I1273818 - International Diploma in GRC - Unit 3

SEE GREEN SECTION
PAGE DOC
Un i t 3
Understanding the Complete

Regulator y Environment
Unit 3 Understanding the Complete
Regulatory Environment
Learning Objectives
The purpose of this unit is to:
discuss the objectives for financial services regulation

consider the factors that have influenced the evolution of the
regulatory framework
provide an awareness of the most significant international organisations and
initiatives in the regulatory arena
explain what the relevant legislation is and how it is applied
create an awareness of the inconsistencies in regulatory standards and
application across jurisdictions
examine the link between law and regulation
examine the different approaches to regulation and regulatory models
explain the types of regulatory rules in place and the core activities of regulators.
1. How did we get to where we are today?

1.1 The regulatory timeline
It is possible to consider the evolution of individual countries’ regulatory

frameworks as a response to national and global developments. In general,
regulation has become more rigorous and professional, often in response to
regulatory scandals, and reflects the increasingly integrated nature of global
financial institutions. The following account provides a brief overview of the recent
history of financial services regulation through to the present day.
Every jurisdiction has its own distinct history of financial services regulation
based on local requirements but the main forces that have driven the evolution of
regulation include:
financial scandals, a good example being pensions mis-selling in the 1990s

in the UK
pressure from the international community (for example, in relation to
anti money laundering and counter terrorist-funding practices)
international best-practice developments (such as the response to the
terrorist attacks in the US on 11 September 2001)
market pressure, as we have seen in response to the financial crisis of
2008, and
the media’s focus on banks’ conduct, remuneration policies, culture and
ethics, and international market abuse scandals such as LIBOR and other
benchmark rate-rigging cases, sanctions violations, etc.
76
Unit 3 Understanding today’s regulatory environment
We will now examine each of these in turn and consider their impact on the
development of financial services regulation.
1.1.1 Financial scandals
These come in a variety of different forms and seem to occur frequently. Some of
the more widely publicised scandals include those listed in section 1.1 of Unit 1,
plus the other cases described below.
An estimated loss to Allied Irish Banks (AIB) of US$691m in 2002 was the
consequence of the unauthorised trading activity of a single junior trader in
its American subsidiary, Allfirst.
September 2013 – JP Morgan Chase NA was fined £137.6m over its failure to
control its London Chief Investment Office’s ‘whale trades’.
October 2013 – the Dutch bank Rabobank was fined £105m by the UK’s FCA
for misconduct relating to LIBOR.
In 2014 there were further developments in the LIBOR and EURIBOR scandals,
for which Barclays and UBS were heavily fined in 2012 (see Unit 1, section 1.1) as
regulators continued with their investigations.
These include: ICAP Europe (fined £14m), Martin Brothers (£630k), Lloyds Banking
Group (a combined total of £218m in fines from various regulators and legislators)
and, over different index-fixing allegations, Barclays was fined just over £26m for
failings over its control of the daily ‘gold fixing’ indicator.
Most recently, foreign exchange rate fixing scandals have been revealed. Firms
involved include Bank of America, UBS, RBS, JP Morgan, Citigroup and Barclays and
they were fined a total of $5.69 billion for manipulating rates. The revelation that
the firms’ traders colluded to influence currency exchange rates was particularly
embarrassing for them because it occurred after they had paid billions of dollars
to settle claims that their traders had tried to rig interbank lending rates such as
LIBOR. It has raised questions as to whether the industry learnt any lessons from
the previous scandal.
1.1.2 Political changes
Following the 2008 financial crisis, the global political desire to reform the financial
services industry resulted in an unprecedented number of regulatory reforms to
strengthen liquidity and capital, create more transparent markets, and address the
problem of institutions deemed ‘too big to fail’.
Financial services firms have been grappling with a changing landscape. New
regulatory measures that have been implemented over the past few years –
such as Basel III, the US Dodd–Frank Act and Foreign Account Tax Compliance
Act (FATCA) and recovery and resolution plans – have had commercial, strategic
and operational impacts on financial services firms. Approaches to dealing with
these changes range from reviewing distinct individual reforms within the overall
regulatory reform agenda and assessing the impact of each reform, to identifying
key themes across the landscape of reform.
77
The liberalisation of national financial systems was one of the major regulatory
developments from the 1980s, across both advanced industrialised and developing
countries. This regulatory trend is important because financial systems help to
allocate the use of savings and capital in an economy, and therefore are central to
the economic direction of nations.
We need to look at how and why financial liberalisation and regulatory reform take
place. While liberalisation and regulatory reform are almost always based on the
language of market efficiency, the possible economic benefits do not themselves
provide an adequate explanation for regulatory change. For such change to
happen, there must be participants not only with specific objectives but also the
political capacity to bring about change.
Understanding these motivations is critical in understanding the shape that

regulatory reform takes. Yet, on this question of the ‘politics’ of regulatory reform,
there are few satisfactory answers. While most commentators emphasise the
driving role of world financial markets in forcing governments to move away from
traditional modes of financial market regulation, others emphasise the leading
role of state officials in advancing national objectives and the persistent impact of
institutional differences in the structure of national financial systems.
1.1.3 World events and international pressure
Increased interaction and interdependence of global financial markets means that

the impacts of scandals or market events are no longer confined to a particular
local jurisdiction. The extent of the interdependence of the international financial
system is best illustrated by the contagion effects (the spreading of adverse
effects) during the 2008 financial crisis. What started as a local difficulty in the
US sub-prime mortgage market quickly became a global crisis as banks stopped
lending to each other. There was fear and uncertainty about the risk of default
arising from individual banks’ exposure to sub-prime losses.
This has led to demands for greater cooperation and collaboration between
international regulators. In the Turner Review and its discussion paper (DP09/02) A
Regulatory Response to the Global Banking Crisis50, the UK’s FSA cited weaknesses in
the cooperation between different national regulators as one of the key causes.
A feature of the current crisis was that there were major failings in the international
regulatory architecture. It did not fulfil its intended task of identifying and mitigating
the risks to global financial stability. Growing macroeconomic and macro-prudential
risks were not picked up in a way that prompted or required national authorities to
act, there was insufficient oversight of the implementation of internationally agreed
standards by standard-setting bodies and, when the crisis broke, coordination and
crisis management arrangements did not work as well as had been hoped.
Pressure from the International community has also been an important catalyst for
recent regulatory enhancements in many of the world’s ‘offshore’ financial centres.
A number of offshore financial centres (OFCs) have, for example, begun to regulate
the conduct of trust and corporate service providers. This particular market sector
was deemed by the OFCs’ governments to pose significant risks because of its
potential for exploitation by money launderers. They were, however, prompted in
50. http://www.fsa.gov.uk/pubs/discussion/dp09_02.pdf
78
formulating this opinion by the considerable pressure brought to bear upon them
following reviews commissioned by the UK government.
Market pressure
Market pressure can provide a potent incentive for national financial systems to
enhance regulatory standards. On a domestic level, an investor who loses money
through the misbehaviour or insolvency of a financial services business represents
an unhappy voter. Politicians do not want unhappy voters. Internationally,
consumers increasingly make investment and lending decisions on the basis of
whether a particular jurisdiction has implemented best-practice standards within
its regulatory armoury. Following the Enron and Worldcom scandals (see section
1.2.1 below on Enron), the rapid reaction of the US government in implementing
new legislation on financial accounting standards was an indication of the fear of a
fatal collapse in investor confidence.
Concerns about the global financial crisis, which were realised in the latter part
of 2008, will continue to fuel future changes in regulation, as investor confidence
in the financial system has been severely dented. Financial stability has become
a high-profile topic on the political agenda. Governments and opposition parties
are seeking to implement changes, or state these in their manifestos, to give their
electorates confidence that they are best placed to deal with a crisis.
Many governments introduced a policy of intervention. This policy provided capital

injections and guarantees to ensure the institutions‘ safety on a sustained basis, as
well as boosting consumer confidence.
Media pressure
The increasing power and influence of the media cannot be ignored. Increased
access to instant media services by more and more of the population alters popular
sentiment. This can lead to the swift mobilisation of campaigns to alter actual and
perceived behaviours in the financial services industry. Although the financial
scandals of recent years do justify much of the dissatisfaction, there is a real risk
that some sections of the media could exert undue influence with the continual
‘banker bashing’ campaigns and this in turn could have a significant effect upon
individual economies. Firms have a long way to go in rebuilding consumer
confidence and in winning over the most vocal critics in the media.
Combating terrorism and crime
The events of 11 September 2001 in the US and the resulting ‘war on terror’ proved
to be the catalyst for the introduction of comprehensive regulatory enhancements
within the US. The USA PATRIOT Act (Uniting and Strengthening America by
Providing Appropriate Tools Required to Intercept and Obstruct Terrorism – also
known as ‘the Patriot Act’), was signed by President George W. Bush on 26 October
2001, barely seven weeks after the terrorist attacks in New York. A powerful reaction
to these, the USA PATRIOT Act contains over 900 pages of legislation and had far-
reaching consequences for financial  institutions within the US and throughout the
world. This Act is not only hugely significant to US financial institutions but, as a
79
result of the extraterritorial powers claimed by the US, it is also important both for
non-US institutions and individuals, for reasons that are explored more fully in Unit
9, section 6.3.
The events of 11 September 2001 also led to the development of a range of

international best-practice principles designed by the United Nations and the
Financial Action Task Force (FATF), aimed at preventing the financing of terrorism.
These principles have now been enshrined in domestic legislation in many
countries and are examined in more detail in Unit 9, section 3.
1.2 The reactive nature of regulation
History shows us that reviews of and revisions to regulation follow an event. That
event could be within the industry or external, but the key point to note here is
that if the consequences of the event have an impact on the industry, a change to
regulation will be required.
Some examples are described below.
The 1929 stock market crash in the US and subsequent bank failures led
to the passing of the Bank (or ‘Glass–Steagall’) Act of 1933. This
established the Federal Deposit Insurance Corporation, to insure customer
accounts and prohibit any one bank from both accepting deposits and
underwriting securities. This ensured that if underwriting problems arose,
deposits would not be lost. The Act’s main provisions were, however,
undermined during the 1980s and were eventually repealed by the
Clinton administration in the late 1990s.
In the UK, a combination of pensions mis-selling during the 1980s
and 1990s, the collapse of both Barings Bank and the Bank of Credit
and Commerce International (BCCI), and various examples of market
abuse, combined to drive the shift away from reliance on self-regulation
(administered up to then by various self-regulatory organisations, SROs)
towards unified statutory regulation by the Financial Services Authority.
In response to the collapse of Enron, the US government introduced the
Sarbanes–Oxley Act of 2002, the objective of which is to protect investors
by  improving the accuracy and reliability of corporate disclosures made
under US securities laws.
As a result of the global financial markets crisis in September 2008, the US,
UK and other governments subsequently intervened to stabilise markets.
The UK government, for example, established a Credit Guarantee Scheme
designed to ensure the stability of the financial system and protect
consumers, providing liquidity in the short term and ensuring that the
UK banking system held the funds necessary to maintain lending. Bank
deposit guarantees were also increased from £35,000 to £85,000 and
regulations were put in place to temporarily ban short-selling in order to
guard against further instability in the markets.
Perhaps the most widely known example of a regulatory response to a terrorist act
is the USA PATRIOT Act 2001, discussed in section 1.1.3 above.
80
1.2.1 Case study: The response to the Enron scandal
When Enron Corporation declared bankruptcy in December 2001, it was the

seventh-largest publicly traded company in the US. The shockwaves were massive,
as thousands of employees lost their jobs and pensions, and a significant part of
their retirement savings. Shareholders saw their investment values plummet and
then disappear, and thousands of businesses worldwide became Enron creditors,
with little hope of repayment of the debts owed to them.
Owing to the size and wider implications of the collapse, the Permanent Sub-
Committee on Investigations of the Committee on Governmental Affairs of the US
Senate prepared and published a lengthy and in-depth report into the collapse,
and the role of Enron’s board of directors in the failure, and by the US Securities and
Exchange Commission (SEC).
Recommendations are grouped into two main areas for improvement.
The first set of recommendations concerned the need to strengthen oversight.
Make sure there are no accounting practices that put the company at risk
of non-compliance with accounting principles, so that there is no risk that
misleading or inaccurate statements will be published.
Prohibit conflicts of interest by prohibiting company transactions with a
business owned or operated by senior company personnel.
Prohibit the use of any ‘off-book’ activity to make the company’s financial
position appear better than it is. Also, it must be made a requirement that all
assets, liabilities and activities that materially affect the company’s financial
position be disclosed.
Prevent excessive remuneration and other forms of financial compensation by:
overseeing compensation plans and payments (salaries, bonus, etc.)

forbidding company funded loans to directors and senior executives
ensuring that company personnel cannot influence the share price to
achieve financial gains on stock prices, where they have stock-based
compensation packages.
Ensure that an external auditor is not also providing internal auditing or

consulting services at the same time.
The second set of recommendations, for strengthening director and auditor

independence, were made by the US Securities and Exchange Commission, but
lessons can be drawn from them internationally.
Strengthen the requirements for director independence in publicly

traded companies.
Strengthen the requirements placed upon audit committees in publicly
traded companies by requiring increases in expertise, imposing duties on
oversight activities, and in hiring and firing external auditors.
Strengthen the requirements for auditor independence so that no auditors
will be able to audit their own work for the company.
81
Legislation was passed in the wake of the Enron scandal with the enactment of the
Sarbanes–Oxley Act of 2002. Some of the key requirements of this legislation are
as follows.
Both the CEO and CFO must certify that they have reviewed the financial
report, and that to their knowledge the report accurately reflects the
material aspects of the company’s financial position.
All material off-sheet transactions need to be disclosed, and the adoption of
a code of ethics for all senior financial managers must be confirmed.
For audit committees and external audit firms, rules were introduced that
the committee must comprise entirely independent directors, and external
auditors cannot provide any other concurrent services.
An account oversight board must be established.
1.3 Globalisation
The market for financial services has become more and more global over time.
There are many reasons for this, including technology developments, economic
cooperation developments, political alliances, the growth of multinational
corporations, increased consumer awareness, and greater demand for products
from this global marketplace.
The impact has been the emerging need to have unified global standards to ensure
that consumers are not disadvantaged in one particular market, loopholes cannot
be exploited by criminals, and that the consistency that international standards
provide is used to maximum advantage by firms that operate globally.
Although each country has responsibility for maintaining and supervising its own
financial system, a number of international initiatives have helped to standardise
the activities of those supervising and participating in the global economy.
International standards are important for a number of reasons. The individual

member nations of the European Union each have a substantial stake in the various
initiatives being undertaken to reinforce a European single market in financial
services. The growing interdependence and resulting potential for contamination
of domestic financial systems provide an additional reason for adhering to
international standards. As a result, most countries now have a significant reliance
on prudent economic management and effective regulation by regulators outside
their home jurisdiction(s). Indeed, recent financial crises have highlighted how
significant the impact of deficient financial regulation can be for all concerned.
International initiatives are managed by international organisations that are either

industry specific or subject specific, for example:
the Bank for International Settlements (BIS) is industry specific, whereas

the Financial Action Task Force (FATF) is subject specific.
We will now examine some of the more influential international organisations

and initiatives.
82
1.3.1 The Bank for International Settlements (BIS)
The Bank for International Settlements (BIS) fosters cooperation between national
central banks by acting as their ‘central bank’, ensuring monetary and financial
stability. The BIS neither accepts deposits from, nor provides financial services to,
private individuals or corporate entities, and for this reason is sometimes referred
to as ‘the bankers’ bank’.
The BIS acts as a forum for promoting discussion and facilitating decision-making
processes among central banks as well as the broader international financial
community. It provides secretariat functions to four committees established by
the governors of the central banks of the Group of Ten (G10), including the Basel
Committee on Banking Supervision (BCBS).
The BIS operates the Financial Stability Institute (FSI) jointly with the BCBS.
It also hosts:
the Secretariats of the Financial Stability Forum (FSF)

the International Association of Deposit Insurers (IADI)
the International Association of Insurance Supervisors (IAIS).
1.3.2 The Basel Committee on Banking Supervision (BCBS)
The Basel Committee was established as the Committee on Banking Regulations

and Supervisory Practices by the central bank governors of the Group of Ten
(G10) countries at the end of 1974, in the aftermath of serious disturbances in the
international banking markets. The role of the Committee is to provide a forum
for cooperation on banking supervision. It formulates best-practice supervisory
standards and guidelines, with the expectation (but not the legal requirement)
that national authorities will incorporate these into their own national systems
as appropriate.
The Basel Committee has no direct regulatory power over its members. National
banking supervisors choosing to implement any of the Basel Committee’s
recommendations will do so by way of their own domestic legislation or
rule-making powers.
The work of the Basel Committee is organised under five main subcommittees:
the Supervision and Implementation Group

the Policy Development Group
the Macro-prudential Supervision Group
the Accounting Task Force
the Basel Consultative Group.
In 2004 the Basel Committee agreed a revised framework for International

Convergence of Capital Measurement and Capital Standards, in order to promote
the adoption of stronger risk-management practices by the banking industry. This
is known as Basel II. Basel II revised the previous accord, Basel I of 1988. In July 2008
the Basel Committee issued a consultation document with proposals for further
revisions of the Basel II market-risk framework.
83
In September 2010, in the wake of the global economic crisis, the Basel
Committee announced a substantial strengthening of existing capital and liquidity
requirements in order to further strengthen the regulation, supervision and risk
management of the banking sector. Known as Basel III, these new measures began
being phased in during 2013, with final implementation to be completed by 2019.
The committee issues an annual update on the progress of individual countries
towards implementation, the most recent being in March 2014. Revised liquidity
coverage ratio rules will commenced implementation in January 2015, with a
minimum Liquidity Coverage Ratio of 60%, which will rise to 100% by 2019.
From time to time, the Basel Committee issues principles on other matters
pertinent to risk management in banks. It has issued a number of core documents
that have shaped the way in which banks are regulated by domestic regulators.
These include:
29 core principles for effective banking supervision, referred to as the

Basel Core Principles; these were reviewed and increased to their present
numbers in September 2012
a Compendium of the existing Basel Committee recommendations,
guidelines and standards, most of which are cross-referenced in the Basel
Core Principles
a Framework for Internal Control Systems in Banking Organisations
Sound Practices for the Management and Supervision of Operational Risk
a high-level paper on compliance and the Compliance function in banks
Prevention of Criminal Use of the Banking System for the Purpose of
Money Laundering
Consolidated Risk Management
Corporate Governance Principles for Banks.
More recent documents include Principles for Enhancing Corporate Governance

(October 2015) for banking organisations, The Internal Audit Function in Banks
(June 2012), revised Liquidity Coverage Ratio and Liquidity Risk Monitoring Tools
(January 2013), consultations on the management of operational risk and
guidelines on implementation of its recommendations. The Basel Committee
usually meets at the BIS where its secretariat is based. More information about the
Basel Committee can be obtained from www.bis.org
1.3.3 The Group of International Finance Centre Supervisors (GIFCS)
Instigated by the Basel Committee, the Offshore Group of Banking Supervisors

(OGBS) was established in 1980 as a forum for supervisory cooperation between
the banking supervisors of offshore financial services, allowing offshore centres to
air their views and compare experiences. It also enabled concerns to be passed to
the Basel Committee, often through joint working groups. One such working group
produced a highly influential paper entitled Customer Due Diligence for Banks. The
paper emphasises the importance of effective know your customer (KYC) standards
for supervisors and banks.
In March 2011 the Group decided to change its name to the Group of International
Finance Centre Supervisors, as a more accurate reflection of its activities. A current
list of members and observers can be found on the Group website at www.gifcs.org
84
1.3.4 International Organization of Securities Commissions (IOSCO)

IOSCO is an organisation in which national securities regulators cooperate to
establish standards for effective surveillance of international securities transactions.
Further information about IOSCO may be obtained from www.iosco.org
The member agencies of IOSCO have resolved to:
work together to promote high standards of regulation in order to maintain

just, efficient and sound markets
exchange information on their experiences so as to promote the
development of domestic markets
establish standards for, and an effective surveillance of, international
securities transactions
provide mutual assistance for promoting market integrity, through a
rigorous application of the agreed standards and by effective enforcement
of laws against offences.
IOSCO issued its 38 ‘Principles of Securities Regulation’ in June 2010; these give
practical context to its stated ‘Objectives of Securities Regulation’, which are the
protection of investors by ensuring that markets are fair, efficient and transparent,
and the reduction of systemic risk.
1.3.5 International Association of Deposit Insurers (IADI)
The objectives of the IADI are to contribute to the stability of financial systems
by promoting international cooperation in the field of deposit insurance and to
encourage wider international contact among deposit insurers and other
interested parties.
In the furtherance of its objectives, the Association attempts to enhance

understanding of common interests and issues related to deposit insurance,
and provides guidance designed to enhance the effectiveness of deposit
insurance systems.
Further information can be found at www.iadi.org
1.3.6 International Association of Insurance Supervisors (IAIS)
Established in 1994, the International Association of Insurance Supervisors (IAIS)

represents insurance supervisory authorities from some 190 jurisdictions, plus a
further 120 observers.
The IAIS has the following objectives:
to work to improve supervision of insurance, domestically and

internationally
to promote the development of well-regarded insurance markets
to contribute to the financial stability of global markets.
The website is: www.iaisweb.org
85
1.3.7 Group of International Insurance Centre Supervisors (GIICS)
The Group of International Insurance Centre Supervisors (previously known as the

Offshore Group of Insurance Supervisors, OGIS) was formed in 1993, just before the
International Association of Insurance Supervisors. It quickly moved to develop a
number of regulatory standards and guidelines. Subsequently, all the members and
most of the observers of the Group have become members of the IAIS, which has in
turn developed standards of its own.
The Group has strict criteria that must be attained before admission to full
membership is granted. The Group allows jurisdictions to observe its work for a
period of three years, during which time observers must commit themselves to
meeting the Group‘s membership criteria where at all possible. The GIICS website is:
www.giics.org
1.3.8 Financial Action Task Force (FATF)
There are a number of international bodies that have spawned initiatives to assist
in the global effort to prevent money laundering. By far the most important
international anti money laundering (AML) standard-setting body has been the
Financial Action Task Force (FATF).
The FATF was established by the G-7 Summit in July 1989 in response to mounting
concern over money laundering. Originally comprising the G-7 member states,
the European Commission and eight other countries, the FATF was mandated to
examine money laundering techniques and trends, review existing national and
international legislation and enforcement, and define further measures needed to
combat money laundering.
The FATF is an intergovernmental body whose dual purpose is to establish

international standards and develop and promote policies, at both national and
international levels. The overall objective is to combat money laundering and the
financing of terrorism. The FATF is a ‘policymaking body’ and aims to stimulate
the political appetite to develop national legislative and regulatory reforms in
these areas. The FATF also regularly examines methods and techniques of money
laundering and terrorist financing to ensure the continued relevance of its policies
and standards, and issues best-practice updates and guidance documents in
relation to its Recommendations.
In April 1990, the FATF issued 40 Recommendations, which provided a

comprehensive plan of action for fighting money laundering. In 1996, the 40
Recommendations were revised to strengthen the AML measures. In October
2001, in response to the 11 September attacks in the US, the FATF’s mandate was
expanded to include measures to combat terrorist financing. The FATF immediately
issued Eight Special Recommendations on Terrorist Financing.
The continued evolution of money laundering techniques, along with the

increasing experience of its member countries, led the FATF to undertake a review
of its 40 plus 8 Recommendations. In June 2003, this resulted in a thorough
updating of the Recommendations. In October 2004, the FATF published a
new Special Recommendation, making its overall standards – the 40 plus 9
86
Recommendations – a comprehensive framework for governments to use in

developing their own efforts against money laundering and terrorist financing. In
February 2012, the FATF published a revised version of its 40+9 Recommendations.
The 2012 revision recognised the inherent links between money laundering and
terrorist financing. Therefore, the existing 40+9 Recommendations were reworked
and consolidated into 40 ‘new’ Recommendations, expanded to deal with new
threats such as the proliferation of weapons of mass destruction, to provide greater
clarity in respect of transparency of ultimate beneficial ownership and to be
tougher on corruption.
The FATF monitors its members’ progress in implementing AML/counter terrorist

financing measures, reviews money laundering/terrorist financing techniques and
countermeasures, and promotes the adoption and implementation of appropriate
measures globally. In performing these activities, the FATF collaborates with other
international or regional organisations and bodies involved in combating money
laundering and the financing of terrorism.
For details of membership of the FATF, visit the website at www.fatf-gafi.org
The Caribbean Financial Action Task Force (CFATF) is an organisation of states

and territories of the Caribbean basin that have agreed to implement common
counter-measures against money laundering. The Task Force was established as the
result of two key meetings convened in Aruba in and Jamaica in the early 1990s.
In November 1996, 21 members of the CFATF entered into a Memorandum of

Understanding which now serves as the basis for the goals and the work of the
CFATF, and includes the adoption of the FATF 40 Recommendations and the 19
CFATF additional Recommendations.
The CFATF website is https://www.cfatf-gafic.org/
The Middle East and North Africa Financial Action Task Force (MENA-FATF) member
countries work together towards achieving the following objectives.
To adopt and implement the FATF 40 Recommendations on combating

money laundering and financing of terrorism and proliferation.
To implement the relevant UN treaties and agreements and United Nations
Security Council Resolutions.
To cooperate among themselves to raise compliance with these
standards within the MENA Region and to cooperate with other
international and regional organisations, institutions and agencies to
improve compliance worldwide.
To work jointly to identify issues of a regional nature related to money
laundering and terrorist financing, and to share relevant experiences and to
develop solutions for dealing with them.
To take measures throughout the region to combat money laundering and
terrorist financing effectively and in a way that does not conflict with the
cultural values, constitutional frameworks and legal systems in the member
countries.
MENA-FATF’s website can be found at http://www.menafatf.org/Home.asp
87
1.3.9 The International Monetary Fund (IMF)
The International Monetary Fund (IMF) develops and monitors international

standards relevant to its mandate, which is to survey the international monetary
system and promote international monetary cooperation. It also has a remit to
provide temporary financial assistance to countries to help alleviate balance
of payment adjustments. Together with other standard-setting bodies, it has
developed international standards on a range of areas, including transparency
practices in fiscal, monetary and financial policies. Additional information about the
work of the IMF can be obtained from www.imf.org
The regulatory frameworks in some of the world’s offshore financial centres

demonstrate that the IMF plays a very important role in evaluating the regulatory
standards in place in such centres. The IMF has also begun to take a leading role in
combating money laundering, having produced a highly influential policy paper
Enhancing Contributions to Combating Money Laundering. The IMF has developed
a common methodology51 to be applied in the evaluation of national anti-money
laundering frameworks. This should be read and considered in conjunction with
Unit 9 of this manual.
1.3.10 European System of Financial Supervision (ESFS)
Following the global financial crisis, in 2008 the European Commission asked Mr
Jacques de Larosière to chair an independent high-level group to consider how
European supervisory arrangements could be strengthened. One of the main
conclusions of the group was that supervisory arrangements should not only
concentrate on the supervision of individual firms, but also place emphasis on the
stability of the financial system as a whole.
As an output of this review, the de Larosière report recommended that a European

Union-level body be established with a mandate to oversee risk in the financial
system as a whole. On 16 December 2010 the EU legislation establishing the
European Systemic Risk Board (ESRB) came into force.52
Since January 2011 the regulation of financial services across Europe has been
overseen by three European Supervisory Authorities (ESAs) set up within the
European System of Financial Supervision. Hence the ESFS consists of the European
Systemic Risk Board (ESRB) and the three European Supervisory Authorities (ESAs):
European Securities and Markets Authority (ESMA)

European Banking Authority (EBA)
European Insurance and Occupational Pensions Authority (EIOPA)
This system is intended to strengthen and enhance the EU supervisory framework,

improve coordination between national supervisory authorities, such as the FCA in
the UK, raise standards of national supervision across the EU, and ensure financial
stability. Let us look at each component individually.
51. Anti Money Laundering and Combating the Financing of Terrorism: Materials Concerning
Staff Progress Towards the Development of a Comprehensive AML/CFT Methodology and
Assessment Process. www.imf.org.
52. This information is based on extract from http://www.esrb.europa.eu.
88
The European Systemic Risk Board (ESRB)
The ESRB monitors and assesses potential threats to financial stability that arise
from macroeconomic developments and from developments within the financial
system as a whole. Note that the ESRB has no legal powers over member states, but
those choosing not to comply with an ESRB recommendation must explain why
and the Council of the European Union may be advised of the non-compliance.
European Securities and Markets Authority (ESMA)
A European financial regulatory institution, ESMA replaced the Committee of

European Securities Regulators (CESR) on 1 January 2011. ESMA contributes to
safeguarding the stability of the European Union's financial system by ensuring the
integrity, transparency, efficiency and orderly functioning of securities markets, as
well as enhancing investor protection.53
European Banking Authority (EBA)
The EBA has taken over all existing and continuing tasks and responsibilities from
the Committee of European Banking Supervisors (CEBS). The EBA acts as a hub-and-
spokes network of EU and national bodies safeguarding public values such as the
stability of the financial system, the transparency of markets and financial products,
and the protection of depositors and investors.54
European Insurance and Occupational Pensions Authority (EIOPA)
EIOPA’s core responsibilities are to support the stability of the financial system
and the transparency of markets and financial products, and to protect insurance
policyholders, pension scheme members and beneficiaries.55
2. Key influencers and their interests

2.1 The industry
Major firms in the financial services industry have a significant role to play in
influencing the way in which they are regulated and supervised. Such firms are the
point of contact with the end consumers of products and services, and so are able to
understand their demands and needs. Often, this knowledge is essential in helping
the regulator to develop policy and processes, by providing reasoned evidence of
the potential impacts of proposed changes or developments on consumers.
The size and market share of larger firms mean the regulators are likely to take
their feedback to consultations and other proposals on an individual company-by-
company basis. Smaller firms may not have such a powerful voice, which is where
trade associations and trade bodies become important.
Trade bodies or associations represent their members, who are engaged in similar
activities, providing advice and guidance to them, and representing their collective
views. Examples of these organisations in in Europe and the US include the following.
53. Extracted from http://www.esma.europa.eu/page/esma-short.

54. Extracted from http://www.eba.europa.eu/Aboutus.aspx.
55. Extracted from https://eiopa.europa.eu/.
89
Association for Financial Markets in Europe (AFME) promotes fair, orderly,

and efficient European wholesale capital markets and provides leadership in
advancing the interests of all market participants. AFME represents a broad
array of European and global participants in the wholesale financial markets.
Its members include pan-EU and global banks as well as key regional banks,
brokers, law firms, investors and other financial market participants.
The Asociación de Mercados Financieros – AMF (Spanish Association of
Financial Markets) comprises institutions and its professionals across many
different types of financial market activity.
The Bundesverband der Wertpapierfirmen e.V. (bwf ) was created in
September 2003 from three existing German trade associations. Since
January 2004 it has continued the work of these associations with the
goal of protecting and promoting the common professional interests of
Germany’s securities trading firms.
The Futures Industry Association (FiA) seeks to be the advocate and
educator for the centrally cleared derivatives industry. It seeks to promote
best practices and standardisation in the cleared derivatives markets, and
to provide policymakers with an informed perspective on the derivatives
markets. FiA strives to protect open and competitive markets, protect the
public interest through adherence to high standards of professional conduct
and financial integrity, and promote public trust and confidence in the
cleared derivatives markets.
The Institute of International Finance (IIF) is the global association for the
financial industry, with close to 500 members from 70 countries. Its mission
is to support the financial industry in the prudent management of risks,
to develop sound industry practices, to advocate for regulatory, financial
and economic policies that are in the broad interests of its members and to
foster global financial stability and sustainable economic growth.
The Securities Industry and Financial Markets Association (SIFMA) in the
US brings together the shared interests of hundreds of securities firms,
banks and asset managers. SIFMA's mission is to support a strong financial
industry, investor opportunity, capital formation, job creation and economic
growth, while building trust and confidence in the financial markets.
There are also pan-European trade associations that represent the industry at a
European level, where all EU member states have representation:
the European Banking Federation (EBF) – this was set up in 1960 and is the
voice of the European banking sector; it represents the interests of over
4500 European banks from 29 national banking associations
the European Payments Council (EPC) – this is the decision-making and
coordination body of the European banking industry in relation to
payment services.
2.2 Politics
At this stage we need to understand the role of politics in a different context from
that already discussed in section 1.1.2 above when we were investigating some of
the reasons for regulatory change.
Governments will look to regulators to help them to fulfil their political ambitions
of ensuring that the country’s financial markets are fair, transparent and have
90
integrity. This emphasises the jurisdiction’s reputation as a safe place to invest. It

makes the market more attractive to inward investment, and the population is
confident that the firms that operate in it will not abuse their positions of trust.
It can be argued, therefore, that the regulatory environment is also influenced by

the political need to respond to the needs of the electorate in this way.
2.3 Economics
A healthy, well-ordered and controlled financial services industry supports

economies. Businesses need to be able to access finance from firms that can be
trusted to provide the services they require without there being undue or unfair
restrictions attached to these services. Banking services allow firms to expand and
create more employment. Increased employment leads to more money being
available to individuals and families, who in turn will seek services and products
from the financial firms – often the same firms that provide the commercial finance
to support local economies. These smaller consumers need to know that the
services or products they have bought are suitable for their needs and will not
result in financial problems.
With these products and services, individual consumers will purchase goods
and services in the local and national economy, so it is the best interests of all
concerned that regulation and supervision of the financial services companies is
appropriate and instils confidence in the market.
2.4 Environmental aspects
This section is about more than our traditionally held ideas about environmental
issues. It concerns the wider influences that shape our economic and regulatory
environment. Two key contributors are the role and power of the consumer, and
the role and power of the media.
2.4.1 Consumers
Consumers, whether they are retail customers, small businesses, or major

corporations, hold the purchasing power. As is the case with most goods that they
buy, consumers have choices to make. If they believe that one product is superior
to another, then in general the purchase decision will be in favour of the better
option – whether that is in terms of performance, reliability or value for money.
This is also the case for financial services firms. Consumers will choose their
provider on the basis of a range of variables, including those already mentioned.
The big difference is that a financial service product is usually intangible. There is
no physical item taken home to use. Even so, the principles are the same, and the
power the consumer has when making a decision should not be underestimated.
2.4.2 The media
Today, the importance of the traditional media (TV, radio, newspapers) is being
overtaken by the importance and power of social media. News travels very quickly
and issues spread rapidly.
91
Problems experienced by companies, which have an impact on consumers’

experiences, are soon posted on social media sites such as Twitter and Facebook,
and can often lead to an escalation of the issue within the firm. Social media can
also be used by companies to keep customers up to date about efforts to fix
any problems.
In addition, we need to ask ourselves the question of who is the influencer. Do the
media respond to concerns from the public, and merely report them? Or, does the
public respond to issues and items reported in the media, and thereby generate
interest in something that did not previously attract much attention? For example,
we need to ask ourselves whether mis-selling scandals would be as widespread
as they are if media does not raised their profile, which attracts the attention, for
example, of companies that subsequently make money out of pursuing claims on
behalf of customers who may or may not be affected by the mis-selling.
3. The structural basis of GRC regulation

3.1 Regulatory structures: Law
To understand how the law and legal rules operate, we need to look at three areas
of law to consider how they differ, overlap and are commonly classified.
In common law jurisdictions (those where some of the law is based on previous
court cases and tribunal decisions) legal rules are often divided into rules of
criminal law and rules of civil law.
The rise of legal systems’ reliance on the role of regulatory agencies for the
development and enforcement of standards of conduct has given rise to
considerable development in what is referred to as administrative law.
We will look at each of these categories in turn.
3.1.1 Criminal law
Although it sounds straightforward, the often-asked question ‘what is a crime?’

is actually a complex one. There are a large number of definitions, which go far
beyond the scope of this course but can be summarised as: ‘crime is an offence
against the state which damages the social code’. Criminal law is therefore largely
a list of those acts that society (the state) has at one time or another seen fit to
punish, usually because the act itself is seen as a threat to social order.
The state has an interest in offences such as theft, money laundering, drug
trafficking and murder since if they are left unchecked a civilised society cannot
function. The state protects society by subjecting these offences to the jurisdiction
of the criminal law.
The involvement of the state can be seen in the following features of criminal law:
the police attempt to apprehend criminals

the state finances the costs involved in the prosecution of those accused of
criminal offences, and if an accused is found guilty of the offence with which
92
he has been charged, he is punished by the state (for example, by means of

a fine or imprisonment).
Offences such as rape or murder are not the kind committed by commercial
undertakings or public bodies. Nonetheless, this does not mean that criminal
law is individual-orientated rather than organisation-orientated. Firms can, for
example, be charged with the offence of corporate manslaughter. Recently a new
type of criminal offence has emerged as a result of the development of a body of
regulatory criminal law that recognises ‘quasi-criminal’ conduct.
Such conduct would include offences under wrongful trading legislation

(detrimental to the consumer) or anti-pollution legislation (harmful to the
environment). These offences may be committed by commercial and public
organisations as well as by individuals. The enforcement of these ‘regulatory’
criminal offences is not normally undertaken by the police but, rather, by specialist
enforcement agencies.
3.1.2 Civil law
Civil law covers conduct that is personal to the parties involved, in other words,
between civilians. A breach of civil law is a breach of the civil code but, unlike
criminal law, does not undermine society as a whole.
A breach of civil law involves damage to an individual or their property but is not
considered grave enough to warrant being dealt with under criminal law. The state
may nonetheless assist by developing laws that determine the standard of conduct
or obligations that should exist between the parties. Examples include the law
relating to obligations (such as contract or negligence) or to those that affect an
individual’s affairs (such as laws of probate or succession).
The state also provides a means of ensuring that civil laws can be enforced or civil
disputes resolved through the courts. Legal costs, attendance of witnesses and
other such matters remain, however, the responsibility of the parties to the dispute.
Although civil law generally governs relationships between individuals, it may
provide obligations for the state. It is quite common, for example, for government
departments to enter into commercial contracts, therefore attracting contractual
obligations or acquiring liability based on their conduct.
Civil matters may be divided into a number of categories. In relation to financial

services, these might be classified as obligations, fiduciary duties, and consumer or
financial protection. Let’s look at each of these individually.
Obligations
Obligations may be imposed in a variety of ways. In financial services the most

common means are by virtue of contract or operation of law.
A contract (such as a loan agreement) or a deed of trust (for example, a pension

plan) is an arrangement entered into between two parties. Where a contract is
in writing, there is usually a degree of clarity over the terms of the agreement
between them. If either party breaches the terms of the agreement, it is relatively
93
straightforward for one party to bring a civil action against the other for breach of
trust or contract.
An obligation may also arise by operation of law. In other words, this arises where
the law deems one party to owe a duty of care to another by virtue of their
relationship. This duty is wide and applies whether or not the parties have entered
into a written contract, for example neighbours have an obligation not to do
anything on their land that interferes with their neighbours’ enjoyment of their own
property; shopkeepers are under a duty to ensure that customers and other visitors
to the store are safe; employers have a duty to make sure that their employees are
not injured in the course of their employment. Any breach of the duty of care is
referred to as a tort (or a civil wrong).
Fiduciary duties
A fiduciary duty is a legal or ethical relationship of confidence or trust between

the parties, such as a solicitor/client or doctor/patient relationship. In relation to
financial services, the duty generally arises in relation to expectations in respect of
the management of money or property between two or more parties but can also
apply to an advisory relationship.
Fiduciary duties may relate to a trust. For example, Mr A has settled property on
Mr B (a trustee) on the basis that he should use the property for the benefit of Miss
C (the beneficiary). If Mr B abuses his position as trustee, for example by using the
money for his own benefit rather than that of Miss C, then he is in breach of his
fiduciary duties.
Further examples include the following.
Executors of an estate also have fiduciary duties. Under the terms of a will, an
executor may be directed to administer the deceased’s estate in a certain way. A
failure to do so will attract liability for the executor.
An agent is in a fiduciary position and the law often specifies that agents
acquire particular fiduciary obligations. A failure to meet those obligations will
attract liability.
A director of a company has fiduciary duties to shareholders or stakeholders.
Consumer or financial protection
Consumers of products and services may be given additional statutory rights

governing the quality of products or services provided. A retailer or manufacturer
failing to achieve the standards set by statute may incur additional liability.
3.1.3 Administrative law
The growth in the number of government departments and agencies fulfilling

public duties has given rise to a process of law referred to as administrative law.
Administrative law is essentially a division of civil law. It has established rules for
dealing with bodies conducting public functions and provides accountability for
94
the proper performance of their functions. Courts have traditionally developed

jurisdiction enabling them to review public body decisions and activities. This
process has become known in the English courts as ‘judicial review’.
If it can be shown that a regulator is performing a public function then, subject to

certain exceptions, it will be subject to judicial review. For example, an individual in
a regulated function may seek a judicial review of a decision taken by a regulator
where it is believed that the body has exercised its powers unreasonably or
inappropriately. For the purpose of administrative law the regulator need not be
a government department or even a government agency. In English law there are
numerous examples of private bodies such as self-regulatory organisations that are
subject to judicial review on the basis that they perform a public function.
In some jurisdictions, systems of public law have developed to such an extent

that the mechanism of government or regulatory framework provides for its
own judicial decision making and oversight. This commonly takes the form of
specialist tribunals or administrative judges. For example, the Securities Exchange
Commission (SEC) enforcement cases in the US are seen before administrative law
judges and in the UK the FCA has an internal Regulatory Decisions Committee to
determine whether there is a case to be made for enforcement in cases that are
within its scope. If required, a referral relating to a contested FCA enforcement
decision may be made to the Committee.
3.2 Regulatory structures: Regulations
The law empowers the regulator to issue regulations. In the UK, the law that
performs this function is the Financial Services and Markets Act 2000, which
came into force in 2001. Originally, the FSA was the regulator authorised to issue
regulations under this legislation, but following the passing of the Financial
Services Acts of 2010 and 2012, this authority was passed to the FCA and the PRA.
In the Dubai International Finance Centre, Regulatory Law No. 1 of 2004 (as
consolidated in August 2014) confers upon the Dubai Financial Services Authority
(DFSA) its powers, functions, and objectives. It allows DFSA to set its rules and
regulations, and issue licences to firms and individuals. These licensees are then
bound by the rules and regulations set by the regulator.
3.3 Regulatory structures: Rules
Regulatory rules may be broadly described as the detailed requirements placed on

regulated firms and individuals, together with those imposed on the regulator itself
in the exercise of its powers and fulfilment of its responsibilities.
Typically, regulatory rules include:
those concerned with corporate governance and internal control systems

prudential rules, and
conduct of business rules.
There are generally two approaches to regulation. These are the ‘rules-based’ and
‘principles-based’ systems.
95
Under the ‘rules-based’ approach, legislators and regulators prescribe in detail

exactly what a firm must or must not do to attain the standard of conduct required.
The ‘rules-based’ approach will also set out the firm’s obligations to its clients
and shareholders.
3.4 The choice of regulatory approach
Under the ‘principles-based’ approach, a regulator will focus less on the prescriptive
detail of a rule and more on assessing how a firm has interpreted the broad
principles set within the source materials (such as regulatory handbooks). For
example, a principle might be worded as ‘a firm must observe proper standards
of market conduct’. This gives a firm scope in how it might interpret and achieve
adherence to the principle. It also provides the regulators with scope to judge
whether a firm has acted in the best interest of its shareholders and customers. This
is also the case where regulators wish to promote good standards of conduct, as
it allows both the company and the regulator to interpret and provide evidence of
what good conduct looks like.
In practice, of course, the distinction between the two approaches is not as neat
or clear cut as the above explanations might suggest. Under a ‘principles-based’
approach, the principles are usually supplemented by underlying rules and codes
of practice, while under a ‘rules-based’ approach organisations still have to interpret
the rules to some degree.
Consequently, jurisdictions can end up with a hybrid approach as, for example, in
the UK. Although the FSA had its 11 Principles for Businesses, the responsibilities
for which have now been taken over by the FCA and the PRA, its approach was
more prescriptive, with the result that initially it was largely rules-based. It can
also be argued that the title of these ‘Principles’ is quite misleading because
the Principles for Business are effectively the core ‘rules’ on which UK conduct
regulation is built.
In 2005, however, the FSA moved towards what they termed more ‘principles-based’
regulation (MPBR – see section 3.4.4 below). The FCA has committed to continuing
with this approach. Internationally, the move towards more principles-based
regulation has continued, with the exception of the regulations designed to rebuild
confidence in the international financial system following the credit crunch. If
anything, the rules have been made more prescriptive in prudential regulations.
3.4.1 The case for and against rules-based regulation
Rules-based regulation provides clarity for firms in so much as it is prescriptive in its

requirements, allowing firms to understand what they must do to be compliant. A
substantial rulebook of detailed requirements typically accompanies such a regime.
There is limited room for interpretation of these rules, and therefore there is a lower
risk of different levels of application by different firms in the market than might be
the case in a principles-based system.
This can, however, lead to a ‘tick-box’ approach to compliance, focusing on

the letter (rather than the spirit) of the rules. If rules have to be written to
accommodate market developments, there is also the risk that firms’ new products
96
and services may be found to be non-compliant at a date in the future when the
rules are updated. Furthermore, the rulebook simply cannot cover every possible
circumstance or eventuality. This inevitably leaves gaps in the detail that could be
exploited – a significant limitation of this approach.
3.4.2 The case for and against principles-based regulation
This approach is less concerned with precision and targeted more at achieving the
general aims that the regulator wants for consumers and markets. The aim of a
‘principles-based’ approach is to articulate what a regulator would expect a firm to
do or how it would expect a firm to behave. For example, a firm must:
conduct its business with integrity

protect its investors
reduce systemic risk.
The interpretation of principles is sometimes considered by firms to be more

challenging than simply adhering to rules, as it does not provide clarity on exactly
what is expected by the regulator. This can lead to difficulties if, for example, the
regulator has a different interpretation to the firm.
This approach is also criticised as firms must make judgements about what will, or
will not, be considered to meet the desired principle in the future. The regulator
may, however, believe that the principle has not been achieved and will have the
benefit of hindsight on which to base its judgement.
Nonetheless, principles-based regulation does allow a firm more flexibility in the

way it achieves a principle, enabling it to adopt an approach in keeping with the
organisation’s culture, systems and controls. It also helps to encourage innovation,
as firms can assess whether a new product, service or venture would be within the
spirit of the existing regulation’s aims and objectives, rather than having to wait for
a specific new rule to be drafted and agreed.
3.4.3 Rules-based or principles-based?
Some firms have commented that a principles-based approach to regulation

is preferred, as less time and resources are spent trying to analyse and assess
compliance with complex rules. Under principles-based guidance, regulators
can allocate more time to examining the substance of the market participant’s
behaviour rather than probing the minutiae of a rule breach.
The difference between these two approaches was highlighted by the accounting
scandals in the US in the early 2000s. Accounting standards in the US were set out
in extensive rules, but despite this there was no high-level unifying principle. The
comment was made that this made it easier for US corporations to take a legalistic
approach and weave around the letter of the requirements because of the absence
of this overarching principle. The approach in many other jurisdictions by contrast,
is based on principles, with a ‘true and fair view’ requirement being the overriding
principle to be considered.
Perhaps the best way of regarding rules is to view them as illustrating the
principles. Rules will never be created as quickly as financial firms can innovate;
97
they will always be one step behind. If an action can be interpreted to be possible
under the rules, but appears to conflict with a principle, the principle should be
applied. On a day-to-day basis, it is more often necessary to consider and apply
core principles than it is to apply the detailed rules. This is a skill compliance
professionals need to develop.
3.4.4 Increasing focus on outcome-based regulation
In recent years, the ‘principles-based’ approach has evolved to focus increasingly

on outcomes. The transition to what has become known as more ‘principles-based’
regulation (MPBR) has come about to address the perceived weaknesses in the
‘principles-based’ approach, where a firm can show that it has adopted a principle
but may still not have achieved the desired outcome.
MPBR has focused attention on the most important outcomes. It has increased the
emphasis on senior management’s responsibility for achieving these outcomes
while retaining the flexibility offered to them under a ‘principles-based’ approach.
The key is that the outcomes are measurable, and therefore it can be demonstrated
they are being achieved.
Some prescription may need to remain, however, such as is the case in the EU
where firms have to adhere to certain EU Directives, such as MiFiD, CRD and CAD,
etc. Where possible, any remaining rules have been refocused – outlining the
desired outcome rather than the process required to achieve it.
3.5 Regulatory structures: Guidance
Sometimes, a regulatory authority may be compelled to issue detailed guidance

to regulated businesses, detailing how it expects them to discharge their legal and
regulatory obligations. Anti money laundering and counter terrorist financing are
areas where most regulators around the world have issued guidance. This may be
in the form of a statement of minimum best practice. The results of non-compliance
with such guidance depend upon the nature of the guidance and the regulator’s
power to enforce compliance with it.
3.6 Regulatory structures: Codes of conduct
In understanding how law and legal rules operate within financial services, it is also
important to consider the role of voluntary codes.
Voluntary codes of conduct are guidelines and commitments that firms voluntarily
agree to follow. Known also as ‘codes of practice’ or ‘non-regulatory agreements’,
they typically outline standards that customers can expect when they are dealing
with a company that subscribes to a particular code. Companies and associations
in the financial sector have for some years adopted voluntary codes of conduct in
areas such as insurance, mortgages and other banking services.
Voluntary codes have typically been used in financial services as an alternative to

government legislation or regulation. They can be an inexpensive and effective
method of influencing and controlling the behaviour of companies, ensuring
enhanced consumer protection.
98
Many trade bodies still have an important role in the industry worldwide –
we looked at a small number of them in section 2.1 above. Such trade bodies
define standards and codes of conduct that firms must meet in order to
maintain their membership.
3.7 Regulatory models
The principles- and rules-based approaches explained above define the way in
which regulation is exercised or communicated. In practice, this approach must be
set within an overall regulatory supervisory framework, of which there are various
different models in use around the world. Broadly speaking, the models can be
categorised as follows:
institutional regulation
functional regulation
regulation by objectives
regulation by single regulator.
These models describe the different ways in which regulatory supervisory regimes
can be structured to oversee financial firms operating in a particular jurisdiction.
We will examine each in turn. See Unit 4 section 4.3 for how these models are
applied in practice around the world.
3.7.1 Institutional regulation
This is the traditional approach to supervision, sometimes referred to as ‘by-markets

regulation‘, based on the firm’s legal status (banks, insurance firms, etc.). The
approach entails regulation of each single category of financial services business
by distinct regulatory authorities and/or divisions. These cover the whole range of
different functions or activities performed by each institution.
3.7.2 Functional regulation
Sometimes referred to as ‘regulation by activity’, this approach focuses on

the functions performed by financial services businesses (the business being
transacted) rather than the legal status of the businesses themselves. This approach
to regulation requires rules that must be applied consistently to any business that
engages in a particular activity, irrespective of the type or category of that business.
Under functional regulation, therefore, a firm might have to deal with a number
of regulators covering different activities. For example, one regulator might be
responsible for ensuring that conduct of business requirements are followed by
firms, while another reviews prudential management.
3.7.3 Regulation by objectives
This approach seeks to achieve certain explicit objectives by giving responsibility

for one or more of them to a specific regulatory body that exists solely for that
purpose, with other bodies being responsible for other objectives. Such an
approach means that financial services businesses are often subject to the control
of more than one regulatory body.
99
’Twin Peaks’ can be an example of regulation by objectives, with one regulator

responsible for market stability and confidence and another for consumer
protection – two of the main objectives of regulation. In practice, under
regulation by objectives there could be further regulators focusing on other
objectives, such as monetary policy, competition, or indeed any other objective
considered necessary.
Care should be taken not to confuse this model with principles-based

approaches to regulation, which can also sometimes be referred to as objectives-
based or performance-based regulation.
3.7.4 Regulation by single regulator
This integrated approach entails the creation of a single central regulatory authority
responsible for the fulfilment of all regulatory objectives involving the supervision
of the different institutions and functions. This is the approach favoured in
Singapore where the sole regulator is the Monetary Authority of Singapore (which
is also the Central Bank).
4. Regulatory methodology
4.1 Review of internal systems and corporate governance arrangements
In order to ensure the accountability and transparency of firms, regulators aim to

check whether a firm is capable of:
measuring and managing the risks it faces

conducting business in an orderly and efficient manner
maintaining proper records
maintaining and publishing reliable financial (and other) information
keeping itself fully informed of the expectations placed on it by
the regulator.
Consistent with the principle of proportionate regulation, the internal control

requirements of regulated businesses vary according to the size, scale and
complexity of the firm. They must be based upon a thorough analysis of the
company’s particular structures, operations, needs and risks.
In addition to this, regulators are required to ensure that a firm is financially sound.
This is prudential regulation, and there are two commonly accepted objectives of
prudential regulation:
to reduce the probability of insolvency and any loss to a firm’s ultimate

customers, and
to resolve the position of any firm whose viability is impaired, while
protecting the interests of its customers to the maximum possible extent.
100
The role of a prudential regulator of financial institutions might therefore be

summarised as being:
to provide a framework for financial risk management for the protection

of consumers and counterparties (the identification, control, financing and
monitoring of risk)
to protect consumers’ assets
to discipline those companies that do not comply
to impose rehabilitation requirements where a firm’s viability is threatened
to intervene in the management of a company in the event of actual or
impending insolvency.
Examples of prudential rules include the requirement that firms and senior
individuals be fit and proper, and the capital adequacy and liquidity requirements.
This latter principle has acquired a high profile in the wake of recent banking
failures, with much emphasis being placed on capital adequacy. EU Directives such
as Solvency II, which is an updated set of solvency requirements for insurance firms
operating in the EU, are receiving much more attention than previously.
Finally, in relation to conduct of business, regulators must ensure firms’ compliance

with conduct of business regulations, which impose minimum standards of
acceptable behaviour upon regulated businesses. The precise requirements will vary
depending on the risks represented by the kind of regulated business in question.
Conduct of business rules would cover, for example:
customer classification
financial promotions and advertising
customer communications, including reporting of transactions
customer agreements
conflicts of interest and inducements
customer understanding and suitability, including disclosure of charges
customer transactions and management of portfolios and assets
complaints handling
knowing sufficient detail about customers to understand them
client assets and money
the operation of specific kinds of product, such as collective
investment schemes.
4.2 Independence, accountability and transparency
When a regulator exercises its powers it can affect the reputation and livelihood
of others. It is therefore important that the public should know that, in making
its decisions, a regulator has rigorously adhered to a set of internal procedures
designed to ensure fairness, consistency and impartiality.
A regulator should therefore be operationally independent and accountable in the

use of its powers. The following are all indicators of an accountable regulator:
it operates independently of political and commercial interest

it has operational transparency
101
there is a right of appeal against its decisions

its decisions can be subject to judicial review.
Regulatory bodies seek to achieve transparency and accountability through the

application of internal and external safeguards, as described below.
4.2.1 Internal safeguards
To demonstrate that a regulator has the appropriate internal safeguards, it should:
have an effective board, which functions in an active oversight capacity

maintain proper records of all investigations and related interviews
require that all investigations, inspections and interviews be conducted by a
minimum number of officers
stipulate that all operational decisions are made and recorded in accordance
with established procedures and guidelines
segregate the regulator’s investigative functions from its disciplinary functions,
to ensure that no officer or team can be investigator, judge and jury.
4.2.2 External safeguards
To ensure that a regulator maintains appropriate external safeguards there

should be:
non-executive directors on the board of the regulator

the availability of judicial review of the regulator’s decisions
a right of appeal to an independent tribunal against a range of decisions
an independent ombudsman.
The transparency and accountability of the FCA in the UK (and the way this is
achieved) provide us with a useful model example.
A number of formal accountability mechanisms have been designed to

ensure that the FCA uses its powers responsibly and is seen to do so, including
the following.
It makes an annual report to HM Treasury on its work in pursuit of

its statutory objectives and its consideration of the principles of
good regulation.
It holds an annual public meeting to discuss the report.
An annual report is made by the committee of non-executive directors
to HM Treasury on the discharge of its functions, focusing on the FCA’s
economy and efficiency.
The Treasury has powers to commission and publish value-for-money
audits of the FCA. It may also commission official inquiries into any serious
failure in the system of regulation.
An Independent Complaints Commissioner investigates complaints
against the FCA.
The FCA has a duty to consult before making rules or issuing guidance,
and to conduct cost-benefit analyses.
102
Four independent panels, one made up of consumer representatives, the

others of industry practitioners, provide advice to the FCA on external
perspectives and report on the FCA’s work. Should the FCA disagree with
a view or proposal from any panel, it must provide a written statement of
its reasons for disagreeing.
There is a review of regulatory decisions by an independent tribunal
known as the Upper Tribunal (an independent judicial body).
The Financial Ombudsman Service provides an independent review of
complaints against firms.
5. Regulatory approach
5.1 The risk-based approach
All regulators will adopt some system for assessing the risks posed by a particular
financial services firm, and base the intensity of their approach to supervision
on the outcome of their assessments. In practice, this means making supervisory
judgements about each firm’s business model and its forward-looking strategy. The
regulator may decide to intervene where it identifies unacceptable risks to the fair
treatment of customers.
A supervision model could be built on three pillars:
an analysis of the systemic risk posed by the company, through structured

conduct assessments of firms
event-driven work in response to emerging risks or events that have already
occurred, and things that happen outside the normal assessment cycle
issues and products: campaigns targeted at specific sectors or products that
are putting customers at risk.
5.1.1 Case study/example
The UK FCA enforcement action against two major banks, Royal Bank of Scotland
(RBS) and its subsidiary division, NatWest, which was published on 27 August 2014,
clearly illustrates this approach.
The risk-based approach of both the FSA and the FCA in this example is shown
in both the size of the firm concerned and the significance of the product under
review. In its Final Notice, the FCA commented on both these factors.56
Overall, the Authority considers the Firms’ failings to be particularly serious because:
(1) The Firms, in combination, are one of the top six providers of mortgage products
to retail customers in the UK, and provided approximately 177,000 mortgage
products to customers in the Relevant Period. This included approximately
30,000 mortgage products sold on an advised basis. In addition, the Firms
were seeking to increase mortgage balance growth during 2012 and were
actively attempting to increase their in-house advised mortgage sales output by
reducing their reliance on referrals from independent third party intermediaries.
56. http://www.fca.org.uk/static/documents/final-notices/rbs-natwest.pdf
103
And, concerning the products involved:
A mortgage is one of the most important purchases most consumers will make during
their lifetimes. A large number of those who purchase mortgages rely on professional
advice, often from a bank or building society. Firms must ensure that any mortgage
recommendation is suitable for the customer. This will be even more important going
forward in light of the changes made by the Authority as part of the Mortgage Market
Review (‘MMR’). It is of critical importance that firms providing mortgages do so in a
way that ensures customers are treated fairly and in a manner which is compliant with
all regulatory requirements.
RBS and NatWest were found to have breached Principles 2 and 9 of the FCA’s high-
level rules (the Principles for Business) for the following reasons.
Principle 2 – failing to conduct their advised business with due skill, care
and diligence. They failed because they did not adequately remedy the
problems with the business when identified by the regulator.
Principle 9 – failing to take reasonable care to ensure that the advice
they were providing to customers who wished to purchase mortgages
was suitable.
Other additional factors taken into account by the FCA in its risk-based approach
included the previous conduct of the firm and the speed of response to the
concerns originally raised by the FSA. In this case, the RBS Group of companies
had been subject to enforcement actions on seven occasions in the previous four
years, and it was slow to respond to the concerns originally raised. Even then, the
assurances the firms provided to the regulator were not matched by their actions.
This case study is a significant example of the risk-based approach to supervision

outcomes in practice. The FCA and its predecessor the FSA had both previously
told RBS and NatWest of their concerns, which the FSA had identified during a
review of the quality of mortgage advice being offered to customers, in September
and October 2011. The firms did not address the concerns adequately, which
increased the seriousness of the breach and also did nothing to reduce the risk
to consumers.
After taking into account the 30% discount for settlement at stage 1 of the
enforcement process, RBS and NatWest were fined £14,474,600.
Learning outcomes
By the end of this unit you should be able to:
explain how a series of scandals, other world events and political changes have
shaped regulatory objectives
outline the impact of the USA PATRIOT Act and the effects of the Enron scandal
on regulation
explain the roles of international organisations such as BIS, BCBS, GIFCS,
IOSCO, ESFS (and its component organisations) and FATF in shaping the
regulatory environment
104
discuss how larger firms and trade organisations, in Europe, the US and globally
influence regulation
appreciate the roles of the media and consumers in influencing politicians,
regulators and the markets
explain the roles of criminal law, civil law and administrative law in shaping
regulation and its objectives
understand the differences between rules-based, principles-based, more
principles-based, and outcome-based regulation, and the advantages and
drawbacks of each
appreciate the role of official guidance and codes of conduct published by
various interested parties in helping firms to comply with regulation
outline what is meant by institutional regulation, functional regulation,
regulation by objectives and regulation by a single regulator
understand the risk-based approach to regulation and what this means for the
regulator and the regulated firms.
105

I1273818 - International Diploma in GRC - Unit 3

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

I1273818 - International Diploma in GRC - Unit 3

Uploaded by

Copyright:

Available Formats

SEE GREEN SECTION

Understanding the Complete

The purpose of this unit is to:

 discuss the objectives for financial services regulation

1. How did we get to where we are today?

It is possible to consider the evolution of individual countries’ regulatory

 financial scandals, a good example being pensions mis-selling in the 1990s

1.1.1 Financial scandals

1.1.2 Political changes

Understanding these motivations is critical in understanding the shape that

1.1.3 World events and international pressure

Increased interaction and interdependence of global financial markets means that

Many governments introduced a policy of intervention. This policy provided capital

Combating terrorism and crime

The events of 11 September 2001 also led to the development of a range of

1.2 The reactive nature of regulation

Some examples are described below.

1.2.1 Case study: The response to the Enron scandal

When Enron Corporation declared bankruptcy in December 2001, it was the

Recommendations are grouped into two main areas for improvement.

The first set of recommendations concerned the need to strengthen oversight.

overseeing compensation plans and payments (salaries, bonus, etc.)

 Ensure that an external auditor is not also providing internal auditing or

The second set of recommendations, for strengthening director and auditor

 Strengthen the requirements for director independence in publicly

International standards are important for a number of reasons. The individual

International initiatives are managed by international organisations that are either

 the Bank for International Settlements (BIS) is industry specific, whereas

We will now examine some of the more influential international organisations

1.3.1 The Bank for International Settlements (BIS)

 the Secretariats of the Financial Stability Forum (FSF)

1.3.2 The Basel Committee on Banking Supervision (BCBS)

The Basel Committee was established as the Committee on Banking Regulations

 the Supervision and Implementation Group

In 2004 the Basel Committee agreed a revised framework for International

 29 core principles for effective banking supervision, referred to as the

More recent documents include Principles for Enhancing Corporate Governance

1.3.3 The Group of International Finance Centre Supervisors (GIFCS)

Instigated by the Basel Committee, the Offshore Group of Banking Supervisors

1.3.4 International Organization of Securities Commissions (IOSCO)

The member agencies of IOSCO have resolved to:

 work together to promote high standards of regulation in order to maintain

1.3.5 International Association of Deposit Insurers (IADI)

In the furtherance of its objectives, the Association attempts to enhance

Further information can be found at www.iadi.org

1.3.6 International Association of Insurance Supervisors (IAIS)

Established in 1994, the International Association of Insurance Supervisors (IAIS)

The IAIS has the following objectives:

 to work to improve supervision of insurance, domestically and

The website is: www.iaisweb.org

1.3.7 Group of International Insurance Centre Supervisors (GIICS)

The Group of International Insurance Centre Supervisors (previously known as the

1.3.8 Financial Action Task Force (FATF)

The FATF is an intergovernmental body whose dual purpose is to establish

In April 1990, the FATF issued 40 Recommendations, which provided a

The continued evolution of money laundering techniques, along with the

Recommendations – a comprehensive framework for governments to use in

The FATF monitors its members’ progress in implementing AML/counter terrorist

For details of membership of the FATF, visit the website at www.fatf-gafi.org

The Caribbean Financial Action Task Force (CFATF) is an organisation of states

In November 1996, 21 members of the CFATF entered into a Memorandum of

The CFATF website is https://www.cfatf-gafic.org/

 To adopt and implement the FATF 40 Recommendations on combating

MENA-FATF’s website can be found at http://www.menafatf.org/Home.asp

discuss the objectives for financial services regulation

financial scandals, a good example being pensions mis-selling in the 1990s

Ensure that an external auditor is not also providing internal auditing or

Strengthen the requirements for director independence in publicly

the Bank for International Settlements (BIS) is industry specific, whereas

the Secretariats of the Financial Stability Forum (FSF)

the Supervision and Implementation Group

29 core principles for effective banking supervision, referred to as the

work together to promote high standards of regulation in order to maintain

to work to improve supervision of insurance, domestically and

To adopt and implement the FATF 40 Recommendations on combating

European Securities and Markets Authority (ESMA)

Association for Financial Markets in Europe (AFME) promotes fair, orderly,

the police attempt to apprehend criminals

those concerned with corporate governance and internal control systems

conduct its business with integrity