Back to top

Compliance Challenges for Today’s Financial Service Provider: The Transcript

Compliance Challenges for Today’s Financial Service Provider: The Transcript

Our panelists were:

  • Dr. Peter A. Wilson, International Tax Advisor, PB First Global Tax Advisers, UAE
  • Xenia Neophytou, Director, C.X. Financia Ltd., Cyprus

Introductory Remarks

Mateo Jarrin Cuvi: Welcome to Taxlinked’s latest webinar. This is webinar number two under the current Coronavirus. So hopefully a lot of you are at home listening in and tuning in to this webinar. Today we have two very distinguished guests with us. Peter Wilson, who many of you know from our past webinars, and Xenia Neophytou who was actually at our first conference in Cyprus, she moderated a few panels. We'll be discussing compliance challenges for today's financial service professional.

Before we get started, let me get some admin issues out of the way. This webinar is being recorded. The webinar will have a transcript also available probably within two weeks; we'll have the video recording available to everyone a little bit sooner than that. Also, if you have any questions for our panellists, make sure you use the GoToWebinar control panel. Submit the questions there and I will incorporate those into the discussion. We have six questions right now that we're going to discuss. So hopefully we'll get a couple more questions from our audience members that we can discuss as part of this webinar. Also, if you are a paid Taxlinked member, you're eligible to receive CPD credits for this webinar. So make sure you're actually paying attention because the system tracks whether or not you're paying attention. So if you want to receive those CPD credits, just make sure you're attentive, engaged, participating and whatnot. So without further ado, I'm going to ask both Xenia and Peter to introduce themselves. And then we'll start with the six questions we have here.

Xenia Neophytou: Okay, hello and thanks for this amazing opportunity to be participating in this webinar on compliance challenges for today's financial service provider. I hope it's going to be an interesting conversation. I'm Xenia Neophytou and I'm the founder of CX Financia consulting firm here in Cyprus. I have spent my career so far in different areas of the industry such as finance, corporate and taxation. In the last couple of years, I'm in consulting. And like most consultants in the past couple of years, we spend a lot of time on regulations and, in particular, helping clients with all the compliance, AML and MIFID II transposition and other related areas.

Peter Wilson: Good morning, everybody. I'm Peter Wilson. I'm a taxation professional. And I have a fair amount of experience in dealing with financial services companies as well as general corporation companies and high net worth individuals. And as everybody would appreciate, since around 2008-2009, the increase in the requirement of compliance has meant spending much more time on many more laws trying to work out what regulators have actually written.

Mateo Jarrin Cuvi: Thank you, Peter. So let's just start with the six questions we have here. The first one is, kind of like, let's look back towards the past. And let's kind of trace the history of compliance to certain extent. So I’ll send this question to Peter first. In your decades of experience in this field, how has compliance changed over the past decade?

How has compliance changed over the past decade?

Question: How has compliance changed over the past decade?

Peter Wilson: Mateo, it's really unrecognizable now compared to what it was in the late 1900s and up to 2005-2006. Regulators considered most people, and for this purpose I'll include the tax authority as a regulator, most people were considered to be honest and generally abiding by laws and what have you. And then suddenly governments found as a result of 2008, they didn't have any money left or much money left. They needed to point the finger or the bone at somebody. And they decided that all those people who were previously law-abiding citizens were in the main no longer law-abiding, the onus of proof was really reversed, you have to prove that you are law-abiding. And that's just led to a complete proliferation of regulation of all kinds. And there are two major issues that are coming out of that, I suppose, maybe more. Number one, very aggressive interpretations of the regulations by the regulators, in a lot of cases without much reasonability and reflection on what actually happens in practice. And probably the regulators lagging in their ability to apply the regulations in a fair and reasonable way. So that's led to a gap between what those who spend all their time believe is right, and what the regulator's think they're trying to achieve, and whether they've actually been able to achieve it. So it's a completely different environment.

Xenia Neophytou: Okay, I agree more or less with Peter as well as being in the financial services industry. Looking back at the compliance industry, we see that companies back then were just scrambling to understand the new laws and regulations. The goal was to get in line with the regulations in order not to get fined or not to end up in the headline news or get thrown in jail. So I see compliance existed a bit in a vacuum. Also, resources were not predefined for the compliance department. Skilful compliance officers were scarce resources and the back office was performing a lot of tick box and manual checks and compliance was viewed more like a necessary task. In many cases, the internal auditor took the role of a fireman and turn the hotline to compliance officers to help them train in order to be able to deliver reports and everything. So I agree with you also a critical role in the landscape played with different pressures from the regulator. A lot of fines, we see the case of Enron and Lehman Brothers and so many others, which started for the regulated entities to change the mind-set. More pressure, however, is coming from the industry in order to deliver real time reports and increased volume. And this is what we've seen that compliance officers today are at the front end, not at the back end. And they now hold also a position at the table when important decisions need to be taken in the company's directions.

Mateo Jarrin: So now we have kind of set the scenario, we have set the scene as to how compliance has changed, I guess, during the past 10 years or so. Speaking about the situation today in terms of compliance, what are some of the most recent compliance challenges faced by the current financial service provider? Peter, do you want to highlight some of the major challenges that you’ve seen given your experience?

Question: What are some of the most recent compliance challenges faced by the current financial service provider?

Peter Wilson: Okay, well, I'm going to talk about one that you probably wouldn't think I would talk about. And it's a new accounting standard called IFRIC 23. You may or may not have heard about this, but this came in on the first of January 2019. And it's designed to help the accountants, when they're accounting in the financial statements, for something called uncertain consequences of transactions under accounting standard IAS 12. Now, you wouldn't normally expect me to be talking about accounting standards. But here we are, it’s IAS 12 that requires the auditors to make up their minds whether the company's positions are right or wrong or what have you. And there was a major word in there that they had to talk about and that was “probable.” Was the position of the company on full transparency basis probably going to be accepted by the tax authority? Now, what does this actually require companies to do now? So this is only in operation for accounting periods commencing on or after January the first 2019. Unfortunately, I have a current experience on this with a financial services company that the company has to provide its auditors with a statement listing all its uncertain tax positions in all the countries in which it's operating, both domestically and cross border, and provide an analysis and come down with a conclusion on whether if the tax authority on full transparency was looking at the transaction or behaviour, whether it was probable that the tax authorities would accept it. Well, firstly, that requires the centre in one of these businesses to know about what's going on, which requires the business to have a system of certain procedures, which is another compliance issue. Secondly, it needs to be able to document these things, these transactions and behaviours. And then somebody in the centre needs to put themselves in the shoes of a tax authority and the situation that I'm talking about currently is involving a company in 35 countries. Somebody in that company has to put themselves in the shoes of 35 different tax authorities and draw a conclusion that, based on full transparency in those 35 countries, would it be probable that all those 35 tax authorities would conclude the position. Now you can imagine this is very difficult and this is an example of the outreach and the outcome of the requirement for full transparency of transactions and behaviour. But this is a real issue.

That really requires the financial services company to have within its team staff or have access to staff and most financial services companies of some size are geographical because, together with oil companies, they're the global companies. So it requires a pool of knowledge internally or access to knowledge externally, and it requires them to know what the law is, or what the practices in all these different countries, and since we're talking about coming to a conclusion on uncertain provisions, the provisions are uncertain only if they're not certain. And if they're uncertain, that means that there's either no precedent or no administrative interpretation or no real practice on them. So it's requiring people to go back to basic components of tax law and draw conclusions on matters that haven't really been considered. You're on a hiding to nothing to get it wrong.

Xenia Neophytou: Okay, very good example, and I think it described a lot of the compliance issues. And, yeah, I think the main challenge is to keep the pace, keep up to date with increased regulation, the increased demand and the demand for companies for pressuring their budgets. We see the companies being faced with a lot of regulation, a lot of changes but, on the other hand, have to invest a lot more nowadays in the regulation. Also, the regulations are becoming more and more complex. And in many cases, a big challenge, especially for the investment firms and investment managers, is the cross border regulations. The managers need to know the ins and outs of MIFID and AIFs directives but they also, in order to be able to sell to the different EU countries or third countries, they have to be aware of the regulations there. For the compliance officer, I see a big challenge is to have a strong compliance culture and have an integral team, that all of them work and understand the procedures and policies and have a communication between human resources, between accounting, between internal audit, all the departments to be in integration. For smaller firms, as mentioned before, I see a big challenge the investment or shortage in resources. So, for example, in Cyprus, a lot of investment firms give the role of the compliance officer also to the executive director, which has a myriad of other roles and positions to take care of. And we've seen cases where fines by the regulator, were not necessarily due to shady behaviour, but in many cases because they didn't follow the law as they should be and so they got fined. So there are a lot of challenges in this fast paced environment to follow.

Peter Wilson: Let me just send another one. The world of financial services and the world now is more about value chain, disparity, disaggregation, and outsourcing because no one company wants to employ everybody. It's like the movie studio, you're calling people. There's a real interface going on now between the economic substance rules and outsourcing and regulation. Because I've seen this, I've current experience on a company that's restructuring an operation in Luxembourg and the Luxembourg entity is regulated by the CCSF. And in the restructuring, the to-be regulated entity needs to explain to the CCSF to whom it is outsourcing various functions and needs to get approval of those potential outsources. It's never happened before. And secondly, as by way of another example, in Bermuda, I've seen a situation where some, as you can imagine a lot of insurance and reinsurance companies are down there and have a lot of outsourcing, they are required to get approval of their regulators, not just upon the persons to whom they're outsourcing, but if it’s an outsourcee within the group, they've got to present to the regulator a copy of their intergroup services agreement and actually get approval of that. And that intergroup services agreement has to have proper transfer pricing built into it. Otherwise, the corporate regulator is going to send it back. There's not being a compliant agreement. So this is far reaching.

Xenia Neophytou: In many cases, where we see conflicting also regulations between different jurisdictions and different regulators. And this is a challenge if you want to trade internationally. It's a big challenge to try to blend the two.

Mateo Jarrin: Okay, let's now move more towards, I guess the practical side of things and kind of provide our listeners with some tips and ways in which compliance can be made easier. So let me start with you, Peter, what are your main tips for firms on how to best tackle these compliance challenges? You want to give us some suggestions or tips or, you know, advice?

main tips for firms on how to best tackle these compliance challenges

Question: What are your main tips for firms on how to best tackle these compliance challenges?

Peter Wilson: Well, the first one is you've got to have proper books and records and you've got to properly record transactions, you've got to have a library of transactions, and you've got to have ready access to those transactions. And there are service providers out there now who do produce and make available library forms or forms of libraries that you can document these things. I mean, we were talking some months ago about DAC6, the European Union reporting, which is in scope and companies have to furnish their reporting, I think, by the 30th of June. But there are a number of software tools out there at the moment that you can actually use. And you can actually populate those software tools with the information on the transactions. So, number one is, you got to have your documents done properly. Or number one, you got to have documents, you got to have your documents done properly. They've got to be capable of, I suppose, with proper meta tags in them, so that the information can be picked up and automatically populated into programs and then on the uncertain areas, you've got to have access to professionals or pools of knowledge to be able to help you to determine the difficult areas. And that requires access to human beings and also access to more online sources. You know, the typical Bloomberg databases, the IBFD databases, I mean, your growing database of your information that you're producing now. All this is helpful because if the company has access to all these systems and procedures and databases, it goes a long way to reversing a strict liability of having made an error even though you might not have made an error.

Xenia Neophytou: Yeah, I agree with you as well. But utilizing the most effective technology software that's suitable to your compliance needs really relieves a lot of strain. And you have to make sure that this is adaptable to new changes and regulations so that it helps you more with your challenges. Also, I would recommend investing a lot in staff training, especially the high management team, the Board of Directors, the compliance officers, etc. For the board, which has the fiduciary role in the company, they need to make sure that they assign a dedicated compliance officer which is knowledgeable enough but, at the same time, overview and monitor the compliance program. Businesses need to understand their operations clearly and put procedures in place in order to be able to control and effectively monitor the transactions.

Yeah, simple. Another simple thing to do is, in fact some countries are requiring this, to publish your tax strategy on your website. The mere fact that you've created a tax strategy, both domestically and internationally, that's been approved by the Board of Directors is likely to be accepted by the tax authorities that the Board of Directors has properly thought about the issues. And the mere fact that you can evidence the process of thought goes towards reversing the onus of proof that maybe you have not.

Mateo Jarrin: Now, let's look more specifically. Now, the next question has to do with technology. So I know both of you brought up technologies and online resources. Let's delve a little bit deeper into that. Let's talk about the specific technologies that have helped firms comply more efficiently and quickly with all of these burdensome regulations. Do you want to develop that point a little bit more?

Question: Let's talk about the specific technologies that have helped firms comply more efficiently and quickly with all of these burdensome regulations. Do you want to develop that point a little bit more excited?

Xenia Neophytou: Okay, and we've seen that technological advancements in the last years especially in the financial services have grown a lot, mainly because of the demand of the industry, but also because of being more efficient and proactive. So the old ways, centralized, generalized Excel spreadsheets and the Word documents are not sufficient anymore. A big pressure was the AML requirements. We've seen the Lehman case and when it occurred one of the main problems was they couldn't identify the counterparties that were involved and this posed a lot of risks. Today we have a lot of solutions, intelligence software that can give very clever solutions and the release from the compliance officers the strain of searching and devote their time more effectively in analysing the data they receive. Also, solutions in the market to automate and improve the entire process through API solutions, etc. So, I mentioned client identification software, due diligence software. Also, we see third-party management programs, these are just a few. And so, the objective is to be more efficient and accurate and to deliver reports timely and as accurate as possible. So, that's the advancement and beauty of technology, they come in and help the business be more efficient, accurate and avoid any issues or eliminate the issues they may have in the past.

Peter Wilson: The tax compliance software out there is getting better and better. There are many tools out there to help big companies on their workflow and their recordings. All this is important. But what really gets difficult there is when you get down to the short straws and making judgments on uncertain items; it's really difficult to build that in. I'll give you an example. I was recently working with a client on talking to one of the Big 4 accounting firm providers who was marketing their DAC6 software. And for those who haven't had the pleasure or the displeasure of looking at DAC6 and all the talks about tax advantage and tax avoidance. So you've got to determine whether the behaviour is tantamount to avoidance or whether there's a hallmark. But I asked the Big 4 provider whether they have built in artificial intelligence into their DAC6 program. How can you be sure when you're collecting information on multi-jurisdictional financial services firms, cross-border transactions between related companies and with third parties, that what they have done is or is not having a main purpose of tax avoidance, without having built in features into the software that enables you to determine that? There are guidelines within European Union judgments and other countries’ judgments, but they're not always uniform. And that if you're using a software tool to minimize the risk of making mistake, then isn't there a higher obligation upon the software provider to actually build in more features that minimizes the risk of a lack of knowledge by the populator? And, to be fair, they talk about, well, we'll train people. Is that good enough or is that just another revenue source? And that, of course, the training is periodic. And transactions are daily.

Another financial service provider that I'm working with has been populating the legal database with all its contracts. And they told me the other day that they've got nearly 20,000 contracts that they're putting into their database. And we're trying and that, in part, was relevant for legal and compliance reasons. But it's particularly relevant to how I was helping them because I was trying to extract information from that to use in their transfer pricing. So, you know, when these sort of databases are being set up, if the software writers had the extra vision of putting in some extra fields to capture information that would be relevant for transfer pricing, I'm sure more people would actually be buying their programs.

Mateo Jarrin: Okay, one of the main issues that I guess firms have when it comes actually complying with all these regulations is the administrative costs, you know, compliance costs have actually increased as a result of all these regulations. Has that been your experience? And, also, how do you actually get to effectively minimize those compliance costs? You know, you want to get started there.

How do you actually get to effectively minimize those compliance costs?

Question: How do you actually get to effectively minimize those compliance costs?

Peter Wilson: The costs have gone through the roof, number one. If only because of the number of rules that you've got to comply with have gone through the roof. So then how do you actually rationalize that? Well, I think the way to deal with this is to have a vision of what rules and regulations an international group needs to comply with. And then the group needs to go through these rules and regulations and extract the salient features. And it needs to then build up an understanding of whether there a commonality of fields or I call them data points that need to be populated. And you will find there’s substantial overlap. But then there has to be. I mean, look at the economic substance data points that we've been talking about. Look at the outsourcing data points that we've been speaking about. Look at the DAC6 data points that we've been speaking about. There's a lot of overlap and commonality. A software promoter would make a lot of money by writing down all these main data points that financial services companies needs to comply with, looking at the overlap, looking at the commonality, and then writing a program that all this information can be extracted. So there needs to be a crawler software that goes through all the financial service companies documents and extracts these common points. I mean, it's similar that there is now or there may be many but I'm aware of a major company that has an ID register. So if you want to and if you don't mind sharing your FATCA and CRS information with an independent person, you can give it to them, they populate a database about you and they keep it securely. And when you have to give that information to a bank or a tax authority or what have you, you direct that authority to that database and that database is accepted as a truly independent keeper of that information. I think that's a fantastic way forward.

Xenia Neophytou: Compliance spending has to be in the right, let's say, direction nowadays. So you either invest in more people or invest in the right technology. A solution to this issue of the companies because having to be compliant, you have to deliver a lot of reports and do a lot of checks. Having a lot of staff at the same time to check this is costly. So one way to reduce it is to get the right software to automate as much as possible in order to reduce this cost. Regulation technology is improving a lot the last years and I've seen now that reports were generated some years ago at the much higher costs are now being standardized in the industry and are now much more approachable for even the small firms to assign. And so, yeah, as more things get standardized, you can get better solutions, more effective ones, because after all, you cannot skip the compliance cost, it’s a must cost, because, on the other hand, imagine if you think compliance is expensive, and that is a logo I like very much, think of non-compliance, because the cost of non-compliance is not only about the expensive fines you will get from the regulator, but also it's about pride. So I can't think of any institutional brokers or fund managers or your clients wanting to continue working with you, if you had issues with regulation or if you had fines, so this is the most costly effect, I would say. So being compliant also helps you continue and being profitable as well.

Peter Wilson: And if I may add that most organizations have absolutely nothing to hide. They have absolutely nothing to hide. So, you know, those who don't go about setting up a transparent system by definition, they're going to have a higher focus and a brighter light shone on them than other people. And part of the challenge is to get regulators to understand that 99.9% of companies are doing the right job. Whereas, you know, my experiences that a lot of regulators think 99.9% are not doing the right job. That's the gap that we've got a bridge.

Mateo Jarrin: Yeah, makes sense. A question that came up that was not on the list has to do with compliance and privacy. I mean, like compliance with a beneficial ownership registers and, you know, transparency and all this, and what's the interplay between compliance and privacy? And where do you stand on that? What do you think of those issues? Peter, you want to you want to throw out your opinion there.

Question: What's the interplay between compliance and privacy? And where do you stand on that?

Peter Wilson: Well, I'll give you an example. We recently had a client in Gibraltar that wanted to buy a residential property in Gibraltar and wanted to buy it through a Gibraltar company. Now, like most countries or a growing number of countries, there is a requirement in the Gibraltan register to disclose who the beneficial owner is so everybody can search. In this case, the client was somebody who didn't want that level of information available to the public at large. And there is a facility to deal with the regulator in Gibraltar that in the circumstances in which having available publicly information on the beneficial owner, if that could lead to potential terrorism or kidnapping or threats against the owner, then the regulator is amenable to dealing with that. And that doesn't stop the disclosure of the information to the regulator. But the regulator will, if given sufficient information, keep the names and information of the individual off its Public Register. And, you know, there's a similar sort of approach in other countries. So the most important thing is for the regulator to know but then the regulator can keep it private. And, of course, then those of us have a question about what are the systems and procedures inside the regulator to make sure that the information inside the regulator is safe and protected? All you need is one disgruntled employee and the whole world knows about everybody's behaviour, whether it's good or bad.

Xenia Neophytou: This is a big challenge nowadays but they have to be disclosed. It's common within all jurisdictions. But a lot of countries are still behind, for example, also Cyprus introduced this, but still the registry of companies is not ready to take this role. I agree that transparency is important, but you have to keep a balance with the privacy of the people. So, yeah, it is a challenge and it's something that will show in the future how it's going to affect. But, of course, more sensitive information are only disclosed by the service providers to the regulators if and when required, and if there is an issue, otherwise these remain with the trustee or the service provider, etc.

Mateo Jarrin: Yes. Excellent. So I have a final question here to kind of now we started looking towards the past we looked at the present now let's look towards the future. And basically the question is, what do you foresee for the compliance world in the next five to 10 years?

What do you foresee for the compliance world in the next 5 to 10 years?

Question: What do you foresee for the compliance world in the next 5 to 10 years?

Xenia Neophytou: Okay, I see that there's going to be in the laws and regulations, there's going to be more integration and, at some point, it will be manageable to integrate, for example, they're going to be harmonisations of a number of rules, like EU has the directives and a lot of valid issues, there are discussions papers and then they are transposed into law. So the challenge of cross-border regulations might be limited in the next years. Also, I see one of the other future things to come is emerging technologies. I see they're going to play a key role here. We saw a lot of emerging technologies coming up such as initial coin offerings (ICOs) or digital ledger technologies, all these I see that they pose to the regulators a big headache because they have to keep a balance of keeping up with the challenges but, on the other hand, want to give the chance to the market to innovate. So I see a lot of challenge in these emerging technologies and technology to be at the forefront of things and automation and all of that.

Peter Wilson: Bigger and bigger data. More data collected on more transactions in a more sophisticated manner and more companies outsourcing to providers of data collection the obligation to collect the data. And I can envisage the regulators paying greater attention to the provision of data provided by outsourced data collectors than insourced data collectors and placing a greater reliance on the outsourced collection of data because those people will be able to afford the software to be able to collect the data. I envisage that companies will outsource the data collection function because it is not really the function of a company that’s manufacturing to really collect data as part of its business so it will appoint people that are specifically qualifies to do that. Doing so reduces the risk of a compliance breach to the company and gives the company an ability to protect itself should the third-party provider make a mistake. And I think the creation of more centres of excellence for training people with the skills to do all this and I think internally in companies the establishment of panels to adjudicate on situations that may or may not be a breach inside a company. So it’s not left just to one person but there is actually a panel and that panel will include experts from outside the company as well as people from inside the company and that’s the only way I can see the directors can really protect themselves in this process. I think the compliance function of the company will provide the facilities and the stewardship and the coffee and the meeting rooms and what have you but, like you have institute of directors and people who train directors to perform the functions of directors, I think you will have professional compliance people who will be called in to sit on panels and to adjudicate things internally and the regulators will smile more favourably upon companies who bring in third parties to adjudicate the difficult situations rather than just leaving it to an internal decision maker. It won’t be a decision for the company because if it’s a decision of the company it leaves the company at risk. But if a company brings in third parties, then immediately the company is reducing its risk.

Concluding Remarks

Xenia Neophytou: A final thing is about this COVID-19 situation and I hope we manage to get out of it with the least cost. It’s important, one thing we didn’t mention, is for compliance teams to monitor the situation and have backup procedures and to make sure that companies are still remaining functional in these strange times. I will end with a hopeful remark that I don’t think it will be a big issue, I know you cannot predict, in the next 5-6 months this situation will be resolved and then the economy will be going back to normal.

Peter Wilson: Some countries are giving COVID-19 relief if there’s been a substantial reduction in turnover. Now, some countries refer to that as a 25% turnover reduction and others refer to the fact that there’s a material change in the company’s business. So you have to liaise with a hard-pressed, short-staffed regulator to explain to them the material variation to your business. So having systems and procedures in place that produce information on a timely basis that can be provided to the regulator in times like this enables the regulator to feel comfortable that it should open the purse strings on giving these reliefs. So it’s all leading to more sophistication in the compliance function to be able to provide more timely and accurate and more comfortable information.

TAGS