Financial regulatory compliance www.keypoint.com
Keypoint is one of the GCC s most comprehensive professional business services providers. We deliver statutory and corporate advice, accounting, investment administration, tax and VAT consulting, human capital, IT consulting, management consulting, financial regulatory compliance and trust administration services to a wide range of businesses from corporations and family managed conglomerates to single owner companies and financial services and insurance institutions.
Financial regulatory compliance We provide end-to-end financial regulatory compliance services to institutions seeking to enhance their compliance framework through effective monitoring, thereby reducing the risk of noncompliance. The financial sector has gone through difficult times following the global financial crisis triggered in 2008, leading to failures of some established financial institutions. Inadequate corporate governance and noncompliance or soft compliance with regulatory expectations were identified as major causes of the failures. As a result, regulators introduced tougher measures with enhanced regulatory monitoring. The tax and sanction regime also became wider and more stringent. Revised regulations Revised guidelines on corporate governance were issued by Basel (2010) and OECD (2015). The Kingdom of Bahrain adopted the Corporate Governance Code in 2010. The Financial Action Task Force (2012) revised their recommendations. All these developments led to a revision of the relative regulations by the Central Bank of Bahrain (CBB). As a result, governance and compliance have become the key focus areas for financial institutions. Noncompliance During the period following the financial crisis, several institutions were penalised for inadequate AML measures and regulatory noncompliance on different counts. The total cost of fines and penalties imposed on banks in the US and Europe in 2014 was over US$ 62 billion, up from over US$ 42 billion in 2013 and around US$ 2 billion in 2010. Some of the major international banks were on the list. The major reasons for regulatory action were identified as the following: Compliance programme violations Systemic and recurring violations Isolated and technical violations Sometimes complexities in implementation results in a lower level of compliance. The cost of noncompliance is mounting. Regulatory compliance, anti-money laundering, knowing your customers, and corporate governance are strategic requirements and key focus areas for financial institutions across the world. Our services Keypoint s integrated financial regulatory compliance services provide an allencompassing evaluation of the fundamental requirements of an organisation by breaking down the complexities of the regulatory requirements and the implementation within the setup and operational structure of the organisation and by providing a road map for the improved implementation and monitoring. Fundamental to this is the modelbased process of compliance review. 1 3
The review model and process have been developed by banking professionals with extensive hands-on experience in this field, having worked in different categories of banking institutions in the Kingdom of Bahrain and other jurisdictions. Compliance review model The review model considers the qualitative (empirical) and quantitative (specific) regulatory requirements based on its criticality and, after assessment, assigns a value to the level of compliance. Based on the risk-weighting parameters, a final score is translated to indicate the level of compliance as POOR, UNSATISFACTORY, SATISFACTORY, or GOOD. The process identifies gaps and lists specific steps required for enhancing compliance. Framework development & deployment Developing framework consistent with organisational setup and process flows Policy (covering AML, KYC, compliance, corporate governance, board charter, code of conduct, whistle blowing, disclosures, etc.) Developing a risk-based approach Procedure for the above policies Forms, typologies, and other enablers Review of process flows and reporting Automation & implementation AML/KYC solution identification, implementation, and customisation Delivery channels and screening Compliance management solution Corporate governance automation tools Performance evaluation of directors, committees, and the board Gap analysis Listing regulatory requirements Review of the implementation process of financial institutions Identifying and classifying gaps Corrective measures Minimum effort approach Enhanced automation We can also assist in developing, deploying, automating and implementation Strategy development Compliance strategy AML and KYC strategy Corporate governance strategy Training Classroom-based & customised Awareness and advanced classes Analysis of typologies and case studies Access to e-learning portal Test questionnaires and self-testing Audit & review Model-based health check of AML/KYC function KYC data and classification Sanction/name screening process High risk account review and remedial support Review of health check of compliance function and its effectiveness Review of health check of corporate governance function 3 4
Your business is our priority Summary of services Anti-Money Laundering (AMLCFT) review The review benchmarks and assesses the implementation of regulatory requirements (CBB s FC module). Multiple and relevant enquiries are made to understand the level of compliance for each type of requirement. The process identifies gaps and rates the level of compliance with regulatory/ Rule Book provisions. The review process categories are: Board and Senior Management role MLRO and AML function Management Reporting Risk assessment and Risk based approach KYC policy, process, customer profile (SDD,NDD, EDD) Transaction Monitoring and Suspicious Activity Reporting Monitoring high risk accounts and activities (PEP, correspondent banking, electronic transfers, trade finance, money transfer services, cash couriers ) Policy and Procedure Training and awareness Other AMLCFT measures (record keeping, annual report/audit, customer screening and sanctions etc.) The identified gaps are listed and measures to address them are suggested. About 4-6 weeks Anti-Money Laundering (AMLCFT) Framework enhancement The AMLCFT framework includes multiple policies, procedures and the implementation processes in different segments of the business activity. The regulatory provisions need to be reflected in related segments. A consistent and risk based control and monitoring mechanism needs to be adopted. The review process includes: To review policy, procedure, processes for all products and delivery channels for its consistency with the regulatory requirement. Enhancing the AMLCFT framework to address the identified gaps. Review of risk based transaction monitoring process and customer onboarding (KYC) process. Review of process for assessing country risk, establishing correspondent banking relationships, handling trade finance and such other specialised areas AML system implementation, performance review and upgrade Alert generation rules and monitoring of the alerts STR analysis and reporting Examining internal policies, procedure, processes and discussions with the MLRO and other key persons in the implementation process. The process does not conduct formal sample tests or audit. Examining internal policies, procedure, processes and discussions with key persons. Examining the implementation/operations process, audit reports and other related documents. 1 5
This will depend on the scope after the gap assessment is done. Typically 6-8 weeks. Classroom participative training and test; and e-portal access Anti-Money Laundering (AMLCFT) learning The regulations require that the financial institutions establish AMLCFT framework covering all the products, delivery channels and business segments and conduct periodic awareness program for relevant staff. Enhanced AML learning, Quiz and e-learning portal: The AML awareness program is in 3 segments: General: General awareness for front-end staff. Managerial: AML awareness for managerial staff with focus on case studies and inputs on risk based approach, country risk, correspondent banking, trade finance etc. Executive: AML overview with emphasis on AML risks, risk based approach, AML fines and reasons; and AML environment. The program (for a and b above) has case studies and a quiz. The program is flexible and can be customized to specific needs. Coverage The AML environment and International AMLCFT framework. The regulatory fines in recent years, trend and reasons thereof AML risk and mitigation under multiple streams such as country risk, correspondent banking, trade finance, etc. Case studies A quiz test of 30 questions and provision record of scoring. An access to e-learning portal for practice and knowledge enhancement. About 5 hours for (a) and (b); and 1 hour for (c). Know Your Customer (KYC) remediation Customer on-boarding process and KYC management is fundamental to any financial institution and is a primary AML requirement. KYC covers all types of relationships in all business segments. The KYC, risk classification, periodic review, and record keeping are major ongoing requirements under AML regime. The KYC review process covers: Review of KYC and customer onboarding policy/procedure The review of on-boarding process and quality of data Risk classification of customers and review of present KYC data Examining options for improved KYC management, data capturing and system synchronisation Establishing a risk based process for periodic KYC review and monitoring Review of High risk, preferred customers, PEP, HNI accounts and other such segments across different products Review of customer onboarding process (manual and system based), examining data (mandatory and optional) capturing controls in systems and review of records (system and files). To examine options for KYC management process and review the existing customer data for quality assurance. 3 6
We put your business first The KYC review process is spread out. The duration and resource requirement depends on the scope, logistics and tasks involved. The initial assessment and creating a road map may take about 6-8 weeks. The process of complete review of all customer files will depend on the number of customer / accounts and resources in the review process. Review of compliance function In recent past the financial sector has gone through difficult times leading to failure of several financial institutions. Inadequate corporate governance and non-compliance or soft compliance with regulatory expectations was identified to be major causes of failures. As a result, the regulators introduced tougher regulations with enhanced monitoring. The Rule Book and the Basel paper on Compliance Function in Banks sets standards on the structure of the compliance function which banks. The review would cover following broad areas: Review and benchmarking of the compliance function in keeping with CBB regulations and Basel paper. The roles, responsibilities and authorities of the Compliance Manager The compliance charter, framework and manual Compliance monitoring tools The structure and process of reporting to Management/Board Communicating with other stakeholders Process of communicating the Rule book requirements/changes Module wise checklists and its updating process Annual Compliance program and periodic checks Monitoring submission of periodic reports to CBB and other regulators Process for handling non-compliance matters and issues of concern New product approval process Gap assessment Examining compliance policies, procedure, processes and discussions with the Compliance Manager and others involved in the implementation process. The review covers the high level assessment of the compliance function. About 4-6 weeks Compliance review The CBB Rule Book is module based and contains requirements and guidelines for banks. The activities covered under a module requirement may involve multiple functions for implementation. Each task has to be assigned/ delegated, roles and responsibilities defined and a monitoring mechanism has to be established for on-going compliance. The level of compliance has to be periodically reviewed. The review is conducted module based / function based : To review set up of compliance function and the specific tools used in overseeing compliance status To review/create checklist for specific modules of the Rule Book and list the main monitoring requirements for such modules Centralized/de-centralized approach 1 7
To assign ownership and responsibility for the specific requirement in case of multiple ownerships. Establishing risk based compliance checks plan and monitoring process for different modules. Quarterly / periodic reporting to Board/Management process Monitoring Annual disclosures, corporate governance, CBB reporting Handling and reporting (to Management and CBB) of customer complaints process Examining internal policies, procedure, processes, checklist, audit reports and discussions with relevant persons. This will depend on the scope of activities after the gap assessment is done. Estimated to be about 8-10 weeks. Corporate governance review, gap analysis & enhancement Corporate Governance is the framework of monitoring the activities and conduct of a company to protect the interest of all its stakeholders. Bahrain adopted the Corporate Governance Code in January 2011. The OECD, Basel Committee provided guidance to the central banks on corporate governance standards which are reflected in the High Level controls module of the Rule Book. Organisation and Governance structure Role and responsibilities of the Senior Management Role and responsibilities of the Board Secretary Code of conduct, Conflict of Interest policies, Insider trading policies. Performance evaluation policy Disclosure policy Communication with shareholders A gap analysis to list the gaps and inputs for enhancing the CG structure. A model based assessment of level of compliance Review of CG policies, Board and committee s charter, Board committees and its functioning, Code of conduct, Performance review, conflict of interest policies and other related documents. Active interaction with the Board Secretary, Head of compliance and other functionaries. About 4-6 weeks. 2. Enhancing the CG framework The scope, methodology and the duration would depend on the outcome of the review and the identified gaps. The gaps can be addressed by either amending the present policies/procedures or by introducing fresh policies. Based on the identified gaps the tasks are identified. 1. The CG Review Identify requirements based on Corporate Governance Code, CBB rulebook (HC Module) and Basel paper. Benchmark these requirements and assess compliance level Board Charter Roles and responsibilities of the Board and its Committees Common reporting standard (CRS) The OECD together with G20 countries and in close cooperation with the EU and other stakeholders has developed the Standard for Automatic Exchange of Financial Account Information (AEFAOI) commonly referred to as the Common Reporting Standard (CRS). Bahrain has signed up to start reporting under the CRS starting from 2018. This would mean all financial institutions should implement the CRS starting 1 January 2017. 3 8
Where business happens The scope of CRS implementation will include the following: Document the CRS policy and procedures Design and implement forms to identify the residential status of the customer and his national identification number in countries where he/she is resident (similar to the FATCA forms) Update the IT systems to capture the residential status and national identification numbers Review the status of customers who existed prior to 1 January 2017 for their residential status Capture information required for CRS reporting in the XML format Train all customer facing staff in processes related to CRS Perform compliance reviews including internal audit to ensure effectiveness of the controls and compliance with CRS requirements The methodology for implementing CRS is similar to FATCA. Implementation will require an assessment, defining the framework, update the system and analysis of data. Training of the staff is a critical component for the success of the project. Compliance with CRS is an ongoing activity. Initial implementation of CRS will require around 6 to 8 months of time. The first reporting under CRS is due in 2018 and will be based on guidelines issued by the Ministry of Finance or the Central Bank of Bahrain. 1 9
Our people The key source of Keypoint s strength is our people. Our team is committed to quality client service and to providing timely and accurate responses and solutions to any given scenario. Contact us If you have any enquiries about our Financial Regulatory Compliance services, please contact us and we will be pleased to discuss your business needs. Our team includes bankers with deep insight and experience in relevant fields who not only adopt a practical approach to ensure you comply with regulatory obligations but also create business value by providing efficient and cost-effective solutions. Mukund Ballal mukund.ballal@keypoint.com T +973 1720 6813 Our 55+ consultants are qualified and experienced in their relevant fields and hold master s or bachelor s degrees in law, finance, IT, management, or business administration, and are professionals who are members of the Institute of Chartered Accountants, Management Accountants, Internal Auditors, Chartered Financial Analysts, Certified Information Systems Auditors, Chartered Institute of Personal Development, and other IT Certifications, including CISCO, PMP, and ISO 22301/BS 25999. Srikant Ranganathan srikant.ranganathan@keypoint.com T +973 1720 6827 Chahira Miled chahira.miled@keypoint.com T +973 1720 6870 Keypoint also has strategic alliances with leading professional technology service providers in the areas of data business intelligence, IT security, IT operations, IT network management, enterprise resource management (ERP), programme management, business continuity, and disaster recovery as well as subject matter experts in banking, compliance, and AML/KYC functions. These partnerships enhance our ability to provide comprehensive solutions to our clients. 3 8
Your success is our business
24th Floor, NBB Tower Government Avenue PO Box 11718 Manama Kingdom of Bahrain T +973 1720 6888 F +973 1720 0026 www.keypoint.com all rights reserved 2017