No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Financial and Reputational Loss: A Price Too High

The Real Cost of Noncompliance, Part 2

by Timur Mussin
December 2, 2020
in Featured, Financial Services
illustration of man rolling boulder up a hill

ForteBank CCO Timur Mussin continues a discussion on the real cost of noncompliance with a look at the various penalties – reputational, financial and otherwise – associated with regulatory violations.

Read Part 1 here.

High-Risk Products

As part of fierce competition, organizations are improving their products and services, including through innovative solutions. At the same time, without considering the compliance and money laundering risks associated with these decisions, it is highly likely that the organization may encounter problems caused by insufficient elaboration of a new product or service, which in turn will entail sanctions by the regulator or complaints and lawsuits by clients.

An innovative product can bring significant profit to an organization, which can exceed the size of potential fines, but it can also deprive the organization of a license and the ability to continue to work in the market if certain regulations aren’t followed during its production.

For example, the risks of trading cryptocurrency are mainly related to its volatility and anonymity. They are high risk and speculative, and it is important that you understand the risks before you start working with it. By the way, crimes associated with cryptocurrency accounted for more than $4 billion in loss in 2019.

Risks specific to cryptocurrency and other products should be taken into account as much as possible. The task of a compliance officer is to find vulnerabilities for the company and take measures to minimize risk or de-risking, including by refusing to work with a new product. For this, the compliance officer should take an active part in agreeing on new products and have a clear picture of all available and potential products, with the aim of periodically reviewing them and identifying compliance risks.

Insider Trading

Western countries’ stock markets are shocked by frequent news of fabulous fines for divulging insider information – high-profile cases, speeches of representatives of the Securities Commission, seven-figure fines. Disclosure of insider information carries risks for the owner and object of this information, which may result in insider trading.

In world practice, insider trading refers to transactions with stocks, bonds and other securities, including derivatives based on insider information (i.e., information that is kept confidential from the public).

In most countries, insider trading is illegal because it violates the principles of information security, competition and fair trade. Insiders may be held administratively and even criminally liable for violation of the above standards, including in relation to the illegal disclosure, transfer and use of insider information or transactions based on such information. Lack of control over the disclosure of this information will inevitably lead to dire consequences for all market participants: the organization, its owners and customers.

Consider, for example, when the owner of the Galleon Group was sentenced in 2011 to 11 years in prison and fined $53 million for using insider information. Also, about 50 people were somehow found guilty of what was happening in this organization.

Given the above, the compliance officer should maintain an insider information control system at an adequate level, including through the development of internal procedures, the creation of Chinese walls, maintaining lists of insiders and providing interested parties with information about the importance of observing the requirements regarding the safety of insider information and the serious consequences for their violation. The above case can be a good example for this purpose.

The Lack of Customer Data Protection

Organizations must ensure the security of data received from clients, since the lack of control over such information and its unlawful disclosure will almost certainly entail questions from the regulator or claims from customers. Of course, organizations can — and most likely even should, in order to improve the quality of service — use this information to determine the profile of the client and provide the products and services necessary only for the client, but the information’s protection from third parties should be the most important task.

Without proper customer data protection, organizations run the risk of an outflow of customers disappointed in the false reliability of the organization, as well as administrative and even criminal liability.

The Federal Commissioner for Data Protection and Freedom of Information fined a provider of telecommunications services 1&1 in the amount of €9.55 million for insufficient authorization procedures and failure to comply with article 32 of GDPR, which relates to having the appropriate technical and organizational measures to protect data privacy whilst processing personal data.

An even larger penalty had previously been applied to real estate company Deutsche Wohnen SE for limitations in implementing a GDPR-compliant data storage system.

It is also worth recalling the French National Data Protection Commission’s fine of €50 million to Google for not providing sufficient information to users about their consent policies for data transfer and lack of sufficient control over how their information is used.

The employee responsible for GDPR must take measures to check the current situation in the organization and to eliminate gross violations of the basic principles of GDPR (if any). The first important step is to develop an effective system for collecting and storing personal data, as well as checking for the necessary consent from customers. A second important step is also to educate your employees about GDPR requirements and develop internal guidelines to promote compliance with the GDPR.

The above is relevant both for companies from the European Union and companies from other countries working with EU residents.

Violations of Extraterritorial Laws

The United States Foreign Account Tax Compliance Act (FATCA) is designed to discourage tax evasion by U.S. citizens and residents. The law is also extraterritorial in nature and applies to many countries of the world that, within the framework of certain interaction models, send information about U.S. citizens and residents who have accounts in their organizations to the U.S. Internal Revenue Service.

Depending on the model of participation, organizations are required to send information to the IRS directly or through local tax authorities. Similar requirements come from the global version of FATCA, the Common Reporting Standards (CRS), in which citizens of other countries become the object of information exchange. In April 2019, the IRS announced that it was tightening compliance with FATCA requirements.

An organization working with foreign banks may encounter a number of problems if it does not comply with these requirements (or other similar requirements), which may lead to the termination of business relations with counterparties, the closure of the organization’s business in certain countries or, for example, fines totaling 30 percent of all the organization’s transactions.

Accordingly, the organization has two options: to leave everything to chance and hope that the IRS does not detect a violation (of course this is a very bad option) or designate an experienced employee responsible for compliance issues who will monitor the implementation of standards for these facts, including registration on the website the IRS will review, the procedures for obtaining the necessary information from customers and providing information to the IRS, etc.

Withdrawal of Assets

In world practice, the concept of an “affiliated person” has become quite widespread. This term refers to individuals and legal entities that, due to certain relationships, are able to influence the activities of others. Relationships can be either familial or of the business variety (e.g., through ownership of a joint business or through an employment contract).

For transactions of legal entities with affiliates, additional requirements and restrictions are applied to protect the organization and its customers from possible negative consequences caused, for example, by conspiracy of affiliates to each other. Lack of control over this issue may lead to the withdrawal of assets from organizations and corruption crimes for state and quasi-state organizations.

Affiliates often have access to inside information and can influence the decisions of others; therefore, their operations are more closely regulated. It is important for the compliance officer to provide mechanisms that will make it clear that transactions with affiliates are concluded on market conditions and by decision of the organization’s top management.

Sanctions Lists

International sanctions are a popular tool in modern politics and economics. Through sanctions, some states try to punish their opponents in the political game, and companies destroy their competitors in the war for the client and the market. Often, sanctions are designed to remove an opponent from new technologies, which are an important development tool and the key to a successful future. Obviously, a country or organization without innovation and modern solutions has bleak prospects for the future.

The political situations in different parts of the world dictate their own rules of the game, which should be taken into account. For example, a significant number of large Russian organizations have been included in the U.S. sanctions lists since 2014. The initiators of international sanctions are various international organizations and states. Of the main ones, the UN Security Council sanctions are binding on all members of this organization, as well as U.S. and European Union sanctions, which – due to their actual extraterritoriality – are also binding on organizations doing business with organizations from the United States and the European Union.

The Office of Foreign Assets Control (OFAC) has fined a number of companies in recent years for violating sanctions. UniCredit was fined $ 611 million for violating sanctions programs against Burma, Cuba, Iran, Libya, Sudan, and Syria. In particular, organization processed payments to or through the United States in a manner that did not disclose underlying sanctioned persons or countries to U.S. financial institutions which were acting as financial intermediaries. Previously, the London-based Standard Chartered Bank was fined $ 657 million for operations that contradict the requirements of sanctions programs against Iran, Sudan, Zimbabwe and other countries.

Given the brutal measures taken by government departments regarding international sanctions,  organizations should have a clear policy regarding international sanctions, understand their impact on the organization’s activities and be able to assess the risks associated with it. In practice, this issue can be covered by appointing the person / unit responsible for monitoring the implementation of sanctions, the Know Your Customer procedure that works correctly, and special software that allows all parties to the operations to be checked for compliance with the UN resolutions, OFAC, EU and other countries.

If this is not the case, most likely their foreign colleagues will stop working with the organization, for whom the execution of the data is mandatory according to the requirements of the law or internal documents, or even worse, the organization will itself get on the sanction lists for malicious violation of the sanctions programs.


Tags: Foreign Account Tax Compliance Act (FATCA)Office of Foreign Assets Control (OFAC)Reputation RiskSanctions
Previous Post

1touch.io Touches Down in South Africa

Next Post

Steele Expands Industry-Leading Risk Data & Insights Platform Through info4c Acquisition

Timur Mussin

Timur Mussin

Timur Mussin is CCO of ForteBank JSC. He is an expert in ethics, compliance, AML/CTF and fintech. Timur is a speaker and author of more than 100 articles on compliance and fintech aimed at popularizing and improving these issues. He can be reached on LinkedIn at www.linkedin.com/in/faceman.

Related Posts

red flag warnings

Fostering Risk Transparency in the Organization

by Jim DeLoach
November 9, 2022

Serious risks to your company’s financial and reputational health probably aren’t going to walk up and introduce themselves. Protiviti’s Jim...

parametric insurance esg

Exploring Parametric Insurance as an ESG Authentication Tool

by Nir Kossovsky and Denise Williamee
November 9, 2022

Parametric insurance, which has long been popular in disaster recovery, is gaining steam as a proxy for proving the effectiveness...

trade secrets

Inside Job: How Businesses Can Protect Valuable Trade Secrets

by María Amelia Calaf
October 5, 2022

A relatively new law (the Defend Trade Secrets Act) aims to give businesses a legal framework to fight against theft...

greenwashing

Consumers and Federal Regulators Continue Fight Against Greenwashing

by Staff and Wire Reports
October 5, 2022

The SEC is expected to publish its final rules regarding ESG disclosures later this year, and in the meantime, both...

Next Post
handshake with smiling woman in background

Steele Expands Industry-Leading Risk Data & Insights Platform Through info4c Acquisition

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT