Key Compliance Opportunities Bermuda Office September 2012 Offshore Legal, Fiduciary Administration Services applebyglobal.com Compliance in Appleby Bermuda • Department: – – 3 full-time (manager, officer, admin) 1 part-time (admin) • Accountabilities: – – – – Searching AdEx for mismatching information ‘Conflict check’ Conduct World Check searches for various people around the firm Anticipate BMA KYC requirements Answer queries on BMA KYC requirements • Legislation and regulation: – – – Proceeds of Crime Act 1997 Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing) Regulations 2008 Exchange Control Regulations 1972 Regulatory environment - Yesterday • Bermuda Monetary Authority: – – – – Undocumented requirements Authorisation stage only supervision Unenforceable secondary/delegated legislation Relationship maintenance highest priority • Ministry of Finance – – Controlled international pressure Small, inflexible staffing and functions • Bermuda Bar – Minimum supervisory pressure • Bermuda Police Service – Operationally, not concerned about financial crime • Legislation and regulation: – – – Proceeds of Crime 1997 Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing) Regulations 2008 Exchange Control Regulations 1972 Regulatory environment – Present (1 of 2) • Bermuda Monetary Authority: – – – – – Conduct of business supervision Technical, enforceable obligations Demonstrated supervision highest priority Advanced training: $500M HSBC New, highly qualified staff • Ministry of Finance/Ministry of Justice – – Primarily driven by international pressure e.g. TIEA Delegated responsibilities with fixed targets • Bermuda Bar – Government pressure to have ‘something’ in place • Bermuda Police Service/Financial Intelligence Agency – Must demonstrate capability to detect international business financial crime Regulatory environment - Present [2 of 2] AMBL Prudential regulation BSX Contagion Bribery, PATRIOT, FATCA Law firm AML regulation ASBL - Corp Prudential regulation AML regulation MOJ directions/TIEAS Bribery, PATRIOT, FATCA Prudential regulation AML regulation MOJ directions/TIEAS Bribery, PATRIOT, FATCA Perception from Local/International Regulators, law enforcement, policy, etc. • Professional advisories in most international money laundering cases • TCSPs in most international money laundering cases • OECD/IMF/FATF: ‘Light-touch’ regulation unacceptable and risky • Discrete financial services suitable to the money launderer • Bermuda’s Insurance sector lends credibility • Appleby is the world’s largest offshore law firm Starting Point (Today) • Systemic non-compliance – – – No audit function No monitoring function Excessive situational exceptions • Non-compliant procedures – – – SAR log, poor state PEP log, non-existent Customer due diligence, forms different from procedure, different from policy, etc. • No department requirements – – – No function alignment e.g. procedure No subject matter experts No performance accountability • No identified risks (for any risks) • Poor compliance culture – – – Unreported or tracked exceptions Little awareness amongst staff of procedures, risks, etc. Risk appetite, aggregate risk • History of low trust/in-fighting (internal and external) ‘Biggies’ – if I were the regulator • Global AML policies (BDA) non-compliant nor risk-based • Discrepancies between all the different forms, procedures and policies • AMBL has no local monitoring – Escrow account services • No risk assessment • No procedural index for ABL APPLE BY If we continue down this ., 4 .. '0 ?o 3995}? ?3,093 Mr - Avoidable We work too hard Consequencesfor historical bad decisions Sanctions breaches, somebOdY else in USA PATRIOT, UK BDA, not US. Bribery Act, Ministry of Justice directions. etc. ‘We are exposed’ • As Appleby • As Appleby staff • As Appleby leaders (legacy holders) • As individual professionals ‘This is not the best we can do’ Stumbling Blocks • Minimal function requirement • No alignment to function • Cultural expectation of mediocrity • Unmonitored procedures • Low trust • No budget • Unaware of external pressures “Acting globally, thinking locally” Conceptual solutions ‘Let’s make it easy for people to comply’ • Listen to business complaints about procedure • Measure risk, develop logical reasons for why a control exists or does not exist • Partner with business Opportunities 1. Determine which regulatory obligations the Company wants to comply 2. Assess for current levels of compliance 3. Enact remediation plan whilst designing compliance systems and controls to prevent areas of deficiencies 4. Monitor systems and controls for compliance 5. Audit systems and controls for compliance 'What?s possible' APPLEBY Plan - actions, periods, resources, etc. Periods Short-term Medium- Long-term 'Remediate' term 'Fortify' [1 yr] Prevent [5 yrs] [3 yrs] Actions Proceduralise Thought-leader Formalise every practice or Complete internal audit process remediation/trai programme Identify ning Culture requurements Formalise risk Start management remediation/train A PLE BY Outcome - Positive Cost-controlled and efficient compliance infrastructure resulting in stable, risk- balanced, global business lines and client base APPLE BY ?What are we willing to do' APPLE BY Bermuda Guernsey Jersey Seychelles British Virgin Islands Hong Kong London Shanghai Cayman Islands Isle of Man Mauritius Zurich