . . . BankingModel hasbeentransformedfromProfitDriventoCompliance Driven... WithMultiple Jurisdictions! With“Asset Data” and “Liability Data”
  • 15.
    AreYouCompliant? Compliance is nota Destination; it is a process that involves continuous learningand improvement. Don’t Just Abide By The Rule! Build Your Organizational Capacity to secure:  Process Efficiency &  Process Effectiveness, and  Organizational Readinessto cope... Those who claimedto be “Compliant” committed a blunder!
  • 16.
    You See The Regulator Sees WouldYouBeSatisfied With 99.73%AccuracyInYourCompliance? 0.27%Tolerance ForMistakes! 99.73%accuracy translates into thefollowing:  One hour of unsafe drinkingwater everymonth  Two unsafe landingseverydayat Chicago O’HareAirport  50 babiesdroppedat birth bydoctors everyday  500 incorrect operations everyweek  20,000incorrect drugprescriptionseveryyear  22,000checksdeductedfromthe wrong bankaccount everyhour
  • 17.
    Compliance is aboutidentifying the risks that the financial institution could encounter as a result of Failing ToComply (be it intentional or byerror); Conduct & Document comprehensive Risks Assessment; and the planned remedial measures in a manner appropriateto therequirements of the compliance rule! Compliance is Not Just About Following The written Rules!
  • 18.
    For many employees,the Compliance function, like any second line functional supportgroup,speaksadifferentlanguage: Theterminology differences canbedifficult, Theprocessesopaquetothe business,and Thedocumentation requirements time-consuming. How, then, can you get front-line employees to own the risks, thereby improvingtheir abilitytomakebusinessdecisions?
  • 19.
    OnGoingFollowup& Service  Opening Accounts Handling Objections, andComplaints  Cross-Selling  Updating Customer Profile (CIP),  Etc…. • Customer Risk Scoring • Customer Due Diligence Risk • Transaction Monitoring Systems • Cash Aggregation and Reporting Systems, • Etc….. “Compliance Cycle” must betainted with the ‘ServiceCulture’. AND“ServiceCycle” must becontaminated withthe ‘Compliance Culture’. BUTthetwo Cycles MUSTBE separated, buttheData Consolidated, and the Cycles Converge! OnGoingMonitoring& Compliance Service Cycle Compliance Cycle “Service Cycle” must speak to the “Compliance Cycle” and identify possible sources of failures (i.e.,risks)
  • 20.
    First-Line Of Defense:Are You a “Hunter” or a “Farmer”? Does This Question Bear Any Relevance To Risk-Taking Behavior? • There Are Two Dimensions To Every Service Offered: Benefits & Features. • Normally, You Sell the “Benefits”, and You Contract on the “Features”. WhoIsTheHunter? WhoIsTheFarmer? • Great at Handling Objections. • Most Likely to stretch the Truth. • They Dwell on the Benefits • They are pretty comfortable with risk-taking behaviour. • Great at Dealing with Customer Complaints. • Can’t promise more than they can effectively deliver. • They are normally intimately familiar with the Features. • They have the tendency to be risk- averse individuals.
  • 21.
    GetTheFirst Line ToOwnTheseEffort •Building a successful Compliance program isn't just about implementing a robust Compliance system or advanced analytics. It's about enabling a cultural shift by embedding a pervasive sense of Compliance awareness and ownershipatevery levelof theenterprise. • Every time an employee engages in a transaction or makes a decision, he or sheneeds toknow: • Willthishurtor helpthebusiness? • Will it get the financial institution in trouble or will it strengthen business performance? • Employee understanding of the balance between risks (i,.e., failure to comply) andrewardsiscriticaltosuccess.
  • 22.
    Focus on the“Why” of Compliance! • Employees need to understand why obligations matter; they may not see the value of it in the performanceof theirday-to-day jobs. • The more complex an organization is, the more essential it is to be able to translate its corevalues into clear behavioral terms, and expectations for all employees. • Simply focusing on compliance may help employees learn the rules, focusing on values willhelpassure that theyalso know what to dowhenthereisn’t arulefor something! • Focus on building a culture that will drive collaboration to manage risks and meet obligations. • Compliance requires being aware, thorough planning, and effective communication at all levelsof anorganization. • Today’s employees deserve to know why compliance initiatives matter; they want and needto feelliketheir contributions count!
  • 23.
    Bring ComplianceAwarenessToTheFrontLine • Communicatethe Business Value of the Compliance Program. It helps to use positive language alignedwithbusinessgrowthandsuccess. • Keep it Simple. Compliance terminologies and concepts aren't always easy to grasp. For instance, an issue, an incident and a risk may mean different things to a Compliance Officer – but to the firstline,theyoftenlook thesame.Trainingcanhelpclosetheseknowledgegaps. • Provide Support. Front-line employees need to know that the second line of defense exists not to police their every move anddecision, but to provide independentoversight andto support them in becomingbetterComplianceresponsibles. • Incentivize. One of the best ways to drive Compliance awareness into the first line is to provide incentives. For instance, policy compliance and loss avoidance behaviour can be linked to rewardsandrecognitionprograms. • Embed Analytics in the Backend. Once the first line starts playing a more active role in Compliance,thenextstepistomakesenseof theirinputs.
  • 24.
    Participative Compliance Full andConsistent Communication & Coordination with all Business Units Autocratic Compliance I Know what to do, and I will do it all alone. Myway orthe highway! Effective Compliance is everybody’s business . . .
  • 25.
    Forces @ Work ReshapingThe Practice of Compliance “The MiXed Dynamics” 1, 2, 3, 4, 5, 6, 7, 8, 9
  • 26.
    01.TheMiXed Dynamics Compliance isa Fluid Industry! • As if the “Compliance Universe” is trying to mimic the Complexity of the “Banking Universe”! ...Workforce Complexity istheNew Normal! • FATCA, CRS, GDPR, (what’s next?) have been globally rolled-out. Each Jurisdiction has auniqueapproach tothem yet globalparameters. • Organizations need to understand the nuances of classification under compliance rules, and then based on the outcomes find the best way to collect, compile, review, validate and communicate therequiredinformation toeachstakeholder. …You have no choice BUTTOADAPTTOTHESPEED OFTHESE INITIATIVES.
  • 27.
    Turnaround Time Expectationsof Compliance Teams Are Higher Than Ever! • The old days when compliance teams could take two days to respond to a request for information are over. …when the Board wants an update, theyneedsanswersin seconds! • Each Jurisdiction hasitsownrulesandformats. • Banks with International presence might have dozens of different sets ofrulestotackleinthe courseofcompliance! 02.The MiXed Dynamics
  • 28.
    Fragmentation of AdvisoryServices . . . • The Compliance Landscape is flooded with a colorful mix of service providers, including accountants, boutique firms,lawyers,andniche specialists. • ImagineWorking AcrossMultiple Jurisdictions! 03.TheMiXed Dynamics
  • 29.
    Resources Are Stretched. . . • Compliance was often at the end of the queue for capital andheadcount. • Although this is rapidly changing, when budgets tighten, complianceisoneof thefirsttobesqueezed. • This Exerts YetMore(andundue)PressureOnPerformance! 04.The MiXed Dynamics
  • 30.
    New Technology (WorkflowAutomation, AI Driven Monitoring, and Big Data Analytics) Are Here . . . • Compliance teams areengaged in DigitalTransformation, but the laws have not been catching up with the speed of technology, forcing compliance to adapt while remaining in a pending situation of status quo until the regulators catch enough speed. 05.The MiXed Dynamics DescriptiveAnalytics DiagnosticsAnalytics PredictiveAnalytics PrescriptiveAnalytics
  • 31.
    Risks (Intentional& Unintentional) Known toThe Financial Institution...With continuousefforts toIdentifymore Non-Identifiable Risk Non-IdentifiableRisk WhatisNormally UsedinRisk Identification: • Client InformationProfile • DueDiligence(DD) • EnhancedDD • Complete andUp-To-Date Client File, • Client Visits. • ProperFollow Up • Comprehensive& ConsistentDataabout the Market • Etc. Identified& Identifiable Risks • Expected Losses are normally controlled or metusingGross Income, • While Unexpected Losses require Capital. Transform Your Compliance From Reactive To Proactive, and Value-CreationDrivenUnit...YouHaveTheTools! The more Data you collect, the much more Risks will be identified, the better Understanding you willhave!
  • 32.
    Increasing OurUnderstanding ofPotential Outcomes (i.e., Impact) IncreasingEvidenceonProbabilityof occurrence(i.e.,Probability) Ambiguity Uncertainty Ignorance The Right Data Helps You Avoid Ambiguity, Ignorance, Uncertainty and Move in the Directionof Effective RiskManagement ... Effective Risk Management
  • 33.
    Tax Authorities HaveBeen Getting Much Tougher! • The words “fraud,” “Evasion,” and “Criminal Intents” have been what Compliance Units have to face with every day whensearching,documenting, reviewing, rejecting, etc. • But as well when explaining to the Boards the increase in compliance driven processes to combat, in form and in substance,anytaxevasion. 06. TheMiXed Dynamics
  • 34.
    There Are RisingDemands From Third-Parties! • The press has been increasingly interested in compliance stories! • Investors watch as well. Investors will steer clear of error- strewn companies affecting at times share price value and thus diminishedcapital-raisingpowers. 07.TheMiXedDynamics
  • 35.
    Transformation Of TheCompliance Function! • Compliance is no longer a Backroom operation; it’s been surely moving toward “Value Creation”! • Compliance issurelymoving toward the leadrolewithin organizations. • This will require a change of focus in terms of skill sets, with an emphasis on managerial and technical skills. • The ability to stay up-to-date, with the kind of regulatory issues that are required to ensure compliance, is demanding too much of existing resources and it is challenging toachieve cost efficiencies. 08. TheMiXed Dynamics
  • 36.
    Taxing The DigitalEconomy! • Unlike traditional companies, whose profits are taxed at value creation, digital technology companies conduct most transactions electronically. This makes it challengingto capturewherevalue iscreated, what itis,and how to measureit. • Digitally-Driven companies operate virtually all over the world; their profits, however, aretaxed only inthe jurisdiction wheretheyhave physical presence. • How Digitally-Driven Financial Institutions, that only exist in virtual reality, can be deemedFATCA, CRS and/or GDPRCompliant; ... Andbywhom?! • Is it possible to migrate FATCA and/or CRS Reportable Accounts to Digital Banking to evade(oravoid) tax implications?! 09. TheMiXed Dynamics
  • 38.
    PRIMARY SECONDARY • EmployeeFraud/ Malice (Criminal) • Payment/ settlement/delivery risk • Technology investmentrisk • Legal/Regulatory Risk /Public Liability • Unauthorized activity / Employee misdeed (Willful) • Employment Law • Workforce disruption • Loss or lackof key personnel • Documentation orcontract risk • Valuation /Pricing • Internal/ Externalreporting andcompliance • Project risk /Change management • SellingRisks • Systemdevelopment andimplementation • Systemsfailures • Systemssecurity breach • Systemscapacity • Criminal Activities • Out-sourcing /Supplier Risk • In-sourcingRisks • Disaster andInfrastructuralutilities Failures • Political andGovernment Risks PEOPLE PROCESSES SYSTEMS EXTERNAL Andgoto theroot- causeof these possible sourcesof failures.
  • 39.
    01.Inspect This! Count theNumber of Times the Letter “f” Appears in all of the Words Before You. Finished Files Are the Result of Years of Scientific StudyCombined WithYearsof Experience! If You Rely on Inspection Alone, There Is No Guarantee That You Will Get The Quality You Desire,andImprove Performance!10 Let’s PlayALittle ...
  • 40.
    02.Inspect This! Count theNumber of Times the Letter “F” Appears in all of the Words Before You. Finished Files Are the Result of Years of Scientific StudyCombined WithYearsof Experience! If You Rely on Inspection Alone, There Is No Guarantee That You Will Get The Quality You Desire,andImprove Performance!10 Let’s PlayALittle ...
  • 41.
    03.Inspect This! Count theNumber of Times the Letter “f” Appears in all of theWordsBefore You. Finished Files Are the Result of Years of Scientific Study CombinedWith Yearsof Experience! If You Rely on Inspection Alone, There Is No Guarantee That You Will Get The Quality You Desire,andImprove Performance!10 Let’s PlayALittle ...
  • 42.
    1 3 You were askedby a Zoo Keeper to pick One animal to take care of, for a day, inside a 25m2 room; and alone? Feel free:  To ask any question. I’m the Animal Keeper!  To do what you deem necessary to succeed. 2 4 PretendTheseAre4DifferentTypesofClients!
  • 43.
    Other Forces &Dynamics Reshaping Compliance
  • 44.
    What’s driving today’scompanies deeper and deeper into territories thatmostCEOs findfrighteninglyunfamiliar!. TheCustomers TheCompetition Coping WithChange TakingCharge Intensifying Not-Optional Risks Regulations Changing Exponentially Increasing AllRequireAttention ToDetails! Performance All Must Converge TechnologicalInnovationsExploding
  • 45.
  • 46.
    Acknowledge theDimensions ofYourJob:ManageBothProcesses&People,and DevelopDistinctiveOrganizational Capabilities. ProcessResponsibilities include: • Compliance UnitWorkPlanning • Budgeting • Scheduling • Task/Work Assignment • Identification of KPI,KRI,and KCI • WorkImplementation &ProblemSolving • Monitoring WorkProgress • Evaluating &ReportingResults PeopleResponsibilities include: • Developing work team and individual employeeskills &capabilities • Motivating employees • Coaching Employees • Monitoring and providing feedback on day- to-day performance • Conducting formal performance reviews • Developcompetentsuccessors • Carrying out disciplinary activity  KPI:KeyPerformanceIndicators  KRI:KeyRiskIndicators  KCI:KeyControl Indicators
  • 47.
    Culture(e.g., Ethics, Values,...) OperationalCapacity(e.g.,The capacity toget the job done. ..) Performance(e.g., Contribution to thebottom line. .. ) ExternalRelationsand Perception(e.g.,Goodwill, .. .) Functions (e.g.,Segregation of duties & responsibilities . ..) 00.Organizational(ComplianceUnit)CapacityEssentials
  • 48.
    CULTURE Vision/ Mission Values / Beliefs Rewards / Incentives Thesum total of values, beliefs, customs, traditions and meanings developed over years that make the organization unique, governs its character anddrives itforward. 01.WhatMakesAnOrganization(Compliance Unit)Strong?
  • 49.
    OPERATIONAL CAPACITY Governance Leadership/ Management Strategy Financial Management Human Resources Management Program/ Project Management Communication Infrastructure What is needed for the organization to put its programs, projects and activities in operation. 02.WhatMakesAnOrganization(Compliance Unit)Strong?
  • 50.
    PERFORMANCE Effectiveness Efficiency Relevance FinancialHealth What isneeded for the organization to meet its goals and objectives and to become viable. 03.WhatMakesAnOrganization(Compliance Unit)Strong?
  • 51.
    EXTERNAL RELATIONS AND PERCEPTION Rules and norms Legaland political framework Linkages and networks Ownershipand participation The environment (political, social, economic) in which the organization functions; how the organization is perceivedbyothers. 04.WhatMakesAnOrganization(Compliance Unit)Strong?
  • 52.
    FUNCTIONS Value-Generating services Promotion of quality/standard ofservice Advancing professional practice e.g.,Influencing the practiceand Compliance policy The reasons for which the organization exists! 05.WhatMakesAnOrganization(Compliance Unit)Strong?
  • 53.
    Capacity Assessment Data Analysis Improvement plan Implementation and Performance Measurement Pre-cycle Validation,Evaluation. Feedback Descriptive Diagnostic Predictive Prescriptive 06.WhatMakesAnOrganization(Compliance Unit)Strong?
  • 54.
  • 55.
    Organizational Resources • Financialassets • Physicalassets •Human resources • Intangibleassets • Structural-culturalassets Organizational Capabilities • Organizationalprocessesandroutines • Accumulatedknowledge • Actualworkactivities Core Competencies Distinctive Organizational Capabilities Value-Creation Advantage Performance Results 08.WhatGivesYourComplianceUnitTheEdge?
  • 56.
    Step 1 Step 2 Step3 Step 4 Step 5 GatherUp TheCompliance Unit Profile;the“as is”. Identify Sources Of Advantage & Disadvantage In The Core BusinessOf YourCompliance Unit. Describe All The Capabilities & Competencies Of Your Compliance Unit. Sort & Rank The Core Capabilities & Competencies According ToStrategicImportance. Identify And Agree On The Key Capabilities & Competencies. 08.HowToGiveYourComplianceUnitDistinctiveCapabilities
  • 57.
    FocusonQuality Decisions; notoutcomes whilebeing resultoriented! Itisallin yourhands...YOU DECIDE 09.HowToGiveYourComplianceUnitDistinctiveCapabilities
  • 58.
    Productive Engagement ResourcesDeployed IF THEREis a clear signal on the part of the firm to continue on serving the client, more datawill be collected andprocessed to identify, measureandmanageRisks (i.e.,Comply). Due Diligence Enhanced Due Diligence Risk-Based Approach Enhancing Organizational Capacities… Cost SkillsNeeds Know-How Analytics Collect, Store, andProcess Data ToImprove YourDecision-MakingCapacity! This is the Value-Creation Process in the course of performing and demonstrating Compliance! Client Information Profile De- Risking 10.HowToGiveYourComplianceUnitDistinctiveCapabilities
  • 59.
    ItIsAboutCreatingValue!  The notionof creating value for [Internal] customers [Sale] is critical to understanding customer needs and expectations and setting the right objectivesfor businessactivities.  Value depends on the full range of support services the customer experiences in “conducting the business”: Speed & Accuracy in Account-Opening Procedures;ClarityinRequired ComplianceForms,etc.
  • 60.
    AnalysingTheProcessMap... • HowmanySteps,Duplications,andHand-Offsinyourprocess?... Causesofdisruptions,complexityandpossibledelays. • Whatistheapproximatetimespent“IN”and“BETWEEN”eachStep?... TheProcessCycle-Time. • Wherearepossible Delays?...Why? • WherearemajorBottlenecks?...Why? • Howmanystepsdonotaddvalueforclients?...Aretheynecessary (i.e.,Controls)? • Wherearepossible problemsforclientsandstaff? ...AreThey Material?AreTheyAddressable?
  • 61.
    From TheComfort Of Home Walk-InThe Branch ActuallyPurchased TheProduct After Sales Service Start Start Cycle Ended To∞(Cycle NeverEnds) How YouWantToGoAbout Creating Value? A. Engaging ClientsWithYourBank. B. SellingClientsYour Bank’s Products &Services Compliance &SellingCycle
  • 62.
  • 63.
  • 64.
    ManagementProcesses  Strategic Direction Business Planning  Performance Measurement& Review CoreProcesses Customer, Management, Regulatory Authority Requirements Compliance (internal& external) Direction & Resources Performance Requirements Support Support Processes  People Management  SystemManagement  Administration  Financial Management
  • 65.
    InitialPhase:Setting Up (allow forhours) MaterialsNeeded:Flip Chart,Markers, etc Map AlternativePaths Use Map ToImprove Process More WaysTo Improve … Map ThePrimary Process Right TeamForProcess Yes No Do Over Intermediate Phase: Mapping(allow for hours) MaterialsNeeded: Flip Chart,Markers, etc. Advanced & Final PhaseandBeyond: Improving SelectTeam SelectAProcess Define The Process IntroduceControl Points List All the activities, and put them in a logical sequence, . . . Make sure every member of the Team is in on this. . . . Then, Drop them on a Process Map. This becomes possible after you have identified process risks, assessed theirimpacts, risk-ranked them,.... It could be a part of a Business Continuity Plan(BCP),...
  • 66.
  • 67.
    Categoriesof Waste:You NeedToSize TheSignificance Of YourWaste! Transport Moving “stuff” Injuries Damage to people Motion Unnecessary human movement Inventory “Stuff” waiting to be done Waiting People waiting for “stuff” to arrive Over processing “Stuff” we have to do but doesn’t add value Over production Producing too much “stuff” Defects “Stuff” that’s not right and needs fixing Staff Untapped potential
  • 68.
    Cross-Check Objectives withProcesses (Use a Matrix). Rate Each process in terms of its contribution to each business objectives. Processes BusinessObjectives MATRIXLike it or not, there are non-value added activities that we often engage in! Who is in a position to decide if an activity addsvalueornot?
  • 69.
    Control is anongoing process of data collection, data analysis, andcorrective actions. IsTheProcess InControl Corrective Actions YES N0 Collect Data Diagnosis to get to the root cause of the problem
  • 70.
    ProcessVariation Natural Variations Natural Limits TotalVariations OfTheProcess Un-Natural Variations Process Capability Study: Discover And EliminateCausesOfUn-Natural Variations.  Natural Variations: Anticipated Variations  Un-Natural Variations: Unanticipated Variations .
  • 71.
    MapGeneration–AnExample:RequestforPayment • Unit Level(processrequest,PrepareAccountOpeningForms, etc.) • Task Level (complete CIF, KYC, verify data, send forms for approval, etc.) • Action Level (information needed for the account opening, approval authority,method tosendrequest)
  • 73.
    “Over 30 yearsof Experience in Banking. mifheili@gmail.com (961) 3 337175 Mohammad Ibrahim Fheili He is currently serving as:  Risk, Capacity Building And Organizational Transformation Specialists.  Trainer in Risk & Compliance  University Lecturer: Economics, Risk, and Banking Operations Served as:  An Executive (AGM) at JTB Bank in Lebanon.  Senior Manager & Chief Risk Officer at Group Fransabank  Senior Manager at BankMed  An Economist at the Association of Banks in Lebanon  Mohammad received his college education (undergraduate & graduate) at Louisiana State University (LSU), and has been teaching Economics and Finance for over 25 continuous years at reputable universities in the USA (LSU) and Lebanon (LAU).  Finally, Mohammad published over 25 articles, of those many are in refereed Journals (e.g., Journal of Money Laundering & Control; Journal of Operational Risk; Journal of Law & Economics; etc.) and Bulletins.”