The Evolving Financial Crime Regulatory Landscape

Robert WALSH, Deputy CCO, AXA Group

For many years financial crime regulations have mainly been a problem for banks and other financial institutions. Those days are over. Is your company at risk because your supply chain includes companies in western China? Do you have customers with operations that extend into sanctioned countries? Are you unwittingly in violation of new strict anti-bribery laws in France? Have you even heard about the UK Modern Slavery Act or the new EU equivalent?

All companies, whether manufacturers or service companies, now have need to deal with these complicated areas of regulation. What’s even harder is that most of these laws have extra-territorial application, meaning that if any part of your operations are in the regulating country then the regulator might assert that their law applies to all of your operations.

That’s the bad news. The good news is that because big banks have been at the bleeding edge of these laws, suffering penalties running into the billions of dollars, they have invested heavily in specialized technologies to prevent these problems. These tools are generally available and are rapidly improving in their effectiveness.

Underlying all of these laws is a regulatory insistence that companies really, really know who they are dealing with. Customers, suppliers, contractors, TPAs, intermediaries, JV partners, directors, employees - none of these parties can be on prohibited lists. So companies must have screening technology to check them against the lists. If any of these parties are companies, you must identify controlling shareholders and make sure those shareholders are not on restricted lists. This is a big job but it can be done: specialized data vendors have emerged that work in concert with these technologies.

“With respect to the supply chain laws, the essential ingredient is to try to determine whether companies in your supply chain are engaged in human rights abuses”

Under emerging bribery laws, such as the French Sapin 2 law, companies must assess the corruption risk of the third parties they deal with. The good news is that screening technologies can be used for this purpose as well and, again, specialized data vendors are available, who offer “negative media” lists to help assess the background of counterparties. Perhaps the most significant international bribery law is the US Foreign Corrupt Practices Act, which adds a further layer of due diligence, which is whether your counterparty is a government entity or political/public official. All of this can be screened using these tools.

With respect to the supply chain laws, the essential ingredient is to try to determine whether companies in your supply chain are engaged in human rights abuses. This is not wholly solved by screening technology and services, but increasingly dubious suppliers are listed in the negative media screening services.

Unfortunately it doesn’t end there. There is an emerging expectation that, beyond ensuring your customers are not bad guys, you should ensure your customer’s customers are not bad guys (know your customer’s customer or KYCC). This expectation is particularly relevant to manufacturers with international clients. If the car parts your company makes end up in North Korea you may have a serious problem. Once again, new specialized data vendors coupled with customer screening technology can help solve this.

One more point. Apart from the regulatory reasons for engaging in these screening practices, increasingly there is pressure from other directions. If you are a public company, institutional investors now include ESG (Environmental, Social & Governance) factors in their investment decisions, including anti-bribery and supply chain compliance, and bank lenders have started asking diligence questions on these subjects, to meet their KYCC obligations.

These types of regulatory obligations are expanding rapidly. In 2019, for the third year in a row, the US Government blacklisted more entities than it had in any previous year, adding an average of 1,000 names each year—more than twice the annual average under either President Barack Obama or President George W. Bush. Companies would be wise to get the tools in place to manage these risks.