Virtual Reality to bring compliance to life

from Risk Management Magazine
from Risk Management Magazine

One day this will happen. For now it is a headline that is pie in the sky. But there are situations that will come in handy even now.

I’m thinking of compliance training. The current state of compliance training is either classroom training or an online course where there are readings, maybe some audio and or video and then there is an exam.

Virtual Reality is very good for simulations. Here’s a chance to make every trainee go through simulated situations. I can imagine a simulation course with four or five scenarios. Each of them adding complications, making the experience more real. And unlike the current training schemes, the trainee can do anything that can be done at a firm. S/he could do things that are completely unrelated and waste time during the simulation, and then fail. The trainee could decide to investigate something when s/he should have simply reported it the appropriate person first. How about facing multiple scenarios at once. That’s very real. VR can address not only the compliance issues but how the trainee could deal with the emotions that come with trying to deal with these situations. Many compliance issues arise out of pressure and not out of malice. VR can be a very good tool to address this.

The technology already exists. The Department of Defense already have VR “games” to train soldiers for stressful and complex scenarios. Financial Regulatory Compliance simulations are simpler than combat.


Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. He is a member of ACAMS and ACFE. 

Advertisements

Importance of formal training in Compliance

There are many jobs that one can learn from experience alone. Compliance Officer is not one of them.

ACFELOGOLike Law or Accounting, becoming an effective compliance officer requires three sets of knowledge: foundational knowledge gained in formal education, specialist knowledge gained in training, and management and leadership knowledge through experience. Foundational knowledge is important because that’s the common knowledge with which the world operates. And management and leadership knowledge can only be developed through real world experience, no amount of conceptual knowledge alone will make one a good manager or leader. The middle piece, the specialist knowledge, requires training because without it the Compliance Officer simply becomes a Compliance Manager or Analyst.

The reason Compliance is like Law or Accounting is that the logic with which Compliance works differs. The logic behind complying with Financial Regulation comes from understanding a business at the operational level as well as the contribution the firm makes to the financial markets overseen by the regulator. Understanding the operations of a business could be gained through training and experience within a business. Understanding the requirements and priorities of regulators require interfacing with the regulator. Many roles are title Compliance Officer, but the true CO roles are the ones that require both arenas.

CAMS LogoThere are several ways to gain the necessary training. Many large financial institutions have Compliance training. Usually, this is the bare minimum of Compliance training necessary. Some of them might not actually be Compliance training but simply a training about suspicious activities awareness. To be qualified as Compliance training, it should include information about regulatory functions and the responsibilities of various regulators and their interactions with Self Regulatory Organizations (SROs) and private firms. In the US, this means a need to cover some combination of the following entities:

And, at a minimum, there is a need to cover the following topics:

These are a lot of topics and no one can be an expert in all of them. But without exposure to this full spectrum of knowledge, a Compliance Officer is not equipped to dealing with the complex nature of the competing interests without an overview of these subjects. There are several ways to get formal training on these entities and matters.

The most common, direct, and practical way to get the formal training needed to be equipped to be a Compliance Officer are through associations that have developed the certifications.

There are programs at a few institutes of higher education that offer coursework specifically addressing these entities and topics:

  • University of South Florida has undergraduate, graduate and PhD programs in Criminology
  • Pace University has Certified Compliance and Regulatory Professional (CCRP)
  • Utica College has MS in Financial Crime and Compliance Management
  • Charles Sturt University has Diplomas, BA and MA degrees in Anti-Money Laundering and Counter Terrorist Financing, Intelligence Analysis, and Investigations

I have provided a concise, compelling reason why you should be staffing your firm with trained Compliance Officer or training the untrained employees who are moving into Compliance. Hopefully, this will be a good starting point for you to think about what kinds of issues your firm will have to face and the value a trained Compliance Officer will bring in handling them.


Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience. 

Is it time to grow your compliance department?

US Beach Volley Team celebrate winning at Athens Olympics

No… or at least you hope.

For most financial services firms, it is a resounding “yes.” Why? Because your firm has not tested various measures set in place to comply with Dodd-Frank.

Unless you are one of the 40 largest banking institutions in the United States, compliance demands are much more than the compliance department can handle. A smallish bank with assets of about $15 Billion will have the full spectrum of depository financial products, a full spectrum of retail lending products, and some limited investment and financial advisory services for individuals, businesses and governments. Aside from a lack of active funds and securities trading floors, this pretty much covers Dodd-Frank. With about $700 Million in Revenue and about $100 Million in Net Income, the bank probably only has about $1 Billion in equity to play with. Reducing that Net Income means, reducing that equity cushion some more. So, then the bank takes on riskier loans for higher interest revenue, which will then require more compliance professionals, undoing the higher risk taken to offset the additional compliance cost to begin with.

Some of the solutions available to other industries is not available to your bank either. The bank cannot outsource compliance all together because… BSA compliance will not allow it. So, how can a smaller bank cope with the cost of complying with the regulation?

Merger is one method. Just become a larger bank, decreasing the marginal cost of management and overlapping markets, and simply have more resources available. This method defeats the purpose of the smaller bank because smaller bank has its own value proposition to the market, mainly, familiarity. You’re not supposed to be a nobody in a smaller bank.

Outsourcing whatever possible is another method. This is a tricky proposition. This might provide the bank with the leverage pressuring the vendor to reduce costs and, hopefully, the vendor can because it has other customers from which it has learned to be more efficient. On the other hand, this is at the cost of an internal culture that might have made the bank successful to begin with. Plus, the vendor actually has no incentive to pass on the productivity gains to the bank. And when the vendor screws up, the laws do not really have a recourse for vendors, which means the bank is taking on an operational risk as well.

This is what I propose for such banks: Hire senior level compliance officers as a service from vendors while hiring lower level compliance officers directly. Obviously, the chief compliance officer cannot be external, but all of the direct reports could be. The idea is that this regulatory change is being managed by people who have experience across the industry, and the bank can train lower level employees to take over over time. This hybrid method captures the most important part of hiring an external firm while obtaining the bulk of the manpower to maintain the business-as-usual processes and perpetuate the culture of success.


Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 

Are your advisors text messaging clients?

90210 on CW
via Fanpop

Where you know it or not, the financial advisors at your firm are likely text messaging some of their clients. If you are not capturing this, you are letting FINRA to build a case against your firm.

FINRA might not have a case against your firm for any reason. And noncompliance with Rule 3110 is not one of the major issues facing firms today, but it can be tacked on easily to charges against the firm for other failures. The Rule requires, among other things, an annual review of all communications regarding the business. The Rule reads as though it only pertains to internal communications, but it includes all communication an internal person interacts with, so, it actually includes all communications. The rule is written to avoid public communications that an internal personnel did not actively participate, such as the publication of an article about an interested investment that the advisor had no knowledge of, even if the client did.

Leaving the pedantics aside, the major problem with text messaging is that usually the only repository for them is on the phones of the financial advisor. There are other messaging services that might store messages in a cloud for later retrievable, but that adds another layer of compliance question: is the cloud not controlled by the firm but controlled by the FA compliant enough?

The conservative answer is, of course, no. Whatsapp‘s cloud storage of messages is not designed to comply with FINRA rules. They also have no responsibility to keep the messages, let alone comply with an FA’s firm if the FA doesn’t want the messages reviewed.

 


Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 

Whistleblowers Beware

Rachel Weisz in “The Whistleblower”

There is a danger to doing the right thing. Timing seems to play an important role. If you are thinking of blowing the whistle to the SEC, you might be taking on a risk that is not worth it.

In a recent case, the SEC rewarded just one of four whistleblowers to a single case. The reward was $700,000. It is a big reward, but what of the three who were not rewarded? Two simply accepted that their contribution was worth nothing, even though they stuck their neck out. And because the identities of the whistleblowers are redacted on the order, there is no way of finding out what have become of them.

The lone whistleblower who was not rewarded argued against the results. SEC’s position is that the fourth whistleblower’s information did not provide anything original. Basically, this means the whistleblower was too late in providing that information. There is a market for information and speed is part of the essence.

SEC, of course, doesn’t want copycat whistleblowers, so, to dissuade people from benefiting from other people’s work, they really only consider information they did not already possess and was important to their case.


Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 

Masters, JPMorgan’s Ball and Blockchain

Blythe Masters, the former head of commodities at JPMorgan, became the CEO of Digital Asset Holdings about a year ago and she has been on a tear through Wall Street talking up a recordkeeping technology called blockchain.

Blockchain is most famously tied with the digital currency BitCoin. It isn’t actually part of the digital currency. It is commonly known as a type of public ledger, a recordkeeping system, if you will. It is conceptually simple, but technologically very advanced. The idea is to have one central accounting system for all transactions where the whole world can see. In this way, embezzling is more difficult to do. One can’t only be financially savvy, but also be technologically so. Not just a little but a lot. Because blockchain is  central ledger for transactions, there is an external reference that is common to the buyer and seller. So, when a customer tries to buy something from a seller, the currency portion of the transaction (payment), goes through the blockchain, which verifies that the currency is in the buyer’s account and no one else on the blockchain is supposed to have it.

It makes every penny into a unique penny. We have a unique number on all paper bills in the United States, but that unique number really isn’t used for common transactions. This provides that extra security.

Masters is leading the idea that blockchain technology can be brought to Wall Street. Most senior investment bankers are skeptical. Of course, they are. Most senior investment bankers don’t understand blockchain or BitCoin. And, when they do, they generally know as much as you, my reader, because you now have read my previous paragraphs. To Masters, it is a no brainer. Here’s a technological tool that reduces counterparty verification which should, in theory, reduce the number of days it should take to clear a trade, thereby reducing cost.

The risk, aside from bank management not even understanding the significance of this technology, is the risk of systemic fraud or glitch. But one thing we’ve learned over the last century as we’ve centralized many of our transactional activities is that it greatly reduces the inherent risks of transactions, but because of the way our laws allow for increased risky behavior when risk has been reduced, it will likely increase the residual risks. There are a number of examples of this. When all trading goes through fewer routes to their eventual transactions, there are fewer route that need to be monitored and therefore monitoring and surveillance can improve. But when there are losses, they are usually big because the glitches are systemic or categorical. The Flash Crash it an example of centralizing and automating trades through fewer pipes led to big and quick irrational dive of the market.

I for one is a proponent of the BlockChain. I am not the person to discuss the potential economic consequences of this, but it would be the next step in the evolution of the Depository Trust Company, the central counterparty in US capital market trading.


Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. He is a member of ACAMS and ACFE.