Financial Crime, Regtech, MNPI and PII: Lessons Learned From NSCP 2019
This year's conference focused on compliance best practices, technology and the importance of enhanced due diligence programs.
28 October 2019
Intralinks attended the annual conference of the National Society of Compliance Professionals (NSCP) held in Baltimore this month. We joined about 1,000 compliance, risk, legal and other financial professionals to network and learn from educational sessions and regulatory panels. This was our first time attending NSCP, and we were curious about trends and challenges faced by this audience. While we weren’t able to attend all 80+ sessions (many were reserved for certified compliance professionals only), we did learn some valuable lessons from those focused on financial crime, technology and cybersecurity:
Due diligence, due diligence, due diligence. Worst-case compliance scenarios were discussed at “Anti-Corruption, Bribery, and Fraud Issues,” including a few intriguing, high-profile cases that involved U.S.-based hedge funds and investment managers bribing the Libyan government, and a U.S. investment bank executive forming a shell company with members of the Chinese government. In the latter example, even though that investment bank had an extremely thorough compliance program in place, that executive was able to bribe government officials to win a real estate deal for his firm, and then transfer ownership to himself by taking advantage of loopholes within real estate –a sector inherently at high risk for bribery and corruption. Panelist Maria Hermida, anti-bribery and corruption officer at USAA, said that even with the best compliance and legal teams and consultants, and a top-notch compliance program, corruption will still occur.
While it’s impossible to eliminate all risk, it helps to implement an enhanced due diligence program that examines public records, risk scores, politically exposed person (PEP) reports, internet/social media, credit ratings, financial holdings, court filings, personnel interviews and references, and even consulting with the United States Consulate when international deals are in question.
Technology is evolving. At “Fintech and Regtech Innovations,” panelist Craig Watanabe, director of IA compliance at DFPG Investments, began the session by reminiscing about the days when communications were simply memos and phone calls, a stark difference from today’s barrage of daily emails which need to be monitored from a compliance/risk standpoint. Craig, along with panelist Chuck Senatore, senior advisor at Devonshire Investments at Fidelity, talked about how fintech and regtech are evolving to make these sorts of review and monitoring tasks for compliance and risk departments easier. Tools that may be in use now to scan emails and documents for compliance red flags may yield 99 percent false positives. Incorporating artificial intelligence and machine learning algorithms will improve results over time, yielding precise results and finding “the needle in the haystack.” When asked how these AI tools might be useful, the audience chimed in with finding aberrant trading, portfolio performance outliers, excessive gifts and entertainment, deceitful behaviors around MNPI, outsized transaction positions, political conversations/contributions, detecting fraud, consistency of ADV versus firm’s policies and procedures … the applications seemed infinite.
Humans are still the first and last lines of defense. Technology is only getting better. Unfortunately, this also applies to cybercrime. Malicious techniques are becoming more sophisticated and financial crime continues to be pervasive. The best defense to these threats is common sense. At “Cybersecurity for Small to Mid-Size Firms,” panelists talked about preventing data breaches, phishing, malware and ransomware threats with a program that emphasizes employee training and awareness programs. Panelist Olayinka Odeniran from consulting firm CybSecWatch said, “Employees are the number-one defense mechanism but also the number one vulnerability.” Training employees to use phrases as passwords, not save files locally, not click on unfamiliar links, avoid common passwords … are common sense approaches that, if thoroughly ingrained into employee practices, are key in an effective cybersecurity program. Onboarding and offboarding procedures are also critical. Disabling access to systems is often overlooked when an employee leaves a firm or even simply changes positions within the same firm.
Perhaps more original company names should be in order as well. That was a suggestion made by another panelist, Raj Bakhru, chief innovation officer at ACA Compliance Group, who mentioned that firms with “capital” in their names can be more vulnerable to phishing attacks as criminals can target employees at those firms en masse.
The complexity and global nature of capital markets transactions, the advancement of technology, the sophistication of financial crimes, the increase in number of industry regulations – these are challenges that directly weigh on today’s compliance and risk professionals. They are under pressure to implement a holistic compliance program, and controls and measures across multiple areas of the firm.
As a technology provider with history and leadership in secure data exchange and collaboration, Intralinks is well-versed in the issues that face compliance, risk and legal teams in financial firms of any size.
Patricia is director of product marketing for banking and securities at Intralinks, responsible for content and go-to-market strategy for the debt capital markets business. Prior to joining Intralinks in 2019, Patricia held senior product marketing and communications roles at global financial services firms including Envestnet, IHS Markit, and Morgan Stanley.