1. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Compliance &
The Common Reporting Standard ‐ CRS
The Ripple Effects Of Compliance . . .
Compliance is a tough job, and it is only getting tougher.
We are dealing with an avalanche of new rules and requirements at an ever-
increasing speed.
Enforcement is evolving.
Transparency is the New Rule!
Facilitator
2. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
The Ever Increasing
Demands of Regulators
It takes so long for the rules to change . . . by the time they are creeping into
existence the markets have changed!
3. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Compliance is No Walk In The
Park!
It’s been very challenging to work in Compliance. There is a Number of
Mixed Dynamics at the workplace which make organizations prone to
mistakes (and more mistakes)!
4. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
The Mixed Dynamics . . 1
Compliance is a Fluid Industry!
• As if the “Compliance Universe” is trying to mimic the Complexity of the
“Banking Universe” in general!
• CRS is halfway a global roll‐out with early adopters, being joined by a
second wave of late adopters this year. Each Jurisdiction has a unique
approach to it yet global parameters.
• Organizations need to understand the nuances of classification under CRS
rules, and then based on the outcomes find the best way to collect,
compile review, validate and communicate the required information in
each jurisdiction.
• The same applies to the Ultimate Beneficial Owner (UBO)
… You have no choice BUT TO ADAPT TO THE SPEED OF THESE INITIATIVES.
5. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
BankingModelOverburdenedWithConstraints...
6. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
The Basel Accordwith a LONG History of Incomplete Implementation
Basel I
Basel II
Credit Risk
Credit Risk
Market Risk
Operational Risk
1986 proposed
1999 proposed
1988 effective
2007 effective
Basel III
Credit Risk
Market Risk
Operational Risk
Capital Quality
Additional Buffers
Liquidity: LCR, NSFR
2009 proposed
Completed Dec 2017
Amendments
Amendments
Basel 2 ½
Basel 1 ½
Amendments
Basel3½
Basel IV
20_ _ Anticipated
Kick Off in 20 _ _
• Capital Requirements
• Liquidity Requirements
• Disclosure Requirements
• National Divergences
• Risk Sensitivity
• Use of Internal Models in
Decision Making
• Total Risks = Credit Plus
Market Risks
• Internal Models Emerged
• Later on, Tier 3 Capital
• Enhanced Pillar 2, 3
• Complex Securitization
obtained higher Risk
Weights.
• Trading Books
7. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Turnaround Time Expectations of Compliance Teams Are Higher Than
Ever!
• The old days when compliance teams could take two days to respond
to a request for information are now over. …when the Board wants an
update, they needs answers in minutes!
• Each Jurisdiction has its own rules and formats, and data gathering to
resolve matters is not always at hand. Banks with International
presence might have dozens of different sets of rules.
The Mixed Dynamics . . 2
8. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Compliance
Non-Compliance
Compliance
Non-Compliance
De-Risking
Compliance
Non-Compliance
De-Risking
Compliance
Non-Compliance
De-Risking
Compliance Has Evolved (Not By Choice…)
Choice Obligations
Due Diligence
Convention. . .
Abundance of
AML Rules. . .
9. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Mgmt. Committee
Risk Management
Board of Directors
Board Committees
Mgmt. Committee
Risk Management
Board of Directors
Board Committees
Mgmt. Committee
Risk Management
Board of Directors
Board Committees
Mgmt. Committee
Risk Management
Board of Directors
Board Committees
External AuditorExternal AuditorExternal AuditorExternal Auditor
ProactiveRe‐active / ProactiveRe‐active ? !Re‐active ? !
The
COMPLIANCE
Decision-
Making
Process has
Changed
Dramatically.
with that,
Accountability
has been
modified to
include ALL.
Rules of
Engagement
are NO LONGER
the Same!
Choice Obligations
Law Makers Law Makers Law Makers Law Makers
Compliance Has fast Evolved (Not By Choice…)
AML Compliance UnitAML Compliance UnitAML Compliance UnitCompliance Officer
Corporate ComplianceCorporate ComplianceCorporate ComplianceCorporate Compliance
Legal UnitLegal UnitLegal UnitLegal Unit
Skin In The Game!
External & InternalExternal & InternalExternal RulesExternal Guidelines
10. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Fragmentation of Advisory Services . . .
• The Compliance Landscape is flooded with a colorful mix of service
providers, including accountants, boutique firms, lawyers, and niche
specialists.
• Imagine Working Across Multiple Jurisdictions!
The Mixed Dynamics . . 3
11. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Resources Are Stretched . . .
• Compliance was often at the end of the queue for capital and
headcount.
• Although this is rapidly changing, when budgets tighten, compliance
is one of the first to be squeezed.
• This Exerts Yet More (and undue) Pressure On Performance!
The Mixed Dynamics . . 4
12. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
New Technology (Robotic Process Automation and Big Data Analytics)
Are arriving . . .
• Compliance teams are engaged in Digital Transformation, but laws
might not go at the speed of technology, forcing compliance to adapt
while remaining in a pending situation of status quo until the
regulators catch enough speed.
The Mixed Dynamics . . 5
13. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Jurisdiction“A”TaxAdministration
ConfidentialityandDataSafeguard
RequirementsinPlace.
Jurisdiction“B”TaxAdministration
ConfidentialityandDataSafeguard
RequirementsinPlace.
Information Reporting
in relation to Tax
Residents of
jurisdiction “B”, in
accordance with
Jurisdiction “A”’s
domestic reporting
requirements.
Information Reporting
in relation to Tax
Residents of
jurisdiction “A”, in
accordance with
Jurisdiction “B”’s
domestic reporting
requirements.
ITPlatform ITPlatform
Jurisdiction“A”Financial
Institutions
Jurisdiction“B”Financial
Institutions
Information Exchange, in accordance with
the underlying legal instrument and the
Competent Authority Agreement between
Jurisdictions A & B
Jurisdiction “A” Jurisdiction “B”
Account Holders are Individuals & Entities
AccountHolders
AccountHolders
AccountHolders
AccountHolders
AccountHolders
AccountHolders
AccountHolders
AccountHolders
AccountHolders
AccountHolders
AccountHolders
AccountHolders
Reportable
Accounts
Reportable
Accounts
14. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Legal Framework
Tax Residency,Tax Evasion,
Double Taxation, ...
ITPlatform:Technical
Framework
FinancialInstitutions:
Administrative Framework
Jurisdiction “A” Jurisdiction “B”
Sending …..
….. Receiving
Legal Framework
Tax Residency,Tax Evasion,
Double Taxation, ...
1. Collecting and reporting the information:
• The Format to report the data is decided by the Tax Administration.
• Will There Be Transmission and encryption standards? Who sets these
Standards.
2. Receiving the information to send:
• Operational Security.
• Who Validates the data?
• Restricted Use of the data.
3. Sending the information:
• Sorting the data.
• The format to exchange data
• Will There Be Transmission and encryption
standards? Who sets these Standards.
4. Receiving the information:
• Operational Security.
• Restricted Use of the data.
Every CRS Participating Jurisdiction is on
the Sending & Receiving Ends
simultaneously.
Whose Responsibility Are Security
Breaches?!
Whose Responsibility Are Errors in
Sorting the Data?!
Etc.
15. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Tackling CRS Compliance Issue. . .
16. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Extent of Engagement in Serving The Client
ResourcesDeployed
DD
EDD
RBA
IF THERE is a clear signal on the
part of the Bank to continue on
serving the client, more data will have
to be collected, effectively
warehoused, and processed to
identify, measure and manage
RISKS.
IF YOU lack the resources and know-
how to serve in a Complex Business
Environment, derisk !!!!!!
Enhancing Capabilities …
Cost
Know‐How
Analytics
Data is Rendered More Important Than The Client [The Person] . . .
Collecting, Storing, and Processing Data MUST BE a Conscious Decision …
NOT A RANDOM EVENT on the Corporate Landscape . . .
New Client
Skills Needs
17. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
The Tools To Collect The Data, or To Understand The Client, and Understand the
Business Are already Available!
Collect Data Before and at
Engagement, and Continue to
do so beyond the date of
recognition…Systematically
Collecting Data haphazardly is
NOT PRODUCTIVE in the era of
Heavy Compliance!
Risks Taking (Intentional
& Unintentional) Known
to The Financial
Institution . . . With
continuous efforts to
Identify more
Non-Identifiable Risk
Non-IdentifiableRisk
Financial Institution’s Risk/Data Population
What is Normally Used in
Risk Identification:
• CIP
• KYC
• DD
• EDD
• Complete and Up‐To‐
Date Client File,
• Client Visits.
• Proper Follow Up
• Comprehensive &
Consistent Data about
the Market
• Etc.
Identified &
Identifiable
Risks
• Expected Losses are
normally controlled or
met using Gross Income,
• While Unexpected Losses
require Capital.
AML
Compliance
Risk is an
Operational
Risk . . .
Data For
Asset
Accounts
Data For
Liability
Accounts
Asset Liability
Or
Bank DATA …!
18. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
CIP, KYC
Branch
OnGoingMonitoring&Compliance
Client is
Engaged
Compliance Cycle
Service Cycle
End
DD, EDD
OnGoingFollowup&Service
Handling Complaints
Cross‐Selling
Updating Customer Profile
(CIP),
Etc….
Possible RISK: IF “Satisfaction”
Ends Up Competing with
“Compliance”
Customer Risk Scoring
Customer Due Diligence Risk
Automated Transaction Monitoring Systems
Cash Aggregation and Reporting Systems,
Etc…..
“Compliance Cycle” must be
tainted with the ‘Service
Culture’.
AND “Service Cycle” must be
contaminated with the
‘Compliance Culture’.
BUT the two Cycles MUST
BE separated.
At the Level of
Interfacing with the
Clients, …
19. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Increasing Our Understanding of Potential Outcomes
(i.e., Impact)Increasing Evidence on Probability of
occurrence (i.e., Probability)
Ambiguity
Uncertainty
Ignorance
The Right Data Helps You Discriminate Between Ambiguity, Ignorance ,
Uncertainty and Risk Management . . .
De-Risking
Accentuate The
Positives In The
AML Compliance
Process
UN-Regulated
AML
Compliance
Risk is an
Operational
Risk . . .
20. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Tax Authorities Have Been Getting Much Tougher . . .
• The words “fraud,” “Evasion,” and “Criminal Intents” have been what
compliance departments have been faced with every day when
searching, documenting, reviewing, rejecting, etc. –
• but here as well when explaining to the Boards the increase in
compliance driven processes to combat, in form and in substance, any
of tax evasion.
The Mixed Dynamics . . 6
21. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Choice Obligations
Legal Obligations (Law 318, 44)
LegalManagement
22. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Borrowers
Deficit Spending
Units ‐DSUs
• Individuals
(Current Income is LESS
than Current
Expenditures)
• Firms (Earnings falls
short of what the firm
needs currently)
• Government
(Current Revenues fall
short of planned
Expenditures)
• Financial
Intermediaries
(Funding is currently
LESS than investment)
Lenders
Surplus
Spending Units ‐
SSUs
• Individuals
(Current Income is
GREATER than Current
Expenditures)
• Firms (Earnings in
excess of what the firm
needs currently)
• Government
(Current Revenues are
in excess of planned
Expenditures)
• Financial
Intermediaries
(Funding is currently
GREATER than
investment)
WhereWill SSUswarehousetheirSurplusesofFund?
Shadow Banking
(Non-Reportable
Institutions
Banks
(ReportableInstitutions)
Financial Markets
(NotallareReportable
Institutions)
NOTSubjectTo:
FATCA
CRS
OtherAMLRules
SubjectTo:
FATCA
CRS
OtherAMLRules
FinancialLandscape
Conduit of
Monetary Policies
SubjectTo:
FATCA
CRS
OtherAMLRules
23. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
The Mixed Dynamics . . 7
There Are Rising Demands From Third-Parties . . .
• The press has been increasingly interested in compliance stories!
• Investors watch as well. Investors will steer clear of error‐strewn
companies affecting at times share price value and thus diminished
capital‐raising powers.
Compliance Is Now Too Complex To Approach In An Ad Hoc Manner . . .
24. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Transformation Of The Compliance Function . . .
• There is plenty of evidence that the transformation of the Compliance
Function is Significant.
• Compliance is not longer a Backroom operation!
• Compliance is slowly, but surely, moving toward the Lead Role within
organizations.
• This will require a change of focus in terms of skill sets, with an emphasis
on managerial and technical skills.
• The ability to stay up‐to‐date, with the kind of regulatory issues that are
required to ensure compliance, is demanding too much of existing
resources and it is challenging to achieve cost efficiencies.
The Mixed Dynamics . . 8
25. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Compliance By Fear …
Higher Probability of De‐
Risking
Non‐Compliance By
Mistake… Due to lack of
understanding … De‐Risking
is a more likely outcome.
Since De‐Risking has been on the rise, it must
be that most of us have been complying ’By
Fear’. A Camouflaged Compliance
We’re becoming increasingly good at
COMPLIANCE
BUT not in Assessing & Addressing the RISK of
Compliance AND that of Non‐Compliance
Moving Risks to Opaque Banking has proven
to be Very Risky (e.g., Last Financial Crisis)
26. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
FATCA Participating
Financial Institutions in
Various Countries
MonetaryAuthority
FinancialInstitutions
FiscalAuthority
USFiscalAuthority
Financial Institutions (FIs) are required to report Directly to US
Tax Authority on Reportable Accounts.
The Burden of proof is on the FI, and the FI is held accountable,
by US Tax Authority, for “Non-Compliance”.
Due Diligence is required. The FI, in a non-US Jurisdiction, is
deemed Non-Compliant by the US Tax Authority.
Scope: Any country where there can be a FATCA Reportable
Account.
The Monetary and Fiscal Authorities, in “FATCA Participating
Countries”, play no party to all this!
AccountHolders
AccountHolders
AccountHolders
AccountHolders
AccountHolders
AccountHolders
27. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
CRS Participating
Countries
MonetaryAuthority
FinancialInstitutions
FiscalAuthority
OECD:CRSParticipatingTaxAuthority
C.R.S.AccountHolders
AccountHolders
AccountHolders
AccountHolders
AccountHolders
AccountHolders
Financial Institutions (FIs) in participating Jurisdictions are required
to report to own-Jurisdiction Tax Authority on Reportable Accounts.
The Burden of proof of “Tax Residency” is on the Account Holder.
Due Diligence is required by the FI. The Account Holder is
responsible to provide the FI accurate, updated and complete
information about his/her/its (Entities) Tax Residency.
The FI is deemed Non-Compliant by its own Tax Authority! Or … ?
Scope of CRS Reporting by FI: on any Account Holder who is a Tax
Resident in one (or more of the) CRS Participating Countries; except
its own – A Lebanese FI does not Report on strictly Lebanese Tax Payers under CRS.
The Monetary Authorities, in the CRS participating countries, play no
party to all this!
28. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Legal Framework
Tax Residency,Tax Evasion,
Double Taxation, ...
ITPlatform:Technical
Framework
FinancialInstitutions:
Administrative Framework
Jurisdiction “A”
The legal framework for the collection and exchange of
information will be ONLY between “Participating
Jurisdictions,” and it’s only a part of the framework
when it comes to implementing the CRS Standard.
Tax administrations also require technical and
administrative capacity to properly manage the
information (whether sending or receiving data).
It is important to consider these requirements early in
the implementation process to ensure adequate resources
are put in place by the time of exchange.
AccountHolders
AccountHolders
AccountHolders
AccountHolders
AccountHolders
AccountHolders
Jurisdiction “B”
Sending …..
….. Receiving
ConduitofMonetary
Policies
UnderCRS:Conduit
ofFiscalPolicies!?
Legal Framework
Tax Residency,Tax Evasion,
Double Taxation, ...
29. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Legal Framework
Tax Residency,Tax Evasion,
Double Taxation, ...
ITPlatform:Technical
Framework
FinancialInstitutions:
Administrative Framework
Jurisdiction “A”
The Four Core Requirements To Implement CRS:
1. Translating the reporting and due diligence rules into
domestic law, including rules to ensure their effective
implementation.
2. Selecting a legal basis for the automatic exchange of
information.
3. Putting in place Information Technology (IT) and
Administrative infrastructure and resources.
4. Protecting Confidentiality and safeguarding data.
AccountHolders
AccountHolders
AccountHolders
AccountHolders
AccountHolders
AccountHolders
Jurisdiction “B”
Sending …..
….. Receiving
ConduitofMonetary
Policies
UnderCRS:Conduit
ofFiscalPolicies!?
Legal Framework
Tax Residency,Tax Evasion,
Double Taxation, ...
30. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
OECD Member Country
MonetaryAuthority
FinancialInstitutions
FiscalAuthority
OECD:CRSParticipatingTaxAuthority
C.R.S.
What is the role of Own Jurisdiction Tax Authority in case of Non-Compliance? Has Non-
Compliance Been Clearly Defined? How will the issue of non-compliance be addressed?
Failure To Report on Tax
Residents! Be it:
• Intentional?
• Unintentional?
Failure To Report on
Tax Evaders! Be it:
• Intentional?
• Unintentional?
Failure To Report
Due to Account
Holder’s Failure to
effectively &
Accurately report
Tax Residency!
AccountHolders
AccountHolders
AccountHolders
AccountHolders
AccountHolders
AccountHolders
CRS shall blur the
dividing lines
between Tax Evasion
(illegal) and Tax
Avoidance (legal)!
31. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Taxing The Digital Economy . . .
• Unlike traditional companies, whose profits are taxed at value creation,
digital technology companies conduct most transactions electronically.
This makes it challenging to capture where value is created, what it is,
and how to measure it. Digital technology companies operate virtually all
over Europe, their profits, however, are taxed only in the state where
they have physical presence.
• How Digital Financial Institutions, that only exist in virtual reality, can
be deemed FATCA and/or CRS Compliant?!
• Is it possible to migrate FATCA and/or CRS Reportable Accounts to
Digital Banking to evade (or avoid) tax implications?!
The Mixed Dynamics . . 9
32. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
My Fear is that the only Crime which matters
in this new era of AML Compliance is going
to be “Tax Evasion”…
33. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
With FATCA and CRS, the Burden of Tax Collection and Tax Compliance have landed on the back
of Financial Institutions (FIs) and rendered those FIs effective Conduits of Fiscal Policies Instead
of staying busy doing what they do best – Conduits of Monetary Policies.
34. Mohammad Ibrahim Fheili / Risk & Capacity Building Specialist / eMail: mifheili@gmail.com Mobile: +961 3 33 71 75
Facilitator’s Biography
Risk & Capacity Building Specialist.
Trainer in Risk & Compliance
University Lecturer: Economics, Risk, and Banking Operations
Currently serves in the capacity of an Executive (AGM) at JTB Bank
in Lebanon.
Served as:
Senior Manager & Chief Risk Officer at Group Fransabank
Senior Manager at BankMed
An Economist at the Association of Banks in Lebanon
Mohammad received his college education (undergraduate &
graduate) at Louisiana State University (LSU), and has been
teaching Economics and Finance for over 25 continuous years at
reputable universities in the USA (LSU) and Lebanon (LAU).
Finally, Mohammad published over 25 articles, of those many are in
refereed Journals (e.g., Journal of Money Laundering & Control;
Journal of Operational Risk; Journal of Law & Economics; etc.) and
Bulletins.”
“Over 30 years of Experience in Banking.
mifheili@gmail.com (961) 3 337175