Enhancing compliance programmes for sanctions and anti-corruption in APAC
September 2019 | TALKINGPOINT | RISK MANAGEMENT
Financier Worldwide Magazine
September 2019 Issue
FW moderates a discussion between Nick Parfitt and Christophe Barel at Acuris Risk Intelligence on enhancing compliance programmes for sanctions and anti-corruption in APAC.
FW: Could you provide an overview of the sanctions and corruption-related risks currently facing businesses operating in the Asia-Pacific region? To what extent have these risks intensified in recent years?
Parfitt: Despite the tightening of anti-bribery and corruption (ABC) and anti-money laundering (AML) regulations, corruption remains prevalent in many Asia-Pacific (APAC) countries. In fact, for some South-east Asian frontier and developing countries, bribery and corruption is still normal business practice. As organisations expand globally, they are required to comply not only with local regulations, but also international regulators such as the Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act (UKBA). The recent Keppel Offshore & Marine (O&M) bribery case – in which the rig builder was fined $442m for handing out over $50m of bribes in Brazil – has proved that even Singaporean companies are susceptible to using bribery to secure business deals overseas, and think that they can get away with it. The US sanctions on North Korea, Iran and Russia have affected organisations worldwide, with many scrambling to stay abreast of sanction activities involving vessels, companies and entities. Failure to identify a sanctioned entity and then to do business with it has had serious implications. Industries such as oil & gas, marine, defence and transportation are harder hit as their businesses invariably have links to companies or parent companies that are registered in these countries. Moreover, the nature of identifying sanctions risk has become ever more nuanced, requiring legal interpretation.
FW: How have legal and regulatory developments in the region increased compliance considerations for business activities that might breach sanctions or anti-corruption laws? Have authorities increased their monitoring and enforcement efforts?
Barel: In response to high-profile cases in the region, such as 1MDB, which involved the former prime minister of Malaysia and the Andi Agustinus graft case in Indonesia, local regulators such as the Malaysian Anti-Corruption Commission (MACC) and Indonesia’s Corruption Eradication Commission (KPK) have ramped up their activities. The prime minister of Malaysia launched an aggressive and ambitious anti-corruption plan in January 2019, aiming to make Malaysia corruption-free within five years. In Indonesia, the KPK has increased its 2019 budget and is set to increase the number of corruption cases it will handle this year to 200, a 100 percent increase from its initial plan. Regional regulators are increasingly adopting more stringent US-style regulations, which is leading to increased monitoring and enforcement efforts that address governance deficiencies and a risk-based approach to vendor management. The associated enforcement actions and penalties can be harsh. The Monetary Authority of Singapore (MAS) recently withdrew the licence of a Swiss Bank for inadequate compliance controls related to suspicious transaction reporting.
FW: In broad terms, how would you describe the adequacy of companies’ sanctions and anti-corruption compliance frameworks? Are there any common aspects in need of enhancement?
Parfitt: In general, ABC and sanctions frameworks in most Asian companies are not sufficiently robust. However, frameworks vary depending on the nature of the industry or type of business. For example, oil & gas companies tend to have stricter and more rigid compliance frameworks in place due to the nature of their business activities and the countries in which their customers and suppliers are located. Many companies that work with well-known multinationals tend to feel that there is no need to conduct due diligence checks on them, but this is a common mistake that needs to be corrected. If there is a problem, regulators will not be sympathetic to this rationale. Companies need to understand that due diligence is a defence mechanism to protect them from any allegations and is key to managing reputational risk exposure. There is also room for improvement in other areas, such as vendor onboarding and the ongoing monitoring of suppliers and customers. Verification of the information given by the vendor or client at the time of onboarding remains a big challenge as it is difficult and time consuming to check.
FW: What do you consider to be the essential components of a robust sanctions and anti-corruption compliance framework?
Barel: In essence, companies need to understand their business relationships and articulate where they see risk exposure, clearly articulate their risk appetite and ensure that their controls are commensurate with the stated and known risks. Businesses that operate in extractive industries will naturally carry a higher risk because the countries in which they operate are generally less well regulated and more open to bribery. However, this does not mean they should not or cannot do business. The ‘risk-based approach’ should be applied to all relationships in order to manage risk effectively and proportionally, and the models used must be reviewed annually to ensure they remain relevant and useful. Training is important, too. It is often an afterthought, but if done well, it is an excellent way to ensure all staff are aware of the business risks and why management of them is key. It also provides another control point, as staff are the first line of defence for any organisation. Finally, it is fundamental to have senior executive accountability and sponsorship, ideally at board level.
FW: How is technology being used to assist companies with meeting and maintaining their compliance requirements?
Parfitt: Technology is vital for any compliance programme as it speeds up the process, minimises manual intervention, embeds controls and provides a full audit trail of any decisions and results from screening or due diligence. With reporting on compliance and automated notifications of policy breaches or identified risks, the compliance function has near-real-time intelligence that supports governance processes more effectively. Technology is a powerful tool for managing the end-to-end business relationship management and periodic review cycles, but it does not replace human intelligence. We hear a lot about the potential for artificial intelligence (AI) and machine learning (ML) and their promise of faster and more accurate decision making. While they have not yet been widely adopted, anecdotal evidence exists that some benefits are real. For example, one tier one financial institution has mentioned very significant false positive reductions for transaction monitoring and screening processes. This is a hugely expensive and labour-intensive area for any business, so any gains made in these areas yield tangible business value.
FW: What advice would you offer to companies on integrating technology into their compliance systems and processes, to maximise the benefits and mitigate potential risks?
Barel: Given the benefits of minimising human or manual interactions, it is natural to want to integrate technology as much as possible. However, this comes at a cost and may only provide limited improvement depending on the use-case. Organisations should consider the data flow, business process and users or consumers of the information and systems in order to evaluate the cost to benefit ratio. Also, companies should not underestimate the ‘time to value’ of implementation; if it is going to take 12 months to integrate, can the business live with this, and what are the risks during that period?
FW: Looking ahead, what innovations and advances can we expect to see in this area? Do you anticipate increasing demand among Asia-Pacific companies for better sanctions and anti-corruption compliance solutions?
Parfitt: There will certainly be more demand for data, preferably delivered in an automated fashion. This demand will be driven by the cost of performing ongoing due diligence, the ever-changing global sanctions landscape and the fact that businesses genuinely want to do the ‘right thing’. Reputational risk exposure and the very real threat of inadvertently breaking sanctions rules should have any business assessing its current compliance solutions and data providers, to ensure that they remain fit for purpose both now and in the future. And even if currently use cases are limited, innovations around AI and ML will only increase.
Nick Parfitt is responsible for determining Acuris Risk Intelligence’s approach to the market and building subject-matter expertise. He has 18 years’ experience in project and programme management, business process change and in implementing technology and business solutions at financial services, telecoms and public sector organisations. His experience in the financial crime sector spans seven years, helping tier one financial institutions assess and improve anti-money laundering (AML), know your customer (KYC) and sanctions operations. Mr Parfitt has worked for several tier one banks and holds an MBA (Distinction) from Cardiff University, and a BA (Hons) in Biochemistry from Imperial College. He can be contacted on +44 (0)20 3741 1200 or by email: email@example.com.
Christophe Barel is responsible for Acuris Risk Intelligence’s overall strategy in the Asia-Pacific region. Prior to joining Acuris Risk Intelligence, he was APAC sales director at Acuris for five years, focusing on the group’s legal and compliance products, including policy and regulatory report (PaRR), capital profile and the law report group (LRG). Before joining Acuris, he held positions at Capgemini, Arkadin and Altran, in Asia and Europe. He is also a part-time lecturer at London School of Business and Finance in Singapore. Mr Barel graduated from Grenoble Graduate School of Business with a MSc in Finance. He can be contacted on +44 (0)20 3741 1200 or by email: firstname.lastname@example.org.
© Financier Worldwide