As the US has extended its regulatory reach beyond its own borders, other jurisdictions have followed its lead. Global corporations face an ever-growing burden in maintaining compliance with increasingly complex regulatory and reporting regimes. This is affecting their budgets, their structuring and also their strategy.
Over the past few years a series of regulatory developments have conspired to redefine the corporate compliance landscape, causing a spike in the related budget and staffing needs of financial and nonfinancial firms alike. It has given rise to a new position at many companies—that of the global chief compliance officer—and huge investments in new systems and processes. The way firms manage their compliance efforts has drastically changed—and will require constant review as global market reform continues to gain momentum.
What began as a US-centric trend to increase regulatory reporting and related requirements—and subsequently the time and effort involved in complying with those regs—has been taking hold in the rest of the world. This global surge has been driven in part by the US authorities’ embracing of the notion of extraterritoriality [the application of US jurisdiction and regulations outside the borders of the US] to mount enforcement actions against foreign entities, causing a rush of similar legislation to be passed in response.
In addition, there has been a push in a number of global economies to enact regulatory and legal changes that increase market transparency and reduce corruption. “This effort is gaining momentum, becoming worldwide,” says Adam Lurie, a partner in the New York law firm Cadwalader Wickersham & Taft. “I don’t think there is any end in sight.” Today acronyms like FATF (Financial Action Task Force), OFAC (the US Treasury’s Office of Foreign Assets Control), KYC (Know Your Costumer), FCPA (the US Foreign Corrupt Practices Act) and MiFID 2 (the EU directive on markets in financial instruments), among many others, are the stuff of nightmares for compliance professionals everywhere.
The origins of the current regulatory wave can be traced to the terrorist attacks of September 11, 2001, in the US, which triggered stricter norms for combating money laundering. Around the same time, the collapses of corporations like Enron prompted a rethinking of anti-fraud controls. More recently, the global financial crisis has inspired tougher regulations across the world, while high-profile corruption cases at major multinationals have persuaded authorities to tighten the screws on bribery. And a revamped focus on sanctions as a foreign policy tool has caused the overhaul of everything from payment protocols to third-party due diligence.
“I joke that there is a new medical condition called compliance stress disorder,” says Steven Powell, co-head of forensics at law firm ENSafrica in Cape Town. “In each jurisdiction there is a multitude of anti-money-laundering (AML), anti-terrorism, anti-corruption and sanctions requirements to keep track of and which continue escalating.”
“Extraterritoriality is getting more important by the day,” says Stephen Lock, head of group financial crime prevention and security at Old Mutual in London. However, many local firms with seemingly little exposure to the dollar might not be fully aware of how easy it is to fall into American regulators’ hands.
“Many companies in Africa trade shares in the US, even via American depositary receipts, but don’t realize this renders them subject to US laws,” says Powell. “US authorities threaten that if they want to go after companies that pay bribes, they can even establish jurisdiction based on an email thread routed through a US server or payments routed through an American bank.”
A cascade effect is created, whereby companies have an incentive to try and preempt any possible enforcement action by putting in place, early and decisively, a strong compliance program. “And this cannot just be on paper,” says Gwen Hassan, managing attorney of regulatory compliance at global manufacturer CNH Industrial, whose North American headquarters are located outside of Chicago. “If you encounter a situation where anybody you are affiliated with is paying a bribe anywhere in the world, you should be able to demonstrate to regulators that you have a lot of policies in place to prevent this from happening and, therefore, this is only a one-off occurrence due to a rogue employee. And to be able to do so, you need to have staff, to have invested in different processes, systems and technologies.” The long hand of the US government is therefore compelling compliance spending around the world.
GLOBAL REGULATORY PUSH
In addition, more jurisdictions are taking their cue from Washington and requiring greater transparency and reporting to reduce corruption and gaming of the system. South Africa has been ramping up its anti-corruption laws since 2008. The United Kingdom’s Bribery Act, which also has an extraterritorial component, went into effect in 2011. Mexico, Canada, India and Brazil have all followed suit. “These are only the more developed countries in their regions,” says CNH Industrial’s Hassan. “A number of smaller countries in South America and Eastern Europe are still working on enactment and enforcement of corruption prevention regulations. In terms of corruption enforcement alone, we have only reached the tip of the iceberg.” In the AML space, specialists are awaiting the Fourth Money Laundering Directive in the EU and assessing the impact of recently enacted legislation across Asia.
Financial regulations tell a similar story, with the US and the EU leading the way and other governments following closely behind. Take the Asia-Pacific region. “A bank like ours is faced with a particular degree of complexity due to the interaction between many internationally accepted rules with an equal if not greater number of local laws and regulations,” says Lam Chee Kin, group head of compliance at DBS Bank in Singapore. Dante Fuentes, chief compliance officer for Security Bank in Manila, describes his own experience: “The central bank of the Philippines (Bangko Sentral ng Pilipinas) issued a whole new compliance rating system to actively promote the safety of the national banking industry.”
The same interplay of rules is visible in international sanctions. The US and the EU have the most-far-reaching ones in place, against Iran, North Korea, Russia, Sudan and Syria, while the United Nations’ often provide a basis for legislations elsewhere. “Some countries will have their own sanctions over and above these, for their own political reasons,” notes Michael O’Kane, partner and head of business crime at Peters & Peters Solicitors in London. The UK, Switzerland, Canada and Japan have their own lists. For a time, Australia and New Zealand imposed sanctions on Fiji. There also exists an Arab League boycott of Israel.
All this together makes for sleepless nights for corporate compliance executives and takes the obligations of third-party due diligence to a whole new level.
