Fintelekt Advisory Services and the Asian Bankers Association presented the webinar on Business Compliance on May 3, 2023. More than 650 participants from across 40+ countries were registered.
Shirish Pathak, Managing Director, Fintelekt Advisory Services hosted the webinar, with speakers Boren Kork, Chief Legal & Compliance Officer from J Trust Royal Bank, Cambodia, Md. Abdullah Al Mamun, Deputy Managing Director from Dutch-Bangla Bank, Bangladesh and Noel Christopher Casuncad, Chief Compliance Officer & Head of Legal from Starpay Corporation, Philippines.
Shirish: Business teams are the first line of defence, and need to be aware of AML/CFT regulations of the country they operate in. Whether organisations operate locally or globally, how should the customer-facing staff keep up with the ever-changing regulatory landscape and help the organisation stay compliant?
Boren: Everyone including the front line should be fully aware of the law. Claiming ignorance of regulations after committing a wrongdoing is not acceptable. Moreover, someone should be watching the activities in the organisation, and that ‘someone’ should be the compliance team. The key role of compliance is to keep the organisation updated about the regulations and provide regular reminders about the institution’s obligations to stay compliant.
“Business is a lot like driving. If you don’t understand the rules and regulations and don’t follow the general principle, the result will be chaos.”
Boren Kork, Chief Legal & Compliance Officer, J Trust Royal Bank, Cambodia
Noel: The role of the management is to cultivate a culture of compliance and ensure that regulations are monitored, disseminated and discussed with the first line. If there is a culture of compliance, the front line will be conscious and deliberate in complying with obligations. Front liners should be well trained and provided with ready access to a copy of the regulations, which should be discussed and explained in a simple manner for them to better appreciate its importance. The front line should have an opportunity to ask questions and clarifications and be encouraged to have continuous learning. They should be provided with practical exercises to assess their comprehension of the regulation. The role of internal audit, which is the third line of defence is to check compliance and conformity with rules and regulations. The potential of technology should be fully tapped to better disseminate compliance knowledge within the organisation.
Shirish: Is there a “Tick the box” mentality in some sectors which are new reporting entities; how should one build an effective culture of compliance amongst business teams from such sectors?
Mamun: Some of the new sectors have emerged relatively quickly, but the associated laws and regulations are not promulgated with the same speed. Often, they are reactive and based on trial and error. This was especially true of areas such as mobile banking and ecommerce during the pandemic. The problem is that of minimum compliance standards being applied to these sectors, and the lack of detailed procedures and supervision at the grassroots level. On the digital side, there are risks such as elusiveness, anonymity and speed of transactions. A culture of compliance that internalizes compliance and builds in deep conformity vis-à-vis, a shallow tick in the box approach, will be useful for these sectors. Business teams should understand that the policies and procedures are made in such a way that the Standard Operating Procedure (SOP) and flow charts are clear and digestible to the business teams.
Noel: The newer sectors have recently transitioned to being regulated entities/ covered persons. These entities may initially find it challenging to comply due to the lack of familiarity with regulation. However, as they become more familiar, and with proper coordination with regulators, they are expected to be more proactive and move away from the tick in the box mentality. It is important for these sectors to build an effective culture of compliance right from the beginning. The board and the management should set the tone from the top and lay down the risk appetite. All business units can be accordingly engaged in addressing the risks and the gaps in compliance.
The inputs and feedback of the first line with regards to policies, procedures and systems should be taken into consideration through open communication and collaboration. They should be made familiar with the AML/CTF regulations through training, and continuous awareness campaigns and programmes. The importance of a written policy and procedure cannot be understated, so that there is one reference, and one resource for everyone. In case of violation, the system should have some form of accountability. Moreover, the role of the compliance team should not be limited to policing the organisation but to promoting the understanding of culture and in helping business units to understand the regulations and comply with them.
“The role of the compliance team should not be limited to policing the organisation, but it should be to promote an understanding of culture.”
Noel Christopher Casuncad, Chief Compliance Officer & Head of Legal from Starpay Corporation, Philippines
Mamun: The regulator in Bangladesh has tried to bring in some good practices to help instill a culture of compliance. We have an annual conference of AML officers to which we invite the CEOs of banks. Whenever there are sector-wise discussions of the task force, banks bring the respective heads of departments along with the compliance officer to the meeting with the regulators, so that the business side understands the importance of the issue. In turn the regulators can also understand the real challenges from grass roots people and can then work hand-in-hand to develop effective solutions to emerging problems.
Boren: The poll results reflect the situation in Cambodia very well. The obvious evidence is in terms of Cambodia’s removal from the Financial Action Task Force (FATF) gray list, which is a result of collective efforts in improving compliance and conformity to the law.
Shirish: Building a healthy compliance culture comes with a lot of challenges, but also has a lot of benefits. How does developing a compliance culture within an organization help manage risk while increasing business opportunity? What is the upside?
Boren: The institution should develop a compliance culture where everyone involved in business feels empowered to take positive steps to ensure compliance. If the institution can develop a good reputation, then good customers will follow, and it will not be difficult to expand the business.
Noel: Financial institutions are in the business of taking risks, so there is a need for awareness of the risks, especially the compliance risks. Being aware would provide the company with a guide or direction on how to get the right results and promote more business opportunities. Non-compliance will cost the business and expose the entity to liabilities, hindering the potential of the entity. Staying compliant can mitigate, if not eliminate the penalties, liabilities and exposure. If not for this liability, the resources can be better used to do other business.
Mamun: In Bangladesh there is a statutory guideline to have compliance officers in all branches. Even for the centralised units in trade or operations, there is dedicated staff assigned to these centralised units for monitoring, with a dotted reporting line to the compliance team.
“A formal or informal compliance officer in branches or locations will help detect issues well ahead of time and help mitigate them in advance.”
Md. Abdullah Al Mamun, Deputy Managing Director from Dutch-Bangla Bank, Bangladesh
Noel: As compliance is everyone’s responsibility, having a person who is the risk owner or process owner is the best practice. It can help with faster identification of risks and hopefully a faster mode of addressing the issues. If all of the compliance functions are assigned to central office or the compliance team, then there would be some challenges especially for big businesses to immediately address or report any issues.
Shirish: For business teams, compliance is usually not considered a priority since it is seen as a hindrance for target achievement, an additional responsibility, and an added cost. What are the best practices that you suggest in ensuring the right balance between compliance and business goals?
Noel: It is definitely challenging to balance business and compliance priorities and may lead to clashes. But if there is proper communication and tone from the top and directive from board and management, it would align business goals with regulatory and compliance expectations. Fintechs can have a team which is composed of representatives from compliance, business units, technical units and others. This team can be tasked with discussing and identifying possible risks, and providing documents for any prospective business that the company wants to engage in. In this way, all the risks can be identified before implementation of new products, services or technologies. If there are checks and balances in the form of internal controls, the right balance between compliance and business may not be so challenging.
Mamun: Business teams tend to push all issues to the compliance department. However, the compliance team should break down the policy in an easy flow chart and should not dictate every issue. They should encourage business to address problems at the grassroots level and ensure that the compliance policy is well cascaded. At the meeting of business heads there should be a healthy debate that results in policies and procedures that are implementable.
Boren: Compliance also needs to work how business works, which will help them to simplify processes and engage effectively with business to ensure an aligned goal or mindset.
Shirish: Is the reputation of being compliant important for an organisation from an employee retention or hiring talent point of view?
Boren: If we run business in a compliant way and have the reputation of doing legitimate business, good talent will join and stay with the organisation.
Noel: For one, no person wants to work for a company known for being non-compliant. If an organisation is compliant, it gives a sense of security and stability to employees and uplifts the morale of both existing and prospective employees. A compliant organisation boosts employee confidence that the company that they are working for will not be exposed to sanctions that could affect the business and operations of the company and directly or indirectly, their employment.
Mamun: Due to the rise of social media and information, whenever there is a problem, it impacts society, community, and family members of employees. No one wants to work in an institution penalized by regulator or where there is a big scam.
(2) Video recording
A copy of the video is also available at the ABA’s YouTube channel here.
The same video is also available at the Fintelekt’s YouTube channel HERE.