Request a Demo
Request a demo of our compliance tools to ensure your business is protected.
Recent arrests, fines, and regulatory censors suggest there is still a lot that the crypto and compliance communities can learn from one another. Regardless of the root cause or source of these external events, compliance professionals should transform mistakes into teachable moments. These moments leverage hindsight, help form dynamic feedback and awareness loops, and contribute to improving the organizations’ management of non-financial risks.
Although risk assessment tables are great tools to house what is leveraged and learned from mistakes or external events, they can be difficult to envisage and extract key or relevant learning points. A stepped lesson template that is focused on considering the mistakes, highlights one’s controls and the impact on the organizations’ strategic growth can be a powerful tool. Rather than focusing on how the risks would be remediated, the template considers risks contra point aka opportunities. Correctly utilized opportunities derived from lessons learned can help organizations exceed Regulatory expectations, tighten controls, and demonstrate that by owning teachable moments, compliance professionals are a value-add go-to function.
The recent arrests and convictions coupled with Regulators’ pronouncements on money laundering, fraud, terrorist financing, and cryptocurrencies are reminders that even historic bad behavior will be found and punished. Rightly, these events remind society that old laws are very applicable to modern situations and that Law Enforcement /Regulators will pursue historic maleficence, regardless of the organizations’ then maturity status. While the convictions may not apply to the individual organization, compliance officers can still transform mistakes into lessons.
Once a risk has happened there can be a tendency to focus on the root cause, consequences, and impact rather than insight opportunities. When compliance professionals focus on the opportunities they:
Given all firms know how imperative it is to remain in existence, functions must be able to contribute to strategic growth and customer protection. Therefore, it is important to focus on the opportunities. Compliance professionals know the importance of retaining revenue versus paying money away through unnecessary fines and short-sighted practices.
Successful traders create models that learn to predict patterns and leverage past mistakes and opportunities! It is unquestioned that for traders mistakes or crises create opportunities in the form of ‘teachable moments’ that allow firms to profit in the future. Negative events can include costly remediation or restricted strategic growth by losing your license to trade or take on new clients. Positive events offer opportunities to enhance the firms’ reputational brand with competitors, customers, or Regulators. But to take advance of the positive or negative, compliance professionals must have templates that are alive to the opportunities. These templates should allow compliance professionals to look at mistakes and lessons, through a prism of positive risk assessment or gap analysis.
The first lesson provided by George Santayana when he famously wrote: “Those who cannot remember the past are condemned to repeat it.” Read carefully, this aphorism provides compliance professionals with a template to take advantage of teachable moments.
Here’s a suggested template:
Use this aphorism to underpin the objective of the task i.e. “using hindsight to find opportunities” that improves compliance!
Highlight references to compliance policies, BAU role, AML, Sanctions, or risk-based approach.
Does the strategy reference digitalization, compliance obligations, client protections, licensing, crypto, management of economic crime risks, new payment platforms value add, or sustainable growth?
Use rows and headings events and risks.
Find examples from the decades of ABC, AML, CFT, Conduct, Fraud, Markets Abuse, Sanctions, Scams, TBML, TM, and Trade violations, and mistakes. Summarize the background to relevant mistakes and violations. This will form the rationale. Your Ops Risk team might be able to help with examples from their ORX databases, provide standardized event wording or library descriptions from their Non-Financial taxonomy.
Leverage existing feedback loop to make others aware of opportunities (and risks). Present the teachable moments to Ops Risk and Risk Owners.
By being proactive you’ve shown compliance: adds value, arguments sustainability and, positively contributes to the strategic objective. Take a small bow.
Let’s work through an example. As mentioned, the objective is to focus on identifying opportunities, rather than remediating.
Read OFAC’s action against BitPay!
Assume the reader has read their firm’s 5-year plan. Assume reader is employed at a financial institution, crypto, or virtual assets service provider that facilitates and engages in online commerce or process transactions and has a documented AML/Sanctions OFAC compliant sanctions control framework.
|For ease, events and issues are merged with the background and description below.|
On February 18th, OFAC fined BitPay. This fine settled BitPay’s ‘potential’ civil liability for 2,102 apparent violations of multiple sanctions programs requirements between 2013 and 2018. According to OFAC, BitPay allowed persons who appeared to be located in sanctioned jurisdictions (in Cuba, Iran, North Korea, Sudan, Syria, and in the Crimea region of Ukraine) to transact with its active merchants in the US and elsewhere.
BitPay’s platform permits transactions in digital currencies. BitPay’s systems and controls were able to gather locational information. The locational information included IP addresses and other locational data, about those persons before effecting the transactions. This information would / should have caused BitPay regulatory compliance systems and controls to stop, prevent, freeze, or at minimum report these transactions.
BitPay’s crypto payment service commenced in 2011 and in 2013 appears to increase their active merchants. OFAC acknowledged BitPay had financial crimes compliance systems and would continue to implement enhancements to CDD and travel rule processes.
Has this happened to my firm yet? Not yet.
|Probability||Lessons Learned /Teachable Moment||Prevention/ Opportunity|
1. Not fined yet
2. Firm is expanding suite of online products and
|BitPay: Using CDD and client data did not implement a risk-based approach before permitting transaction.|
Industry: Strength and weaknesses of payment gateway transparency/ infrastructure. Compliance matters.
Regulator: Quality of 5yrs of payments data and IP tracking software.
Org: Importance of e-2-e financial crime controls
Update, optimize anti-money laundering, sanctions, and transaction monitoring controls. Reach out to third-party vendors, are they releasing or updating their modules?
The firm’s 5-year plan is to permit existing, new clients and connected clients to transact (purchase, hold, and buy) use digital currencies, including crypto, CBDC, and Stablecoin. Compliance recognizes international Regulators’ requirements and expectations on these currencies.
In particular compliance notes regulation on that the travel rule, record-keeping, payment transparency, social networks, STR reporting, and digital wallets are applicable across all financial and non-financial companies (including VASPs) risks and controls. Compliance sees an opportunity to collaborate with business on a new product, enhance existing CDD processes to make these products immediately available to applicable clients, and use payment transparency data to improve the STR filing and streamline e-2-e controls. Also, compliance sees opportunities to work with investigations in IP address/social networks. We can (i) showcase our proposal to the Regulator in Q3 and (ii) in advance of any new product, add new risks and controls Ops Risk Non-Financial taxonomy library.
Through the BitPay notice, OFAC reminded financial institutions and the crypto community, supervised or not, of its expectations that systems and controls conform to a basket of new and old rules and regulations. The notice showed that while some of the rules might have aged they remain applicable to the modern situation. There are a lot of mistakes the crypto and compliance communities could leverage.
Given the recent fines and widening of gatekeepers to include VASP and non-financial service providers, learning and not repeating mistakes should be viewed as opportunities that allow the compliance professionals and the business we support to look forwards!
Technology, regulation, and the future of financial crime compliance. Read annual report…