In this episode risky woman Rachel Wolcott shares insights from Thomson Reuters Regulatory Intelligence team with the inaugural report Financial Crime Compliance for Non-financial Companies: The Expanding Regulatory Perimeter. The report explores why penalties for money laundering violations are becoming more commonplace for non-financial firms and suggests solutions and recommendations for business as they try to remain compliant. As usual, we’ll also hear from Rachel on her career journey and her quick answers in the rapid fire round too!
Points of Interest
- 01:45 Career
- 07:25 Why more non-financial firms are coming into having obligations to have financial crime compliance programs
- 10:27 Main compliance approach to-date
- 11:44 Greater risk sectors
- 13:08 Era of deep fakes
- 18:24 Solutions for tackling financial crime
- 21:20 Report key takeaways
- 25:37 Rapid Fire Round
…corporates really need to be honest with themselves about what the current state of their systems and controls is around financial crime, they need to call it financial crime.
TRANSCRIPT
Kimberley Cole 0:01
This is Risky Women radio show to connect, celebrate and champion women in risk, regulation and compliance, sharing insight and perspective from the most influential members of our global Risky Women network. On the latest developments, we need to think about, the challenges we should all talk more about, and innovations we are most excited about in governance, risk and compliance. Bringing together the hundreds of senior women professionals already connected with a new emerging group of leading women and men. I’m Kimberley Cole, your Chief Risky Woman.
Kimberley Cole 0:40
This episode has been brought to you by Thomson Reuters. Thomson Reuters is one of the world’s most trusted provider of answers, helping professionals make confident decisions and run better businesses. Thomson Reuters’ customers operate in complex arenas that move society forward law, tax, compliance, government, and media. They face increasing complexity as regulation and technology disrupts every industry. They’re on a mission to help professionals advance their businesses and gain competitive advantage with trusted answers only Thomson Reuters can provide.
Kimberley Cole 1:21
Welcome to Risky Women Radio. Today’s risky woman is Rachel Wolcott. Rachel is the Senior Editor at Thomson Reuters. So welcome, Rachel.
Rachel Wolcott 1:31
Hi, Kimberley.
Kimberley Cole 1:32
Hi. Great to have you here.
Rachel Wolcott 1:34
Nice to be here.
Kimberley Cole 1:35
Let’s start off. You’ve had an interesting career as a writer and editor with several organizations and different publications. Can you tell us more about your career?
Rachel Wolcott 1:45
Well, funnily enough, it all started off back in New York in the late 90s. I think it was maybe 98 maybe 97. And I answered an ad in the New York Times for journalists and I sent in my CV, and a couple of pretty thin clips. And I got a job in Institutional Investor newsletters working on a newsletter called Private Asset Management, which was all about private banking. And I was thinking about this this morning and realized that we probably should have been doing more on financial crime and tax evasion, but that might have turned off readers. And I went on from there to do some other work at Institutional Investor in emerging markets and the bond markets, and then that kind of wound down and I hopped over to Risk Magazine over here in London, and I covered the derivatives market there for…in the early 2000s…so this was in the run up to the financial crisis, and we did a lot on credit derivatives and that gave me a lot of insight into how banks were marketing these products and maybe making some promises they couldn’t keep in the end, they were kind of asking too much of it. And then I finished up working at Risk, went on a career break and then came back and started working for Reg Intelligence and I’ve been doing that ever since it’s been fantastic. It’s a really an intellectually rewarding role. There’s lots to sink your teeth in. And I feel like after all this kind of roaming around being in New York, being in London and like kind of found my feet now, it’s great.
Kimberley Cole 3:40
Excellent and obviously a lot of regulatory change. So a lot to write about.
Rachel Wolcott 3:44
Yeah, exactly. There’s never a dull moment, that’s for sure.
Kimberley Cole 3:47
And so you mentioned a few of the sort of times that you’ve written through and financial crisis, etc. What have been some of the most interesting stories you’ve got to cover?
Rachel Wolcott 3:57
I have to say the post crisis stories have been most interesting for me, hearing how people, and writing about how people are trying to work themselves out of what happened in 2008 2009. And I’d say that’s still going on. And it’s interesting to see what the ebbs and flows have been in terms of themes. And when I first started at Reg Intelligence people were talking about, you know, this is the time that compliance and governance is really going to shine people are going to finally take us seriously. But I have to say unfortunately, I’ve been at Thomson Reuters for almost nine years now, I feel that compliance officers and risk managers are still you know, fighting to be heard, and in a more meaningful way and get their voices heard at the board level.
Kimberley Cole 4:50
Which is surprising given both the number of fines and the and the kind of crisis that we’ve seen especially in the financial market.
Rachel Wolcott 5:00
I think a lot of that has to do with, you know, now that we’re in a kind of recovery phase or sort of that people want to get back to business making money. They don’t want to be in a business of doing compliance and they maybe haven’t figured out how those two things go together.
Kimberley Cole 5:18
Yeah, very. Yeah. That’s a interesting point. So what do you love most about your current role as Senior Editor at Thomson Reuters?
Rachel Wolcott 5:27
It’s like I said before, it’s the intellectual stimulation. The stuff we write about isn’t easy. It takes a lot of reading and understanding and time put into getting to grips with different topics. And one of the things that’s come up recently is, you know, maybe over the last five years is this culture and conduct conversation and talking about behavior, talking about biases, you’ve seen the regulators getting more involved there, and that’s in, you know, that really appeals to my humanities background. And I really enjoy it. It’s fun to see how this works out in the real world.
Kimberley Cole 6:09
Yeah, fascinating area in terms of not just the rules base, but how do you get people to do the right thing?
Rachel Wolcott 6:15
Yeah, exactly. And I think that’s going to be something that’s going to take firms and probably regulators a while to figure out, you know, where, where are we going with this?
Kimberley Cole 6:27
Absolutely. So we could cover I think a lot on that topic. Today, I would love to talk about the special report that’s just come out from the Thomson Reuters team, focusing on money laundering risks for corporate. So I think there’s been a lot of focus on AML and financial crime as a key risk for financial institutions. And obviously, that seen a lot of publicity around the big fines, but it’s also a risk that’s far wider, and this report gives some great insights into what other corporates should be thinking about and considering. So, I’d like to sort of start with, you know, why do you think that that’s happening now? Like, why, why has this issue kind of broadened? And what do the corporates needs to be thinking about in terms of improving their financial crime risk management?
Rachel Wolcott 7:25
Yeah, well, I’d say the “why now” is a combination of different factors and one is the what we call the expanding regulatory perimeter. So more non-financial firms are coming into having obligations to have financial crime compliance programs. And that started off with you know, more high risk areas like real estate and jewelry businesses, high end objects like cars, heavy machinery, stuff like that. But it’s filtering out to law firms and other other kinds of professional services firms like accountants. So there, you know that, and this is being revisited all the time. And on top of that there’s more risk and complexity in the sanctions regimes worldwide, especially as the US ramps up sanctions against Venezuela, North Korea and Iran. And I would say just more generally that regulators and law enforcement are looking at corporates more closely for a number of reasons. But also, corporates are vulnerable to money laundering and money laundering charges are also now being linked with sanctions and bribery and corruption cases. So it’s something that needs to be on their radar more. Criminals, and this is something we come back to all the time in our coverage, is that criminals get very creative about harnessing legitimate businesses for their own ends. And something that people aren’t always aware of, but you know, more recently we’ve got some big household names like Microsoft, Walmart, the tool manufacturers, Stanley Black & Decker, they’ve all big paid big fines to the US for briberies, and sanction busting. And we know the theme in all of those cases was poor systems and controls to control these risks, as well as poor compliance culture. And corporate should really be worried about their liabilities here. And just back to money laundering for a second. corporates really need to know that criminals are infiltrating their businesses and using them to launder money and there are two other household names Uber and Airbnb have been used by money launderers, making fake transactions or making transactions and then getting refunds. So there’s a lot of vulnerability and probably not a huge amount of awareness.
Kimberley Cole 10:19
So what has been the the compliance approach to date in some of these corporates?
Rachel Wolcott 10:27
Well corporates generally don’t do a lot of KYC and AML beyond onboarding. They don’t do transactions screening. And more broadly, I mean you couldn’t say this is true of all corporates, but kind of big picture they’re using trade compliance IT systems that are part of bigger legacy software packages, which aren’t really designed to detect and deal with financial crime as we know it today. And I would go back to the amount of cases and a lot of them are highlighted in the report that shows the corporate financial crime compliance frameworks need a lot of improvement. So I would say the current approach is not working that well.
Kimberley Cole 11:21
Yeah. And and you sort of said that there’s now so many different industries affected. So it started with real estate, and jewelry and sort of some areas were considered high risk. But now that is going lower and lower or broader and broader, maybe as a better way of explaining it. Are there still certain sectors that you consider that a greater risk?
Rachel Wolcott 11:44
Well, I think some of the recent cases, like the Stanley Black & Decker and the Walmart and Microsoft cases demonstrate the difficulty of managing risks in overseas subsidiaries. So the Microsoft case was primarily having to do with bribery instances happening in Hungary but it was in other places as well. The Stanley Black & Decker case was they had a Chinese subsidiary that was selling to Iran. And they knew this was happening. And they thought they had shut it down, but they hadn’t. And the you know, kind of final report from the government, US government on that lays out kind of the systems and control failures that lead to those things happening. And the same thing happened with Walmart, just to a certain extent, that was a combination of a bad, poor culture around compliance and people doing their own thing in Brazil and Mexico. And I think India as well.
Kimberley Cole 12:57
And I mean, it’s, it’s surprising to a certain extent that given the amount of data that we have to understand customers, but it seems that it’s harder to know your customer than ever before.
Rachel Wolcott 13:08
Yeah. Yeah. I mean, there’s a lot in this in this space to talk about. We could do a whole thing about it. But my thinking about it is we’re living in an era of deep fakes. And it’s something that criminals have really latched on to. And some of the fakery isn’t even that deep, but it’s fake. It’s good enough to fool you. And one of the big things now is synthetic identity fraud. And that’s where criminals kind of mix and match data points that they’ve stolen from the some of these big corporate data breaches and they can synthesize fake social security numbers, build up fake identity, get them to open a credit card account with a bank. And by the time they’ve defrauded the bank, the bank doesn’t even realize that this wasn’t even a real person, you know, and they write it off as just as a credit loss. But there’s a lot more that happens too so and another thing that’s just been highlighted one of the European Commission reports is how criminals are really good at finding corrupt advisors who can set up shell companies and help them hide the beneficial ownership of you know, who’s behind these businesses. And that is also problematic because some of the government sponsored sources that are supposed to help you determine ultimate beneficial ownership have also been kind of infiltrated and corrupted. So the data you’re getting there isn’t good but something that UK is looking at they’ve got a plan to revamp Companies House and make it a better repository for beneficial ownership data, ultimate beneficial ownership rather. And, you know, there’s something that’s come up last week, which kind of caught my eye and it’s sort of this evergreen problem that criminals are running companies that look legitimate. And actually, I think it was last week, Europol was highlighting some of the issues around waste management and recycling companies in the EU and saying that these companies are often being set up by criminals and gangsters for corrupt ends and basically, like moving garbage all over the EU and just causing all kinds of problems, you know, in terms of, you know, environmentally and in terms of financial crime.
Kimberley Cole 15:58
Wow! So you’ve got complexity, and then you’ve got this sort of deep fakes. Problem. It’s, very difficult.
Rachel Wolcott 16:07
It is really difficult. And like I said, I could go off on about this forever, but you know, things like, you know, crypto currencies and all kinds of ways of encrypting information and hiding your identity, you know, makes it harder for law enforcement and regulators, I think.
Kimberley Cole 16:26
Yeah. And look, Transparency International. I know it was called on governments worldwide to push ahead with enforcement to sharpen the corporate sectors focus on anti-bribery and corruption compliance. What approach are the regulators taking and what do you think the implications are for corporate?
Rachel Wolcott 16:44
Well, a lot of the big cases that I’ve mentioned already, were either started off the back of a whistleblower concern, or actually a journalist investigating it and getting a tip off and writing about it. I think in the New York Times is a good example. So in these investigations have been really big and costly for and multi-year for these companies. I saw the Walmart one I think cost them almost a billion dollars. And it went on, I think for a good five years. But equally another thing that we highlight in the report is that authorities and regulators are getting more information from bank suspicious activity reports and they’re using it to investigate companies. So groups like OFAC in the US are concerned about sanctions busting corporates. They’re worried that corporates are doing business with Venezuela, North Korea and Iran and they’re going after that. And they’re also telling companies Hey, you need to boost your compliance here because when we if something does go wrong in future if we see you have systems and controls that are real, that are robust, that’s going to be a mitigating factor in any kind of fine, that’s handed down. And that’s something that they’ve been really banging the drum about. And the same message is coming from agencies and regulators concerned with bribery, and corruption, you know, globally.
Kimberley Cole 18:18
And what are some of the solutions around tackling those challenges that the report highlights?
Rachel Wolcott 18:24
Well, I think the first thing is that corporates really need to be honest with themselves about what the current state of their systems and controls is around financial crime, they need to call it financial crime. They need to blow the cobwebs off their compliance frameworks and determine whether they’re fit for purpose for today’s world. Companies’ boards need to educate themselves about these risks. And as some of the financial regulators have attempted to promote, to get a culture of compliance at these companies and that was one of the observations about Walmart, that it’s high growth, low cost, corporate ethos led to corners being cut and bribery happening. So I’d say getting to grips with the big picture is going to be a big task for a lot of companies in the same way it has been, and continues to be for financial services. And on top of that, you know, this, it was the technology piece. And there are a lot of new tools out there that corporates can use to combat financial crime. And they need to look at what they’ve got already. And what they might not be using, like internal customer data. And think about how we can you can use that data to sell customers almost on a one to one basis. But you should also be thinking about repurposing it and using it to detect behavior that might be indicative of financial crime. I think those are all things that people need to think about in the whole not latch on to one any any kind of simple solution. I know that’s something that compliance people talk about a lot is doing something a holistic approach. I think that that’s always going to be the best way to think about a problem from all the different sides.
Kimberley Cole 20:22
Yeah. And obviously, there’s a lot that the corporates can learn from what’s already been experienced in the financial institutions. And I think that’s right, that holistic approach, looking at their entire data sets and process and procedures and as you said, culture.
Rachel Wolcott 20:40
There’s a lot of lot of lessons learned. You know, that kind of introspection is tough for any individual or company, but I think it’s always worth doing
Kimberley Cole 20:52
There’s a lot in the report. Everyone should of course go and read the report. We will put the link in the in the show notes and on the Risky Women website. Are there any other kind of key takeaways that we should highlight now?
Rachel Wolcott 21:07
Okay, well, first of all I wanted to say hi to Brett Wolf and Nathan Lynch, who are my colleagues who co authored report the report because, you know, they both have a huge amount of expertise that really shows.
Kimberley Cole 21:19
Nathan a fellow Aussie.
Rachel Wolcott 21:20
Yeah, exactly. Hi, Brett and Nathan. So I don’t want to make it sound like this was all my thing. Far from it. I’ve gotta say it’s a jam packed report. So I boiled it down to four kind of takeaways, and some of them I’ve kind of hinted at already, and one is that criminals are creative, and they can use your corporate infrastructure to enable their criminal enterprises and you need to be on guard against that. Second one is you can’t rely on your work to do KYC AML sanctions and bribery work for you, you are responsible for that. And that’s exactly what law enforcement regulatory agencies are saying. Speaking of which law enforcement and regulators expect corporates to have strong systems and controls around financial crime. And even though it’s not specifically mandated, that’s the big message coming out of the SEC see FTC DOJ at OFAC and other global regulators that you need to be on top of this. And ignorance of the problem isn’t going to be an excuse. You just need to do it. And I’d say the fourth thing is back to this idea of the expanding regulatory perimeter that more companies are going to have financial crime obligations over time because authorities see it spreading everywhere. I mean, one of the things that came up with the commission report was the use of financial transfers in European football leagues as being part of money laundering and seeing no kind of economic reason for some of these transactions. They highlighted a couple of other areas. One was free ports. So that’s something that you can look forward to seeing more advice on potentially those things. And that’s the kind of stuff that politicians pick up on, by the way. And I would also just, you know, add to to the expanding regulatory perimeter point is that money laundering is offenses or charges are being wrapped up into bribery and sanctions busting offenses, as well. So if you are found to be violating sanctions regimes or engaging in bribery that comes with the money laundering charge as well.
Kimberley Cole 24:01
So absolutely, there’s a lot in the report. So I recommend everyone reads it. This one is great. What what are the next reports that you’re working on?
Rachel Wolcott 24:10
Well, next thing we’re ramping up for is our kind of what we kind of colloquially call the year ahead kind of forecast for 2020. Which is always a tough exercise to try to pick out some themes and a path where we see the year ahead might be going and we do that in all the jurisdictions and territories that we cover, which is everywhere. And the kind of regulatory intelligence analyst team that’s headed up by Susanna Hammond and Ashley Kovas, they are about to launch a special report on China which has been translated into Chinese – I haven’t seen it yet, but I’m sure it’s going to be great.
Kimberley Cole 25:03
That’ll be interesting. And then there’s always the cost of compliance report. There’s the Conduct Risk Report, which is always a good an annual read as well. So I recommend everyone takes a look at those. Okay, let’s move on to our rapid fire round.
Kimberley Cole 25:18
Risky Women is a vibrant network at the center of the global community in a rapidly growing, evolving and influential industry. Given the continued pace of change, our rapid fire round revisits the most pressing topics to share ideas and offer listeners new perspectives.
Kimberley Cole 25:37
What’s your one word to describe the world of governance, risk and compliance?
Rachel Wolcott 25:44
This one was really hard. I came up I settled on “misunderstood.”
Kimberley Cole 25:49
Being a word person to limit you to one word is a tough one.
Rachel Wolcott 25:53
Yeah, that was that like you put your finger on it. I was thinking, how many hyphens can I get away with.
Kimberley Cole 26:01
Misunderstood. Okay, interesting, the cure for the costs of compliance and the waves of regulatory change that we’re seeing?
Rachel Wolcott 26:09
I think it comes back to this idea of, you know, more leadership. And that’s hardly a new idea. Compliance officers, financial crime specialist needs to get support and risk managers needs support at the board level. And I don’t know if they always get as much as they need.
Kimberley Cole 26:29
A lot of talk about tone at the top, but maybe not enough action of tone at the top.
Rachel Wolcott 26:34
Yeah, I think there’s a lot of walking the walk and talking the talk that needs to happen. That’s my personal opinion.
Kimberley Cole 26:44
And are you optimistic, pessimistic or neutral for your outlook for the year ahead?
Rachel Wolcott 26:49
Well, the first thing that came to mind was ask me after the 31st of October, which is supposed to be you know, Brexit day but then, that is that is a tough one, I’m going to have to stay neutral at this point because I don’t have enough data to make up my mind.
Kimberley Cole 27:08
We have a few people neutral at the moment. And now a few fun questions. What is a book that you would recommend that everyone reads?
Rachel Wolcott 27:16
I would say Wolf Hall by Hilary Mantel, mainly because it’s a really good read. It’s really, really interesting. And she is a consummate storyteller. And I think that will fall as sort of a whodunit and why done it all at the same time. She’s just got a real talent for bringing the whole universe of the Henry VIII’s court to life. It’s very, very excellent writing and very fun to read.
Kimberley Cole 27:51
Excellent. And something to watch?
Rachel Wolcott 27:54
Well, I will commend everybody watch the New York Yankees coming up into the playoffs. I’m a big baseball fan and being able to watch baseball, on TV, when living in the UK is the best thing that ever happened. So I think everyone needs to watch baseball.
Kimberley Cole 28:17
Excellent. Your favorite podcasts?
Rachel Wolcott 28:20
Well, I really like Radiolab from WNYC in New York. And the reason is it’s science and it’s storytelling together. And that is just the you know, a magical combination. I really enjoy it, it shows some creative thinking, the show’s really instructive about unpacking a problem from kind of different and maybe unexpected directions. And I think that’s a really useful lesson for everybody.
Kimberley Cole 28:52
Great tips. Great insight into Thomson Reuters’ most recent AML and financial crime report and how that’s going to change what corporates need to be thinking about. Thank you very much, Rachel, for joining us. And I hope you’ll come back when we have the next report.
Rachel Wolcott 29:08
I hope so too. It’s been a pleasure, Kimberley. Thank you.
Kimberley Cole 29:10
Thanks for joining us.
Kimberley Cole 29:13
Hi, we’re always looking for sponsors. And if you’d like to get involved and help celebrate and champion women in risk, regulation and compliance, please get in contact at info@riskywomen.org we’d love to have you join the show.
Kimberley Cole 29:30
Thank you for listening to this exciting episode of Risky Women Radio to connect, champion and celebrate women in risk, regulation and compliance. I’m Kimberley Cole, based in Hong Kong. For more information on the Risky Women global network, head to our website and the episode notes and please be part of the ongoing conversation by subscribing to this podcast, connecting with us at Risky Women on Twitter or even reaching out to me directly by email.