Recently, financial service organizations have developed a new way to handle risk management. New and growing risks from globalization, new business creation, technology intensification, and efficiency has brought change to the risk management approach.
Organizations without a compliance program run the risk of fines, negative stories in the media, loss of current and potential new clients, and prospective employees.
Regulators expect financial institutions to update customer information, and to have adequate risk management policies and compliance requirements in place. Thus, failure can result in an enforcement action or fines.
Financial institutions are required to report suspicious or unusual patterns of payments or trading behavior within short timescales.
While financial firms must design processes that are more effective at maintaining and mitigating risk, they cannot restrict advisors from managing assets appropriately. Technology can help them examine a large number of complex data quickly and efficiently and rule out irrelevant information. However, regulators still expect the designated officer to make decisions about what to report.
The scale of the threat usually only becomes apparent when a risk becomes reality.
A strong culture of ethics and compliance is the foundation of a robust risk management program, which covers regulatory, legal and ethics requirements.
In the U.S., financial regulation as a whole is handled by several different agencies. As proposed by the U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”), asset and wealth management advisers that are registered with the Securities and Exchange Commission (“SEC”) must establish anti-money laundering (“AML”) programs and report suspicious activities related to money laundering and terrorist financing. These advisers must also comply with sections of the Bank Secrecy Act (“BSA”), which requires them to assist government agencies to prevent and detect money laundering.
Risk factors can be managed through use of third parties such as “know your customer” (“KYC”) and AML checks. Along with: data retention, control and analysis; a compliance program; regulatory requirement assessment and controls; data privacy and protection procedures.
However, a one-size risk management and compliance program does not fit all. Standard documents and tools that don’t apply to a business model may put the organization at risk. A full-time compliance and regulatory specialist will save time for the advisors that must focus on serving their clients.
Anti-Money Laundering l Know Your Customer l Counter-Terrorism
In the financial services sector, asset management firms are subjected to strict rules regarding money laundering and terrorist financing.
Like banks, asset and wealth management companies are subject to the same regulatory requirements in relation to anti-money laundering (“AML”), know your customer (“KYC”) and counter-terrorism financing (“CTF”) compliance.
Due their small size, family offices usually do not pay enough attention to operational risk management. However, family offices are becoming more regulated. As a result compliance and internal controls are a growing priority for them.
For family offices, three areas of risk are of special concern: cyber, fraud, and operational.
Family offices are experiencing increased pressure to demonstrate their compliance systems and, in some instances, provide the necessary data to banks and investment funds as a consequence of the increasing pressure from governments regulations around anti-money laundering and credit transactions.
When family offices are subject to anti-money laundering (“AML”) regulations, compliance can be a key challenge, as it requires proper knowledge and experience around the subject.
Financial service firms should consider reputational risk exposure and what it means for business relationships – either direct relationships with partners, clients and organizations – or throughout the vendor supply chain.
A well-run family office successfully integrates risks and challenges to ensure that they support the family goals as a whole.
Data Privacy and Security
Data privacy in the financial sector requires special attention. The value of personal and wealth data makes these financial institutions a top target for cyber criminals. These attacks can impede a financial institutions ability to maintain compliance and can disable the business.
Data Analytics and Analysis
Data must be treated like any other organizational asset. It must be properly managed and assessed in order to ensure protection as a whole.
Data analytic tools can process massive data volumes and detect patterns. They allow organizations to proactively investigate potential irregularities and to take corrective measures when needed.
Due diligence and effective background screening performed prior to bringing stakeholders and clients on board are effective mechanisms to create a risk control environment. Client portfolio information must be verified to make sure it is complete, valid, verifiable, and accurate.
Risk is generally fact-based and with accurate information risk elements are properly addressed and evaluated.
Culture of Compliance
Globalization has increased the likelihood of unusual occurrences, bringing to the forefront the need for strong risk and compliance processes in any organization.
In addition, regulators are looking to see if the financial sector firms promote a strong culture of compliance.
Employees must be trained, must be encouraged to “raise their hands” and come forward with wrongdoing information or red flags.
Establishing a compliance program properly designed for asset and wealth management firms can be challenging. However, when effectively designed, it becomes a vital part of financial advisory firms.
In order to be effective, at a minimum, it requires creating and implementing comprehensive written policies and procedures, education, ongoing monitoring and control testing.
Questions you should certainly ask about your and third-party firms
- Is there sufficient knowledge about the business’ inherent risks and on how to mitigate them in order to avoid potential losses from negative exposure?
- Has the organization mapped out all of the rules, regulations and laws applicable to the business and established controls to ensure compliance?
- Is the current compliance program properly customized to address the threats and intrinsic conflicts present in the specific industry?
- Is there an established compliance monitoring and testing program to properly measure the effectiveness of such program?
Compliance enforcement and examinations are increasing, and it is expensive for an organization that is unprepared to face the consequences.
Financial service firms must think about the cost-avoidance of fines, penalties, reputation damage, and loss of client confidence and trust.
A well-built compliance system is increasingly important and will distinguish you from your competitor.