GDPR Means General Data Protection Regulation

If you have been seeing Cookie Acceptance Notifications pop up on many global websites lately, it is precisely because this 2016 EU law, which goes into effect on May 25, 2018.  The law is broad in scope, but the notifications require the site user to accept the cookies being used, which is to document the site-user of opting in to the cookie tracking.  The sites are require to be able to evidence this opt-in.

The major requirement is in the title: Data Protection.  The foundational principle is that the website user owns his or her personal data that the site is collecting, so, as long as the site receives acceptance to use the data, the site also is responsible for protecting the data from data breaches.  Considering the ever-growing prowess of Black Hat Hackers, many sites are opting to purge the user data.  Major social networking site are probably coming up with ways to anonymize user data.

This principle that the user owns the data that is being collected has other ramifications.  The user can request erasure of his or her data.  The user will likely be able to request all users of his or her data, however removed from the originating data collector, to provide how the data was used.  All of the rights of ownership are attached to the data.

This is quite contrary to the American legal principle of privacy, which requires sites to keep the data private, but since the site owns the user’s data, it can do what it can do with any other asset it owns.  The defense of the American legal principle is that much of the data collected are actually intellectual property.  Take, for example, demographic information.  One site may analyze my personal data and conclude that I am a social conservative while another a social liberal; the conclusion is the result of the site’s work.

The EU legal principle suggests that such work may indeed be owned by the site, but if it is derived from the user, then user has derivative ownership of those conclusions.  Essentially, it recognizes that the user’s information has economic value and, therefore, the site will have to have a valid contract to use that data.

Since the law protects all EU citizens and residents and their data, it is global in nature.  Also, if an American tourist logs in from the EU jurisdiction, the American is protected as well.  For that matter, the American would be protected if the data is harvested from the United States but it is stored or passes through the EU jurisdiction.

Some questions remain, at least for me.  Would a company legally headquartered in Ireland but its activities are in Menlo Park, California, is the company treated as an EU company, and, therefore, require data protection to all user information going through Menlo Park because the financial results of that information is reported to the Irish tax authorities?

How about counter-terrorism efforts?

Or, does the public figure have an economic right to his or biography published by a traditional publisher of hardcover books?

Advertisements

FinCEN Final CDD Rule… For Now

FinCEN CDD Rule is the shorthand for Customer Due Diligence Requirements for Financial Institutions, which FIs were supposed to have implemented by May 11, 2018.  The requirement is to obtain beneficial ownership information, financial institutions will have to identify and verify the identity of any individual who owns 25 percent or more of a legal entity, and an individual who controls the legal entity, among others.  At the time of this publication, May 16, 2018, the requirement also includes the collection of beneficial ownership information during product or service renewals, such as loan renewals and certificates of deposit rollovers. FIN-2018-G001 FAQ Regarding CDD Requirement for FIs, pages 9 and 10.  This is the most controversial definition of a new product or service.  Practically speaking, it means a short term 1-month CD will trigger the need to collect a certification of beneficial ownership, which also includes the work of due diligence to support the certification.  There is no provision to apply this on a risk basis, which means the pensioner in Wichita and a Middle Eastern correspondent bank will be treated the same for the purposes of this requirement.  Obviously, FIs as awaiting any guidance on the enforcement strategy from regulators.

Update:  On May 16, 2018, at around 6pm, FinCEN delayed the enforcement of this rule. Due to the unexpected interpretation by FinCEN, FIs were not ready to consider rollovers as purchase of a new financial product.  Realizing that they provided guide far too late for FIs to comply, FinCEN is providing a 90-day limited exceptive relief.  Also, as, what seems to be, a jab at FIs sounding the alarm, FinCEN added:

Consistent with the definition of “account” in the Customer Identification Program
(CIP) rules and subsequent interagency guidance, each time a loan is renewed or
a certificate of deposit is rolled over, the bank establishes another formal banking
relationship and a new account is created…

FinCEN understands that some covered institutions have not treated such rollovers or renewals as new accounts and have established automatic processes to continue the banking relationship with the customer.

 

How to hide a billion dollars: learn from the best

http://tierrauno.utero.pe/2016/04/04/por-que-panamapapers-y-los-paraisos-fiscales-perjudican-a-todo-el-mundo/
credit Utero

If you haven’t heard, the world’s leaders have been hiding billions of dollars. And one law firm is telling exactly how they do it. Well, they aren’t exactly telling you how, it’s just that someone has stolen their data and given it to journalists. Here are some headlines and links to what I am talking about before I move onto the next layer of analysis.

Brief Overview

Mossack Fonseca is a law firm that helps people and companies setup shell corporations. It has helped many political leaders in Russia, China, Iceland, to name a few. It has also helped private citizens. FIFA executives come into mind. And though Amazon probably wasn’t a client of Mossack Fonseca, the company uses a shell company based in Luxembourg to “avoid” taxes on UK income. So, this is a common strategy for hiding assets and evading taxation.

What is notable about this data leak is both the shear amount of data that was leaked: over 200 people had setup more than 214,000 companies shown in 11.5 million files amounting to 2.6 terabytes of data covering 40 years of the law firm’s work.

Here are some highlights of what the data shows:

  • Since the AML enforcement boosts of 2009, there have been more deactivations than incorporations of shell companies.
  • United States is one of the top intermediary firm incorporators.
  • United Kingdom is one of the top places to locate intermediaries and acted as a tax haven.
  • British Virgin Islands is the most sought after location for shell corporations formed by Mossack Fonseca.
  • Banks, though required to report potential money laundering, have been actively involved. Seven of the top ten banks that  Mossack Fonseca was involved with are well known international firms you probably have heard of.
  • Mossack Fonseca has also helped companies that provided access to funds to the Syrian government, the same government that has been tear the country apart and killing many.
  • The first politician to fall because of this leak is Iceland’s Prime Minister
  • VIX, the indicator of risk in the financial markets was up 10.2% by noon in Chicago on the day that the Icelandic Prime Minister resigned.

Importance of understanding Shell Corporations for AML Programs

Shell corporations are worrisome because the laws that allow such companies provide secrecy. And there is nothing wrong with secrecy in itself, but it attracts and fosters tax evasion and financing of some dubious activity, some of which result in death. Any comprehensive source of AML focus on the importance of routing out shell corporations, but the forces to have shell corporations is much greater. Banks and law firms make billions on hiding money for clients while AML programs are tiny in comparison. Just think about it. Large global banks based in the US and Western Europe have about 2% of their headcount in Compliance, of which, about half of it in AML Program. How much of their headcount is in High Net Worth Wealth Management groups? 10%? 15%? And that doesn’t include investment banking units that help corporations setup shell corporations.

Crime will not be completely wiped out, no matter what we do. But one things seems to be pretty clear: Wealth Inequality fuels shell corporation. As the world creates more people getting a ever smaller share of global growth, those with a share of the global growth is inclined to hide it. The pattern is stark. Greater the inequality, more likely the wealthy are likely to form shell corporations. This is a very odd result to such logic. Countries like Denmark have very few people involved in forming shell corporations and hiding assets and income from tax authorities even though their tax rates are much higher than places like the United States. Denmark’s public school teachers and kitchen staff get paid enough to afford a five week vacation while most Americans are one medicial bill away from bankruptcy. As a matter of fact, the US needs lenient bankruptcy rules because we bankrupt so many people.

I know that this article has turned into a economics argument, but the truth is that AML Programs are a way to cope with the symptoms of an climate and culture of beating the system, not a way of improving it.

Please donate to The International Consortium of Investigative Journalists. They provided organized and funded much of the 100+ journalists who analyzed the material. DONATE HERE.

 


Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 

Paper is a problem in China

China’s banking system has a paper problem. It uses too much of it. In today’s realtime-tracking systems and continuous risk calculations and cross-market arbitrage algorthms, much of China’s $700 Billion financing market is funded through paper loans. In one incident late 2015, Citic Bank, one of China’s major banks, discovered a fraud scheme that approved $150 Million of approved loans using a financial instrument called Banker’s Acceptance. This is a short term loan that does not need to meet all of the stricter requirements of a traditional loan. This fraud was done through the production of fake documents.

As a result, China Banking Regulatory Commission publicly asked banks to review their banker’s acceptance bills financing instruments. This is in the face of an industry with little domestic competition, and, therefore, no real need to manage risks. For that matter, the domestic operations of Chinese banks is quite archaic. Only one in five loans are done electronically. This often means, loan proceeds are given to borrowers before a complete review has been completed.

The problem here is two fold. There is the direct problem, which is that the industry needs to have a regulation that requires full reviews, and, hopefully, will pressure banks to make their loan application and review process be more electronic. And then there is the systemic issue. With every bank essentially acting as an arm of the central bank, there is no competitions, so, there is no motivations to compete. Without such competition, why should any executive risk the bank’s operations with costly and unproven improvements? There is very little upside.

The irony is that Chinese bank operations in other countries, like the US are highly risk averse. They more risk averse than their Western counterparts.


Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 

You’ve been Gooched

Charmian Good, co-founder of Global Witness via CBS News
Charmian Good, co-founder of Global Witness via CBS News

In a recent 60 Minutes episode on CBS, Global Witness, the nonprofit with the goal to “change the system by exposing the economic networks behind conflict, corruption & environmental abuse,” revealed the stunning fact that the United States has become the “easiest place to set up an anonymous company after Kenya, out of 180 countries.” As a result, GW decided to test the system by trying to get meetings with some fifty law firms. Thirteen firms accepted meetings and only one turned them down outright. One other firm said they would require more information before taking on the client.

What did these firms want to continue talking about? Well, basically helping a fictitious minister of natural resources in an unnamed African nation to move fictitious funds he received from bribes from corporations who wanted mineral rights, which he has control over. Obviously, the lawyers did not know of their fictitious nature. Still, the videos, which 60 Minutes showed, were rather damning.

The paradox is that US has one of the strictest  rules and regulations for Know-Your-Customer and Anti-Money Laundering in the world, but all of those laws pertain to the practices of financial institutions. Lawyers are exempt from much of the reporting rules, making it easy for them to get by undetected.

Charmian Gooch, a co-founder for Global Witness, made herself available for interviews with CBS on this piece to share these shocking revelations. In the process, probably made herself a target of many law firms. I wouldn’t be surprised, though, that there are more law firms willing to work with her organization, now that it has put itself on the map of the general public.

 


Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 

Bear Market Compliance

Jules, the bulldog, chase away the bears
Jules, the bulldog, chase away the bears

It’s easy to want to reduce compliance spending as the bank enters a bear market, but this is a bad idea for a whole host of reasons. The single primary reason is that revenue centers employees may take on non-compliant and high risk activities to reduce that decline in revenue to keep save their jobs. The incentive structure of your revenue center employees and the compliance culture will be tested.

Ideally, compliance spending should be relatively stable regardless of any short term market trends. In this case, short term means 18 months, because it is strategic. If your compliance department is organized to simply tackle tactical issues, you will need more compliance activity to address the possible rise of noncompliant activities.

In this sense, compliance is a lot like branding. Culture is one of the most important ingredients to Compliance Management. I know there are a lot of supposed Compliance Experts who talk about culture. If you haven’t noticed, my reader, I rarely talk about culture. It’s not that I don’t think it isn’t important, but because culture seems to be the only thing most Compliance Experts talk about; culture and tone from the top. But anyone who is actually a Compliance Expert would agree with me, culture is the one thing that doesn’t require compliance expertise.

In this entry, though, I will address culture from the perspective of a leader, not a manager. A leader who is promoting a Culture of Compliance will be cognizant of the fact that the Compliance Department’s culture and the Line of Business’s culture are often different. And the ways they are different depend on the mix of people in the Compliance Department more than the people in the Line of Business.

Compliance, by nature, requires being pedantic. Possibilities are dealt with, rather than thrown aside in favor of priorities. The few rogue employees are always looking out for possibilities, not necessarily what is right. The current bank structures are organized to reward those who bring in the most money, making the activity that brought in the money the de facto “right thing.”

We live in a society that rewards based on money, not productivity. Luckily, most of the time, productivity is the right thing. We don’t live in a society, however, that rewards those who are more productive; we live in one that rewards those who own the productivity. This means that a few superstar employees who know how to vastly upend the current level of productivity often are rewarded when the great many who help those superstars are not. (I know, I know, I’m starting to sound like a bleeding liberal; just hang in with me.) These superstars do not want to share their productivity gains with others who have helped them on their way. This last bit of change is what describes a transactional society, not a transformational one. Think about it. Transactions take just a minimum of two parties; one invariably makes a better decision than the other. Transactional society creates losers. A transformational one requires assessing one’s actual contributions and rewarding proportionally. A transformational society creates winners of varying degrees. When done right, much of the fear of getting laid off during a downturn will lessen because the issue isn’t due to proving one’s productive value but due to an issue of demand and the comparative productive value against other colleagues.

This doesn’t mean a transformational society is Utopia. But it means that people will understand the true competitive nature of the workplace: the larger competition between firms that an employee contributes to and the smaller competition between employees to be the most valuable on the team – again, the intrafirm competition doesn’t create losers but degrees of winning. But, as I said, we don’t have such a society.

That’s where managing the Culture of Compliance becomes important. Everyone should always feel like they are contributing to the welfare of the firm and compliance to policies and procedures should feel like a contribution to that firm welfare. And work should have a causality to it, meaning, one’s work causes something else to happen. If it merely has a correlation to it, as many corporate employees feel as they do, work feels bureaucratic. And it probably is. Then, of course, each employee’s duty to themselves comes down to the impression of productivity or cheating to be more productive. While only the latter is a compliance issue, they are two sides of the same coin.

So, to sum up the issue of tackling the Culture of Compliance as we head into a bear market, the Culture of Compliance starts from the duties of an employee having causal relationship to the firm’s well-being and understanding that noncompliance and brown-nosing are both results of caring more about results from a short period of time, not a long full history.

I know people might say that I am being idealistic with this, but if you are a compliance professional who doesn’t know how to lead your bank, you are ready to lead your compliance department. Compliance is a responsibility of every member of the firm and the Compliance department exists to take some of the responsibility away from other members of the firm so that they can focus on other activities. So, of course, I believe that leadership and Culture of Compliance as transformational issues, not a transactional one.

If you don’t believe me, then you are probably not a Compliance Expert. If you are a Compliance Expert, you would already know that regulators also agree with me on this point and often Delayed Prosecution Agreements are rewarded based on dealing with issues like I have mentioned.


Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 

If the French strip citizenship…

http://www.liberation.fr/france/2016/01/27/christiane-taubira-ecarte-l-idee-de-participer-a-une-primaire_1429318
Christiane Taubira, Minister of Justice via Liberation.fr

France is considering an amendment to their constitution that would strip French citizenship to those who are accused of terrorism and possess duo-citizenship. There is a problem with this, of course, because anyone can be accused of terrorism. What happens if that person is not guilty?

And then there is the racism that is neatly disguised as  counter-terrorism. Citizens of the European Union generally do not hold duo-citizenship because they have the economic freedom to do as their like across borders within the Union. That means, this law primarily targets non-Europeans in France. For this reason, Christiane Taubira, the French Minister of Justice (closest equivalent would be the American Attorney General of the Department of Justice), is stepping down. She is Afro-Latin born in French Guiana. She is at no risk of being accused of terrorism, of course, but it isn’t as though she can’t see right through this proposal.

As a financial compliance issue, this adds the terrible problem of figuring out how to treat such a person. Should this person hold a French bank account but is no longer a French subject, this person should be treated as a foreigner. Sounds simple but foreigners have limitations and other criteria attached to their French domestic accounts. Banks will have to scramble to recharacterize bank accounts. Operationally, the best way to do this would be to simply give the interested person a new account, but that puts the bank in jeopardy of losing the account altogether. This is an obvious cost to business that doesn’t seem necessary for a bank because… well, because the person isn’t a terrorist, or at least has not been found guilty of terrorism. Losing money that does not make the financial system and the nation any safer isn’t really a very good way to do business.

The only thing saving the French bank from losing that customer’s business would be that all banks in France would be subject to this. But because of the Union’s economic freedoms, the newly non-union citizen sill still be allowed to hold an account outside of France and even outside of the Union and still do normal daily business. The transition might be troublesome, of course, but that is no more troublesome than simply starting a new account. So, it isn’t much of a save for the French banking system.


Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 

 

//