The 2022 Expert-In-The-Loop Forum by Compliance.ai is now available on-demand! Watch sessions here

WEBINAR 1

EU/UK has been setting the tone for much of the regulatory framework in ESG and many other hot topics. We dive into these with our expert advisors from across the pond. Join us as we get a closer look at compliance around sanctions, markets and trades, and compliance and reporting obligations from the UK and EU. In this webinar we’ll discuss:
– UK Divergence from European Regulations
– Consumer Duty and Operational Resilience Regs
– Basel 3.1, ESG Coming of Age, Crypto, and Much More
– The Impact of the Russian Sanction Regimes on Financial Institutions and Their Control Capabilities
– 3rd EU Supranational Risk Assessment
– What to Expect in 2023

Sheila Khosrozadeh

Hello, everybody, we will get started in just a few minutes

all right, thank you everyone for joining us. I know a few people are still chiming in, we are going to get started, because we have lots to go over today. Our webinar today with compliance.ai will be covering UK and EU regulatory trends, what’s going on, and a 2023 outlook. It gives me a pleasure to introduce Asif Alam, our CEO at compliance.ai. Asif, Take it away.

Asif Alam

Thank you very much, Sheila, Happy New Year, everyone. I’m so glad to be here talking to all of you about EU and UK, Europe in general. So I’m also farlam CEO of compliance.ai,, I started working at compliance.aI earlier or late a lot of last year, and my background is in FinTech RegTech and legal tech, working at companies like Thomson Reuters finastra, and some of the startups for more than 20 years. And at this time, I have the pleasure of introducing some of the great experts that we have in this area. First, James Phillips, you know, he brings so much knowledge in this area. And as we started to think about what we need to do in 2023, of how to really set ourselves up, James is the right guy in and what James will be doing is he will be providing the view of what is happening in 2023. From Europe UK perspective, we also have Daniel Buckingham Head of Financial Crime controls. As we know that we are in a year of, or an era of war, and everything, and a lot of things are happening. And the financial crimes continue to grow. In this whole area, Daniel will be talking a bit around that area. And last but not the least, Karol. Again, this is a fantastic, phenomenal topic. And I’m really looking forward to hear from Karol as we finish off our webinar on on all these email investigations, all the things that Karol brings in here, Karol is the Global Head of transaction monitoring operations. And I welcome all of you to the webinar. So if I want to really get into it, and in the interest of time, we have lots of materials to cover. EU and UK has been really setting the tone for the wreck framework, the velocity and the complexity that is going out. You can see in here that there is it’s just going to the next degree. And I think without taking any further time, I would want to pass on the mic to James to first give us a view of what it would be in 2023. So James, over to you, I’m really looking forward to your, you know, your expertise in this

James Philips

I will do what I can, guys, this is a big and wide panoply of things changing. To start that off, I think we need to look at what’s happened in 2022. And all I’m looking to do on this slide. And I think the materials will be available for you after. So you can always look at all of this in a bit more detail. But just a quick canter through this before I look at the future, obviously, cost of living crisis. Everyone knows that. So the impact of that coming through when regulators start to look at that it’s taken a bit of time before they did start to look at the impact. But we can speak about about that a bit a little bit later. In the UK, we have the future regulatory framework. This is really about going away from Europe, of course as the whole question of sanctions, as I see, as mentioned earlier, having an impact as well. There’s a lot of digitization going on around regulators, reviewing how they might transform data collection. That’s actually the mnemonic for one of the major initiatives occurring amongst UK regulators right now. The question of energy movement, energy price movements and again the cost of living crisis on to this the regulated disruption as well in the UK, industrial action Believe it or not that regulators, the question of crypto became to look dodgy, let alone before FTX. Later in the year, you have many, many things. So I’m just sort of drawing all these out there, then you started to get a few more things like consumer duty in the UK. I’ll refer to that a bit later as well. Heat waves in August yet people talking about fuel prices, interesting. leadership contest, the amount of politics that was getting in the way of regulatory emergence as well, certainly, again, in the UK was quite interesting, muddled up with the formation of a UK regime out of Brexit, out of the European regime. And I’ll try and illustrate a little bit about what I mean by that, in the few minutes that I have what I called the mini budget, I’m afraid that is my term, as opposed to the mini budget that was referenced in the UK, political landscape in around September, didn’t work out too well, and phraseology around Singapore on terms that failed budget, the crisis arisen arising from that hit on pension schemes, a lot of pushback on the degree to which politics control regulation that’s called the pool in power, pensions coming into scope or the FTX issue. And then there not being a promised regulatory grid every six months, which is something that happens in the UK process. But we ended up something called the Edinburgh river firms badly spelled typo there, I should have caught that. When our chancellor, the new chancellor, well of many Chancellor’s in the UK, in recent times made the presentation as to what to expect if I could have the next slide, please. So there’s a quick, quick run through all the many, many things that set the scene for 2023. And I’m going to pick up now on a few wonderful themes that I think have arisen from this. And what I’m really trying to draw out is the extent to which those of you that are looking at compliance within a regulated institution have to be aware of how many things are changing, or potentially going to change with some speed in 2023. And as I had been talking, and indeed, the whole theme of today’s webinar is UK EU, I will be personally speaking somewhat towards the UK end of this, our colleagues that are presenting as well, you’ll be giving some of the European slides on that too. But if I just put the UK hat on for a moment, I came across this rather wonderful statement and management here to Linden Nelson, ex Deputy CEO of Bank of England, who I think coined this regulation Jenga. How many bricks can you take out before the whole thing falls down? So if you are in the UK, and you’re looking to obtain what I think the politicians called, call the Brexit Brexit advantages or Brexit positives, then to what extent can there be a degree of deregulation within the UK that would, for example, make mobile capital with firms that are not either way bothered? Should they list in London, should they perhaps look to obtain the investments in London rather than somewhere else without weakening the regime modelling overly much so it has to still remain a strong regime? Look at it holistically before it all falls down, which brick is it that’s going to be pulled out that makes it collapse? You know, things like for example, the extent to which the pensions industry was as exposed as it actually is to something called liability driven investment. I didn’t hadn’t heard of that myself, until the back end of last year, which is a particular type of investment fund only was exposed as a consequence of the very poor decisions made around around the budgets last year by art shape ever changing political landscape, the refrigerator is everywhere is my point. So quite a tricky thing. But this is the big theme that we are going to be seeing. And on the next slide. I’ll try and touch on a few points around this that the now rather more stable treasurer. So the our treasurer Jeremy Hunt, they’re pictured has been in place for a number of months, which in recent times in the UK, for those of you following UK political history is quite a long time. There’s been some turnover during 2022. So in Edinburgh, just before Christmas, there was a presentation of a number of potential reforms. A few quotes leaving the EU EU gives us a golden opportunity us as the UK to reshape our regulatory regime and unleash the full potential of our formidable finance sector it says. So, for example, what could be reviewed, what could be repealed? What could be replaced? So let’s go back to the regulation Jenga, which of those bricks could be taken out that might make the UK? Well, let’s not go back. Thank you. That’s it. I’m not controlling the slides. Which of these would be possible to be removed without making the overall framework? Weak, but making it still very competitive. So Jeremy Hunt was looking for a bold collection of reforms, but within the overall financial services and markets bill, package Fs MB is being revised at the moment. So that’s the overall package of things that looks after the whole of the UK financial sector, a whole range of reforms proposed that are being proposed from the disclosure regime, for example, from disclosure requirements, I should say through to the listings regime, and indeed Prudential rules for banks that that last bit is very obvious. I’ll talk about Basel 3.1 In a moment, aka Basel for anything and everything that holds back UK growth or puts companies off listing here or putting capital here is up for grabs in these things called the Edinburgh reviews. If I try and summarize them, you’ve got there at the left, bottom side of the screen review of MiFID and solvency two as those are applied in the UK, ring fencing was something that’s put into place to try and protect retail assets, retail investments, I should say, within large, complex institutions that might get reviewed, the maybe a loose loosening of the SMCR. That’s the senior managers certification regime in certain areas, calling that was the proposed attempt of government to have slightly more political power over the degree to which regulator is independent and director regulated to make amend or revoke a rule that’s been scrapped, which is just as well to maintain the regulator’s independence, probably as a consequence of the debacle at the end of last year. And of course, things like FTX. And then we have an important one, actually, the financial markets, services, markets, financial services and markets Bill wrong acronym, looking to upgrade the extent to which UK regulators have a secondary objective about competitive and it’s not just about protection of the system, but about making UK regular UK competitive. So I thought a picture is an order. That’s a little seesaw there, deregulation would be nice. So very well and good to talk about all these things. But it actually is a huge stack. And that’s just a few things I put in the red blob there. On the right hand side that are weighing down anybody with a compliance hat, by anybody with to dues to do with compliance is gonna be very, very busy. As a consequence of all these changes, can I have the next slide? Just a little bit of detail around this, as I’ve touched on some of them now. And I’m conscious, obviously, of the amount of time I don’t have to go through everything. But the big thing coming through the consumer duty UK FCA regulation, requiring firms to consistently deliver good outcomes, it’s an upgrade of an old thing that was called treating customers fairly. The difference this one is it’s going to be highly proactive, it’s looking to strengthen that old conduct regime to drive cultural change to get customer trust instilled into the whole financial system. Those are the objectives. So proactive efforts around foreseeable customer harm. So at the senior management level as well, this is a this is a senior senior management, is there anything that could have been foreseen that would cause consumer harm that should have not gone to have it should have been dealt with? And this is about achieving products and services, definitions, price value comparability, all these other things that support it, and they’re How do you measure and demonstrate all this, and that, again, is coming in, I’ll mention this again, when we get on to operational resilience in a moment. Another big theme about what’s coming? How do you measure these things? What are the qualitative stuff in there? How do you measure and thus demonstrate to the regulator that you are in compliance of these forms of change? That does imply a lot of interesting, potentially qualitative data collection rather than quantitative data collection, it probably implies the use of read texts, rather than rec tech solutions, rather than just obviously spreadsheets and post it notes in the old style, or just a large scale GRC.

But something much more fine tuned might enable you to demonstrate compliance across these multiple changing requirements. And this one’s quite squishy. It’s not the calculation of capital numbers, for example, some timelines around that there was a motivational dataset was called to achieve board focus. But you’re looking there to have some much more tangible detail from both the production of key info on financial products by this spring, on applying from the middle of this year. Next slide, please operational resilience, another one that’s already underway in force supposedly, in the middle of last year, but in practical terms, rely on it to be put in place by no later than March 2025, which is quite a long way away. So you can ask the question, actually, firms should probably have opposite operators in place, regardless of regulation. If you look at the next sub bullet I put on there. It’s good for self industry and consumers. What is it? It’s about not having a critical incidents. And I think that’s most important to have anything that’s got impact tolerances for each business service that might have what have we got their permanent customer? I think the this is intolerable harm is the key point. And realistically, that worked example, I put in brackets in the Telex at the bottom. So, you know, waiting for restoration of backups, you know, they’re going to come but it’s not an option. In the meantime, you’ve got to have manual workers. That’s just just one example. And of course, to get that all planned out in peacetime This is to say, whilst you haven’t got an operational resilience, failure, there’s been lots and lots of examples of this, particularly in UK spirit, I’m sure there have been elsewhere in Europe and obviously elsewhere in the financial sector, globally, where anything has failed, ranging from, you know, an IT system to a significant cyber attack that has caused an operational failure so that services can no longer be provided. The requirement of this regulation is that it’s an obligation on the firm to ensure that those services are continued to be provided. So there’s measurement called what is an important business service, what is an impact on earnings? How do you data soup? How do you data signify this so that you can measure it? And quite probably again, as I said, put it into a And then there’s quite a big industry actually out there now for operators packages that enable firms to demonstrate collect the data and show how they’re doing in this regard. So there’s another big one that firms I’m sure will be looking to figure out how they actually say how you operationalize and operationalize operational resilience and make it a measurable item that can be put into a firm’s compliance response. Next one, so again, I’m picking on just a few things Basel 3.1. Okay, Basel four has been talked about forever. It is, believe it or not, the tail end of the installation of the things that arose after the last global financial crisis, many, many moons ago now. It’s been touted in the UK as first Basel three package designed outside the EU. I’m not sure about that, particularly, there are plenty of others internationally that have been designed outside of the EU. But nonetheless, that statement, I did find, so I thought I quoted the significance of it, I tried to show pictorially. In the old days, of course, UK regulation, implemented largely as the consequences of going via Europe, UK, Financial Supervisory regulation that is, so comes from Basel, that’s the little tower, going via Europe and ending up in UK regulation by the Bank of England or the PRA, there’s a little picture of the building. And the new world, of course, at the bottom of the slide is showing Basel straight through to UK with no Europe in between, I’m just trying to show that pictorially an example of a package at the moment. We have in UK a process called but typically typically illustrated by the consultation process. So the fourth bullet down the Prudential Regulation Authority, consultation paper, CP 1616, in 1922, in 1920, to 2020 to 400 pages long. The good news is you still got until the end of I think it’s March to submit any responses to that if firms want to. It’s a big and complicated piece of consultation around Riva revisions on risk weighted assets, on how to make them less sensitive, less, sorry, less variable and more risk sensitive, but nonetheless, still backed up with an output floor. So risk model weights are too far behind standardized approaches, then the standard those approaches still apply. It’s, you know, there’s lots there, I don’t not try and make this into a Basel three discussion. And I’m no expert in that, particularly, but I think it’s really important to notice that this is ongoing. You will find if you’re concerned as a compliance person about this, it’s mostly perhaps to do with financial control, as opposed to compliance. But he’s just another example of things that are changing. And this is quite significant. It’ll introduce a need for a capital capital adequacy requirement projects during 2023. To ensure that these changes are in place, and will result potentially in a firm needing to reconsider its business model over time, as you can see, there, there’s likely to be an overall penultimate bullet point, the papers do consider a 6% increase in capital requirements over the next several years. So that’s still quite a push. Okay, let’s try the next slide. ESG, I think is next a few words about that. And I’m wondering if 2023 is a tipping point in environment, social governance regulations, there’s a massive amount of so that little circle is just everything feeding into itself to become a tipping point where it’s no longer a talking point, but actually an action point. And there’s more and more emphasis in ESG in everything that’s been spoken about, and more importantly, it’s becoming I think, rather less woefully toughening and definition of regulations is occurring, the taxonomies are starting to standardize, starting to appear. Regulations appearing in multiple jurisdictions, substance substantial regulation in in in Europe. Now, as you probably know, many of them and many starting to appear, there’s a slight difference in timing. Let’s look also, I’ll come to the timing differences. The last thing I wanted to mention in my circle of illustration was codification of disclosures and reporting standards. Again, these things becoming tangible. taxonomies becoming tangible. So is 2023. The point in which things start to tip. So let’s look at a couple of examples. I’m picking on them. The difference here in Europe has been the SFD R and this is just around asset issuers. There are many regimes or disclosure regimes. This the SFDR is a securities finance finance disclosure regime. The SDR is just a disclosure regime. It is a difference in style, which is quite interesting. SDR in the UK is a labeling regime. SFDR is a disclosure regime. And the labeling requirements are again intriguingly different. In excuse me it also I’ll come back to the live reporting as quickly mentioned the timing differences. We’ll come to the labeling and labeling difference. The timing difference effort SFDR has been around and has imposed mandatory ESG disclosure obligations. For some time, I’ve also walked away from a different hat I’ve been wearing that the impact of that also will result in of course, in in, in a potential impact on capital as well, where potentially some of these risks are starting to be codified under pillars two and three. In the UK, the SDR, on the other hand, as at the end of last year is still merely a consultation. So you do get have timing differences there for firms to concern themselves out, you can see the challenge if you’re in compliance, I’m very aware of it, how multiple and different it is to deal with multiple jurisdictions, even if we’re going I’m talking about just UK splitting the revenue from Europe, you started to see some annoying differences. Emphasis on labeling I mentioned in the UK, we’ve got these wonderful new terms is an asset focus, and ESG focus and ESG improver or ESG impact. So how substantial Is this the quantity of sustainable assets? In for example, your fund? Are they committed to improving their ESG scores? Or is it a definable positive and measurable impact? European version of that is, is something looking there to make us it’s not on the slide, making a substantial environmental contribution, or to merely do no significant harm, or to meet basically minimum standard. So there are different again, different taxonomy called taxonomical differences, which are pretty unhelpful. So lots of wrapping your head around. And the last slide is a wrap up on this, and I say I’ve only really touched on some of these points, multiple changes, I tried to pick out a few that I thought were really quite impactful. But of course, there’s many more not the least of which crypto, which I didn’t mention, when can I when can briefly mention it. But you know, since obviously, post def TX has been a lot more emphasis on this speeches from regulators from UK. In particular, there’s been some quite positive noises at the beginning of the year saying, Hey, we’re going to be a crypto hub at the beginning of 2022. When everything is positive, and before it will all fall over. Is that still going to be the case? Of course, now, there are many noises about it should just be treated as like anything else is still subject to corporate governance controls, record keeping, protection of customer funds, all the other good things that you should be doing, but it’s it goes outside of many influences. Still. There’s a very recent Basel output, quite simply looking at your ban it can we contain it, she regulated, which of these. So I think you’ve got to assume, and the financial service and the FSB, sort of punish students board is certainly looking at 2023 is the time that crypto is brought to heel, you should expect that data protection. Next both point down technology and innovation from regulators perspective priorities,

you know, a lot of digitization around what regulators do that’s going to change things, the availability of data, generally, big tech coming into the financial ecosystem, subject to regulation, I would expect various other acts getting reformed here and there. What I didn’t mention, but I think it’s the worst with any honest and lovely anecdotes, the greening of the UK housing stock, somebody said the other day, so very well in good hands sustaining sustainable finance. But can you find somebody to install a heat pump, given that it’s hard enough to find a plumber to install a tap? Maybe getting a heat pump put in is a bit tricky. And we should all be investing in the appropriate screening skills of the housing sector, that alone worrying about regulation. There’s my little anecdote to end I can shut up now. There’s I hope that was a run through what’s going on the remaining many things,

Asif Alam

James, and I know you can talk for another hour on and on, because there’s so much happening, right, and I think 2023 will be such a busy year. But really quickly if she left, we can go to the next slide. If we can introduce Carol and Carol, over to you. I just want to save time and we can leave questions, a lot of questions, but we will do it towards the end. So over to you Karol.

Karol Wojtczak

Thank you, Asif and thank you for having me here. Um, I will talk about the 30 you supranational risk assessment that has been just issued the last quarter of 2022. It is consideration by the European Commission of the past, I would say four to six years of knowledge and experience gained under the AML directive and pre supranational risk assessment of the 2017 and 19. In what the European Commission considered for this third risk assessment is definitely the previous two risk assessment. Whereas the third one is a natural development of what we already know and learn through the previous risk assessments. And of course, the supranational risk assessment they do have impact on the National Risk Assessment of the member states 27 member states in European Union, and then of course, all obliged institutions They are performing their own enterprise wide risk assessment. So all of that is being cascaded down from this supranational risk assessment. Hence, the past through the third super supranational risk assessment will have impact on what will happen in 2023 and beyond for the next two years when the third use of financial risk assessment will be in force. Also, the European Commission assess the results of the implementation of the suggestions and recommendations of 2022. There were like two sets of recommendations in sorry in 2020. That European Commission issued towards the light institutions and the member states. So, effectiveness of those is being assessed in consideration for the third risk assessment. What is also interesting the European Commission considered the package of regulations related to AML, which covers EU wide ml act as a set of rules directly implemented by EU, which is the subject of 2023. Right. So, this far the European Commission has been in the European Union has been issuing the annual directives, right for 56. Now, there will be a set of rules that are immediately implemented by the countries not adopted to the law system of the country, but immediately required to be followed. And also what is interesting, the ML authority for the European Union will be in force and start to act. Currently, as I spoke with the Chair of the Moneyball, the headquarters being chosen, so we will soon learn probably any any moment soon, where the amla will sit in the European Union and will start to regulate the European Union Market. So definitely 2023 seems to be an interesting year in EU from an regulatory perspective looking at what what will happen. But moving on to the content of the third us supranational risk assessment if we can go to the next slide. I will also explain what is what is there. So basically, the European Commission is three things like 43 products that are grouped within the eight areas. So the cash related products and services such as cash, cash careers, cash intensive businesses, high value banknotes, for example, European Commission mentioned about the risk of high value banknotes and the paradox of cash in the types of the COVID-19 or post COVID-19. Were still the criminal world is overwhelmingly cash based right. So, that is where the risk is being concentrated as well. This is also why recently German regulator was criticized on the field of the risk mitigation related to cash. Right so the cash is one of the eight areas indicated by the European Commission as the risk risky sector, then the financial sector, so depository accounts, retail and institutional investment sector, corporate banking, private banking, even CRO finding currency exchange. IMANI that is interesting as well, because the European Commission covers a very wide range of products under that particular area within the financial 17 basically products within that area. So within the financial sector lack of still there is a notice lack of clear and consistent rules. Also inconsistent AML and counter financing terrorists supervision across internal or European Union markets. Insufficient coordination and exchange of information among financial intelligence units continue affecting the European Union ability of being an effective in the anti money laundering space. Um, the third one is non financial products and services such as legal arrangements, high value goods, high value assets, and so forth. The European Commission focuses on now, the main vulnerabilities linked to the concealment of beneficial ownership trust nominees and no longer on specific moments of the existence of legal entities and legal arrangements right. So that is the change. So when we talk about non financial products and services, such as legal arrangements, there is a certain change that we should pay attention to. Then, European Commission treats about the gambling sector that is a fourth area. So the gambling sector is definitely characterized by currently by fast economic growth and technology. development in particular, with the strong role of the online sector during and after the COVID-19. In this regard, the number of the component competent authorities reported risk arising from online gambling have increased further since the publication of the lowest risk assessment in 2019. So, the for the first time this assessment considers exchangeable tokens used in video games as a simulated to crypto assets. So, basically the for the assessment of that particular area should go up in terms of the risk level, then on the fifth we have non profit organizations here we will not I will not talk a lot because basically there is no change we know what is the risk related and risk related to nonprofit organizations. There is no big change in the third risk assessment, professional sports not a lot of change here as well in increasing threats has been noticed due to the impact of the COVID-19 to the financial and financial condition of the sports club. So, that is being noted, but basically no change from the previous risk assessment. The Free Zones continue to being regarded as presenting high money laundering risks, so, that that is mentioned and considered. Now, what is very important in terms of war, the investor citizenship schemes and investor resident schemes are increasingly bringing the risk to the scope. They are in breach of the European Union law. And the commission has an arch member states to immediately repeal investors citizenship schemes from the from the regime, right so 19 out of 27 member states were urged to remove those schemes. It has also called I mean, the European Commission also called on member states to ensure that the investor residents schemes are subject to the rigorous checks are no longer in place and are not bringing the risk to the market. The risk of such schemes have for recently, of course, been highlighted in the context of the Russian aggression against Ukraine as national subject to sanctions or significantly supporting the war against Ukraine may have quite ill say possession to residence permit in member states that allow them to operate from outside of Russia. So these are the eight areas and moving to the next slides. There is also an outcomes and take aways. And I’m just making a summary of the first part of the risk assessment which is an executive summary of 28 pages. But basically, the risk assessment itself is 300 Pages document with detailed risk assessment and the values that we can adopt to our risk assessment of obliged institutions. European Commission at the end of the documents gives a reference to the mitigating measures such as the direct impact of the fifth annual directive also refers to the mitigation measures in the current legislative in place. And the one that is projected projected that I mentioned at the beginning, that is scheduled for 2023

also indicate supporting measures. These are, you know, like a supporting measures to heart regulations, which are related to data collection and analysis. also trainings and public awareness in terms of the ML and, counter financing terrorists. Risks at the end. there are important recommendations and follow ups, which sets the tone for the future of I M L in the European Union.

there are recommendations to the European Union, union, supervisory authorities. there are also. Recommendations to non-financial supervisors. Right? So, the wide range of the supervisory bodies is being covered through the recommendations and the details of those recommendations.

Well, we need to study as per the sector and the business that we are engaged. there are also 11 recommendations to member states, national authorities, and national super. Supervisor. So for example, out of this, 11, there is an in and there is a recommendation related to the increase onsite inspections by, supervisors and thematic inspections.

So the regulatory body, the, oblige institutions may expect that the regulators will visit them more often as this is what comes from the, recommendation and follow up of the European commiss. also the European Commission at the end in the recommendation urged the countries to deliver the wider list of obliged entities.

So we may expect that the compliance measures will be put on the new sectors. That is increasingly interesting. also what is being mentioned in the recommendation of the public-private partnership in anti-man laundering. Should grow, right? And, deliver the tangible, like a tools in order to increase the effectiveness of IML measures.

also, there are certain recommendations related to risk analysis by, product and service. And there is a set of specific recommendations specific based on the eight areas that I mentioned before. So, of. That is just a brief review of what is there. It’s very important document that has been issued on the 27th of October, so fairly fresh and sets the tone for the following two years when the fourth EU supernational risk assessment will come.

Asif Alam

Thank you so much.

Karol Wojtczak

Thank you, Asif. Thank you all.

Asif Alam

Thank you.do you have a few more slides or are. I’m good. I’m good. Okay. This is it. Okay. So Karol, thanks a lot. Thank you very much again. it, I’m so glad that we have set up this, panel to be here and it seems like the general theme between what I’ve heard from James and what I’m hearing from you, Is that in this area there is a lot of work that needs to be done in 2023 for sure.

Now we will, pass on the mic to Daniel. So Daniel over to you. we have about 15 minutes and then we want to leave a few minutes for question and answer also. So over to you Daniel, and thanks for joining.

Daniel Buckingham

Yep. Thanks . Thanks Carl. Thanks James. thank you for having me here. what I wanted to do today was not so much delve into what is the Russian sanctions, why has it all come about?

I think there’s enough in the public domain and people on the news that people know that more than anything, I just wanted to kind of reflect a little bit about how it’s come to pass in terms of what’s been rolled out, what the expectation has now become. and think about, well, some of the challenges that’s had on institutions and what might that mean as we kind of move forward as well.

So I’m sure most of us, when we first started following the invasion of, of Ukraine, we would’ve heard in the news, would’ve seen in the articles referenced multiple times to something that was unprecedented response. And, and that’s actually an important context here. So what did that actually mean? So bit of, you know, historic context. Sanctions is obviously not here, not even for Russia, but typically sanctioned programs, they’re usually rolled out over a significant period of time. They’re usually com in comprised of multiple rounds of punitive measures and then, you know, additional add-ons to that. And so firms, whether it be, you know, banks, other financial institutions, even vendors themselves, they’ve had years in order to develop these kind of programs and capabilities in, in line with.

When? When it came to Russia though, it was a very different approach. It was rapid, it was swift, and it was severe, right? It was very wide com encompassing. and it basically happened overnight and you ended up in a situation where within just a matter of weeks or even months, it suddenly became the most comprehensive sanctioned appraising ever imposed on a major economic power. And that even itself is quite significant because once again, you know, a lot of the historic sanctions, even though they have hit or been levied against other kind of economic, jurisdiction, It’s not to the size and the scale of Russia. And so the exposure that that is actually created, not just here in Europe and the UK where it is actually large, but across the world is, is is far and away greater.

Than what we’ve seen elsewhere. And that has its own problems. And I’ll get onto that in a, in a little bit. But, you know, the sanctions imposed, they weren’t necessarily, unique in terms of what they went after in terms of, you know, they went after the central banks, they went after financial institution assets, you know, controllership and, and ownership structures, etc. But what also actually happened was they were being done at. And they’re actually also being done in quite new and novel ways. So Karol actually, touched on something in his presentation there about, you know, the kind of citizenship or the, you know, the Visa programs and things like that. So a good example that we saw here was historically Article four and five for, Iran required us to report against certain, transactions at certain values, but it was a reporting. Suddenly for the Russian sanctions, that’s now prohibited. And so instead of being, just having to report, we now have a prohibition in place and it was actually quite indiscriminate. It actually started to touch on things like if you are a Russian national or a Russian citizen, so suddenly you are, you are del, you know, you’re delving into a situation here where people with dual nationalities, suddenly are being impacted. And suddenly, if you are processing those payment, You’ve got a consideration at hand here, which is something we haven’t had to look at or at least it to that kind of scale before. it was a multinational response, right? This was a concerted effort by Western Powers in order to, you know, try and I would say destabilize and, and limit. Their ability to not just try and fund and, and, and seek, you know, opportunities in order to be able to progress with their invasion and their war, but also to try and destabilize the economy into, and, and, and, you know, allow for an element of chaos to take place.

The problem there was that the speed in which it was also happening meant. It was not necessarily coordinated from everyone came out at the same time with the same sanctions. In order to try and create a consistent approach to this, everyone came out at different points in time, in quick succession with different sanctions and, and that kind of gave us then a situation where you could have one sanctioned entity where from a US standpoint, Had general licenses in place, which would allow you to do wind downs for certain customers or your own exposure. The EU, for example, may not have done any designation at all. The UK, on the other hand, has gone to a full asset freeze. And so just that by itself creates a lot of complications because then how do you, how do you kind of deal with that? You can’t set a consistent risk, risk appetite to how you approach those things.

Suddenly you’re forced to look at everything on a case by case basis. That’s actually there. And, last point I got here, you know, the general licenses, it almost became a bit of a corrective measure at the start of this exercise where things were happening so quickly. And it was so indiscriminate in terms of how many in, in terms of a lot of the sanctions that were being released, that a large number of general licenses needed to be issued to provide exemptions, just to allow firms, their customers, That, you know, were being impacted that shouldn’t have been impacted. An opportunity to try and just navigate the situation. But in all honesty, you know what, it’s actually done here. It is really raised the bar in terms of expectation. It’s happened quickly. And, you know, regulated entities were expected to react quickly on a scale that we haven’t seen before. The complexity, the nuance that are there and the speed of adoption requirements potentially sets a new precedence to, to look, to look at. Just going to the next slide. So what challenges did this present firms? Well, I think the simple answer is lots. you know, the. Just the nuance that was actually there, as I alluded to before, just with, the different types of regimes, having different sanction requirements for the same entity really meant that it was difficult to try and, you know, adapt your controls, adapt your processes in a manner that you could e effectively deal, deal with this. The types of things that you are now being asked to do. Right. So for example, you know, we’ve always had challenges with, OPA ownerships, complex structures, offshoring, secrecy in o havens, things like that when it comes to Russia. Well suddenly now that became even more important because as firms are looking to assess their exposure, Assess their risk appetite lower their thresholds or their tolerances meant that you need to delve deeper and deeper into these things very, very quickly. And so a lot of the data that firms had already acquired over the years either no longer satisfied their needs cause they, and they had to go away and find it, or they may have it, but it was not presented in a way that they could use and put in place in controls in a quick, in a quick manner. And so I think a lot of the industry found itself very much.

Reverting back to kind of manual processes, stopping a lot of activity. Shifting through it, asking people to try and un make sense of what’s actually going on. And that itself also created a lot of issues for for firms because it suddenly meant that, you know, manual processes, they’re slow, they’re prone to error, but it also meant that suddenly you are coming up against other regulatory mandates that were out there that had nothing to do with sanction. Market trading rules, PSD two and the speed of payments and things like that. You’ve suddenly got hundreds of transactions on hold and you’ve got people looking at it and you’re, and you are violating these rules, or you’ve got customers there now, and I think this is one of the biggest learning points for a lot of institutions, is because the exposure was on a scale that they’re probably not used to, and it was so diverse across their customer populations. Suddenly the customer themselves really put a new emphasis on things here that we’ve probably been afforded the luxury to, especially in risk and compliance functions. Probably ignore a little bit in the past, right? But now suddenly you’ve got major customers sitting there with huge amounts of exposure.

You’ve got an economy in the background whose currency is tanking at the start of all of this. You’ve got sanctions being levered against asset types and other organizations, you know, even including energy, stuff like that. And people need to unwind or they’re trying to hedge their, their, their, their exposure.

And we’ve got their transactions on hold. And so they’re racking up the losses. And so I think that’s one of the things that’s gonna be interesting to see how that plays out, because I imagine a lot of firms have and will continue to face a lot of challenges through litigation and other things off the back of all this, just because we weren’t really ready to deal with this at this kind of scale.The lack of consistency I’ve kind of already, spoken about there. The other thing, Evasion opportunities. That also increased some, some of the complexity here as well. And really started to push the response we needed to have in place, also into more of the a m L domain, not just the typical sanctions lens and screening and stuff like that.

Because, you know, you suddenly got a situation where Russia, or a lot, a lot of, the ruling elite and stuff in Russia have had an opportunity to prepare for this in advance. Right? And suddenly there’s transfer of owner. There’s offshoring of funds, there’s capital flight situations going on, and that kind of suddenly lends yourself more to the AML domain and what to do with all of that. So it’s also pushing the boundaries in terms of how, how you need to look at this and what it is you need to, you need to actually do.

apologies, . and then, you know, again, as I said, just the exposure to Russia itself, I think that was just a big learning opportunity. I think a lot of banks really, or firms may have easily or readily had an understanding of just how much exposure they, they, they had. just quickly move to the next line.

I’m just mindful of time, so, you know, what does this mean going forward? Firstly, one of the things we should think about here is, could this happen again? And I think the answer to this is probably yes. I mean, if we look at just the geopolitical situations going on, And where they tend to be heading.

There is a good opportunity or a good chance that this could happen again next time around. Though I think this has been a learning exercise, not just for us sitting on, on, you know, on the, on the receiving side of needing to implement the programs, but the regulators and the authorities themselves have, I would say, have learned a lot here as well.

So next time I’d expect it to be much more coordinated, much more structured in terms of how it happens. And probably a higher expectation of the industry to be able to adapt and implement that at pace as well. The, just the complexity that’s there, it just continues to grow, right? And that also increases the cost of compliance for firms.I think here there’s an opportunity for, for institutions to really start thinking differently about how we might need to approach our sanctions programs. How do we kind of leverage existing capabilities within the institutions? I think there’s opportunities here to start thinking more about how do you use transactional monitoring? How do you use entity resolution? How do we use networks and network analytics as all additional capabilities to try and help us? Deal with the complexity that’s actually going on here and, and move away from these kind of manual approaches. Hopefully be better prepared to, to deal with these things kind of going forward. Another one is just firms needing to look at their risk appetite and in particular, They probably need to think differently with their risk appetite, not so much around what’s the risk here, and do my controls allow me to manage that risk? But what happens if I have to unwind from that exposure again? Or I have to help my customers unwind from that exposure again? How do I actually do that? And if it occurs, what’s that gonna do to my risk appetite? Can I stay within it or is it just blown away? So there needs to probably be some different considerations around the risk appetite and your agility to actually deal with. But, look, just to stop there. I mean, we’re only touching the absolute pinnacle of the or the tip of the iceberg here in all, in all honesty. But we know, one thing I think will happen is there’s still a lot more lessons to be learned off the back of what’s happened here. we still don’t know the full of everything that’s happened, how well the industries respond. This what’s gonna happen off the back of it. So there’ll probably be a lot more lessons learned that’ll come out that will help us all guide, you know, help guide and direct in terms of what the expectation is and what it’s we might need to do. So let me, lemme stop there. So we’ve got some time for, for questions.

Asif Alam

Thank you. Thank you very much. And, very fascinating, all three of you. some very good perspective as we go into, 2023. But before we do that, before we go to the question and answer, I just want to very quickly, maybe take two, three minutes to talk about why Compliance.ai and, what we do.

Frankly, with all what James and Karol and Daniel has said, we are seeing it because legal risk compliance professionals are finding it increasing. Challenging to track, react, and report to reg changes. this is really due to the rapid uptick in both the complexity and the velocity of reg activities across international jurisdictions.

We keep hearing from our customers that the legacy approach to this challenges have proven to be costly. I think, Daniel, you mentioned it often, Time consuming, error-prone and non-scalable. And, and many of the legacy approaches provide solely law, raw reg feeds and lack sort of summarization, extraction, change management and reporting capabilities.

What we do at Compliance.ai is that, and this is what I say, is that we provide ai for compliance orchestration that really provides a new approach to direct change management, helping you simplify your workflow to monitor, react, and audit in real time. We collect and normalize. We routinely automatically gather and normalize direct change from 27 plus countries at this time. auto translate, multiple languages . About 200 different documents, about 1900 plus rec sources. We reduce the noise. We then apply our purpose, build machine learning based models to rate, rank, summarize, relate, so really making it easier, simplifying for you. We routed subsequently, we apply automated business profiling to reduce the noise and only surface focused and highly relevant change.

What is important to you analyzing and reacting? you know, using, again, our built-in workflow engine, we automatically route tasks to appropriate team members within the compliance team for each change and at each line of business. And lastly, we report. We provide, we enable running easy to use and on-demand.Reg activity reports use both for internal planning and for audit report. And, and last but not the least, we work really well with others. Our solution seamlessly integrates with, I would say, Tie in with almost all the third party leading GRC solutions to trigger compliance risk and incident management process. We augment really well with our rec coverage with partner provided premium content. So, a very quick two, three minutes view on what we do and if, if you guys. want to see a demo, quick, 20 minute, please email us or go on our website and you can very easily, do it by going on compliance.ai or emailing us, and we’ll be more than happy to set up a demo.

At this time we have about five minutes or so. Sheila,, if you have any questions, do you, if you have received any questions, can you please, let the speakers know.

Sheila Khosrozadeh

Yes, absolutely. We just got one that says, what is the source of our regulatory intelligence for Compliance.ai?

Asif Alam

So we get source from, ai, premium content.1900 plus different contents that we get,and we go on the internet, we scrub news. So it’s all of all the things all. From Federal state from US and international jurisdictions. So, get all, all kinds of, if President Biden is giving a speech and you want to see how it affects your, rec changes, or if there is Congress or Senate or European Union is coming out and doing something, we capture all that information, through our platform and we provide you that information.

Sheila Khosrozadeh

Great. we have another question. I believe this one is for James. one of the points that you made in slide 10, they wanted to know, how will firms evidence that they are doing the consumer duty?

James Philips

Yeah. I think I picked up something about data requirements there. I think, This I mentioned as perhaps being a qualitative item.how you measure it, how do you collect data for evidence of all the parts, of the journey in terms of measuring the performance of consumer duty success? one could argue is, difficult and something that can be done. You know, you don’t want it to come back and bite you later when you found you’ve not collected the data. You should have. During the course of implementing consumer duty to illustrate that you’re doing things better than you were doing so beforehand, it really is quite a big challenge for organizations to get this thing right. it’s not just a question of saying, well, we’re already doing treating customers fairly, so we’re okay. That’s the existing legislation. there’s a need for firms to look at all aspects of it. And to consider where and how they might be able to gather data that could then be shown, in my opinion anyway, quantitatively to sh illustrate that there is a difference in the level of attention that’s being given. it also needs to show itself in terms of its attention at senior management level. there’s, there’s no getting away from that where the requirement for oversight and delivery, is, a scene in management issue now, and that perhaps has not been the case for many firms in the past as well. So that’s another measurable difference.Firms need to look at it across each of those areas, da data collection, but also to be able to illustrate the cultural and senior management regime attention that’s been made, to, to a adhere to the, to the, to the new require.

Sheila Khosrozadeh

Great. we have one more question that is just asking if they get a copy of the slides, just so everybody knows I’ve got another one about the recordings. Yes. our team will get everything transcribed and put on our website. I will be sending out an email to every person that is attending the webinar, so you guys will get a copy of both the slide deck and the recording to review at a later time. Expected very early next week.

Asif Alam

Awesome. Do we have any more questions or we are good, Sheila?

Sheila Khosrozadeh

Nope, we are good. That’s all I see.

Asif Alam

Okay. So I, at, this point I want to really thank all our, team, presenters, James. Karol, & Daniel, for taking out time and providing some great insights into 2023. As I’ve said that, I feel like the complexity and the velocity will just make in, in our field just keep us very busy in 2023, and, and this seems to be just a start. As I said, of all the information you guys have provided, I’m sure that just on this topic, EU and UK we have to do another webinar pretty soon with all of you. So stay tuned guys, and thanks again to our expert panelists. Have a great day.

Sheila Khosrozadeh

Thank you everyone.

Compliance News

Regulatory Change Management

X