Axis Ahead SIP Presentation 2015

By :Sushant Lohani
Summer Intern
Compliance Department, Axis Bank

Date: 26 May 2015

Before we begin
Reason behind that?

Overlooking the criticality of

Compliance as a function
Introduction to Compliance

Costs of Compliance & Non Compliance

Major Components of Compliance

Compliance at Axis Bank

Compliance Culture

Challenges for Compliance

Top trends of Compliance in 2015

Suggestions
What is Compliance
• Merriam Webster defines:
• the act or process of complying with a desire, demand, proposal, regimen or
coercion
• conformity in fulfilling official requirements

• Banking compliance can be divided into 3 types:

1. Internal compliance, including (Self regulatory org)SRO standards
2. Regulatory Compliance
3. Legal Compliance

• Internal Compliance is adherence to the internal policies formulated by

the Board and is applicable to every employees
• Regulatory and Legal Compliance are applicable to the Bank as a whole
From oblivion to prominence
• Seen as a “cost center” with a wary eye until recently,
compliance departments are now essential to banks’ success
in protecting their reputation and the bottom line.
• Still stigmatized as an impediment rather than a necessity
• Compliance function these days:
Increase in investments in resources
Battle for right talent
Increase in role of Data Analytics and IT
Food for thought!

Question
• Rate the Compliance function in
your organization
1. Siloed & Inconsistent
2. Organized but reactive
3. Actively managed and
Proactive
4. Fully reactive and Embedded

Level of maturity increases :

Clockwise

Source : Thomson Reuters 2009

 Sometimes as a whole the
compliance department might
look “mature” but compliance
towards a particular statute or
Regulatory body or Business
Unit might be in maturity level
1.

Source : Thomson Reuters 2009

Functions of Compliance Officer
• The role of the compliance officer is
• one of assistance: helping the board and senior managers
monitoring, advising and formulating policy
• providing a strong overview of the regulatory environment
• regular support to the chief executive
• arming those at the top with the appropriate material and training to
execute their roles.

10
Source : Thomson Reuters 2015
 12
Source : Thomson Reuters 2015
 13
Source : Thomson Reuters 2015
Source : Thomson Reuters 2015 14
Determinants of Compliance

15
Other determinants
• Different levels of approval for new products,
processes, systems
• Trust/confidence in regulator
• Regulation flexible to specific requirements
• HR Policies
• Effective monitoring
• Management commitment
• Proactive in training
• Adequate skilled, experienced and committed staff

16
(contd)
• Industry standards
• Internal business requirements
• Ethical guidelines
• Awareness of reputational risks
• Transparency requirements
• Assurance of quality
• Control of governance/processes/methods
• Infrastructure in critical areas as risk and finance

17
Y
Managing Regulatory risk
• Internal Environment Checklist
Clearly defined roles,
responsibilities and
Culture and conduct risk
accountabilities

Data management
Regulatory approvals
and
registrations

Client data
Key areas of supervision

Source: Thomson Reuters

• External Environment Checklist
Keeping up-to-date with
regulatory changes and
enforcement of it Liason with regulators

Reporting Changes Communication

19
Source: Thomson Reuters
Conduct Risk

20
• Niall Coburn(TR) :” “Conduct risk refers to the growing
need for institutions to reassess the way they conduct their
businesses and how regulatory risks and expectations are
effectively managed within organizations.”
• 67 percent of compliance professionals surveyed believed that
regulatory focus on conduct risk would increase the personal
liability of senior managers.
•

21
22
Ask yourself
Board Staff
Whether there is a conduct risk management Are there clear reporting lines?
culture at all levels of
the business?

Do managers feel they can raise risk-related Do staff feel that they can raise risk-related
issues? issues?

Are managers’ ideas supported? Do they feel Are staff comfortable questioning existing
that concerns raised will be considered and/or practices and suggesting more effective ways of
acted upon? doing things?

Can the board demonstrate an effective “tone Is conduct risk management part of the
at the top”? established way of planning and executing
departmental activities?

23
Cost of Compliance

24
Introduction
• A skilled, high-quality compliance function is expensive to build.

• But there is a growing realization that investment in effective risk and control
functions and associated infrastructures is worthwhile on many levels, not
least of which is the personal accountability of the firm’s senior managers.

• The challenge in being able to devote adequate time to compliance activities

is in part driven by the availability of, and the ability to recruit and retain
high-quality compliance officers with deep experience.

• Genuine dearth of good compliance skills in the marketplace

25
26
Source : Thomson Reuters 2015 27
Source : Thomson Reuters 2015 28
 Costs of Non Compliance
Financial
• Monetary fines
• End of a business or business
line
• Increased capital, liquidity or
solvency requirements
• Impact on share price
• Competitive disadvantages
• Opportunity costs of non-
compliance
Costs of Non
Compliance
Personal
• Increased personal liability
• Forced changes to senior
management
• Need for more highly-priced risk
and compliance skills
• Claw-backs invoked on bonuses
Operational Regulatory
• Expensive and time-consuming • Greater regulatory
remedial actions including redress scrutiny
• Enforced changes to business • More regulation, cost
• Expensive and time-consuming and complexity for all
use of third party or skilled
persons
• Inability to recruit and retain high
quality skilled resources
29
Evolution

Future
Present

Past

30
Past
• Excessive emails, documents,
and paper trails
• Lack of an audit trail
• Limited reporting
• Files and documents out of sync
• Wasted resources and spending
• Poor visibility across the
enterprise
• Overwhelming complexity
• Lack of business agility
• Greater exposure and
vulnerability
• No accountability

31
32
PAST: Silos means greater risk
Not
Non integrated approach in compliance results in the effective
following ramifications in the performance of department:

 Poor visibility across the enterprise. A reactive approach to GRC

leads to siloed initiatives that never see the big picture.
 Redundant and inefficient processes. Silos of GRC lead to
redundancy, gaps, and wasted resources. Not
 Overwhelming complexity. Different GRC approaches introduce
greater complexity to the business environment.
efficient
 Lack of business agility. Complexity drives inflexibility - the
organization is not agile to the dynamic business environment it
operates in.
 Greater exposure and vulnerability. A reactive approach leads to
greater exposure and vulnerability.
Not agile

33
Present: Volume and Complexity

Global
Regulators Markets and
Jurisdictions

Outsourcing Mergers and

of operations Acquisitions
34
Present day factors affecting Compliance

Government

Enforcement
Common practices
bodies/Authorities

Information
Technology Compliance Agencies

& Ethics

Social Media Younger generations

Globalization

35
Shortcomings
• Inability to gain a clear • Incapable to provide
view of compliance compliance intelligence to
dependencies; support business decisions
• High cost of consolidating and strategic planning
silos of compliance info • Redundant approaches limit
• Difficulty maintaining correlation, comparison
accurate compliance info and
• Failure to trend across integration of information
compliance assessment • Lack of agility to respond
or reporting periods timely to changing
regulations, laws, and
situations.

36
Future: Needs
Consistency

Accountability Efficiency

Agility Effectiveness

Transparency

37
38
Shifts in Compliance Strategy
• Risk Management • Investigations
• Code of Conduct • Change management
• Policy and procedure • Mobility
Management • Third Party
• Training Management
• Monitoring and • Metrics and
Assessment benchmarking

39
Compliance at Axis Bank

40
 Compliance Structure in Axis Bank
Board of Directors

Audit Committee Group Executive,HR

Chief Compliance
Officer

Head Head Head

Head
Business Unit Regulatory Center of Control Function
Compliance Testing
Compliance Group Excellence Group Compliance Group
Group (CTG)
(BUCG) (RCEG) (CFCG)

Control Testing &

Credit Retail KYC/AML ICC Outsourcing EGRC
Function Reporting

Regulatory Non-Core
Treasury
Group

Nodal Compliance
Officers
41
Compliance reporting lines

42
Regulatory Environment

Government
RBI SEBI CCI FMC
of India

IRDA PFRDA TRAI NHB BCSBI

NABARD NDSL CDSL NCPI FIMMDA

FEDAI AMF IBA

43
Regulatory Changes worldwide

• BASEL III • The Internal Capital • International

• Need to calculate Adequacy Financial Reporting
higher capital Assessment Process Standards
requirements for • Banks have started • Newer rules for
counterparty credit risk upgrading their classification of
• Change the capital ICAAP framework as Financial Instruments
calculation model as mandated by (from present 4 to 2 in
per BASEL III norms respected regulators no)
• Banks need to • New Standards of • Impairment method:
calculate leverage ratio Stress testing being Shift from the
( Tier 1 Capital vs employed “incurred loss”
Gross Balance sheet ) concept to “expected
with the appropriate loss “ concept
credit conversion • Hedge Accounting:
factor IFRS 9

44
Singapore and Axis Bank
Risk Committee Board of Directors Audit Committee

Internal Audit
Managing Director’s Office

• Chief Economist
• Special Advisor
• Legal
• Corporate Planning &
Communications

Monetary Policy & Development & international Financial Supervision Corporate Development
Investments

Fig: Hierarchy in Monetary Authority of Singapore

45
Gaps and differences
• Concept of “Appointed Representative”
– Can’t act as agent of any other Principal
– Should have passed stipulated examination(CMFA)
• All Gifts are to be approved by Chief Executive
– Gifts to C.E. to be approved by Local C.O.
– Only Gifts (≥$100) to be recorded in Register
• To conduct financial inspection, RBI has to take
permission of MAS and limit itself to Singaporean laws
• Concept of Tax Agent(CTA in Singapore)
– E&Y is CTA and submits Return on behalf of Axis
(Singapore)
46
Axis Bank, Dubai Branch
• Dubai Financial Services Authority(DFSA) is the regulator of the entities
inside DIFC

• Known to be hard nosed and non-negotiating

• Recently fined Deutsche Bank $8.4M for failures in its internal governance
and systems controls related to booking clients & AML laws

• Off late, DFSA has started dealing with contravention with harsh
punishment

• ABN Amro also under scrutiny by DFSA

47
Gaps and Differences
• Legal requirement to keep C.O. in the loop when Investment activities is to
be undertaken with entities outside DIFC

• Compliance Officer(CO) is also called Finance Officer

• All Client facing employees have to sign a “Policy of Independence

Undertaking”

• Accounting Records to be maintained for 6 years, Voice records for 6

months

• The Bank wont promote a product unless the customer doesn’t ask for it,
‘‘explicitly’’.

48
(contd)
• DFSA has prescribed rules for Islamic Funds
• Maintenance of Questionnaire filled by Client regarding
– Financial Expenditures and Understanding
– Investment Objectives and Risk Tolerance

To decide the suitability of investments and to determine his risk profile

Therefore, CMP and Compliance Policy of Dubai Branch seemed to be

the most comprehensive and well drafted for its depth and description of
SOP.

49
Axis Bank in Sri Lanka

50
Gaps and differences
• Record retention: 10 years (RBI : 5 years; CBSL: 6 years)
• Approval of CEO of Axis Bank , SL to be obtained to accept gifts
over a specified limit (Register to be maintained, just like in India)

51
Major Components of Compliance

AML

Outsourcing KYC

52
Anti Money Laundering
• FATF definition: Money laundering is the processing of these criminal
proceeds to disguise their illegal origin.
• The Financial Action Task Force (FATF) is an inter-governmental
organization comprising 36 countries.
• The objectives of the FATF are to set standards and promote effective
implementation of legal, regulatory and operational measures for
combating money laundering, terrorist financing and other related
threats to the integrity of the international financial system.
• India has been member of FATF since 2010.
• FATF estimates money laundering at 2 to 5 percent of global annual
GDP, which amounts to an estimated $1.38 trillion to $3.45 trillion. E
• Effective anti-money laundering and combating the financing of
terrorism regimes are essential to protect the integrity of markets and
of the global financial framework

53
Observations by Indian C.O.
• There seems to be a trade-off between ensuring AML compliance
and increased business.
• Ensuring AML compliance for smaller customers is fraught with
different challenges and may call for different remedies.
• The type of branch could have an impact on its level of compliance
and the related risks.
• Over reliance on technology could be counterproductive as it could
delay identification of patterns in banking transactions and
overshadow the role of judgement , which is also important.
• Similarly, an over reliance on third parties to aid AML compliance
could also be counterproductive unless it is supplemented by ability
to independently verify documents produced before banks.

54
Global Statistics on AML by KPMG 2014
• Proportion of firms globally which saw AML as a priority had
risen to 88 % in 2013 from 62 % in 2011(In Asia-
Pacific,50%→80%)
• 51% in AP region told that AML issues are regularly discussed
at BOD meetings (Global:66%)
• 47% in AP region offered AML trainings to BOD members
(Global: 62%)
• Areas of Concern during regulator’s visits were:
 Customer due diligence: 70%
 Continuous monitoring: 56%
 Enterprise wide AML Risk Assessment: 54%54%

55
Money Laundering Structures
• Overseas and offshore bank accounts
• Shell corporations
• Parallel and Underground banking systems (prevalent in India ,
Pakistan, China, etc.. )
• Trade based money laundering (TBML) : Laundering of money
under the garb of doing business/trade
• Prepaid Cards or Gift Cards : Prevalent in Western Countries
• Virtual crypto-currencies like BitCoins , LiteCoins , Zen and
NameCoins

56
Combating ML
• Establishing a globally consistent and effective AML framework is a
mountainous challenge, involving:
– ongoing updates to policies , procedures, controls, and IT systems
– dealing with shifting regional variables (differences in national
legislation and data privacy standards).
• Overall Challenges for AML compliance are as follows:
– Centralizing Command
– Budgeting wisely
– Improving the KYC procedures
– Tapping AML talent
– Broadening Training
– Minimizing Political risks
– Collaborating with global risks

57
Soaring Costs

Question
• Rate the Compliance function in
your organization
1. Siloed & Inconsistent
2. Organized but reactive
3. Actively managed and
Proactive
4. Fully reactive and Embedded

Source : KPMG
Effective AML transaction monitoring system
Understanding risks and
Data Volume
potential red flags

Technology
Vendor Selection
infrastructure

Scenario selection

System Planning
Data Availability

Data Quality
Data Source
identification
Data refresh rate

Scenario Development

Data volume

Project planning
AML transaction
monitoring system

Implementation Resource management

Change management

Customer segmentation

Initial threshold setting

Threshold
setting/tuning
Threshhold tuning

Ongoing tuning &

Enhancements

59
Source: Protiviti Consulting
Know Your Customer
3 Stakeholders

Banks Clients Regulators

• Manpower tied in • KYC impacts end-clients • Need to know the origin
collecting & maintaining • Not happy to receive of money
volumes of user info slow, lengthy on boarding • Realize the need of
• Systems & processes for procedures transforming the present
collecting and data are • Banks have to balance, KYC procedures to suit
fragmented, with no real keeping the other 2 modern day changes
integration (data happy
duplication) • Regulations are often
• Grappling with poor vague
infrastructure and vague • No control over who
laws accesses the info

60
Dimensions of KYC to be considered
• Risk management - effective compliance with regulatory
obligations and the prevention of financial crime.
• Service - ensuring a positive end-client experience. Intrusive
questions, for example, about ultimate beneficial ownership
(UBO) and sources of wealth, can strain relationships and
impact the client’s view of the institution, not to mention the
effectiveness with which the on-boarding and review processes
are happening.
• Operational effectiveness - fulfilling those obligations in a
balanced, cost-effective manner, whilst maintaining fluid
processes

61
Issues faced by clients
• The documents one needs to provide can reside in several different
locations within your company (jurisdictions)
• Exponential increase in no of required docs
• In addition, there is currently no universal global KYC
standard, so each bank relies on its own interpretation of
AML/KYC requirements. As a result, each requires different
documentation from institutional clients
• Concerns of data privacy and confidentiality due to increase in
hacking and corporate espionage incidents worldwide.

Leads to increased efforts, resources (time and cost) just to maintain

your current business.

62
Way Ahead
• Present system of KYC processes has to be changed .

• Further discussion on this in “Suggestions” portion.

63
Major Aspects of Compliance, Axis

64
E-GRC

65
 • Developed by SAS
• Open Compliance and Ethics Group(OCEG) defines GRC as
“a capability to reliably achieve objectives , while addressing
uncertainty and acting with integrity”
• Requires a co-ordinated, integrated approach to address regulatory,
ethical, reputational and legal risks; not fragmented ones
• Dynamic, global nature of business is challenging for Compliance
management
• Role of Analytics and Information Technology is crucial; hence the
need of SAS eGRC.

66
EGRC at Axis Bank
• Implementation: Initial populating of data by Ernst and Young
• The team at Corporate HQ does the testing and do the main
processes across geographies
• GRC Self certification
– is an quarterly exercise done by Business Units or branches
– To check for breaches that could have happened in the
previous Quarter
– Sometimes, it can find breaches not found by Central
Compliance department at Worli, Mumbai

67
• 3 components:
– Governance — The process by which policy is set and decision
making is executed.
– Risk Management —The process for preventing an
unacceptable level of uncertainty in business objectives with a
balance of avoidance through reconsideration of objectives,
mitigation through the application of controls, transfer through
insurance and acceptance through governance mechanisms. It is
also the process to ensure that important business processes and
behaviors remain within the tolerances associated with policies
and decisions set through the governance process.
– Compliance — The process of adherence to policies and
decisions. Policies can be derived from internal directives,
procedures and requirements, or external laws, regulations,
standards and agreements.

68
Fallback of non-integrated GRC
• Redundant and inefficient processes
• Poor visibility across enterprise
• Overwhelming complexity
• Lack of business agility
• Greater exposure and vulnerability

69
Few Qs to be answered
• For a successful GRC framework , Organization should be knowing
 Which policies set management thresholds for specific risks
 Which events violate specific policies, materialize risks and
cause infraction.
 Which controls are established for specific policies and are
defined to control specific risks
 Which business objectives and risks are related to multiple parts
of the enterprise
 How to monitor controls to stay within acceptable tolerance
levels of risk , while aiming for objectives.

70
GRC architecture components
• Compliance risk management
• Regulatory change management
• Learning and training management
• Policy and procedure management
• Investigations management
• Issue reporting and hotlines
• Survey and assessment
• Due diligence management
• Third party risk management
• Forms automation and processing
• Compliance project management
• Benchmarking, metrics and dashboarding

71
Talisma

Talisma at Axis

Correspondence Circulars Returns

72
Correspondence (module)
• To keep track of the emails , telephone calls from/to the regulatory
bodies (Total: 16 in India)
• The team in this module will decide the future course of action ,
which BU the email/call is for and then make forward accordingly
• Every Business Unit has a designated person of appropriate
experience and capability as Special Point of Contact(SPOC)
• SPOC will be the interface between the Correspondence Module
Team of Compliance Department and the particular BU
• Each forwarding and action requested by team is entered as a ticket
and a after excluding some buffer time; some “deadline/last date” to
perform the action is specified
• Till the work is not done, repeated reminders will be sent .

73
Circular (Module)
• The module team’s work is to keep track of the changes in the laws ,
rules issued by concerned regulatory bodies in form of Circulars/
Notifications / Clarification
• Team comprises of personnel having cleared professional
examinations in the field of law, accountancy ,audit, etc.
• In case of doubts of the interpretation, the legal team is consulted or
even if that is not resolved; the regulator is asked for clarification
whether our interpretation of the Act/Rule/Circular is correct or not

74
Return (Module)
1. To keep tab on the returns submitted or to be submitted by the
Bank to the Regulatory Authorities
2. Also entrusted with the work of mapping the policies:
1. Particular Business Unit makes the policies
2. Signoff obtained from the compliance department
3. Then , it is sent to the higher ups for final approval
3. Policy Mandated Reviews
4. Calendar reviews (Scrapped by RBI: further notifications waited)
5. MIS to Top Management

75
Outsourcing
• Outsourcing policy was formulated in 2007 and revised on
18.10.2014
• Two types of Review by Central Outsourcing Committee (COC)
1. Half yearly review:
 Review financial activities outsourced
 Identify material risks and means how to reduce them
 Identify adverse developments and steps how to prevent them

2. Annual Review
 Review of the Vendors/ Service Providers
 Evaluate the Service Provider’s ability
 Check whether there’s been a breach of confidentiality or Standards of service
 Evaluate the Business Continuity Planning (BCP) standards
 Identify and mitigate risks

76
 COC structure

COC Head

Chief Chief Chief

Chief Risk
Compliance HR Head Head-Law Information Information Head KO
Officer
Officer Security Officer Officer

77
Functions of COC
• Risk Categorization : 1. Negligible 2. Low 3. Medium 4. High 5. V.
High
• Evaluate the Concentration of risks:
– Whether for a single activity, there’s only 1 SP
– Check the volume per Vendor
– Bank’s overall exposure to a single vendor
• Testing and Analysis of BCP of Vendors of Critical processes
• Deficiencies in the outsourcing processes are identified,quantified
and mitigation steps are formulated

1. Role of IT in keeping record of the execution of steps

recommended in the COC report
2. Previous records /info about the change in risk categorization
should be given in the Annexure IV of the COC report(if possible)
78
Process of Outsourcing
Selection of SP

Comprehensive template to
Termination/Renewal
of Services
Evaluation of SP assess risks by evaluating the
Service Provider

Audit of SP Approval of SP

Review of SP Execution of SLA

79
SWOT ANALYSIS of COMPLIANCE DEPT
S Strengths
 Independent Compliance
department headed by CCO; and
reporting to the BOD
 Increasing use of automated
systems and analytics for the
compliance function
 Accurate interpretation and
consistent application of
regulatory updates
 Well informed and exp. team
Opportunities
O  Availability of newer
technologies/analytics which can
make compliance more effective
and efficient
 Opportunity to extend Compliance
tools/automation software across
BU/geographies
 Use of thematic reviews and risk
analysis(of high risk zones) for pre-
empting regulatory actions
W
Weaknesses
 Crucial need to use documentation
so as to benefit retrospection of
period gone by as well as help new
joinees as for future ref
 Structured “training/learning” w.r.t
Compliance for staff from other BU
Threats
T
 Inadequate implementation of
compliance policies/suggestions
due to attrition in Compliance
department or another BU
 Excessive changes in the
macroeconomics or overzealous
crackdown by regulators
Compliance Culture

81
Creating a Culture of Ethics, Integrity & Compliance:

Conduct Centrally Audit , monitor

Designate a Implement Develop open Respond and adapt as
appropriate manage all
Compliance written lines of consistently to needed
training & complaints and
Owner standards communication all allegations
awareness allegations

82
Source: Compliance Week 83
Effective Compliance Program Board
Reporting
Optimizing Board reporting has the following steps
1. Create a Compelling, Professional Format & Structure for
Board Reports
2. Deliver Reports at the Right Frequency
3. Include only the most Crucial, Relevant Content
4. Address Risk Assessment, Emerging Trends and Current
Events of Interest
5. Elevate Board Engagement

84
1. CREATE A COMPELLING, PROFESSIONAL FORMAT
& STRUCTURE FOR BOARD REPORTS
• Cardinal Rule : Know your Audience
• Reports should be delivered in a well-organized, professional looking
format and address some combination of:
• Communications
• Training
• Ethics Hotline/Helpline Data
• Investigations
• Governance
• Risk Assessment
• Yearly Initiatives (for the annual report only)
• The report should start with “Executive Summary” of focus areas listed
above and also should highlight resource crunch w.r. to Compliance
function

85
2. DELIVER REPORTS AT THE RIGHT FREQUENCY

• Around the world, most Universal banks have a tendency to

send average of compliance reports to BOD at least every
quarter.
• Following types of issues can mandate higher frequency
– Reputational risk preparedness
– Anti Corruption issues

86
3. INCLUDE ONLY THE MOST CRUCIAL, RELEVANT
CONTENT

• The following issues should be covered in one way or the other:

– Communication and training
– Compliance Program elements
• • Structure and Leadership • Standards and Procedures
• Training and Communication • Integration with HR Practices
• Auditing and Monitoring • Investigation
• Discipline • Risk Assessment
• Organizational Culture
– Culture and support for compliance

87
4. RISK ASSESSMENT, EMERGING TRENDS & CURRENT
EVENTS
 High-level summary of the top risks for the enterprise as a whole and
individual operating units
 Summary of exceptions to management’s established policies or limits for
key risks
 Summary of significant gaps in capabilities for managing key risks and status
of initiatives to address those gaps
 Summary of emerging risks that warrant board attention
 Periodic overview of management’s methodologies used to assess, prioritize
and measure risk
 Risk reports, such as trends in key risk indicators
 Report on effectiveness of responses for mitigating the most significant risks
 Case law updates
 Summaries of articles of interest

88
5. ELEVATE BOARD ENGAGEMENT

• Best Compliance program is not possible without healthy relationship

between BOD and CCO (and team).
• At least, there should be regular , formal meetings btw the 2.
• Leading Compliance Consulting firm, NAVEX suggests that there
should be regular training of BOD w.r. to Compliance [Every 24
months (or) Once new classes of Members come in]
• Training should cover:
 Frameworks for ethics and compliance programs
 Board’s oversight responsibilities
 Cases relevant to their roles and responsibilities
 Creating a culture of integrity

89
Effective Compliance Programme
Risk
Identification

Remedy Culture Prevent

Detect

90
FEDERAL SENTENCING GUIDELINES FOR ORGANIZATION
• Propounded by US Sentencing Commission FSGO in1991 as standards for
self policing
• FSGO remains the primary definition for effective Compliance Program.
• Global standard drafting organizations have endorsed FSGO as a template
for international risk mitigation guideline. ( Eg. OECD)
• Summary of FSGO elements are as follows
 Risk Assessment
 Establish Policies, Procedures & Controls
 Exercise Compliance & Ethics Oversight
 Exercise Due Care in Delegation of Authority
 Communicate & Train
 Monitor, Audit & Report
 Ensure Consistent Enforcement & Discipline
 Appropriate, Consistent Response
 Culture of integrity

91
PREVENT

92
 Communication & Training Policy management cycle

• Common and Effective

Practice:
Includes all formats of periodic
training and awareness
communication related to E&C
risks
• Best Practice:
 Blended learning approach
leveraging short form and high
quality training plus a variety of
awareness communications
deployed on a role-relevant basis
 Include board of directors, middle
management and business
partners in education plan for role-
based education

93
 Detect
Global Hotline Report Intake with Unique
Detect
Centralized Case Management

94
Detect

95
Few Questions for you
Evaluating a Company’s risk culture
Board
Is there risk management culture at all
levels of business?
Do managers feel that they can raise
queries?
Are managers’ ideas supported? Do they
feel their opinions matter?
Are managers authorized to identify
opportunities to reinforce, and issues that
destabilize their risk appetite
Staff
Are there clear reporting lines?
Do staff feel that they can raise risk
related issues?
Are staff comfortable questioning existing
practices and suggesting changes?
Do existing monitoring and reporting
systems ensure that action will taken when
issues are raised?
96
97
Source: McKinsey and Co

98
3 key areas of challenge Customer experience
• Inconsistent customer sales and servicing
experiences across channels.
• Products vary in how they utilize channel-specific
features.
• Multiple handoffs or manual activities
when transitioning between channels

Customer
Experience Sales channels
• Definition of primary characteristics, preferences,
and behaviors for targeted customer segments
differs between products in the same category.
• Limited tracking of usage & channel mix
variations within and across products for each
segment.
Product Sales • Inconsistent fee treatment and product
Management Channels availability across customer segments
• Differing communications, sales, & service
approaches for customer segments using similar
products.
Product management
• Unclear or complex disclosures, terms, and conditions. Inconsistent fees
& product availability across customer segments,
Fig: Expanding sources of Compliance Risk • Overlapping products that meet the same customer need without clear
differentiation.
• Differing communications, sales, and service approaches for customer
segments using similar products.
• Large number of product variants, leading to errors in application
processing and difficulties maintaining and managing changes.

99
Challenges in Social Media Compliance

Source: Navex Global

100
Challenges in Social Media Compliance

Source: Navex Global 101

Regulator’s latest craze
• From June 2012-June 2013; Fortune 100 Companies were notified
with an average of 69 compliance incidents w.r.t Social Networks
• 9 different US regulatory standards were triggered
• In the United States alone, the FTC, SEC, FCA, FFIEC, FINRA, FDA,
ABA and others have updated existing regulations to include specific
social media provisions.
• Most Companies don’t have pre-defined SN Compliance policies and
even if they have; employees either don’t follow it or claim ignorance

Source: Compliance Week

102
 others have updated existing
regulations to include specifi social
media provisions.

Fig: A statement by an advisor that guarantees a certain rate of

return on a stock investment would be considered misleading.

Source: Nextgate, Proofpoint

103
Factors affecting SN Compliance
1. Culture : The corporate culture as a whole
2. Pace: The speed at which data is being generated in real time
3. Scale: More than 500,000 messages, originating from 1,159 employees
and 213,000 commenters were spread across over 320 accounts for the
average Fortune 100 firm during our 12 month research window.
4. Complexity: Multiple networks (Twitter, Facebook, LinkedIn, etc.),
employee accounts, personal accounts, corporate accounts,
publishing applications, and a matrix of changing regulations all
interact to create a complex social media landscape that’s
extremely difficult to manage.

104
 Future Trends of Compliance (2015)
Building culture of Compliance

• Increase in

Create diverse workforce

Boosting data security
• >1Bln • Push towards • More no and
compliance

Environment
Keeping pace with dynamic Compliance
accounts Gender and kinds of
training compromised Racial diversity sanctions
budget in 2014 • Identify and • Establishing
• 58% business • Global Avg attract talent beneficial
surveyed cost of Data from diverse ownership
believe in breach is pool • Evolving anti
efficacy of $3.5Mln • Create infra to corruption
C.training
• Conduct support long laws
• Ongoing regular Risk term diversity
training Assessment outreach,
• From top to • Educate staff recruitment
bottom and retention

Source: Accenture 2015

105
Resource Allocation for Compliance

Source: Accenture 2015

106
Suggestions

107
• Karl M Kapp: Gamification is the process of using game-based
mechanics, aesthetics and game thinking to engage people, motivate
action, promote learning and solve problems.
• Used in several domains and Western Banks have started employing
them to sensitize and train employees w.r.t. Compliance
• A leading Compliance trainer advocating Gamification once told
“People absolutely hate compliance training, they don’t remember it
and they don’t take it seriously, yet it is costing banks terrific amount
money.”
• Memories retain:
– 70% of what we discuss with others
– 80% of what we experience Employee Engagement
– 95% of what we teach others

108
Characteristics of Gamification
 Provides an “experience system” rather than a grade
 Creates multiple long and short term aims
 Rewards for efforts
 Rapid, frequent, clear feedback
 An element of uncertainty
 Windows of enhanced attention
 Collaboration with other people
Together, eLearning and gamification help to provide a safe
environment where learners are more likely to take risks, &
effectively learn through failure and retrial until success can be
achieved.

109
Benefits
• Well designed games → More Engagement → More Reinforcement
• Results in better recollection and application of information.
• Situational decision making drives the player to think not just act.
• Making wrong choices and seeing the consequences leads the desire
to act the right way and gain rewards.
• It also presents opportunities to observe, record and analyze
employee behavior metrics that can be used in other applications,
such as incentive programs.
• The cost of program design will be the same for one or for 1000, it
offers significant scheduling flexibility, and automated assessment
reduces the need for human interaction and the potential for error
.

110
Social Media Compliance framework

111
Salient points
• Establish a core, cross functional team responsible for compliance. Its
primary role would be to assign “clear roles/responsibilities” within
the Bank for policy/training/enforcement/audit
• Develop a Social Media security and compliance policy covering
approved business use, content and publishing hierarchy.
• Define approved Social Network/Media account. (Like Verified A/c )
• Consider directing staff members to use an approved content
publishing application to make all posts for Corporate A/c and
Personal A/c meant for business.

Source: Compliance Week

112
Managed Service model (KYC)
• Currently not allowed by RBI in India but this practice is picking up
in the West especially in the USA since Mid 2013
• Until fairly recently, most banks performed KYC functions internally,
investing in technologies, systems and expertise as needed.
• It gave them complete end-to-end control over the process, but also
required enormous capital outlays and personnel costs
• Today, the focus is on controlling technology and infrastructure costs,
while maintaining full compliance across the business, locally and
globally.
• Stretched resources towards maintaining Compliance means the
bank’s ability to generate revenue is affected
• Led to the evolution of “Shared Service Model” and “Managed
Service Model” for KYC

113
MSM Process
• In MSM, many banks outsources a certain portion of the KYC
processes to the external third party & hence reduce & standardize
costs related to KYC.
• MSM can cut KYC costs by 30%-40% (Thomson Reuters)
• In return, the banks get end-to-end solution driven by dedicated KYC
experts and analysts working the in that external third party.
• The result is the financial institution receives screened and validated
KYC records of their end-clients in accordance with a comprehensive
KYC policy.
• These KYC records are then subject to on-going monitoring, screening
and periodic review

114
MSM Service Providers
• In-depth verification of client identity information by a dedicated team of
KYC experts and analysts (conducted to a comprehensive KYC standard)
• This KYC team is also responsible for continuously monitoring client data
so if things change, the data is reviewed and
updated to reflect it
• Comprehensive client on-boarding, not just data collection and storage
• Identifying all relevant ultimate beneficial owners and senior management
officials in an entity
• Validating the information from independent, public third party sources as
well as screening the legal entity to ensure that there are no issues around
the client, which should be flagged
• Constant global tracking of new KYC requirements, and updating data and
processes accordingly

115
Benefits
1. Operational efficiency – maintain one set of documents that can be shared with
multiple financial counterparties, reducing duplication and administrative effort
2. Security – benefit from secure storage and data dissemination, and an audit trail
3. Control – gain full control and visibility over who can access and view your
documents
4. Speed – streamline and accelerate processes when transacting with financial
counterparties
5. No cost – store, maintain and distribute your identity documents at no cost

• CHANGING KYC TRENDS

• More regulation and greater
complexity
• Increased outsourcing of non-core,
nonrevenue functions
• Continued squeeze on technology
and infrastructure costs
• Front office personnel concentrating
on nonrevenue based activities

116
Questions

117