Against this background, boards and executive teams should ask themselves two broad sets of questions. The first concerns what steps are being taken to remain resilient and support customers through near-term economic pressures; and the second, whether their own strategic plans align with medium-term structural changes in their operating environment.

Indeed, a strong grasp of the ever-evolving regulatory environment must inform how financial services firms answer these questions.

Near-term economic pressures

Disruptive economic factors will command attention in the near term. The credit risk outlook is increasingly precarious, and lenders will need to be able to demonstrate to supervisors how they are managing the associated risks. Many insurers and investment funds will also face credit-related pressures in their portfolios and may need to boost their credit teams if the volumes of defaults and corporate restructurings begin to rise.

Where credit risks crystallize, they will feed through to regulatory capital positions. Firms will also need to be vigilant for sudden bouts of volatility within the capital markets.

Central banks and regulators will be working hard to understand market vulnerabilities, with continued stress-testing of individual firms, funds, and the wider system. Margining practices will be under scrutiny.

There is also a major conduct risk component to the current economic situation, with consumers feeling the cost-of-living squeeze. Conduct supervisory standards are substantially higher now than in previous downturns, and firms will rightly be expected to support their customers through a period of economic hardship.

This is a particular dilemma for lenders, who will need to make judgements about when and how to exercise forbearance. It will also be a challenge for insurers, who may see rising numbers of policyholders struggling to cover their premiums, creating the possibility of protection gaps that will draw supervisory attention.

Embedding climate & nature risks

Climate and nature risks will increasingly shape the financial services operating environment. Less advanced firms may find themselves given progressively less leeway for shortcomings in the year ahead.

Efforts are underway in numerous arenas to improve the structure and content of transition plans, and firms will need to shift gears to keep up with new rules, guidelines, and greater supervisory scrutiny.

Firms will also need to keep an eye on the still-evolving nature-related risk disclosure framework being developed by the Taskforce on Nature-Related Financial Disclosures, a financial services industry advisory group whose members represent more than $20 trillion in assets. The Taskforce’s risk disclosure framework is due to be finalized in Fall 2023.

Technology transforming the sector

Technology enables firms to provide new and better products and services, develop deeper insights, and do so ever-more efficiently. However, as supply chains and delivery services models become more complex, both the regulatory regime and firms’ risk management and control frameworks have struggled to maintain pace with technological innovation.

Nowhere is this clearer than in relation to digital (and particularly crypto) assets. Regulated firms have increasingly been engaging with an evolving ecosystem of digital asset technology providers and developing client offerings. The European Union’s Markets in Crypto-Assets framework will enter into force this year, but a further regulatory response may be needed to tackle issues such as leveraged trading and crypto-lending as regulatory uncertainty and gaps will persist.

In the United Kingdom, meanwhile, the Financial Services and Markets Bill, once passed, will give authorities the power to oversee digital assets markets. The secondary legislation that will clarify which activities and market participants they will regulate, however, is yet to emerge.

The transition period for the U.K.’s operational resilience framework will soon enter its second year, and U.K.-based firms need to demonstrate measurable progress with regards to important business services. The 24-month implementation period for the E.U.’s Digital Operational Resilience Act begins this month, and firms within the E.U. will need to begin their work post-haste to be on track for the early 2025 deadline.

The resilience of the delivery of financial services in which third-party suppliers are involved is a major issue. In some cases, firms will need to develop contingency exit strategies and business continuity plans for third-party exposures, including substitute service delivery methods.

Long-standing concerns about model risk management also now have a distinctly technological flavor, with supervisors scrutinizing how firms are deploying artificial intelligence and machine learning. When finalized later this year, the U.K. Prudential Regulation Authority’s (PRA) proposed principles on model risk management will require a large amount of work to catalogue, categorize, and risk-assess models that for some firms could number in the thousands given the PRA’s expansive definition of model.

A general principle will be relevant for firms across all sectors and regions: people, and not models, should be responsible for decision-making. Boards and executive teams should be able to demonstrate that they understand the functioning of their models, including those based on new technologies such as machine learning.

Rising geopolitical tensions

Finally, rising geopolitical tensions will continue to be another feature of the changing risk environment in which financial services firms are operating. International markets are increasingly fragmenting, as nations and business leaders look at how to build supply chain resilience and security through greater localization of production and supply.

Given the volume of alerts generated by transaction monitoring systems, the inherent limitations of legacy systems and data, and strengthened baseline expectations, it is no wonder that some firms feel they are having to run ever-faster just to keep up. The status quo does not appear sustainable, and operating model reform will need to be part of the response, including considering changes to internal structures, resourcing models, and technology strategies.

Resilience and strength

Financial service firms face many headwinds as the new year begins but will do so from a position of resilience and strength, having successfully navigated the vicissitudes of the last three years. The major challenge will be to navigate the choppy near-term waters without losing sight of the medium-term processes of structural change playing out in relation to geopolitics, technology, and sustainability.

Regulation continues to be a major force that will shape the operating environment for financial services, and an integrated view of the regulatory landscape — as well as an ability to connect such a view with business strategy decisions — remain imperative for firms looking to stay at the forefront of the industry.

This blog post was taken in part from a recent report written by David Strachan & Suchitra Nair of Deloitte. You can sign up to receive Deloitte’s Financial Markets Regulatory Outlook report, due to be published later in January, here.

You can download TRRI’s 7^th report on Fintech, RegTech, and the role of compliance in 2023 here

On the other hand, there are signs of a slowdown in the growth of the fintech sector. In the first half of 2022, for example, the total capital invested in fintech worldwide reached $59 billion, which was flat year-over-year, according to Innovate/Finance’s 2022 Summer Investment Report. What’s more, there were 3,045 deals completed in the fintech sector, fewer than the 3,401 deals in the first half of 2021.

The slowdown is echoed in the findings from this year’s TRRI survey. There was a fall in the number people feeling extremely positive about fintech and regtech. For fintech overall, this year’s survey reported that 15% of respondents were extremely positive compared with 31% last year. For regtech, 15% of respondents felt extremely positive compared with 26% in 2021. What’s more, less than one-in-ten (8%) of respondents from G-SIBs felt extremely positive about fintech.

It may be unsurprising that respondents felt less positive about innovation and digital disruption given the challenges that firms must address across the board. This year, respondents said that the availability of skills (20% fintech, 16% regtech) and regulatory approach (14% fintech, 18% regtech) were the most significant challenges anticipated in the next 12 months. For G-SIBs, concentration risk and third-party providers ranked highest among challenges for fintech (15%), whereas cultural approach (15%) was the biggest challenge facing G-SIB regtech users. Data governance and cyber resilience also feature highly in the list, with other areas including financial crime and operational resilience also prominent.

Regulators are also adopting technological solutions to help with their supervisory roles and the management of large volumes of data. That means, firms need more interaction with regulators on fintech and regtech. More than two-fifths (43%) of G-SIBs reported having spoken to their regulator about fintech and regtech. This contrasts with responses from other financial services firms, nearly 60% of which reported that their regulator had not spoken to them about the use of technological solutions.

Despite this current slowdown and waning of enthusiasm, the future of the fintech market remains optimistic, the report observes, recommending that financial services firms should continue to invest in technology, IT infrastructure, and associated skillsets. To maximize the potential of technological innovation, firms must continually reassess their technological needs and then invest in solutions tailored to the activities of their business.

The Fintech, Regtech, and the role of compliance survey has, in its lifetime, attracted more than 3,000 respondents. Participants from all sectors of financial services — from globally significant banks to technology start-ups — took part in this seventh survey. The survey results are intended to help financial services firms with planning, resourcing, and direction, allowing them to benchmark whether their approach, skills, strategy, and expectations are in line with those of the wider industry. The report specifically focuses on areas that directly affect the compliance function.

The report also assesses the extent to which firms are turning the technological challenges they are now facing into opportunities, embracing new ways of working and navigating the evolving regulatory approach.

That’s why it’s crucial to separate fact from fiction.

In the latest Thomson Reuters Institute Insights podcast, available on the Thomson Reuters Institute channel, we speak with Gabriel Hidalgo of FTI Consulting and Teresa Anaya of Archblock about digital assets, how they act within their own ecosystem, and how that compares to and interacts with the traditional economy.

As the podcast explains, it can be a little overwhelming to try to understand native currency, tokens, stablecoins, decentralized finance (DeFi) and a US Central Bank Digital Currency (CBDC), especially if what you’re hearing sounds like a sales pitch or a scam. During this podcast, we break them down and explain how many of these concepts work and the truth behind the names, in an unbiased look at the digital asset and cryptocurrency industry.

From digital coins collapsing and investors losing money to a myriad of regulatory questions, the world is buzzing around the topic of digital assets, how they work, and most importantly, whether they can be trusted as a part of the global economy.

In the last month, the crypto exchange FTX has fallen from grace at top speed in a very public way. We have also seen celebrities, like Kim Kardashian, fined for endorsing a digital token, Ethereum Max, improperly; and Binance, another crypto exchange, ran afoul of regulators in the US and the United Kingdom.

Yet, cryptocurrencies and tokens are just two individual types of digital assets; and from native currencies to stablecoins, there is a full ecosystem that should be understood as the world moves toward including digital currency, and its infrastructure, into the larger economy. This isn’t to say that you should convert all your money into digital assets tomorrow, but it would be smart to be well-versed in this area as it evolves.

In speaking to Hidalgo and Anaya — two experts both with years of experience in the digital assets space — we get walked through their insights on the basics of digital assets and its related infrastructure. This walk is not intended as financial advice, of course, but the clarity will be important.

Indeed, as the podcast makes clear, there is no crystal ball that can tell you what to invest in or when; and there is no full certainty on what direction governments will go in legitimizing the new digital asset ecosystem. What we can be provided, however, is a crucial roadmap to understanding what is true and what may be “too good to be true” in the world of digital assets.

Episode transcript. 

You can access the latest Thomson Reuters Institute Insights podcast, featuring a discussion about the digital asset ecosystem, here.

Even before the collapse of FTX, complaints from consumers who were hit by other types of digital currency losses have been rising at an alarming rate, the CFPB reported. The CFPB report said the crypto market has become a magnet for fraudsters who see little chance that their schemes will be detected due to the absence of investor protection and the opaque nature of the market.

Crypto firms hiding behind “terms & conditions”

The fledgling crypto industry’s $2 trillion market, made up of complex and illiquid digital assets, lacks controls and account management operations to handle customers’ problems, the CFPB report suggested. The firms often “hide behind terms and conditions” to delay transactions when customers try to claim their crypto assets.

The report found that despite marketing claims that they offered “immediate access” to funds, some crypto firms have often delayed or denied redemptions based on “identity verification issues, security holds, or technical issues.” Many customers also reported the transactions were settled at prices far below quoted levels when unexpected or unexplained fees were tacked on. Some firms cited “market spreads” that led to payouts far below quoted prices. Further, the transaction concerns were most often handled in some form, the CFPB report said, even if they were settled on disadvantageous terms for consumers.

The largest complaint category, representing about 40% of complaints, involved fraud-related matters, and sometimes included use of social media by digital currency participants in a potent mix of deception and opaque fund movement. The CFPB reported that in many instances of fraud reports from customers, the transaction provider declined to accept responsibility or to help in recovering funds, arguing that since they act as intermediaries they are not contractually required to act. In some cases, they required customers to submit to “mandatory arbitration” and clauses that prohibited them from joining class actions.

US regulators have said that since the crypto firms operate from offshore domiciles, they have only limited powers to intercede when fraud surfaces. The CFPB itself said its “complaint bulletin” was meant as a risk warning, but the agency went no further in committing its own enforcement division to pursuing wrongdoing.

Enforcing crypto fraud “time-consuming” 

The CFPB, with its own packed rulemaking and enforcement agenda, suggested that pursuing bad actors would be a drain on agency resources since the anonymity of crypto “makes tracing crypto-assets stolen by fraudsters more time consuming for regulators and law enforcement.” The agency said it would continue to log complaints and follow up with efforts to recover funds from crypto firms it could reach; however, in most cases, it said it would refer complaints to the Federal Trade Commission or other law enforcement authorities.

In its bulletin, the CFPB said the fraud complaints ranged from sophisticated “nation-state” level operations to the types of social engineering scams or cyber breaches seen in ransomware attacks by bad actors seeking payments in hard-to-trace cryptocurrencies. Among the leading scam methods the CFPB noted were: i) playing on a victim’s emotions to extract money or posing as customer service representatives to gain access to customer accounts; ii) using social media posts or targeting different communities in affinity attacks aimed at younger populations, Black and Latino communities, older consumers, and service members; and iii) impersonating crypto-asset developers, founders of major websites such as YouTube, or the official accounts of governments to solicit crypto-asset donations to help the people of Ukraine.

The CFPB also described various tactics that crypto firms used to evade or delay regulations or returning assets to customers, including: i) patterning transactions by using many small transactions to evade money laundering and fraud controls; ii) freezing consumer assets immediately prior to entering bankruptcy or using decentralized finance (DeFi) as part of the crypto-asset ecosystem; and iii) using hacked SIM cards and mobile phone numbers to activate and take control of users’ credentials, or linking transactions and a crypto address with a consumer’s identity on their other transactions.

While the CFPB’s bulletin was intended as a warning to consumers, it cited one area in which it might take direct action — the use of deceptive claims of government savings account insurance, which is guaranteed by the Federal Deposit Insurance Corporation (FDIC). In a May announcement, the CFPB said it could bring action under the Consumer Financial Protection Act, which prohibits any fraud involving deceptive claims around FDIC insurance.

“Our analysis of consumer complaints suggests that bad actors are leveraging crypto-assets to perpetrate fraud on the public,” said the CFPB’s Chopra. “Americans are also reporting transaction problems, frozen accounts, and lost savings when it comes to crypto assets. We will continue our work to keep the payments system safe from fraudsters targeting Americans.”

Indeed, there is even a new generation of consumer that reacts economically to the reputation of an institution, and it is increasingly common for institutions to endanger that reputation by running afoul with certain customers that they chose to accept. It’s these failures in financial institutions’ vetting process and its know your customer (KYC) compliance programs that can greatly cause harm to their reputations and integrity.

Global regulators are focusing on KYC rules as a way to ensure financial institutions across the world are not offering their banking services to illicit actors or being willfully ignorant of the risks that they are taking.

In a new white paper, Financial Institutions & Know Your Customer Rules: From Security to Solutions, published by the Thomson Reuters Institute and Thomson Reuters Regulatory Intelligence, we look at how KYC rules are playing a bigger role in the compliance and security of financial institutions. The paper also examines the challenges that financial institutions are facing in getting in compliance with changing KYC rules both in the United States, the United Kingdom, and around the world. Finally, we’ll see how some institutions and financial third parties are looking for solutions, either by creating new tech products or by outsourcing, to make their KYC challenges more efficient and cost effective.

The paper also shows that global regulators are focusing on KYC rules as a way to ensure financial institutions across the world are not offering their banking services to illicit actors or being willfully ignorant of the risks that they are taking. Regulators see these rules as being able to level the playing field and decreases gaps in screening for potential bad actors.

In addition, customers and other businesses are looking to make sure they are only associated with those financial institutions that do not have connections with bad actors. As global financial crime only increases worldwide — with a big boost in such illegal activity seen during the years of the global pandemic — more and more scrutiny will be placed on how financial institutions determine the real identity, suitability, and financial sophistication of their banking customers.

As the paper argues that KYC is here to stay, and its compliance and government oversight likely will only become more stringent. Financial institutions who fail to understand the importance of proper KYC compliance programs and their impact on institutions’ reputation and security are in for a mess of consent orders, bad publicity, and costly fines, among other negative impacts.

To download a copy of the new white paper, “Financial Institutions & Know Your Customer Rules: From Security to Solutions”, please fill out the form below:

A key concern is that banks may ultimately have responsibility for validating the accuracy of registry data and be required to file suspicious activity reports (SARs) when information is suspect. Another is that a massive volume of registry data could force institutions to hire additional investigators to probe automated alerts from sanctions screening systems.

Late last month, Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a final rule — pursuant to the Corporate Transparency Act (CTA), part of the Anti-Money Laundering Act of 2020 — laying out which legal entities will be required to report their beneficial ownership data, beginning on Jan. 1, 2024. Companies required to report will include, with some exemptions, limited liability partnerships, business trusts, and most limited partnerships, in addition to corporations and limited liability companies.

Congress enacted the CTA to combat the longstanding abuse of shell companies by criminals.

FinCEN also vowed to issue two additional rules — one detailing access to the database and another amending the Treasury bureau’s customer due diligence (CDD) rule that requires financial institutions to collect beneficial ownership data from customers. It will likely be years before the rules come into effect, experts say.

“The elephant in the room… is ‘What are the next milestones that we’re looking for with regard to beneficial ownership changes that may be forthcoming from FinCEN?'” Kieran Beer, director of editorial content with the Association of Certified Anti-Money Laundering Specialists (ACAMS), told an ACAMS conference earlier this month.

Unanswered questions loom

Financial institutions will need time to adjust their compliance programs once FinCEN issues the remaining rules and clarifies how the database will affect existing CDD requirements, Heather Allen, deputy director of financial crime with Truist Financial Corp, told the conference.

“I think all of us are very much invested in the need to have the registry, but there are a lot of questions that remain unanswered,” Allen said. For example, the question of who will “own” responsibility for verifying the beneficial ownership information that legal entities report to FinCEN remains unanswered, she added. “If we have information that comes out of that system that is inconsistent with the bank data that we have, what is our responsibility as bankers?”

The CTA directed that financial institutions have the ability to access database information about customers who grant them permission, which raises questions regarding what the banks will be expected to do with the mountain of new data.

Sanctions against Russia raise stakes

As FinCEN is drafting rules to establish the database, which is expected to house information on tens of millions of companies and other entities, the U.S. and its allies scramble to combat the evasion of sanctions imposed on Russia over its February invasion of Ukraine.

“We’re sitting in the midst of the greatest use-case of greater beneficial ownership in Russia-Ukraine sanctions, so the timing is incredibly good, or it’s incredibly bad, depending on which side of the table you sit on,” James Candelmo, chief Bank Secrecy Act and AML sanctions officer with PNC, said at the ACAMS conference.

The 2020 AML legislation originally “landed in our board rooms” as “potentially some relief” from AML and sanctions compliance burdens, but in the wake of Russia’s invasion and the resulting global push to unveil assets controlled by sanctioned parties, “I don’t believe that will be the case,” Candelmo said.

Database could lead to more SARs duties

Referencing remarks from FinCEN Acting Director Himamauli Das earlier in the ACAMS conference, Sarah Runge, a former Treasury official who now is director of regulatory programs, policy, and governance with Facebook Payments, said she is concerned that financial institutions could end up being responsible for validating information in the beneficial ownership database.

When asked whether financial institutions will be expected to compare information in the database with the data they collect from customers under FinCEN’s customer due diligence rule, Das “pivoted to talk about how financial institutions will continue to have [SARs] filing requirements,” Runge said. “From my perspective, that’s when every part of every hair on my body sort of went up, because he didn’t answer (the) question, but he pivoted to expectations to identify suspicious activity. And I read it to mean that if there is a discrepancy, that that might rise to be suspicious where we would be expected to file a SAR and effectively be verifying and validating the database, which from my perspective is the worst-case scenario.”

Requiring financial institutions to report discrepancies would be consistent with requirements imposed by European countries with registries, explained Markus Schulz, global head of change management for financial crimes compliance at ING. “If we pull information from the registry, then we find in our own due diligence or in the course of dealing with a customer that there is a different director or change in ownership… financial institutions are obliged to report back to the central registry that there is a discrepancy,” Schulz said. “The central registry will then confront the company and hold the company accountable to make it correct, so… we’re not completely responsible for the integrity [of the registry], but if we have that intelligence it’s our obligation to inform the authorities.”

Notably, the final rule does not address the issue who will have access to the beneficial ownership data, a vital point of interest for financial institutions that already are required to collect beneficial ownership information from customers as part of their customer due diligence (CDD) obligations and could use the reported data to verify it.

The rule, issued by Treasury’s Financial Crimes Enforcement Network (FinCEN), “will make it harder for criminals, organized crime rings, and other illicit actors to hide their identities and launder their money through the financial system,” Treasury Secretary Janet Yellen said in a written statement.

During recent congressional hearings, a senior Treasury official repeatedly described the push to create a beneficial ownership database as one of Treasury’s top regulatory priorities. “For too long, it has been far too easy for criminals, Russian oligarchs, and other bad actors to fund their illicit activity by hiding and moving money through anonymous shell companies and other corporate structures right here in the United States,” said Acting FinCEN Director Himamauli Das in the FinCEN announcement.

FinCEN’s 330-page rule, issued pursuant to the Corporate Transparency Act (CTA) and part of the Anti-Money Laundering Act of 2020, will not come into force until January 1, 2024. Some experts have expressed skepticism that FinCEN will have its planned database — the so-called Beneficial Ownership Secure System (BOSS) — up and running in time to begin receiving, processing, and appropriately disseminating the massive volume of data it will receive on millions of entities.

“FinCEN continues to develop the infrastructure to administer these requirements in accordance with the strict security and confidentiality requirements of the CTA, including the information technology system that will be used to store beneficial ownership information,” the Treasury bureau said in its summation of the rule.

Entities affected by the rule

FinCEN noted that companies required to report beneficial ownership information under the final rule will include (subject to the applicability of specific exemptions) limited liability partnerships, business trusts, and most limited partnerships, in addition to corporations and limited liability companies (LLCs), “because such entities are generally created by a filing with a secretary of state or similar office.”

FinCEN also noted that other types of legal entities, including certain trusts, “are excluded from the definitions to the extent that they are not created by the filing of a document with a secretary of state or similar office. FinCEN recognizes that in many states the creation of most trusts typically does not involve the filing of such a formation document.”

Under the final rule, a beneficial owner includes anyone who, directly or indirectly, either exercises substantial control over a reporting company, or owns or controls at least 25% of the ownership interests of a reporting company. The rule further outlines a range of activities that could constitute substantial control of a reporting company.

Access to reported information

The rule is one of three that FinCEN plans to issue pursuant to the CTA. A second rule — which has not yet even sought public comment — will establish who can access the beneficial ownership information that FinCEN collects in its database, for what purpose it can be used, and what safeguards will be in place.

After the reporting and access rules have been addressed, the CTA requires FinCEN to issue a third rule which will amend its customer due diligence (CDD) rule — under which financial institutions are required to collect beneficial ownership information — to take the new rules into account.

The bottom line is that it will be quite some time before financial institutions and their compliance and anti-money laundering professionals know how FinCEN’s rulemaking activity pursuant to the CTA will affect their CDD requirements. Before then, there will be multiple opportunities for institutions and trade associations to comment as FinCEN develops the two remaining rules.

While a growing body of regulatory guidance for ESG reporting has been emerging in China, developments have been fragmented and some of the guidelines remain voluntary, leading to skepticism over uniform adoption. At the same time, ESG-related enforcement remains a priority for regulators.

Recent developments

Voluntary disclosure guidelines published in June by the China Enterprise Reform and Development Society (CERDS), a think-tank overseen by the state-owned Assets Supervision & Administration Commission, aim to establish uniform disclosure practices that are uniquely tailored to China-focused ESG priorities.

Developed in the context of laws and regulatory interpretation of policies established by the Peoples Republic of China, the guidance for enterprise ESG disclosure is meant to establish disclosure principles with a heavier emphasis on domestic ESG priorities such as the long-term initiative for “common prosperity”.

Chinese regulators have promoted the guidance as a working solution to standardized corporate ESG disclosure reporting in China that is more relevant to investors in the domestic market than standards based off practices in the United States of the European Union. Of note, the guidance considers compliance with Chinese ESG regulations, along with data security and cybersecurity laws, as an integral part of governance-related disclosure. The inclusion of disclosure obligations related to regulatory compliance is a departure from international practice.

The recent guidance is comprised of three tiers of indicators with corresponding metrics to each tier. Most of the indicators align with ESG issues highlighted in international disclosure standards such as climate change and labor rights. Similar to disclosure requirements implemented in other jurisdictions, the guidance sets out standards for the disclosure of quantitative data related to environmental sustainability such as greenhouse gas emissions and wastewater pollutants.

Presently, compliance with the guidance is voluntary and it is uncertain how widely it will be adopted by Chinese businesses; however, the recent guidance adds to growing mandatory ESG requirements that are applicable to organizations operating in China.

Chinese regulators have promoted the guidance as a solution to standardized corporate ESG disclosure reporting that is more relevant to Chinese investors than standards based off practices in the West.

Since 2018, listed companies in China have been encouraged to disclose ESG information under the Listed Company Governance Code. China’s central bank, the People’s Bank of China, issued a pilot guideline to financial institutions in 2020 on environmental information disclosure.

In February, new measures were implemented to impose annual ESG reporting requirements on businesses that were considered to be major emitters of pollutants and publicly traded companies that had been penalized for environmental violations within the past 12 months.

In practice, a growing number of companies are issuing ESG reports, and the trend is expected to continue. A recent report published by the World Economic Forum and PwC China found that as of mid-2020, there were 1,021 companies listed on the Shanghai and Shenzhen stock exchanges that voluntarily had published annual ESG reports, compared with 371 companies in 2009.

Enforcement trends

ESG-related enforcement activity has remained a priority for regulators in China as well, especially in cases in which misconduct could pose a risk to social stability. Central-level authorities, including the Supreme People’s Court and the National Development & Reform Commission, issued mandatory guidance on working conditions and overtime following a spate of investigations and fines against e-commerce and technology companies for labor violations that elicited public outrage on social media.

The national goal to transition to a lower-emissions economy in China has further compelled regulators to step up their enforcement actions against environmental violations. A previous revision of environmental protection laws in 2015 granted authorities more leeway to crackdown on violations, resulting in year-on-year increases in total fines issued.

While there has been some speculation that the Chinese government may ease up on environmental enforcement to facilitate economic recovery, environmental compliance risk remains. Earlier this year, the Ministry of Ecology & Environment issued plans to establish environmental law enforcement teams to strengthen inspection. The formation of the teams is part of a broader five-year plan to improve efficiency of enforcement activities by 2025.

Compliance considerations

ESG reporting by Chinese companies is in its early stages, and regulatory requirements are fragmented across industries and government agencies. Recently issued voluntary guidance on ESG disclosure standards from CERDS could form the basis for a China-focused reporting regime.

And while these disclosure standards share some similarities with ESG reporting regulations in other jurisdictions, the guidance from CERDs places heavy emphasis on compliance with Chinese law, and as such, reporting requirements are likely to vary substantially from US or EU frameworks.

Some UK banks, are failing to collect customer information such as income and occupation details. In some cases, customer risk assessment frameworks are underdeveloped or non-existent, which translates into poor initial due diligence and weak enhanced due diligence for high-risk customers and politically exposed persons, UK regulators said.

Inadequate customer due diligence will make transaction monitoring systems less effective, the UK Financial Conduct Authority (FCA) noted in April.

“One of the problems is not being aware, habitually, of the actual risk they are managing,” says Gabriel Cozma, head of Lysis Financial and Fintech at the Lysis Group in the UK, adding that too often banks ignore the risk. “And once you don’t understand the risk, you cannot apply controls. How would you create scenarios and rules when you don’t really understand the risks you have to manage?”

Deficiencies highlighted

Business-wide risk assessments that the FCA reviewed were “generally poor”, with insufficient detail on the financial crime risks to which the business was exposed. The FCA observed a lack of consistency in customer risk assessment.

“We also see instances where there are significant discrepancies in how the rationale for specific risk-ratings are arrived at and recorded by firms. There is often a lack of documentation recording the key risks and the methodology in place to assess the aggregate inherent risk profile of individual customers,” the FCA said in 2021.

The FCA has had a particular focus on failures observed at UK retail banks and challenger banks. UK enforcement action against NatWest and HSBC, together with Credit Suisse’s 2022 guilty verdict in a Swiss court for laundering Bulgarian drug dealers’ cash, and Deutsche Bank’s continuing AML/KYC failures, are just a handful of examples which demonstrate that global systemically important banks are experiencing similar challenges in the battle against dirty money.

Spending billions

Big banks have reported that they spend billions on financial crime prevention and employ thousands of experts to run transaction-monitoring programs. NatWest Group, for example, has said it is investing about £1 billion on financial crime controls over the next five years and has more than 5,000 staff working in specialist financial crime roles.

NatWest has paid out £279 million in three UK fines for financial crime control failures since 2010. The bank’s latest set of interim results from August 2022, however, stated that Royal Bank of Scotland International was referred to the Isle of Man’s Financial Services Authority’s enforcement division after an inspection of AML/CFT controls and procedures relating to specific customers.

Indeed, banks’ continued reliance on spreadsheets and other manual processes means their approach to financial crime compliance and detection lacks coherence and consistency. “We often identify instances where CDD [customer due diligence] measures are not adequately performed or recorded. This includes seeking information on the purpose and intended nature of a customer relationship (where appropriate) and assessments of that information,” the FCA said in 2021.

Firms are unable to track clients effectively in a spreadsheet for AML and KYC purposes, and spreadsheets are not conducive to tracking changes in client behavior or bringing any consistency to continuing due diligence. Yet few banks have invested in workflow technology that could bring more consistency and assurance to client on-boarding, continuing due diligence and client management, particularly when it comes to high-risk clients.

Managing financial crime policies through spreadsheets and static documents such as PDFs posted on an intranet portal means policies and guidance are difficult to access or may not be current, which makes taking a consistent approach to financial crime risk assessment and client onboarding difficult.

“Of course, firms use some technology in places, but some of the challenges and what we’re seeing now is the risk of workflow type solutions that provide some level of consistency across the board,” says Henry Balani, head of industry and regulatory affairs at regtech firm Encompass Corporation in London.

Manual processes

When regulators mention manual processes, most of the time that means firms are using a spreadsheet to manage financial crime risk across a range of activities, such as onboarding or transaction monitoring. For example, the FCA’s 2017 final notice fining Deutsche Bank £163 million for the mirror trading-related control failures notes that the bank lacked automated AML systems for detecting suspicious trades.

“When it was informed by Deutsche Bank’s operations team that ‘providing a spreadsheet will not be possible as this is done manually by a team member and capturing so many records will be painful’, the AML team did not persist with its enquiries,” the FCA wrote in its 2017 enforcement notice.

Deutsche Bank says it has since “beefed up” resources to combat money laundering, spending 2 billion euros between 2019 and 2020 and employing 1,600 members of staff worldwide “to fight financial crime”. In April 2021, however, the German financial markets regulator BaFin ordered Deutsche Bank to further improve its AML safeguards and comply with due diligence obligations. And in May 2022, prosecutors, federal police, and other officials searched the bank’s Frankfurt headquarters to investigate suspicions of money laundering it had reported to the authorities.

Manual processes also come up in relation to sanctions screening, which the FCA has been assessing following the introduction of sanctions on Russian individuals and companies. The FCA has found “varying levels of adequacy”, and much of that hinges on whether firms are using manual or automated screening systems. “Issues we have identified tend to be around the effectiveness of firms’ customers’ sanction-screening processes,” explains Nikhil Rathi, the FCA’s chief executive, in a letter to the Treasury Select Committee on July 4.

The FCA had written to firms that use manual sanctions-screening tools to remind them to have “well-established and well-maintained systems and controls to counter the risk of their business being used to further financial crime, including evading sanctions,” Rathi said.

A close examination of the cases, however, has revealed some unexpected connections between the protagonists involved in the various fraudulent investment schemes, which ranged across many jurisdictions and modi operandi — from classic boiler room securities fraud to investment property and litigation funding investment fraud.

Faithfull was found guilty, as part of a transnational crime group, of having laundered the proceeds of at least seven professionally run overseas investment frauds. He had been charged and prosecuted by the FCA and was sentenced to five years and 10 months imprisonment.

The FCA said Faithfull had been able to use knowledge gained when working in the regulated sector as an investment adviser to help the fraudsters continue to defraud victims by paying fictional “dividends” from bank accounts controlled by him to make it look as though the underlying investments were generating returns. It also said that to avoid detection he had relocated to Ukraine, where he had lived a life of luxury while he continued his criminal activities, enlisting the assistance of local criminal groups abroad.

A close examination of the cases, however, has revealed some unexpected connections between the protagonists involved in the various fraudulent investment schemes.

The FCA’s power to prosecute criminal offenses is not limited to the offenses contained within prosecutorial powers outlined in subsections 401(1) and 402 of the Financial Services and Markets Act 2000 (FSMA). This was confirmed by the UK Supreme Court in R v Rollins [2010] UKSC 39. The Court found that the prescribed offenses set out in FSMA were not intended to be exhaustive.

It found that, subject to any statutory restrictions, the Financial Services Authority, the FCA’s predecessor regulator, was able to bring any prosecution that was permitted by virtue of its memorandum and articles of association. This included the subsections 327 and 328 money laundering offenses under the Proceeds of Crime Act 2002.

Prosecuting fraud and the FCA

The FCA’s prosecutorial powers were addressed by Mark Steward, director of enforcement at the FCA, in his evidence to the UK Treasury Committee inquiry on economic crime. He acknowledged that the FCA did not have explicit powers to prosecute cases based on Fraud Act 2006 offenses, but, citing Rollins, he said that those provisions were non-exhaustive, as recognized in EG 12.1.1 of the FCA Enforcement Guide.

During its investigations, Steward said, the FCA sometimes did find evidence which justified a prosecution, not only for the offenses listed in FSMA but also for those under, for example, the Fraud Act 2006. Charges of such offenses would, however, be prosecuted by the FCA as a private prosecutor, and not as an authorized prosecutorial authority.

Long-running overseas investment fraud was the subject of a recent SFO press release announcing the successful conviction of David Ames, the individual behind a £226 million fraud involving celebrity-endorsed luxury resorts in the Caribbean, on two counts of fraud by abuse of position.

Ames had deceived more than 8,000 UK investors in the Harlequin Group, a hotel and resorts development venture, the release stated. The business model relied on investors paying a 30% deposit to purchase an unbuilt villa or hotel room, half of which went toward fees for Harlequin and relevant salespeople, while Harlequin put the remaining half toward construction.

Investors were fraudulently told that the building of the properties would be further funded by external financial backing. The SFO said that, with no additional source of funding, three properties needed to be purchased to finance just one of the luxury accommodation units, which had led to a shortfall of more than £1.2 billion by 2012.

The SFO said, further, that by the time it went into administration in 2013, Harlequin had sold around 9,000 property units to investors, with less than 200 ever actually being constructed. Throughout the entire eight-year project, only 28 of more than 8,000 investors had ever completed on a purchase, leaving at least 99% with no return on their investment.

The Harlequin Group had ultimately lost a total of £398 million of investor funds. Several thousand victims had lost pensions and life savings, while Ames had enriched himself and his family by £6.2 million.

Harlequin Property also features in the judgment in the Upper Tribunal case of Alistair Burns v The FCA, which concerned the activities of the TailorMade Group of companies, which included TailorMade Alternative Investments Ltd., which was an unregulated company that promoted alternative unregulated investments, including in Harlequin properties.