Practical insights for compliance and ethics professionals and commentary on the intersection of compliance and culture.

Round-up on compliance issues with PSD2 implementation

The Payment Services Directive 2 (PSD2) became effective in the European Union as of January 13, 2018.  These revised rules replace the first Payment Services Directive, which was previously in place from December 25, 2007.

The purpose of PSD2 is to provide stronger consumer protections when making electronic payments, especially in online purchases, promote fintech innovations in online and mobile payments as well as open banking applications, and improve the efficacy and safety of cross-border payments within the EU.


Selected Dirty Money episodes for corporate compliance

Dirty Money is a documentary series that premiered on Netflix in January 2018.  The series focuses on different case studies of corporate corruption.  The documentaries delve into the political and cultural causes behind the key events in each case, motivations of the individuals involved, and the way that society has been impacted by these situations, some of which remain under investigation or legal challenge.  While all the episodes are interesting to study for general themes of corporate compliance and/or ethical culture and organizational integrity, four of the episodes are especially relevant.


Round-up on anti-money laundering compliance

The practice of money laundering takes on many forms, all with the objective of transferring money earned from illegal activities into the legal financial system for further use.  These various strategies for transferring profits from theft, drug sales, bribery, or other illicit activities are all targeted for the criminals to gain access to legitimate banking and from there use the money for mainstream activities such as investing, shopping, or buying property.


MiFID II conduct principles and markets integrity

MiFID II – the second Markets in Financial Instruments Directive – became law across the European Union on January 3, 2018.  It’s intended to overhaul the entire supervisory framework for financial sector organizations who are in the EU, have clients in the EU, or wish to have access to or establish equivalency for the markets there.  Its predecessor law, MiFID I, became law in 2004 and was judged to have not stood the test of time in the aftermath of the global financial crisis.  Therefore the seven year drafting process – from 2010 to 2007 – that culminates in MiFID II implementation this year is aimed to set a higher regulatory standard for investment banks, broker-dealers, and other institutional market participants and their employees.

Much of the attention about MiFID II implementation has focused on the burden to organizations from financial costs, human capital and efforts, and changes in commercial strategy that will be required for firms to work toward compliance with the new laws.  The laws are thousands of pages long and touch nearly every area of the financial services markets.  Some of the major areas of focus in MiFID II are investment research, transaction reporting, and brokerage compensation arrangements.  However, the far reach of banking and securities markets activities into the economy means that laws intended to govern this sector have a broad and dramatic scope as well.


Round-up on compliance issues with blockchain technology

One of the hottest topics of 2017 is blockchain. This advancing technology is seemingly the possible solution to every business problem conceivable. Companies across all industries – as diverse as banking to food production and seemingly everywhere in between – are experimenting with how they might be able to use blockchain to make their reporting and related processes more reliable or efficient. Many are even contemplating how they may take advantage of blockchain to market software applications to other companies, hoping to enter the profitable fintech (financial technology), regtech (regulatory technology), or suptech (supervisory technology) markets.

But what is blockchain? Most famously, it is the core technological component of the well-known cryptocurrencies, such as Bitcoin or Ethereum. Simply put, blockchain is an open list of records (which comprise the “blocks”) which are securely linked together with cryptography. As the blocks are all linked together and independently identified with references to their linked blocks, the data contained therein is extra safe from individual manipulation or alteration. This is a decentralized computing system which is incredibly useful for recordkeeping and records management activities, especially those where security is especially important such as identity management and medical records.

Due to the broad desirability of a secure and adaptable record maintenance technology, blockchain, which was initially developed only less than a decade ago, has been a disruptive influence in many industries already. Across all business areas, companies are looking to blockchain for possible benefits, all relevant to compliance, to their reporting processes.

  • Transparency for pension fund reporting is one major potential use of blockchain. Following the Madoff scandal and other highly-publicized frauds in the investment management industry, there has been more pressure than ever in expectations for investor protection and reporting disclosures. Many pension funds have balked at public and supervisory demands for increased transparency due to the cost concerns for implementing additional reporting mechanisms in balance with very low profit margins. This reaction does not help to enhance trust between investor clients and this fraud-vulnerable industry. Therefore the decentralized, secure nature of blockchain offers appealing opportunities for filling this confidence vacuum. Blockchain-based platforms can get investors access to their own pension information without fears of data manipulation or increased cost burden on firms: How Blockchain is revolutionizing fraud prone industries
  • On a related note, banks and other financial institutions have borne much of the competitive pressure blockchain has created with the advent of cryptocurrencies – but they also stand to benefit from this, if they can make the best of it. Cryptocurrencies such as Bitcoin are a compelling alternative to the centralized, traditional banking system for customers who desire extra security or anonymity. While cryptocurrencies have been traditionally depicted as a safe haven for illegitimate or even illegal payment activities, the mainstream attention on them has created a broader appeal and audience for them. As a response to the interest their customers have shown in cryptocurrencies, banks have started to delve into the potential for the blockchain technology. Some has invested in tech start-up companies concentrating on various blockchain applications while others have delved more deeply into relationships with fintech partners. At this point banks’ proprietary efforts have mostly been restricted to in-house research on potential use of blockchain, but inevitably competitive momentum will start to drive larger institutions toward developing their own projects in this space. These developments are likely to encourage efficiency, inspire leaner and more innovative business models, and serve the regtech and suptech goals of increasing cooperation with regulatory authorities. Ultimately this could help to modernize and improve the persistently staid and legacy-driven banking industry into a bolder and more transparent business model:  How banks and financial institutions are implementing blockchain technology
  • The advertising industry is newly subject to regulatory scrutiny with the upcoming EU privacy directive, the General Data Protection Regulation (GDPR). This law will apply to any organization doing business in, using technology in, or targeting the citizens of, any EU country, so it has a broad global reach. The GDPR will impose new requirements for handling and controlling private data, including protective and disclosure obligations. Therefore blockchain-based solutions, which can be both secure against manipulation or leakage, and distributed with open access so that users making disclosure requests can see the information directly for themselves. This will help to reduce the burden of this reporting as well as improve cost margins rather than coming up with expensive and vulnerable in-house solutions or outsourcing the reporting to third-parties with their own attendant risks: How Blockchains Can Help the Ad Industry Comply With the GDPR
  • Commercial aviation is another industry looking to blockchain systems to help with its risks – this time in cybersecurity management. Airlines and support companies rely a lot on IT systems to do everything from fly and direct aircraft to book and manage passenger travel. These systems are highly imperfect, as system outages and computer crashes that lead to flight cancellations and stranded passengers show in the news each year. They are also vulnerable to cybersecurity risks where intruders could breach personal data, disrupt airline operations, or corrupt and steal client and aircraft information. Storing and protecting this data within vulnerable or old/legacy systems poses many cybersecurity challenges. The concept of tamper-proof blockchain technology is therefore compelling to the aviation industry for these obvious reasons. Blockchain could help to keep operational data safe and protect companies from cyberattacks. More importantly, pressure to adopt it could drive aviation companies to make the difficult yet very important technological updates and improvements to their systems which will serve safety and regulatory concerns alike: How Blockchain, Cloud Can Reinforce Cybersecurity in Commercial Aviation
  • The pharmaceutical industry has long been vexed by inaccurate and unreliable supply chain tracking. It is especially vulnerable to stolen and counterfeit medication entering the supply chain untracked and finding its way to patients, putting their safety at risk. Tracking medicine with blockchain could change all this. A consortium of pharmaceutical companies, including major firms Genentech and Pfizer, are already collaborating together on a tool called the MediLedger Project, which seeks to manage the pharmaceutical supply chain and track medicines within it to ensure that drug deliveries are recorded accurately and transparently. This would take the current complicated and inefficient network of software management in the supply chain to the next level, securing the supply chain with an integrated and decentralized blockchain system. It could also enable sharing of essential information from companies to partners and customers without exposing sensitive business information, a challenge in the industry so far: Big Pharma Turns to Blockchain to Track Meds

There are many potential advantages from a compliance perspective to blockchain, which has the potential to enhance transparency, protect privacy, address various process-driven risks, and strengthen cybersecurity controls, among other benefits. As the technology advances time will tell how broad the applications of blockchain may be across these diverse industries with similar needs for compliance risk management.


Round-up on evolving role of central banks

Central banks may have once been quite remote in their workings to the average person, relegated to seemingly academic and technical tasks of interest rate management and currency market machinations. Perhaps many people had only ever heard of the Federal Reserve and had no perspective on the worldwide system of international and supranational central banking.

The 2008 global financial crisis, however, thrust central banks worldwide into the spotlight. Economic news since that time garnered a lot of attention in the media as countries attempted to recover from the economic crisis and re-defined their financial systems to be more resilient and guided by a more effective controls framework. This effort has been one that started with a focus on free-wheeling rescue and stimulus and subsequently has morphed to still include those objectives, with somewhat more restraint when possible, but now also to visibly impact many other areas of the financial system and markets.

In this process, central banks around the world have found themselves in a bit of an existential quest to determine what their engagement level and scope will be. Technological advancements and changes in post-crisis regulatory and legislative priorities have pressured central banks to decide whether they will contribute to certain markets and identify the extent of their own autonomy within their national systems.

  • Bank of Russia is facing a possible national banking crisis, as two major banks have needed rescue due to liquidity problems in just a month’s time. In August, there was a run on deposits at Bank Otkritie FC. In September, B&N Bank asked for a bailout to increase liquidity. The current problem could stem from the central bank’s efforts to rejuvenate Russia’s banking industry in 2014 on the heels of financial troubles in the industry from falling oil prices and international sanctions. At that time, Bank of Russia offered inexpensive loans to major banks to encourage them to take over smaller ones that were not doing well.   This consolidation caused the large banks to take on the troubled assets of the small banks, which are now creating the current liquidity pressure. Otkritie even has alleged that the assets it acquired were fraudulently represented in the purchases. This suggests issues with Bank of Russia’s supervision of those entities. If these early bailouts cannot contain the problems then a privatization trend could take hold:  Russia to Bail Out Second Major Bank in Month as Troubles Spread
  • The Swiss National Bank is publicly listed on the Swiss stock exchange, with 48 percent of its shares privately owned. Some other countries do have central banks with private shareholders, but this year, the share price of the Swiss National Bank has almost doubled. This trading activity is an interesting anomaly, as shareholders do not stand to benefit from the Swiss National Bank’s interventions in the foreign currency markets to keep the value of franc down. It’s possible that some investors are speculating on this thinly-traded stock in order to profit from price volatility that is not hard to generate with fairly moderate-sized transactions. Other motivations could be shareholders hoping for a public-to-private buyout by the bank or a flight to quality:  The mysterious rise in shares of the Swiss National Bank 
  • South Africa’s central bank Reserve Bank claims its independence is under attack as the South African government has been encouraging lawmakers to redefine the mission of the bank from inflation management to promoting socioeconomic benefits for South Africans. The Reserve Bank has been targeted by the Public Protector who is charged with investigating a bailout by the central bank from 1992. Far from a neutral process, this investigation has been controversial and politically-charged, and it has been seen as seeking to undermine the independence and reputability of the central bank. This very public reputational dispute begs the question of how central banks worldwide may be blamed disproportionately for their country’s economic problems or pressured politically to adopt agendas contrary to their essential purpose:  South Africa Central Bank Says Anti-Graft Head Met Zuma Team
  • The hot market this year has definitely been in cryptocurrencies, and questions have abounded about how national supervisors would react to a proliferation of trading exchanges and market offerings in Bitcoin, Ethereum, and others. The People’s Bank of China (PBoC), China’s central bank, has issued probably the strongest regulatory challenge to the market for cryptocurrencies so far. The PBoC first banned initial coin offerings (ICOs), the IPOs of the cryptocurrencies market, and then ordered all trading exchanges in Beijing to cease trading cryptocurrencies and quit allowing new users to register. China’s relevant industry regulator, the National Internet Finance Association of China, fell in step with the PBoC to condemn cryptocurrencies as illegal, linked to illicit activities, and too risky for market stability and investor protection interests:  China Is Shutting Down All of Beijing’s Bitcoin and Cryptocurrency Exchanges
  • However, not all central banks have had such an allergic reaction to bitcoin and other cryptocurrencies. Taking in stride the possible risks and undesirable associations, others are contemplating whether the way to manage speculative trading in their own currency markets might be to join in issuing cryptocurrencies as well. This “if you can’t beat them, join them” approach has been suggested by the Bank for International Settlements, a consortium of national central banks based in Switzerland. Some central banks, including the Bank of England and the Bank of Canada, are already experimenting with blockchain technology for interbank payment systems. The Reserve Bank of India is also looking into blockchain and even considering issuing its own cryptocurrency, as is the Estonian Ministry of Finance (to the disapproval of the European Central Bank). The overall verdict is that central banks need to take more time to consider their own interests before becoming enthusiastic cryptocurrency offerors, but the enticement of participating in the market in hopes of stemming potential risks to the financial system and their own monetary policy may prove too much to resist:  The Bitcoin Bandwagon: Central Banks Consider Their Own Cryptocurrencies

As the global economy continues to deepen in complexity and interconnectedness, inevitably bouncing between financial recovery and relapse, the role of central banks in this worldwide system will also keep evolving. Systemic changes in the market and transformative advancements in technology both represent threats to, but also opportunities for, the traditional central banking system.


Whistleblowers from significant scandals in financial services

This is the first of a three-part series profiling whistleblowers in different industries. This starts with today’s post, focused on the financial services industry, describing events where whistleblowers came forward to expose misconduct in investment banking, wealth management, and accounting. Tuesday November 7th’s post will cover the pharmaceutical industry, including AstraZeneca, Pfizer, and more. The post for Tuesday November 14 will be about whistleblowers who exposed high-profile corporate fraud in diverse companies such as WorldCom and Archer Daniels Midland.

Whistleblowers in the financial services industry have sparked reform for investor protection and shed light on the often secretive or mysterious culture within banking organizations, where trouble can be hidden from competitors and the public alike, as cultural problems deepen inside the organization completely unchecked by controls or encouraged by business strategy.

  • Bradley Birkenfeld, UBS: Brad Birkenfeld is an American banker. His disclosures regarding actions by UBS Group AG that enabled US tax evasion led to a $780 million fine from the US Department of Justice against UBS and publication of information that exposed the previously mysterious world of Swiss private banking. Indeed, Switzerland amended its federal banking law in 2009 and over the years subsequent made significant contributions to cooperation with other countries regarding reporting of tax data of their citizens. In 2013, Switzerland signed the Convention on Mutual Administrative Assistance in Tax Matters, cementing this obligation to roll back banking secrecy in this treaty which over 60 countries signed. For more on Brad Birkenfeld, who both did jail time and received a $104 million reward for his disclosure, check out this Bloomberg profile of him.
  • Rudolf Elmer, Julius Baer: Rudolf Elmer worked for the Swiss private bank Julius Baer for almost twenty years. In his last role, he was the head of the bank’s Caribbean operations for eight years. In 2002, the bank discovered that internal data had been stolen and subjected all employees to a lie detector test. Elmer declined the test once and then took it and failed, leading to this termination. Following this Elmer spent several years trying to share the information he had taken, culminating in releasing a cache of documents to WikiLeaks in 2008 and again in 2011. These documents provided evidence supporting allegations that Julius Baer had facilitated clients’ tax evasion through banking practices in the Cayman Islands. Elmer was tried several times in court for breach of banking and business secrecy laws, which historically have been notoriously tough in Switzerland, but have begun to be rolled back or scrutinized in the wake of cases such as Julius Baer’s.   Elmer also faced charges of harassment and other nuisance offenses for public disputes he got into with the bank and its employees, which demonstrates the complex and sometimes problematic emotional impact whistleblowing can have on people and their relationships with their ex-employers and ex-colleagues. In 2016, Julius Baer settled a deferred prosecution agreement, related to aiding US citizens in the commission of tax evasion, with the US Department of Justice for $547 million. For more information on this, check out this Forbes article from 2016.
  • Richard Bowen, Citigroup: Richard Bowen was a senior executive at Citigroup in the period leading up to the 2008 global financial crisis. He was the chief underwriter of the Consumer Lending Group unit, and in this capacity he was responsible for evaluating and maintaining the creditworthiness of the unit. From June 2006 on, Bowen warned the board of directors of Citigroup about major issues in the risky mortgages being bought and sold by the unit. Bowen reported evidence to the board that many of these mortgages were defective, fraudulent, or both. Despite Bowen’s weekly warnings via required reporting throughout 2006 and 2007, the board did not take action. Bowen requested outside investigations of the Consumer Lending Group unit which substantiated his reports and showed that the unit had been operating with insufficient controls against these risks since 2005. This information should have been provided to shareholders per the Sarbanes-Oxley Act, but it was not, despite the fact that the bank claimed compliance with the Sarbanes-Oxley Act during this period. In exchange for his whistleblowing, Citigroup took away most of Bowen’s responsibilities and eventually fired him. Bowen offered crucial testimony to the Financial Crisis Inquiry Commission in 2010. He is now a motivational speaker on ethical leadership and corporate culture within the banking industry. For a look at what happened to Richard Bowen after he blew the whistle on Citigroup, check out this New York times article from 2013.
  • Antoine Deltour, PricewaterhouseCoopers: Antoine Deltour was a French employee of PricewaterhouseCoopers who was involved in providing information to the press related to tax rulings in Luxembourg for multinational companies. The documents became known as the Luxembourg Leaks and were the focus of a global investigation conducted and published by the International Consortium of Investigative Journalists. The investigation showed that PwC and other major accounting firms were facilitating registration in Luxembourg by multinational companies in order to benefit from advantageous tax rulings for revene reallocation. The legality of these practices is questionable on a number of grounds, including anti-trust, market abuse, and tax deals as illegal state aid. As a result of the disclosures, Deltour and his fellow PwC employee who also released documents, Raphael Halet, received prison sentences (later changed to suspended or overturned) and fines, but have also received a lot of credit for helping to shed light on the secretive practices surrounding these Luxembourg tax rulings and brought greater attention to the need to identify and prevent state-sponsored tax avoidance and evasion. In this sense, like the Julius Baer case, the whistleblower helped to ignite an open dialog about whether banking secrecy laws serve the public interest. For more on this sentiment, check out this piece about the role of citizens in holding the EU accountable.

Individuals like the above speaking up about misconduct they suspect or observe in the financial services industry have brought much-needed exposure and change to business practices. They have also often been punished, fired, criticized, or doubted for their bold decision to expose wrongdoing by their employer and/or colleagues. The 2009 US Dodd-Frank Wall Street Reform and Consumer Protection Act, which was intended to promote transparency and prevent fraud in the financial services industry, now prohibits retaliation against whistleblowers and expands the powers of the Securities and Exchange Commission in order to provide for other protections and rewards for whistleblowers who speak up about corporate malfeasance. Nonetheless, whistleblowers in the US continue to face retribution for their actions, and in Europe they remain open to legal liability in addition, as their disclosures break laws that some may say are designed to enable the concealment of other fraudulent or illegal practices.

Check back in two weeks, on Tuesday November 7, for the second post in this series of three about whistleblowers in historical events. Next Tuesday’s post will discuss individuals who exposed fraudulent business practices in the pharmaceutical industry.


Wells Fargo’s culture of non-compliance

Wells Fargo is embroiled in an ongoing crisis regarding fraudulent business practices in many areas of its banking enterprise. The scandal continues to unfold and touch different areas of Wells Fargo’s operations, from unwanted credit card accounts to unauthorized auto insurance products to excessive fees for merchant banking.

So far the only tangible outcome of congressional investigations, endless scrutiny by the press, and a supervisory board shake-up has been continued discovery of further misleading and dishonest conduct at the expense of the bank’s customers. It remains to be seen whether Wells Fargo can rehabilitate itself and regain the trust of the public and its many stakeholders in government and the financial services industry.

Clearly, however, such a pervasive fraud as this one indicates that Wells Fargo is afflicted with a culture of non-compliance. Rather than valuing ethical and sustainable approaches to commercial interests and putting duty of care to the client first, Wells Fargo chased profits via volume and local management encouraged unethical decision-making to enable bankers to pad the bottom line for themselves and the bank.

This conduct appears to have been only worsened by the financial crisis of 2008, when employees drove themselves to hit increasing sales quotas by engaging in gaming, which is opening accounts only to close them shortly thereafter and then open new accounts. Unethical practices, such as these unauthorized account openings and use of false identifications on accounts, at local branches were openly known as business as usual during this period. Wells Fargo appears to have incentivized this conduct in order to meet financial goals during a complicated, depressed market. Employees questioned the practices but ultimately acquiesced because jobs were hard to come by in the business and the income was precious.

A deeper look into Wells Fargo’s corporate culture in these years reveals a cutthroat, competitive environment where sales principles were constantly reinforced and valued over all others. Demands for profits and achievements in opening new accounts and selling products to generate fees were never tempered by encouragement to remember that treating the customer with honesty and respect was the most important business principle of all. Branch managers allowed and encouraged fraudulent conduct by their employees in order to meet regional and head office standards and appear successful. In this culture, worsened by the overall pressure of the Great Recession in general and the financial services industry specifically, good people did many bad things.

The only choice for Wells Fargo going forward in order to restore their credibility is to cultivate a bank-wide culture of compliance. Employee awareness of integrity, fiduciary duties, and obligations to ethical and honest decision-making must be instilled and reinforced regularly. Management, both locally and at the top, must set a rigorous tone of devotion to compliance practices. Sales quota directives should always be accompanied by moral warnings and should be set at a level where cheating is not the inevitable method for success. Sustainability of business practices, over time, should be expressed as the way to make money and service clients: quality, not quantity. Single-minded competitive pressure may be inherent to the sales business, but this needs to be tempered by having compliance and ethics as a core goal and performance metric.

For a more detailed look into the conduct causes behind Wells Fargo’s financial fraud scandals, read Bethany McLean’s story for Vanity Fair.