Читать книгу Enterprise Compliance Risk Management - Ramakrishna Saloni - Страница 11

It is a chicken-and-egg story: “Regulation influences banks' behavior by shaping the competitive environment and setting the parameters within which banks are able to pursue their economic objectives.”1 Interestingly, however, banking crises have been the trigger for many, nay most of the regulations, more so in recent times. So it is difficult to say whether it is the regulations that are shaping the behavior of banks or banks breaching the expected fair business practices that is shaping the structure and content of regulations. Or it is the interplay of both that has created the complex structure and behavior of the banking industry and by extension the financial services and its regulations?

It is not an exaggeration to say financial services is perhaps the most regulated industry in recent years. There are more regulations, more expectation of compliance, and more supervision to ensure compliance. There is unprecedented scrutiny of the industry at national, regional, and global levels. This scrutiny and the host of far-reaching regulations together are of topical interest not only for the stakeholders but also to policy makers, politicians, and media, thus putting the spotlight on adherence or lack thereof to the set expectations.

“Financial services” is a broad umbrella term that covers different subsectors like banking, insurance, securities, investment management, and so on. The division into subsectors is more of academic interest, given the changing contour of financial services industry like:

• The emergence of financial conglomerates that are growing both in size and numbers

• Bank, insurance, and market intermediary linkages that are becoming commonplace

• Abolition of barriers/restrictions on investment/commercial banking combinations2

Unified or stand-alone, these sectors combine to form the economic vehicle of a country, a group of countries, or the entire globe to facilitate movement of capital and currency across. They help channel money from lenders to borrowers and vice versa through financial intermediation. It is no exaggeration, therefore, to say that they are responsible for the financial well-being of not just individuals and firms but also countries.

Given the criticality of the industry, it is understandable that the environment it operates in and its various stakeholders have expectations in terms of dos and don'ts from the industry. These dos and don'ts are spelled out in the form of laws, regulations, standards, and codes of conduct. Financial services organizations are expected to comply with these requirements in such a way that there is order in the system and all stakeholders are protected, including the financial services organizations themselves.

Regulatory change is the only constant across industries. The rate of change is what differentiates financial service regulations of recent times. The debate on regulation versus deregulation, market maturity versus too big to fail, less regulation versus excess regulation, and regulatory gap versus regulatory overlap continues to rage.

Be that as it may, it has resulted in a tidal wave of regulations, which some of my banker friends call a tsunami of regulations. Add to this the increasing stakeholder demands for scrutiny, and one would understand the colossal challenges that the industry faces in managing its environment. This also explains why compliance activities have moved from being transaction-focused to becoming integral elements of business management. In spite of the multiplicity of regulations, the paradox of their coverage is that there are pockets of over-coverage like those for deposit-taking institutions and for traditional products, typically for the “on–balance sheet items.” In contrast, there are less regulations of firms that pass under the radar while dealing in huge volumes of money, value, and instruments. An example of this category are the hedge funds that deal in innovative off–balance sheet products or derivatives. This leads to a regulatory imbalance that affects both ends.

The purpose of regulation is essentially sixfold, and here I use the term “regulation” broadly to encompass laws, statutes, regulations, standards, and codes of conduct. They are:

• To ensure fair market conduct and protect the various stakeholders, particularly consumers and the markets

• To reduce, if not completely take away, information asymmetry between the financial services and the customers who buy products or services from these organizations

• To protect financial services from unwittingly becoming conduits for financial crimes such as channeling money for antisocial activities like money laundering and terrorist financing

• To reduce the probability and /or impact of failure of individual financial services firms, especially the “too big to fail” category firms, which could trigger a contagion effect

• To ensure the safety and stability of the financial system

• To create a level playing field that reduces monopolistic, anticompetitive situations that would result in less choice and higher price points for customers

All these seem like noble objectives. If that is so, where is the challenge in adopting these measures is a question that requires exploring. As businesses have become more complex, so have the regulations and the resulting obligations. Interestingly, compliance or noncompliance is the outcome of an organization's meeting or not meeting those obligations. The maze gets multiplied with the multiplicity of regulators. Should a country have a single regulatory body for all the components of financial services like the United Kingdom (until March 31, 2013, when it was split into two regulatory bodies with distinct areas of operation, one focused on Prudential regulations and the other on Conduct), Japan, and Indonesia (Indonesia adopted this model in 2011)? Or should there be multiple regulators, with the USA being the lead example? Both have their pros and cons.

The focus should be on how regulation is conducted and not so much on who regulates or how many regulators. There is a constant debate as to whether more regulations or a more effective mechanism for implementing the existing regulations could solve the problem. This is a difficult question and merits a closer look, something we will attempt in a subsequent chapter. The relevance of this question is that more the regulators potentially more the regulations that require more effort at planning and executing compliance.

A disturbing trend over the past few decades is that the system has gotten into a vicious cycle of financial services organizations breaching the rules and regulations both overtly and covertly with serious and negative impact not just to themselves but also the system in which they operate. Like Newton said, “Every action has an equal and opposite reaction.” These breaches and their resultant impact have typically been met with two obvious responses:

1. More and more regulations (the newer regulations are getting broader and deeper)

2. More supervision (both off-site and on-site) by the lawmakers and regulators

As a natural outcome of the two responses, compliance over the last decade has become, or more appropriately been made to become, a fundamental component of financial services by taking on a more formal shape and structure. The challenge that this evolving structure is grappling with is to “comply” with an ever-expanding plethora of regulations. That leads us to two interesting questions: What is compliance? Where does it start and stop? There is apparently a simple answer to the first and a not-so-clear one for the second. Two definitions or descriptions of compliance provide a good starting point for the conversation. It is important to understand that present-day compliance, particularly in the regulatory context, has two aspects:

1. The actual adherence to standards and regulations

2. Demonstrated adherence to standards and regulations

The first is an understood and accepted high-level expectation from the compliance function. It is the second that is worth a closer look. The compliance universe will be increasingly tasked with the responsibility of “demonstrating compliance.” Demonstration at a fundamental level makes two demands on the system. The first is the expectation of transparency and free flow of information. The second is the tracking and recording of proof of compliance. It is these aspects that will increasingly challenge organizations on multiple fronts. Starting from information and people silos, to lack of proof points, to deficient communication, and to actual noncompliance, there are many systemic issues that need addressing.

The emphasis is both on increased transparency as well as on greater enforcement. We will revisit this aspect under the section on real-life issues of compliance. The relevance of this definition is to illustrate the point that the understanding of and expectation from “compliance” is expanding manifold. The Australian standards discussed next add additional depth to the conversation.

Australian Standard AS 3806 – .2006 describes compliance as “adhering to the requirements of law, industry and organizational standards and codes, principles of good governance and accepted community and ethical standards.” As a practitioner, I see this as a more appropriate and encompassing definition. Particular mention needs to be made of the last part of the aforesaid description. The specific callout of “principles of good governance and accepted community and ethical standards” interests me, because the earlier part is the “letter” aspect of compliance, and the latter one is the “spirit” aspect. The overemphasis on the first across time has, as we have seen, not been effective. This definition puts the focus where it should rightfully be – on the intention to encapsulate principles of good governance and business ethics at the core of compliance.

The 2012 LIBOR (London Interbank Offered Rate) scandal is an example where a highly respected body of bankers flouted basic business ethics and took the entire system for a ride. We will discuss the scandal itself in some detail under the Real-Life Cases. For now, the reference is to highlight the fact that the foundation of positive compliance is good governance and sound business ethics. It is the bedrock of sustained and balanced growth. The absence of this bedrock could give monetary gains in the short term but would collapse like a pack of cards when it is discovered that the “business ethics” foundation was faulty or nonexistent. There are proof points galore on this from Northern Rock to Bear Stearns to Countrywide Financial to Washington Mutual to Lehman Brothers, apparently infallible organizations whose names do not exist anymore because of one crisis.

Impact and acceptance of compliance risk as a critical risk in a short period of under a decade is evident through the fact that it is today considered at the top of the risk table. This is because of the challenge of balancing business objectives and the environmental expectations as detailed through several laws and regulations. Imbalance leads to compliance risk. Compliance function is tasked with managing the conflict of interest and to ensure that a win-win situation is created, which is a tall order to say the least.

The other fundamental challenge of compliance risk is that it cannot be addressed through a capital cover, a fixed percentage of capital say, the 8 percent prescribed for the traditional risks like credit, market, and operational risks. There is no “fixed downside” that can be provided for. This is because it is difficult to both quantify the quantum of compliance risk that a bank carries and truly provide for a worst-case scenario. This aspect will be discussed in some detail in the section on risk management.

From an evolution perspective compliance expectations have always been associated with every passing regulation. In the earlier times different disciplines within the organizations would subsume the responsibility of fulfillment of the related obligations. Formation of a compliance function can be traced to the late nineties when regulators like Reserve Bank of India called for the introduction of a “compliance officer,” a trend reflected in other countries like UK's MLRO, where it was made mandatory to have a “nominated officer” in 2007.

But most of these measures were disjointed and sporadic responses, and both regulators and industry soon realized that the area of operations of compliance “needed not only to be enlarged but very clearly defined.”3 What all of the recent regulations topping off with the BCBS 2005 guidelines have done is to establish compliance and compliance function as a necessary part of the industry. As one regulator put it, “In a sense, the need for compliance can, effectively, be equated to the frictional force which, though it impedes the progress a bit, is still necessary for movement. Compliance works more as a lubricant which oils the business machinery and keeps it going.”4

A Brief History and Evolution of Compliance

For a better appreciation of the context, it is important to look at both the past and present events that have shaped the content and structure of compliance in financial services. From there, it will be possible to look at the possible future more realistically. I must confess that my respect for historians went up manifold as I realized how difficult it is to get comprehensive and objective information chronologically, if at all, as you try to wade through pages of history and stitch them together in a logical and cohesive way.

Tracing the history of formal compliance initiatives in the financial services industry will not take us too far back because compliance as a distinct subject is fairly young. An attempt at formally defining “compliance risk” and acknowledgment of its place among the risk categories is as recent as the BIS definition in 2005. But rules and the expectation that they be complied with and the breaches thereof are as old as mankind itself. How old? Well, the first known compliance breach, like I mentioned in the preface, is as old as Adam eating the forbidden apple!

Through history there have been rules as well as people and organizations that have broken them, leading at times to dire consequences. The concern is that people and organizations have not learned from these consequences. It almost seems like organizations have developed a sense of selective amnesia with respect to the possible negative outcomes. They tend to do the same or similar mistakes, both consciously and unconsciously. Later in the book I will discuss examples of some of the large and prospering organizations that have disappeared from the face of the earth because of breaches explicit and implicit, under the heading “Lessons Not Learned.” For now the focus is on gaining a peek into the history of compliance in financial services.

Tracing the word compliance per the Merriam Webster dictionary, the first known use of the word is circa 1630. The first known use of its base word comply was 1602. The origin is from the Italian complire and from Spanish cumplir, which means to complete, perform what is due, be courteous, a modification of Latin complēre. Each of these components is applicable even in today's organizational context. However, since the effort here is to trace the concept in the context of financial services, the start date will be the twentieth century forward.

In financial services, it is not an exaggeration to say that the history of compliance is closely connected with regulations; and regulations have, more often than not, been after-effects of scandals or crises, incidents that shook the economy (call it panic or recession). In a way, tracing financial crisis points across time gives a fair idea of the development of regulatory framework and, by extension, implicit and explicit compliance expectations. The structured regulations for financial services have started evolving from the 1980s onward. The explicit callout of compliance with a formal structure is of a more recent origin, essentially a twenty-first-century phenomenon. This is because compliance is a post-regulation process and hence lags it.

The period from 1980 until now has seen more legislation and regulations affecting financial services industry than all other times put together. This directly correlates to the growth in complexity of the industry as well as breaches of expected fair business practices. A consequence, unintended of course, is the fact that compliance, once considered a dusty corner table function – dry, soporific, and uninspiring – is now animatedly debated among not just financial industry and regulators but also political and media circles as well. The effect is that both the industry and its regulators have to assimilate and adapt to the rapid changes and intense scrutiny.

As a representative sample of the evolution I have taken two sample countries, USA and UK, as they have been frontrunners of newer and deeper regulatory frameworks, which were largely followed with regional modifications by other geographies. I have focused on BIS norms at a global level as indicative of the history of growth of active regulation of the banking industry. These frameworks are shaping the formal compliance structures and expectations. I have, for completeness, added one sample each of the regional and industry bodies to illustrate the point that there are others that are joining the formal role holders in shaping the narrative of the compliance landscape globally.

United States of America

Tracing the history of recessions in the United States, their root causes, and the resultant regulations is a fascinating journey and provides some interesting insights. There have been recessions across time, like the recession of 1818 to 1819 that had claimed the Second Bank of the United States as its casualty, though how much of it was due to banking crisis and how much due to disagreement between the then-President of the United States and the head of the Second Bank is a historical debate. However, since the focus here is to understand the historical perspectives with respect to the growth of compliance, I am picking a few that had a direct or indirect impact on the industry's compliance culture and processes.

The first one on that list is the Panic of 1907 as it was the genesis of the Federal Reserve, one of the most important institutions that influence both regulation and deregulation of financial services. During the 1907 financial crisis the New York Stock Exchange fell by almost 50 percent of its previous-year peak with runs on banks and trust companies. This crisis strongly brought home the need for a central banking authority to ensure a healthy banking system. “The Federal Reserve Act was signed as a law by President Woodrow Wilson on December 23, 1913,”5 and the rest, as they say, is history.

The years 1929 to 1935 is the next period I chose as part of tracing the lineage of financial services regulations, as it had a significant regulatory impact for the United States with a lag for the rest of the globe. “In October 1929, the stock market crashed and the US fell into the worst depression in its history. From 1930 to 1933, 10,000 banks failed.”6 As an aftermath, significant changes in the regulatory landscape came about. The Banking Act of 1933, better known as the Glass Steagall Act, the establishment of the Federal Deposit Insurance Corporation (FDIC), the 1935 Banking Act, and the creation of the Federal Open Market Committee (FOMC) were all of this period.

During the same period, two significant acts to regulate the markets were passed. The first, the Securities Act of 1933, often referred to as the “Truth in Securities act,” had two basic objectives:

1. Require that investors receive financial and other significant information concerning securities being offered for public sale.

2. Prohibit deceit, misrepresentations, and other fraud in the sale of securities.7

The second was the Securities Exchange Act, which was enacted on June 6,1934. It established the Securities and Exchange Commission (SEC) that is responsible for enforcement of the act. “The act empowers the SEC with broad authority over all aspects of the securities industry. This includes the power to register, regulate, and oversee brokerage firms, transfer agents, and clearing agencies as well as the nation's securities self-regulatory organizations (SROs).”8 These regulations and the authorities tasked to ensure the compliance of those regulations played and continue to play a very important role in setting and shaping compliance expectations not just of the United States but the rest of the world as well.

While there have been regulations in the interim like the Foreign Corrupt Practices Act in 1977 and FIRREA (Financial Institutions Reform, Recovery and Enforcement Act) in 1989, the next critical milestones were from 1998 onward. This was the period where there was a huge demand for deregulation by the industry. The argument was that efficiency increases with fewer and simpler regulations and that it should be left for the markets to decide on organizational structures and their effectiveness. The deregulation of interest rates and the growth of globalization were among the outcomes of this. The biggest event that requires mention is the Gramm-Leach-Bliley Act of 1999, which was also called the Financial Services Modernization Act. It repealed parts of the Glass-Steagall Act of 1933, removing the barriers of consolidation of commercial and investment banks, securities firms, and insurance companies. The creation of “too big to fail” financial conglomerates and holding groups that threaten the safety and soundness of the financial environment is the biggest criticism against this act.

The September 11 attacks of 2001, which led to the Patriot Act, and the Enron fiasco of playing a shell game with corporate accounts, which led to the Sarbanes-Oxley Act in 2002, are the next landmark changes. Sarbanes-Oxley can be credited to a large extent with bringing the compliance function to the limelight. That it is a global standard of maintaining a record of compliance is a valuable proof point. “The Act mandated a number of reforms to enhance corporate responsibility, enhance financial disclosures and combat corporate and accounting fraud, and created the Public Company Accounting Oversight Board, also known as the PCAOB, to oversee the activities of the auditing profession.”9

Two of the major menaces that the financial services industry unwittingly has become a part of are money laundering and terrorist financing. Across geographies regulations against money laundering and terrorism have been passed and the expectations of their compliance are very strict. The United States covers these under BSA (Banking Secrecy Act of 1970); the USA Patriot Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001); and through the OFAC (Office of Foreign Assets Control), an agency of the United States Department of Treasury under the auspices of the Under Secretary of the Treasury for Terrorism and Financial Intelligence.

The next financial crisis, the crisis of 2007 that shook the western world, brought its slew of regulations. Notable among them was the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, which is enforced by multiple agencies including FDIC (Federal Deposit Insurance Corporation), SEC (Securities and Exchange Commission), the Comptroller of the Currency, and the Federal Reserve. The focus of the act is to improve accountability and transparency, which would aid in promoting the financial stability of the United States. Consumer protection from negative financial services practices is another focal point of the act. This has created the CFPB (Consumer Financial Protection Bureau) and FSOC (Financial Stability Oversight Council). Per the US Securities and Exchange Commission, “The legislation set out to reshape the U.S. regulatory system in a number of areas including but not limited to consumer protection, trading restrictions, credit ratings, regulation of financial products, corporate governance and disclosure, and transparency.”10 From a compliance point, the 848-page bill poses a nightmare as its reach and expectation is so far and wide.

FATCA (Foreign Account Tax Compliance Act), another 2010 act, while essentially a tax-related act, brings into its fold a compliance expectation from banks: foreign financial institutions (FFIs) having to directly report to the IRS (Internal Revenue Service of the United States) information about financial accounts held by US taxpayers or foreign entities in which they have substantial interest. There are obvious deterrents if the FFIs do not do the expected reporting. This brings forth a distracting but critical aspect of evolving expectation from financial institutions – that by being the medium for financial transactions, they become responsible for compliance obligations that technically need not be in their domain. Paying taxes, for example, is the responsibility of self-declaration by individuals and organizations with the onus of ensuring compliance on the tax management authorities. It is into this world that banks have been co-opted.

FSGO or the Federal Sentencing Guidelines for Organizations (revised 2004) is another important regulation in the US landscape.

United Kingdom

Here, too, the crises and panic history is an interesting read, for example, the banking crisis of 1824–25 that resulted in bank runs and failure of 93 banks, which in its turn led to the creation of the Joint Stock Companies Banking Act of 1857. From a compliance perspective, however, we start our trace of regulations in the UK from a more recent period, the Competition and Credit Control Act of 197111 and the Banking Act of 1979, which put banking regulation on a statutory footing. It required that institutions be licensed in order to accept deposits from the public. “This act, the first to establish a regime of supervision, created a two tier system of banks and licensed deposit takers.”12 The Banking Act of 1987 had its trigger in the Johnson Matthey bank crisis of 1984, where the bank suffered the consequences of two large bad debts.

On the securities and investments side, too, prior to the Financial Services Act of 1986 that was passed by the parliament of the UK to regulate the financial services industry, there was no legislation to comprehensively regulate the markets. All subsequent expansions of the regulatory regime can be traced to this act. This provided for the creation of FSA's predecessor, the Securities and Investment Board (SIB). In 1997 the SIB formally changed its name to the Financial Services Authority.

Interesting to note is that unlike the United States where the Federal Reserve traces back to 1913 and the Securities and Exchange Commission to 1934, the UK's formal financial regulatory setup is fairly young – Banking Acts of 1979 and 1987 and Financial Services Act of 1986. Does this mean that there were lesser scandals? Perhaps not. Perhaps they were handled though the judicial system or through localized solutions. A formal regulatory framework is of a later origin. I pick up the subsequent illustrations from the nineties.

The 1991 the BCCI (Bank of Credit and Commerce International) scandal that led to its shutdown due to internal fraud and the Nick Leeson scandal that led to the near collapse of Barings in 1995 created enough furor in the financial circles to bring to the fore the need for a more comprehensive regulatory supervision. The Bank of England Act of 1998 that followed had two objectives, one of which was to transfer the responsibility of supervision of the deposit taking institutions from the bank to the FSA. The subsequent FSMA (The Financial Services and Markets Act 2000) created the Financial Services Authority as a single regulator for insurance, investment business, and banking, perhaps the single most powerful regulator in the world. This model was in contrast to the multiple regulator regime of the United States.

The FSA (Financial Services Authority) of UK was well known for its detailing of the regulatory guidelines in various areas. It is often said in the financial circles that FSA is usually the first to introduce prescriptive guidelines, which are then used as a basis for similar guidelines by other regulators who add the local flavor but retain the core structure as designed by the FSA intact. So much so that the risk and compliance management teams of global banks would target compliance and coverage per FSA norms, which, they believed, would help in automatically complying with requirements of other countries.

It is paradoxical that the organization that was known for its detail and clarity in setting out norms and standards has been replaced by two new bodies, as it was considered to be not very effective in having the regulations executed by the member banks. In the risk management section, we will discuss the effectiveness assessments as a combination of design effectiveness and operational effectiveness. Inefficiencies in either or both would result in the overall inefficiency.

Due to the perceived regulatory failure in arresting the banking crisis in the UK in the 2007–2009 period (it was reported that the Northern Rock was the first bank in 150 years to suffer a bank run in the UK) and consequent to the restructuring of the financial system, the Financial Services Act 2012 was passed, abolishing the FSA effective on April 1, 2013. This was succeeded with two bodies: the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) (Figure 1.1). Following are brief descriptions of these two agencies:

Figure 1.1 Simplified Picture of the UK Regulatory Framework

Source: “The Prudential Regulation Authority,” Bank of England Quarterly Bulletin 2012 Q4.

FCA 2012 – The Financial Conduct Authority is one of the two successors for the famed Financial Services Authority, the other being the Prudential Regulation Authority. The choice of the word “Conduct” spells out the fact that financial businesses are expected to follow fair business behavior, and it would be the job of this authority to step in with corrective measures if these organizations step out of sync of that expectation.

PRA 2012 – The Prudential Regulation Authority is the other successor to FSA. It is responsible for the regulation and supervision of financial services firms inclusive of banks, insurers, major investment firms, and credit unions. The PRA formally assumed its responsibilities on April 1, 2013.

For tackling money laundering and countering terrorist activities UK works primarily through National Crime Agency 2013 (NCA) with an objective to build a single comprehensive picture of serious and organized crime affecting the United Kingdom. SOCA 2005 (Serious Organized Crime Agency), under which the United Kingdom Financial Intelligence Unit (UKFIU) folds, works with the financial services industry in its effort to arrest money laundering and terrorist financing. The responsibility FIU imposes on the financial services is to aid and support them in that effort. SOCA has been merged into the National Crime Agency since 2013.

Money Laundering Regulations – MLRO 2007 (Money Laundering Reporting Officer) expects all “Money Service Business or Trust or Company Service providers” to appoint a “nominated officer” for ensuring the KYC (Know Your Customer) norms as well as report any suspicious activity to the FIU. Interestingly, this requirement folds under the HM Revenue and Customs, who are the UK's tax authorities. Like we have seen in the United States, the tax authorities co-opt the financial system to ensure that not only is there no tax revenue leakage but also that antisocial activities and wrong siphoning of funds do not happen. There are other acts like the Bribery Act 2010 of UK, which is considered one of the toughest anticorruption legislations. Compliance teams need to ensure that the staff of their organization understand and comply with the requirements of this act in the spirit of good governance.

These two representative countries that we have chosen offer a couple of interesting insights:

• The vintages of the start of their formal regulatory regimes as we know them today are more than half a century apart based on the situational needs but today converge to a large extent on the areas of regulation.

• One represents a unified twin peak structure and the other embraces the multiple regulators model.

Example of a Self-Regulatory Industry Body

A brief note on The Wolfburg Group (WG – 2000) illustrates the influence a self-regulated industry body can have on setting standards. The Wolfburg Group and the standards it propounds is a good example of an industry body that has its say on the global compliance landscape. This group is made up of 11 global banks that have gotten together to develop standards and policies in the areas of Know Your Customer (KYC), Anti–Money Laundering (AML), and Counter–Terrorist Financing (CFT) (http://www.wolfsberg-principles.com/). Whether the member banks themselves adhere to these principles in letter and spirit is a separate conversation, which we will discuss under the real-life cases topic.

What is indisputable, however, is the fact that this group has set global standards in fighting financial crime along with those enunciated under FATF (Financial Action Task Force). FATF is an intergovernmental body established in 1989 set up with the objectives of “setting standards and promoting effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system.” The membership of this group is 34 countries and two regional organizations covering most of the major financial centers of the globe.

Ensuring that the body of guidelines spelled out in various laws and regulations are conformed to is an important part of the compliance function; and, therefore, more often than not, in the formal compliance structures one sees countering financial crime as a separate subfunction within its overall structure. This will be discussed in greater detail in Chapter 6.

The European Union – Regional Regulatory Structure