In looking at how to cope with regulatory requirements, Michael Sack, head of treasury & financing for Sivantos Group, notes that his company moved from being part of an investment grade corporation to a medium-size organization when it was spun off from Siemens. “The KYC process has been quite cumbersome,” he says. “We opened bank accounts in 15 countries as a non-resident company. The banks don’t necessarily talk to each other, and getting the banks to talk internally is a challenge.”
Kristen Tiner, head of risk segment for Thomson Reuters, says that corporations are finding some of the KYC requirements to be ridiculous. “We examined the onboarding policies of 11 financial institutions. 80% were identical,” she says. “We asked the 20%, ‘why are you asking for this?’. The response was ‘because we always have.’ We’ve come in with a standard process, reducing the burden for banks.”
Their solution, she says, is a secure repository for documents that any bank can access. They use a standardized a policy, circulated with the capital markets and regulators to make sure they’re comfortable with the policy.
However, Tiner adds that different regulations don’t allow banks to share information cross-border. “It’s going to be possible in some countries but not all,” she notes. Moreover, “you will have to keep up with regulations across Asia. There are about 167 regulatory changes per day, and 50 of those are in Asia. It is important to keep track.”
Keeping the Regulators Happy: From KYC to Sanctions
In an informative talk on regulation, Ma Lee Advisory Managing Director Frank Morisano focused on what he called the five major areas impacting Asia. “As an individual in the treasury function, moving money or dealing with tax issues,” Morisano explains, it is essential to “understand how they impact you and what training you need.”
The first area is economic crime, and anti-money laundering (AML) is key. Risks arise from issues such as the lack of a system to review wire transfers, granting exceptions to high-risk individuals and a failure to file suspicious activity reports. Key improvements include transaction monitoring, customer due diligence training, keeping information up-to-date and understanding data privacy.
Second is capital adequacy and liquidity. Even though financial institutions are guided by liquidity guidelines, it is hard to stay on top of the regulations. Companies should determine what they need to note, conduct stress testing and identify counterparty risk.
Next, regulations such as Dodd Frank, the Volcker Rule, European Market and Infrastructure Regulation (EMIR) require knowledge about data needs and reporting requirements.
Then, tax transparency that goes beyond Foreign Account Tax Compliance Act (FATCA) to include the Organisation for Economic Co-operation and Development (OECD) Common Reporting Standard (CRS) requires processes around due diligence.
Finally, Know Your Customer (KYC) is not only about anti-money laundering. “It’s about knowing who you’re doing business with,” explains Morisano. “Companies need to have a customer identification program, and policies and procedures. Training is also essential because “some of the biggest issues regulators find are that individuals don’t know how to operate them or don’t understand KYC.”
Companies’ failings come in three aspects, Morisano said: Disregard, ignorance or arrogance. And, a lot of this comes back to individuals. “Where we’re headed is more compliance – it is corporations also,” he says.
Key actions for treasury professionals include keeping up with the latest regulatory proposals and amendments, knowing what reports need to be submitted, and ensuring transparency with the regulators. And critically, Morisano concludes, “ensure employees are doing the right thing.”
The UK’s Prompt Payment Code will have a significant impact on the relationship between large businesses and their suppliers. What does the Code mean for your business? And how can you navigate this change effectively?
When it comes to the relationship between Europe and Britain – uniformity isn’t a word that currently springs to mind. And that’s not just a reference to Brexit. Whilst the Europe and Britain do find themselves in the midst of a political break-up – their monetary policies are also showing signs of divergence.
Europe’s introduction of the General Data Protection Regulation (GDPR) next May will have implications for businesses around the world and US corporates should start getting ready if they haven’t already done so.
The recent NotPetya cyberattack underlined the need for organisations to address their exposure and how to mitigate the risk.