ComplyTech Series

Money Compliance is working on some larger white paper projects. in the meantime, we have started a compliance technology series call ComplyTech. It will begin with covering some of the compliance tools that are available out there. Then it will examine the array of products and where they fit in the compliance operations chain. We are devoting the month of August to ComplyTech!

Plugging Your Bank’s Weaknesses In Cybercrime

Cybercrime is rampant. It isn’t just something the news is trumping up for sensationalism. There are two big estimates, neither are reliable but as reliable as possible currently. In 2009, President Barrack Obama is quoted as referring to MacAfee’s estimate of a $1 Trillion cost to the world due to cybercrime. Fox Business reported MacAfee’s new estimate in 2013 as being $500 Billion globally. Either way, this is a very large cost for something that legitimate consumers and businesses do not get a benefit from. Retailers have been hit with cybercrime that cost them millions. Retailer Target was probably the most notable event that got people’s attention back during the 2013 holiday season, which kicked off a number of other reported retailer victims of cybercrime. And then there was this past winter when Kaspersky discovered how a group called Carbanak stole $350 Million from European banks through a patient and meticulously executed breaches.

Bank employees are particularly vulnerable to being victims and to being the gate for their banks to being victims. Many banks are using SecurID and other token-based login systems with VPN connections with the help of services by the likes of Citrix. These tools allow the bank to take control over the user, not just to prevent entry. It also allows the banks to provide offsite connections to their employees.

I have yet to hear any major bank in the world also implementing a password manager. A password manager is a piece of software that provides a unique password to every password-requiring entry-point and a password to the user with a password that is very difficult to crack, usually very long. But the user would only have to remember this one very long password. The theory is that it is far more difficult to crack a single super-password than to crack many easy ones. The data seems to bear this out. People with password managers have far less identity thefts, data thefts and other types of cybercrime.

There are always exceptions that provide some perspective about the limitations of a better solution. LastPass, one of the most popular password managers, was breached just six weeks ago. But since banks are already relying on vendor services for secured communications, shouldn’t banks improve their communication channel entry-points? The answer, of course, is “Yes.”

Government websites are a wealth of knowledge

Screenshot from Investment In Love

This fact is a bit obvious but I think people often forget: government websites are a wealth of knowledge.

For Compliance Officers, dealing with regulators is part of the job description. It is very important that the compliance officer does not reveal too much information when dealing with a regulator because that could be used against it in other matters. So, if there are ways to get information without having to provide information to a regulator is very useful. Luckily, the US regulators are all about providing as much information as possible.

Take, for example, the Securities and Exchange Commission (SEC). The SEC provides not only its organizational breakdown, but on each of the division’s pages, there are links to decisions, interpretations and research coming out that division. If you work for an investment manager, you, hopefully, won’t have to deal with the Enforcement Division. It is SEC’s division of lawyers who investigate possible misdeeds. Go to SEC’s Enforcement page and there you can find all of the Administrative Law Decisions made since 1960. Go to SEC’s Corporation Finance page and it will provide SEC Reporting accountants all of the official Disclosure Interpretations. Did the SEC just conclude its triannual exam of your fund? Well, go to SEC’s Investment Management page where you can learn about what kind of cybersecurity the SEC might ask you to implement to keep your clients more safe.

All of the regulators have incredible amount of resources. Money Compliance intends to be a resource as well. Regulator’s web pages are well organized, but they aren’t user-friendly for those who do not know where to begin. Under Resources, Money Compliance will begin to make this clear for Compliance Officers. It will try to explain where to go first depending on your role or the various common questions compliance officers ask. Right now there isn’t anything in the Resources page, but keep checking. Over the next few weeks, it will be more robust.

Harper Lee has published her second book Go Set A Watchman; will you read it?

About the Author: M. C. Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 


Accounting Fraud Example

When investigating possible accounting fraud of public corporations, the SEC filings is the starting place. Look on EDGAR, the searchable database of filings on SEC’s website. I will use a 6-K filing from China Finance Online Co. Limited, a financial markets information service in Beijing, Shanghai and Shenzhen. I want to note here that I’m using this company as an example and in no way am I claiming that there is accounting fraud taking place here. There is no proof of fraud in this article.

cfocCFOC claims to provide “vertically integrated financial information and services including news, data, analytics, securities investment advisory and brokerage-related services.” This may or may not be relevant to our findings, but one should always start with the business the company is in.

I’m going to start with the Balance Sheet. Current Assets shrink by about $3M while Total Assets shrank about $20.5M. Total Liabilities shrank about $5M. Which mean Shareholders’ Equity shrank about $15.5M.

Onto the Income Statement. Revenue increased by about $31M. This brings up the first question: Why did the value of equity shrink when revenue increased? First answer comes at the Operating Profit, which decreased about $6M. Part of this comes from an accounting-only transaction where the company marked down the goodwill of something they bought by about $8.1M. But that still means Operating Profits would have been -$10M. An increase in revenue of $30M increases Operating Profits by just $2M? This does not sound like a good business to be in. Because even after Operating Expenses, there are other expenses, like interest expense from loans or fixed expenses from office rent and the like. Net Income decreased by $2M to -$10M. The second question arises: How did fixed expenses eat up the $2M operating profit gain from the previous year and then some. The answer comes below the corporate Net Income line where it splits the Net Income for the business they are operating and the businesses they are invested in. Nearly all of the additional losses comes from their invested companies. The business they are operating lost an additional $10K from previous year. So, one can conclude two things: more revenue means less income and they have made some very poor investment decisions.

As Cash Flows Statement is not required, so, it was not included. There are some big questions about whether this company can be a going concern. While the businesses it operates is not doing well, there doesn’t seem to be major questions about how everything was accounted for, at least not at a high level. But the companies CFOC decided to invest into lost a lot of money and required the company to write down the value of those purchases. Since it is difficult to find any connections to other causes of loss, further inquiry is necessary.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.


How could the Iran-nuclear deal affect your compliance department?

Flag of Iran

Assuming your bank performs transactions for people with international connections, Americans are barred from doing most types of transactions with Iran interests because of the economic sanctions. There are several sets of economic sanctions on Iran and only the the set that were implemented because of the nuclear activity were lifted. Practically, very little has changed for your bank, so, very little has changed for your compliance department.

Even, still, the elation alone is building interest in investment and trade activity with Iran. American entities with subsidiaries in Europe are likely to try to get around these sanction by claiming European sovereign rule. But this only works if the subsidiary can prove that it is not controlled by the American umbrella.

There’s no way to prove this. Just the fact that the subsidiary is a subsidiary and not a joint venture or minority interest deems it American jurisdiction on transactions because the net income is accounted for here in the States.

Minority interest is where things get tricky. If a client is doing business with an entity which has American minority interests and does business with Iran, then that’s territory that requires some legal analysis. The reason for the complication is even though there are many situations where Americans may have minority interests in European entities that will do business with Iran, one of those entities could be a fund that is specifically initiated to do that business. Wealth Americans have access to foreign markets without working through the American markets. It is possible that an American investor can buy into a Iran direct investment fund in London using his British assets. If he is able to do this, then he adds a legal entity layer. He will own a majority interest in an entity that is investing into a fund as a minority investor.

Your department will have to decide whether American jurisdiction applies to ownership of legal entities or if business will benefit the American.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.


Does your CEO understand compliance?

One of the most important things about running a bank is to comply with all of the regulations. Banking is a unique industry for any economy with a central bank because the central bank has the incredible power to increase the supply of money or lowering the amount of assets a bank needs to have against the money it borrows from the central bank. This is the nuts and bolts of running a bank, even today.

But one look at the list of bank CEO’s across the country and you cannot see even one banker. Most of them got to where they are by management promotions. Some of them came up from managing revenue side of a business, generally investment banking. But, for the most part, the rest are managers. None of them managed bank’s relationship with regulators.

So, the answer to my question is “no.” Your bank CEO is hardly likely capable of running a one-man bank if it came down to that.

This, then, should come as no surprise when bank CEO’s do not see compliance as a cost of doing business but a cost that should not even exist.

I feel for CEO’s who have a background in customer service of some sort. At least they have a background in the revenue side of the banking business. For those who have that vantage, banking is often a service that competes with other services and they don’t see business any differently because they are in banking. But, still, who are they kidding? No other business can run for decades with only 3% of their accounts being equity. No other business can have 97% of its assets securing its liabilities. No other business can borrow money every night below prime rate.

This is the reason why having the top manager of a bank who’s right hand is his regulatory expert is paramount to a good bank governance environment.

Of course, this isn’t going to happen in the United States.

Kim Kardashian has a book out that is just selfies; have you read it?

About the Author: M. C. Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 


ComplyTech: Charles River Compliance IMS

A coxswain in the bow at Cambridge Regatta

Charles River is a technology firm that focuses on investment management business. It focuses primarily on the front- and middle-office operations. It has launched a Compliance service. The service offers monitoring, reporting, lookbacks and risk calculations. This application is provided on the SaaS model (software as a service).

Because compliance is a cost center with little to no monetization available, anyway to lower the cost of it is welcomed by the COO. By the way, if you didn’t know already, compliance departments must sit within the Chief Operating Officer’s span of control. For many banks, compliance sits within the risk department.

Implementing a SaaS model for a financial institution means it has no desire to find a way for compliance to enhance revenue centers. This is sad because that means management of those institutions are not looking for opportunities. In the current economic environment, opportunities for financial institutions are difficult to come by. I won’t go into how a compliance department can help with revenue in this post.

Still, the sign that Charles River has entered the compliance market with the SaaS model is a good sign. Charles River focuses on the investment management business but it is a technology company. Their current compliance service is mostly a workflow solution tailored for the compliance department, but I think they will probably find other ways to implement actual regulatory solutions, which is a solution unlikely to come out of information services like Thomson Reuters or Bloomberg.

The Republican Presidential fields is large; who do you think will win the Republican nomination?

About the Author: M. C. Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.