Evolving Role of Technology in Compliance – Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft

Why do we hear about compliance in financial markets so much these days?

Businesses are becoming increasingly complex. More businesses now have cross border operations than anytime earlier. People have become much more mobile and global travel has increased multi-fold which is good news. However, amidst growing business, what is also increasing its footprint is illegal activities like drug trade, terrorism, extortion and other related activities.

These activities use banking and financial markets as a channel to move their illegally gotten wealth. It is important for regulators to put a stop to these activities. The general belief amongst regulators is that if such people are cut off from formal banking and financial services channels, it will be very difficult for them to finance such operations. A lot of regulation is being put in this space to curb such activities and financial institutions are being asked to comply with them.

Another need comes from within the financial industry itself. The financial market meltdown of 2008 caused US government to push legislations like the Dodd-Frank Act for increasing transparency and customer protection that has global repercussions as far as compliance is concerned. Another act called FATCA was notified. FATCA stands for Foreign Account Tax Compliance Act, enacted in March 2010. The objective of this act is to detect and discourage tax evasion by US persons. Its aim is to ensure that persons from the US with financial assets outside the US pay US tax.

It is generally felt that there is a global tightening of regulation to restrict increase of nefarious activities. If one studies the provisions of FATCA, one will realize that never in history earlier has America promulgated an act with such wide reach. The Indian government is also taking active steps to make foreign banks reveal data on Indian depositors. The whole banking and financial arena will be much more transparent in 3-5 years from now as compared to what it was earlier.

How is technology helping this process?        

Compliance as an activity is highly dependent on right technology. Technology is needed to extract trading, financial and stock holding, ownership and all other kinds of direct and indirect information from all investment, trading and holding data. In absence of technology, this information cannot be correctly analyzed, compiled and reported to tax authorities. Technology plays a very crucial role in detecting activities like AML, Insider trading, front running, cartelization etc. Such compliance starts with some very basic things like all client lists must be daily scrubbed against debarred entities list. It may happen that when a client is registered with an institution, he may be acceptable but later gets blacklisted. If such checks aren’t run routinely, the service provider may face compliance problem Similarly, trading systems must continuously scan for clients whose trading positions and strategies are not consistent with their risk profiles. Technology like Direct Market Access has solved the problem of front running. Insider trading continues to remain a menace.

A lot of compliance today is possible because technology supports such compliance. The whole process of electronic pay-in and pay-out has resulted in implementing a lot of controls like restricting money and fund transfer to 3^rd parties. Increased compliance has been possible because market infrastructure institutions like exchanges, brokerages, depositories and clearing corporations have adopted technology to a large extent in their day to day operations.

Business owners are normally involved with a lot of philanthropic and social service work. Do they need to be careful about compliance?

Compliance is for everyone, including business owners involved in philanthropic work. I know of few cases where business owners who were otherwise very strong in compliance in their own business, did not check if the organizations they were doing social service for were also high on compliance. They fell into trouble because the organizations they were associated with on honorary basis were lax on compliance. Such business owners learnt the hard way that they either need to force these organizations to comply or quit doing such work.

How can technology help companies in these days of Social media revolution?

Companies, especially those with retail client facing businesses where reputation is very important – like financial services and banking etc must be very careful about what is being posted on social media about them. Any comment has the potential to go viral these days. These days there is technology available to monitor electronically what your employees and general public at large is posting on social media. Some companies, mainly MNCs are putting technology in place that approves each post that a company’s employee posts on social media platforms like Facebook and Twitter to ensure that their employees are not reckless and that they don’t make any statement that is in deviation with the company’s policies or statements.

How is technology helping regulators?

One of the biggest beneficiaries of increased use of technology by businesses is regulator itself because it can now ask for information in ways it couldn’t ask for earlier. With better technology, now data can be extracted in multiple formats and can be analyzed in dimensions not possible earlier.

Governments worldwide are using technology to find breaches, non compliance and flagrant evil deeds of individuals and institutions. For example the US government set up a team to investigate if any group made windfall profits from the market crash after 9/11 incident of bringing down the World Trade Centre. The government wanted to find out if someone had advance information of such incident and had indulged in abnormal short sales. Such investigation involves scouring and data mining of unimaginable amounts of data. It can only be done by deploying right technology.

Risk from basic things like mailing has become a big issue. How do we ensure that we remain compliant to local laws and protect our intellectual property at the same time?

This is a challenge most corporations face today and the Chief Compliance Officer or CEO should be highly aware of the risks associated and take active steps to safeguard. Today, 90% of the data transferred from any company to the external world is in digital format. If one wrong email containing client data is sent to a wrong recipient, it could result in loss of millions in law suites and fines apart from reputation loss. To protect itself, the first thing that companies have to do is sensitize all its employees on the fall out of any such case. Employee – employer agreement must also cover adequate clauses to protect the employer from employee’s evil intentions and actions.

Compliance by itself is becoming as big as Admin or Legal department. Any observation?

Yes it’s true, especially in headquarters of large banks and conglomerates. JP Morgan had announced its intention to spend USD 4 billion and commit 5,000 employees for compliance. Similarly, HSBC expressed its intention to employ 3,000 more compliance officers after paying a USD 1.9 billion fine for AML violations. It is estimated that 70,000 finance jobs will be created in Europe alone to handle compliance related jobs. There are 3^rd party businesses coming up to help institutions comply with laws. Compliance is becoming an industry by itself.

What is the cost of non compliance?

Most laws have their financial penalties. For example, under section 13 of the Prevention of Money Laundering Act, 2002, there is fine for non maintenance of records that ranges from INR 10,000 to INR 100,000 per instance of non compliance. While the monetary cost of non compliance can be measured in terms of money, there are a lot of non monetary costs that cannot be measured. For example, for serious breaches under the PMLA section 4, one can get arrested with rigorous imprisonment not less than three years and can extend up to 10 years. Offender’s assets can be impounded and the business approval and licenses can be cancelled. Non compliance of FATCA has resulted in several billion USD of fines. Recently CSFB pleaded guilty and paid USD 2.6 billion as fine.

Cost of non compliance is too high to ignore and no one should take a chance. Only spending on technology itself will not help. Internal controls also need to be enhanced. Due to FATCA, American citizens with considerable assets are renouncing their citizenships and some Indian institutions are reluctant in opening accounts for NRIs fearing repercussion in case an individual declares as a NRI but is actually an American Citizen.