Sex, Gambling and… Ice Cream?

credit Got Defense Attorney
credit Got Defense Attorney

People working for Department of Defense, both employees and contractors, have been found to be issuing Department issued credit cards to pay for gambling and “adult entertainment.” The Department spokesperson was quick to point out that that doesn’t mean the Department paid for the activity. The way things work there is that the cards are not directly billed to the Department, instead to the individual and then the individual fills out a form requesting a reimbursement from the Department. This could mean that the employees wanted to hide the activities from their spouses. (From UPI and Politico.)

If that wasn’t salacious enough for your… hahaha… excuse me, I couldn’t help myself. Benjamin Netanyahu, the Israeli Prime Minister was audited by his nation’s Comptroller and found lavish spending. Among the usual types of lavish spending was $2,500 a month on ice cream. That’s right. Ice cream. People have already begun to make fun of this in ways that are hilarious, even if you don’t understand Hebrew.

credit Calcalist
credit Calcalist
credit Israelly Cool
credit Israelly Cool
credit International Business Times
credit International Business Times

Why is diversity so important for Compliance?

Compliance in the Financial Services sector is in great need of racial diversity. long as cultures remain segregated by race, racial diversity is one of the tools to create a well rounded Compliance Department. The ultimate goal is to have mindset diversity but the best way to achieve this is still through racial diversity. people of different cultures question what is given in cultures that are not their own. While an intimate knowledge of a culture is also important. that isn’t what missing in compliance today, or even historically. Compliance needs to be a place that is open to questioning everything in a business. The people most likely to question the givens in a business are those who are not familiar with the culture of that business.

Banking is still very much a white man’s industry. At least, 15% of bank holding companies are non-white. Compliance departments have done a good job of retaining racial minorities. Many Compliance departments are 30% non-white.

Women have fared well in Compliance over the past couple of decades. Many Compliance departments have more than 50% women. There is still plenty of work to be done on the gender equality front because no Compliance department I know of have more than 50% of Chief Compliance Officers (The compliance officers in charge of whole units) are women. Still, the momentum have been there for a long time and parity is within in grasp.

What concerns me is the reasons why women and racial minorities have succeeded in Compliance. The reasons, I suspect, have more to do with the white-male culture of the lines of businesses more than Compliance departments. The cultures of lines of businesses are white and male, and they force women and minorities out. Looking at the executives leading bank units. A few women leaders and almost no racial minorities. Until banking culture is fixed as a whole, departments like Audit and Compliance are going to be places where women and racial minorities will need to take a front seat in order to change the culture because these are the departments that are responsible for pushing back.

The solution I have to staffing the right people in Compliance over the long term is to have promotions be, in great part, an election. Currently, Chief Compliance Officers are chosen by bank executives and approved by bank boards of directors. I think that should remain, but the pool of candidates should be chosen by the compliance departments. More of the department is involved in choosing the pool, more likely that the CCO will be a woman or of color. As a matter of fact, that possibility more than increases by 100%. This solution, obviously, would change compliance departments slowly over time. But that’s the kind of change that is necessary to maintain a talented compliance department while choosing the right leaders. It is a balance between installing CCO’s who can work with the existing team of executives while maintaining the kind of independence necessary to be the best professional.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.


GRC Means Governance, Risk & Compliance

GRC is an abbreviation for Governance, Risk and Compliance. These three functions are put together to increase efficiency and efficacy. Governance is responsible for overseeing the implementation of decisions made by the board of directors. Risk is responsible for analyzing all risks that impact revenue and operations. Compliance is responsible for meeting regulatory requirements to reduce, primarily, legal exposure. So, protect the integrity of management decisions, protect the business that makes the organization successful, and protect the organization from unnecessarily dealings with governments.

Going Through TSA
Going Through TSA

Depending on the industry, an organization maybe have licensed attorneys as heads of each of these areas. Other times, a separate legal department is created not just to deal with litigation issues but advising the organization on any combination of these three issues, there by allowing the organization to have functional and industry experts lead these areas. Governance can be lead by MIS or Audit professional – MIS means Management Information Systems. Risk can be lead by IT or operations professional – IT means Information Technology. Compliance can be led by Audit or front-office professional.

Front-office is a term used for the area of an organization that focuses on revenue and sales. Bankers in a bank are front-office professionals.

All three areas require a combinations of special knowledge.
Governance covers management issues, an understanding of operations, concerns of investors and shareholders and information being shared within the organization, both how and what. This person must have a strong understanding of the organization’s structure.

Risk covers capital requirements (if a bank), supply chain, losses from inefficiencies in the operations and the like. This person must have a strong understanding of how the business operates.

Compliance covers regulatory exams and responses, investigation, surveillance, monitoring, controls and policies and procedures, and sanctions (if a bank). This person must have a strong understanding of expectations by regulators as well as be a person who can persuade line-of-business professionals to buy-in to a set of rules for the whole organization to play by.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

Enhancing the Elements of Your Risk Assessment Methodology

On Monday, January 26, Associations of Certified Anti-Money Laundering Specialists (hereon ACAMS) held its Third Annual AML Risk Management Conference at The Conrad Hotel in downtown New York. Over the course of this week, summaries and takeaways from the key notes and panel discussions will be shared in this blog.

  • Vasilios Chrisos, Moderator, Principal, Fraud Investigation and Dispute Services,  Ernst & Young
  • Richard Small, CAMS, Senior Vice President, Enterprise-Wide AML, Anti-Corruption and International Regulatory Compliance, American Express | Chair, ACAMS Advisory Board
  • Meg Zucker, Global AML Officer, Royal Bank of Canada Capital Markets

HeaderRisk Assessment is key to a successful Compliance Program. This panel discussion talks about the issues surrounding the development, implementation, execution, review and management of the various risk assessments necessary. Here are ten takeaways from this session:

  1. In large financial institutions, multiple risk assessment could be performed on clients for different lines of businesses. Good communication between the two risk assessment programs regarding the same client is key to reducing risk assessment friction, cost overruns, and addressing the uniqueness of each client.
  2. Number of Suspicious Activity Reports (SARs) is not a good measure of the need for additional elements in Risk Assessment because it is not an indicator. however, it might be one of the good places to start for developing the risk assessment when looking for issues.
  3. Lower level executives are still surprised by the requirement to attend compliance training for them, not just for their staff.
  4. Big firms are highly aware of the need for training and compliance since regulators are primarily focused on big firms. It is the medium size firms that might be lacking in Compliance awareness.
  5. Many regulators want to see Audit Reports and Risk Assessments as their starting point in an exam, review or an investigation.
  6. Dealing with businesses within a firm is harder than dealing with AML or Sanctions because businesses often are not as aware of regulatory risks as AML or Sanctions are.
  7. Geographic risks cannot be painted in broad strokes. An example: A client regulated in Hong  Kong is likely very low risk while client in Hong Kong but not regulated are likely very high risk.
  8. Technology is great for efficiency but not always good for developing methodology or for  troubleshooting risks, even for those who are technologically savvy.
  9. Cooperative environment is the best environment for getting cooperation in Risk Assessment, as with anything else. Cooperative environment should be the goal of the whole firm, not just with Compliance.
  10. Regulators are starting to pin down senior leaders to their risk appetite, asking for explicit declarations. Firms generally shy away from this as much as possible.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.
He tweets @MoneyCompliance


Three Ways To Becoming A Compliance Professional

For the longest time, compliance officers were people with background in law and audit. These are still very useful ways to get into compliance. Over the past three decade, the regulatory environment for financial services firms have become so complex, compliance officers have started to develop training and credentials more focused on the broadened role their profession has taken. Here are three credentials the industry recognizes.

ACAMS LogoCAMS – Certified Anti-Money Laundering Specialist
A certificate that requires higher education, experience and passing an exam, it addresses the largest work of a compliance department. Additionally, three professional references are required to take the exam. The exam is computerized and takes 3.5 hours. There are 120 question in total. The body of knowledge required to pass the exam includes understanding:

  • how money is laundered,
  • various standards for policies and procedures to combat money laundering,
  • how to develop an anti-money laundering program,
  • how to conduct investigations, and
  • how to interact with regulators.

ACFE LogoCFE – Certified Fraud Examiner
A certificate that requires an undergraduate degree, experience and passing an exam, it cover fraud in all industries, not just financial services. The exam is taken at home or in the office with a Windows based web browser. The candidate has 10 hours to complete and submit the 125-question exam. The body of knowledge required to pass the exam includes understanding of:

  • Financial Transactions,
  • Law,
  • Investigation, and
  • Prevention.

ABA LogoCRCM – Certified Regulatory Compliance Manager
Provided by the American Bankers Association, this certificate requires three years of experience, and exam and a combination of conferences and continuing education credits. The 4-hour exam contains 200 questions and covers the regulatory compliance following topics:

  • Credit
  • Deposit
  • Bank Operations
  • CRA
  • Privacy

For all certificates, the profession must maintain membership and participate in continuing education.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.
He tweets @MoneyCompliance