frontiers in finance - KPMG

Reg

ulatio

n:all risk an

d n

o rew

ard?

fron

tiers in fin

ance

jun

e 2004

Regulation: all risk and no reward?

frontiers in financefor decision makers in financial services June 2004

Expanding regulatory horizonsRegulatory risks around the world are escalating andregulators are now interacting on many levels. So howcan you protect your organization everywhere fromrisks that can rise anywhere?

The art of compliance The role of the compliance function continues to evolve but what does a successful function look like?

Capital adequacy: insurers play catch-upPrudential regulation within the insurance sector ismoving towards a Basel II-type model. Can insurers step up to the challenge?

Beware: consumersHow can organizations successfully respond to an increasing consumer regulatory trend and what are the dangers they face?

A quiet revolutionChina’s accession to the WTO has profoundimplications for the country’s financial services markets, creating risks, challenges and opportunities in equal measure.

FINANCIAL SERVICES

For further information on issues raised,please contact:

Brendan Nelson

Global Chairman, KPMG’s Financial Services practiceKPMG LLP (UK)1 Canada Square Canary Wharf London E14 5AG United Kingdom

Tel: +44 (0) 20 7311 6157 Fax: +44 (0) 20 7311 5891e-Mail: [email protected]

Joseph Mauriello

Regional Coordinating Partner, KPMG’s Financial Services practice, AmericasKPMG LLP (US)757 Third Avenue New York, NY 10017 USA

Tel: +1 (212) 954 3727 Fax: +1 (212) 954 2394e-Mail: [email protected]

Steve Roder

Regional Coordinating Partner, KPMG’s Financial Services practice, Asia PacificKPMG in Hong Kong8th Floor, Prince’s Building 10 Chater Road Central Hong Kong

Tel: +852 (-) 2826 7135 Fax: +852 (-) 2845 2588e-Mail: [email protected]

Peter Nash

Head of KPMG’s Financial Services practice,Australia KPMG in Australia7th Floor, KPMG House 161 Collins Street Melbourne, Victoria 3001 Australia

Tel: +61 (3) 9288 5613 Fax: +61 (3) 9288 6986 e-Mail: [email protected]

Georg Rönnberg

Regional Coordinating Partner,KPMG’s Financial Services practice, Europe, Middle East and Africa (EMA),KPMG Deutsche Treuhand-Gesellschaft AG. Marie-Curie-Straße 30 D-60439 Frankfurt /MainGermany

Tel : +49 (69) 9587 2686 Fax. +49 (69) 9587 2688e-Mail: [email protected]

kpmg.com

Please visit www.kpmg.com/financial_services to learn more about KPMG’s Global FinancialServices practice

© 2004 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.
















01 Introduction

For financial institutions, regulatoryrisk is on the increase but there arebenefits to be had, if it is managedproperly.Brendan Nelson

06 Expanding regulatory horizons

Regulatory risks around the worldare escalating and regulators arenow interacting on many levels. So how can you protect yourorganization everywhere from risksthat can rise anywhere?Hugh Kelly and John Somerville

10 The art of compliance

The role of the compliance functioncontinues to evolve but what does asuccessful function look like?Pamela Hauser and Marcus Sephton

14 Capital adequacy: insurers play

catch-up

Prudential regulation within theinsurance sector is moving towards a Basel II-type model. Can insurersstep up to the challenge?Tim Childs and Peter de Groot

18 Beware: consumers

How can organizations successfullyrespond to an increasing consumerregulatory trend and what are thedangers they face?Douglas Henderson and Sarah Willison

22 Fighting financial crime

Financial crime continues to pay, butfinancial institutions can fight back byimplementing a comprehensive, risk-based program.Bernard Factor and Giles Williams

26 No entry for money launderers

UBS, one of the largest Swiss globalbanks, shares its thorough approachto combating financial crime.Stuart Robertson

30 Avoiding the regulators’ red flag

on outsourcing

When implemented properly,outsourcing has proven its worth,but regulators are insisting financialinstitutions exercise more care.Michael Conover, Scott Harrison andJohn Machin

34 Tracking the European

single market

Financial institutions need tounderstand how evolving singlemarket legislation could affect themand how they could influence itsdevelopment.Dirk Auerbach, Richard Cysarz andJonathan Jesty

38 A quiet revolution

China’s accession to the WTO hasprofound implications for thecountry’s financial services markets,creating risks, challenges andopportunities in equal measure.Jack Chow, Paul Kennedy, Bonn Liuand Stephen Yiu

44 A common language for a

common goal

A computer language, XBRL, willhelp regulators worldwide improvetheir reporting processes, and itsvalue will extend to financialinstitutions.Michael Elysée, Geoff Shuetrim and John Turner

48 Basel II, OECD and tax: a complex

relationship?

Banks need to consider carefully how tax and regulation impact oneach other and what they should be doing to manage the effect.Jörg Hashagen and Jane McCormick

In this issue

The information contained herien is of a general nature and is not intended to address the circumstances of any particularindividual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that suchinformation is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on suchinformation without appropriate professional advice after a thorough examination of the particular situation.

KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms. KPMGInternational provides no audit or other client services. Such services are provided solely by member firms in their respectivegeographic areas. KPMG International and its member firms are legally distinct and separate entities. They are not and nothingcontained herein shall be construed to place these entities in the relationship of parents, subsidiaries, agents, partners, or jointventurers. No member firm has any authority (actual, apparent, implied or otherwise) to obligate or bind KPMG International or any member firm in any manner whatsoever.

© 2004 KPMG International. KPMG International is a Swisscooperative of which all KPMG firms are members. KPMGInternational provides no services to clients. Each memberfirm is a separate and independent legal entity and eachdescribes itself as such. All rights reserved.

Editor: Melanie Hutchings e-Mail: [email protected] by Mytton WilliamsPrinted by Jevons Brown, UKProduced by KPMG’s Global Financial Services practice

208652


KPMG’s frontiers in finance June 2004 1

Much has happened in international financial services in thepast six months. Business confidence has improved as theeconomies of the world’s richest countries have recovered,most noticeably in Asia, North America and the UK. There are still weaknesses in the economies of continentalEurope, but the Organisation for Economic Co-operationand Development (OECD) is predicting real GDP growth inthe eurozone of 1.8 percent this year,and 2.5 percent in 2005.

Financial markets around the world got off to a good start in 2004, adding to the impressive gains of last year.“Improvements in global growth prospects and corporatefinances, coupled with a robust appetite for risk,underpinned increases in equity and credit prices,” says the Bank for International Settlements* (BIS) in its firstquarter review. “Not even further revelations of corporatemalfeasance seemed to unsettle investors.”

It would be hard to get more bullish than this, which is why merger and acquisition activity in the financial servicessector has started up in earnest after two years in thedoldrums. Much of this is confined to domestic markets,but we are seeing significant cross-border activity too, withbanks and insurers pursuing acquisitions in Europe and theUS. And there is intense activity in emerging markets,particularly in China which is drawing direct and indirectforeign investment into its banks and insurance companies.

Regulation:all risk and no reward?

*BIS Quarterly Review March 2004 © 2004 KPMG International. KPMG International is a Swiss cooperative of which all KPMG firms are members. KPMG International provides no services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. All rights reserved.

Unfortunately, with all this renewed activity comes notjust the promise of reward, but the risk of failure. Marketrisk, credit risk, operational risk – you name them, allthese risks and many more loom larger on risk managers’radar screens when their companies are in expansionmode. And in an environment of change and heightenedrisk the regulators are monitoring the situation ever moreclosely to maintain the stability of the financial system,prevent financial crime and protect the interests ofcustomers.

Regulatory risk is on the increase…

So from a financial institution’s point of view, regulatoryrisk must be high on the risk agenda. Despite globalization,we still live in a very diverse world when it comes tofinancial services regulation. In some countries, intensiveregulation has been around a very long time, and althoughthe issues change and best practice evolves, the art ofcompliance is generally well developed. But in others,where regulations and regulators are much younger –especially in the area of dealing with customers asopposed to prudential and capital issues – even theconcept of a compliance function and what it should do is quite new.

This issue of frontiers in finance is designed to helpreaders in all regulatory environments – from the matureto the recently created – in understanding the issues thataffect them. Any firm that falls foul of the regulators facesnot only having to pay fines and compensation, it alsofaces major reputational damage.

2 KPMG’s frontiers in finance June 2004



In the US, we have seen very large fines and remedialactions imposed on major financial institutions for conflictsof interest between their research and investment bankingactivities, and on mutual fund companies for late trading andmarket timing abuses. In the UK, retail banks and insurerscontinue to be punished for mis-selling financial products toconsumers. And in various jurisdictions, institutions havebeen disciplined for failing to comply with anti-moneylaundering measures. There are countless other recentexamples of regulatory failure and regulator enforcementaction across the globe.

…but there are rewards

So regulatory risk has become, perhaps, the biggest risk of all. But it does not have to be a case of ‘all risk and noreward’. There are benefits to be had, if it is managedproperly.

If a bank achieves higher risk management standards under the new Basel Capital Accord, it will benefit fromlower capital requirements. If, as insurance regulationmoves to a more risk-based approach, an insurer handles its risk management issues effectively, it will become more capital efficient.

If firms consider their compliance arrangements asstrategically critical, there is great scope for benefits intechnology leverage, business and functional integration,resource optimization and cost reduction.

If, in dealing with consumers, retail financial servicesproviders take on the spirit and objectives of regulation, not just the letter of the law, there are great opportunities for reward from consumers with their continued custom and loyalty.


And if groups set themselves, and demonstrably maintain,high standards of governance, customer treatment andcompliance, they are entitled to expect the ‘regulatorydividend’ of less onerous and intrusive supervision from theregulators. We believe that regulators should be seen to beproviding such an incentive more extensively.

Regulatory risk must be managed

That’s why we’re focusing on regulatory risk and reward inthis issue of frontiers in finance. We deal with a number ofthemes, but four in particular stand out.

The first is the increasing globalization of regulation. Thereis an increasing degree of coordination between nationalregulators on policy, supervision and enforcement matters.The ripple effect should not be underestimated. On theother hand, detailed rules still differ widely from country tocountry. Both phenomena create extra risk for global groups.

The second key theme is the regulators’ focus on effectivecorporate governance, the role of the board and especiallythe accountability of senior management, with regulatorsmaking it clear (in a variety of ways and with a variety ofpowers) that they will hold senior managers responsible forany significant regulatory failures in their organization.

The third theme is rising consumer protection. As Sir BrianPitman, Senior Adviser to Morgan Stanley, pointed out at a European retail banking conference recently, “caveatemptor, buyer beware, is steadily being eroded in most ofthe western world.” We are moving towards a principle of‘let the seller beware’, with the onus falling on personalfinancial services firms to ensure that customers buy theappropriate products.




The fourth is the convergence of regulation across differentfinancial sectors. There has been a trend, with notableexceptions, for countries to merge their various financialregulatory bodies into a single regulator. And although thereare still big differences in the way different sectors aresupervised, moves are being made in many countries toput all sectors on similar supervisory footings. Oneconsequence is that an issue or expectation arising in oneindustry sector is rapidly extended across all other sectors.

But, as with all types of risk, there is an upside as well as a downside. The essence of any type of business – andfinancial services is no exception – is that if regulatory risksare properly identified and managed, then the regulatoryenvironment can be turned to business advantage.

So regulation is definitely not ‘all risk and no reward’. The rewards are there to be taken. Financial servicesregulation is at different stages of development around theworld. Readers in countries where it is a relatively newconcept may want to learn more about what goodcompliance looks like. Readers operating in jurisdictionswhere regulation has long been a fact of life may want tobenchmark themselves against best practices operating inother companies to ensure their regulatory riskmanagement is up to scratch. Either way, we hope you findthis issue of frontiers in finance useful.

Brendan Nelson, KPMG LLP (UK)Global Chairman, KPMG’s Financial Services practice


For multinational financial services firms, regulations worldwide are everincreasing; regulators are becomingmore aggressive and compliance risksare growing. Regulatory standards aregetting tougher. But standards aregetting tougher in different ways indifferent jurisdictions. Regulatoryenvironments around the world remaindisparate and often contradictory, evenas they become more stringent. Thisposes a serious challenge for globalorganizations – particularly theircentral/head office risk and complianceoversight arrangements.

Of the largest international financial sectorregulatory and control failures of the last10 years, a very high proportion derivedfrom operations away from the group’shome-country and center of risk control. In many cases, these failures were injurisdictions where the group’s operationswere not particularly significant.

As businesses become decentralized intheir management structures, in manycases relying on a complex matrixmanagement configurationencompassing a mixture of line ofbusiness, geographical and legal entityreporting structures, the challenge of

obtaining sufficient assurance atgroup/head office level that globalregulatory risks are well understood andmanaged has greatly increased.

Successfully meeting this challengerequires unprecedented rigor in corporategovernance, group risk management,and regulatory compliance arrangements.

A shrinking worldRegulators are talking on many levels:

• Multilaterally through internationalsupervisory bodies, such as the BaselCommittee, the InternationalOrganization of Securities Commissions(IOSCO) and the InternationalAssociation of Insurance Supervisors(IAIS), as well as the cross-sectorcoordination efforts of the Joint Forum.

• On the regional level, e.g. in Europewhere the focus of the European Union(EU) and Committee of EuropeanSecurities Regulators (CESR) is nowexpected to move rapidly from policy to implementation/enforcement;

• And, most significantly for individualgroups, bilaterally: home-countryregulators are increasingly talking invery specific terms to the host countryregulators across the world of their

supervised groups. For example, theJapanese Financial Services Authority(FSA) holds regular bilateral meetingswith the UK’s FSA, the US FederalReserve (Fed) and Office of theComptroller of the Currency (OCC), and Germany’s Bundesanstalt fürFinanzdienstleistungsaufsicht (BaFin).So, for example, a compliance problemin a small Japanese subsidiary of aglobal organization can come to theattention of a home-country regulatorand rapidly become a big issue. Indeed,emerging issues such as the Basel IICapital Accord and increased financialsector reliance on cross-borderoutsourcing arrangements, will provideeven greater impetus to home-countryregulators to coordinate more closelywith their host country counterparts inthe future.

It has become critically important,therefore, for group senior managementand compliance and control functions tounderstand, for every jurisdiction wherethe group does business, both thecharacter of the current regulatory regimeand the trends in regulation that affectthat regime; and how their own operation’sbusiness, governance and risk profilemap against that external assessment.


Expanding regulatoryhorizons

Regulatory risks around the world are increasing and oftendifficult to track. Unless your regulatory risk managementoperations are effective, you may not understand, let alonemanage, your growing risks nor maximize your emergingopportunities. By Hugh Kelly and John Somerville




Global challengesBut how do you protect your organizationeverywhere from risks that can ariseanywhere?

“These are big challenges,” SeanHughes, Group Head of Compliance for Australia’s international bankingorganization ANZ, tells KPMG. As a firststep, he emphasizes the importance offostering an understanding of thefundamental business benefits ofcompliance. “As complianceprofessionals, we want our people toown their compliance obligations. If theydon’t see the sound business reasonsfor complying with regulations, it’s hardfor them to be willing to expend theresources necessary to do so.”

Sound business reasons for rigorouscompliance operations include, ofcourse, the avoidance of regulatoryviolations and enforcement actions. But the benefits do not stop there. A proactive attention to compliance can, in fact, help you educate regulatorsabout the nature of your business andinfluence the development of theregulatory environment. Listed beloware strategies that can help you achieveboth sets of benefits.

Strategies for successAssume the aggressive trend

among regulators will continue

Regulators everywhere must be seen as tough and effective to meet theexpectations of their stakeholders – and, fundamentally, to fulfill their raisond’être. The publicity of a successfulenforcement action can be helpful tothem, both in demonstrating theireffectiveness and in conveying adeterrent message. Groups which are‘tall poppies’ in local markets may beespecially at risk. Such awareness shouldbe built into your business risk profiles.

Know your regulators

Leading groups are proactive. Seniorhead office representatives meet oftenwith local regulators. They activelyparticipate in local industry policydevelopment and debate, inputting toregulators during development of

regulations, rather than reactingnegatively once new regulations areissued.

Global groups can also benefit fromhelping to inform local regulators –particularly in emerging regulatoryjurisdictions – about industrydevelopments in other financial centers.For example, a multinational insurancefirm recently helped Japanese regulators become more open to trendselsewhere by creating a joint effort tostudy how other insurance marketswere deregulated.

Let your regulators get to know you

This will help regulators understand your business. In some large banks inGermany, for example, regulators areinvited to sit in on meetings of thesupervisory board. In the US, the OCCand the Fed have resident examinerspermanently located in large banks inorder to facilitate real-timecommunication with bank managementand quicker follow-up on issues andrisks. And in Japan, dialogue betweenregulators and firms’ internal audit stafffrom head office has improved as theJapanese FSA shared its perceptions of the local operations’ risks and theirregulatory concerns.

Know your business thoroughly,

including your weak spots

Companies may know their own localregulatory environments well, but theycan sometimes overlook those ofoverseas countries where they are eithernew or only small players. Issues may notget onto their ‘radar screen’ due to therelative size of the local operations. Forexample, in Australia, some foreign bankswith large home-country operations hadnot considered the possible impact of

Australia’s new licensing regime. As aconsequence, some have been very latein turning their attention to the issue. It isnow too late to take action, and they arefacing a risk of either operating without a license with attendant threat of finesand reputational damage; or having towithdraw temporarily from the relevantbusiness.

Assess the effectiveness/sufficiency

of your global and regional

compliance oversight functions

Are you able to track standards ofcompliance and emerging risks in all the countries where you operate?Regulators are increasingly scrutinizinggroups’ oversight of overseas operationsand examining the adequacy of theircentral controls. What resources do youdevote to this? How well structured isthe process? How much is it based onon-site challenge to the overseasoperations and how much reliance isplaced on self-assessment stylereporting? What is the quality of groupreporting of global compliance risks (aswell as issues that have already arisen)to the group board/audit committee?

Challenge whether you have the right

balance between global standards and

local compliance procedures

For example, some organizations take theregulation providing the highest standard(from among all of the countries in whichthey operate) and apply this standardacross all jurisdictions. While this resultsin‘over-complying’, some groups considerit to be a more effective and manageablepractice than applying and trackingmultiple rules in multiple jurisdictions. But, they cannot apply this rule withoutflexibility. So, if in a particular jurisdiction itmakes good commercial sense to adopt a lesser standard or rule in line with localrequirements, then this should beconsidered.

Other groups adopt a limited number of high level group compliancestandards/principles with which all theirglobal operations must comply and thenoverlay the detailed local requirements in each jurisdiction.


A proactive attention tocompliance can, in fact,help you educate regulatorsabout the nature of yourbusiness and influence the development of theregulatory environment.



Whichever approach is adopted, localoperations may complain that they cannotcompete effectively when they aresubject to more onerous requirementsthan their local competitors. That’s whenthe tough decisions have to be madearound the different pulls of risk,reputation and profitability.

Compliance awareness and

accountability must be integrated

in core business operations

In some countries with less developedlocal regulatory environments, this iseasier said than done. But, unless localbusiness management heads are boughtinto the need to adhere to high standardsof conduct and group complianceprinciples, and take ownership ofcompliance themselves, the effectivenessof local compliance functions will beseverely constrained. Group/head officemanagement have an important role toplay in setting the right expectations in thisarea of subsidiary/divisional management.

Good communication is essential

Ensure efficient compliance and issuesreporting, particularly withincommunication channels betweenheadquarters and all subsidiaries. Mostorganizations have found the need tocombine regular written status reportswith mechanisms to encourage lessformal and more immediate dialogue,e.g. regular and ad hoc telephonecontact. Information once thoughtincidental, such as a risk managementissue within a small subsidiary, must beable to reach the attention of seniormanagement quickly.

Again, Sean Hughes at ANZ emphasizesthe importance of communication aboutcompliance. “We operate on a ‘nosurprises’ basis,” he says, “whichmeans bad news within the organizationreaches senior management, who, along with me, present discoveries of compliance failures to regulators. We don’t wait for them to discover ourmistakes”. Most organizations aspire to the same, but achievement of thisrequires exceptionally strong andeffective lines of communication andmeasures to mitigate a ‘blame culture’.

Know your competitors

Monitor other firms’ issues withregulators and assess the extent towhich you share their exposedweaknesses. Don’t assume theirtroubles cannot become yours.

Benefits of a global complianceapproachAmong the benefits of fostering aneffective global compliance approach in these ways are:

Reputation protection: Top of the list –a ‘must have’ – for financial sector CEOs. The cost of poor regulatory riskmanagement can be very significant interms of reputational loss in localmarkets as well as globally.

Promotion of your global brand: Theeffective implementation of globalcompliance standards will make it easierfor you to create and meet commoncustomer expectations worldwide,particularly around the core values ofintegrity and fair dealing.

More efficient operations: As well assynergies in compliance processes,businesses that communicate wellacross national boundaries on risk andcompliance issues tend to learn morequickly and effectively about what workswell and can be shared (e.g. use oftechnology in compliance managementand surveillance).

The exponential growth of financialservices regulation, its disparate detailand the increasing aggressiveness ofmany country regulators all highlight anarea of increasing reputational risk toglobal financial services groups.Management of this risk requireseffective compliance structures,excellent communication, clear commonstandards and active regulatorrelationship management. Head officeregulators are increasingly challenginggroups’ governance in this area andefforts to ensure such challenges can beeffectively answered are likely to behandsomely repaid.

➜ CEO discussion points

➜ How good is our understanding ofthe regulatory environments andtrends in all the jurisdictions in whichwe operate?

➜ How well do we evaluate ourstandards of compliancearrangements in all of thosecountries?

➜ How well are our global and regionalcompliance oversight structuresdesigned and resourced?

➜ What is the quality and depth of ourdialogue with regulators in eachjurisdiction?

➜ How quickly are potentialcompliance concerns, wherever they arise in the world, notified andescalated to group compliance andgroup management, and is it quicklyenough to enable effective pre-emptive action to be taken?

Hugh C Kelly

Director, KPMG LLP (US)KPMG’s Regulatory Risk Advisory ServicespracticeTel: +1 (202) 533 5200Fax: +1 (202) 533 8528e-Mail: [email protected]

John Somerville

Partner, KPMG in AustraliaHead of KPMG’s Financial Risk Managementand Regulation and Compliance practicesTel: +61 (3) 9288 5074Fax: +61 (3) 9288 5977e-Mail: [email protected]

For more information please contact:





Some of the most celebrated recentscandals are cases of fraud or outrightmis-management. It is notable that theworst cases are not in the financialservices world, however, there areenough examples of regulatory andcompliance failures to make this aspecial area of focus. Just think ofmutual fund practices in the US, andpension and mortgage endowment mis-selling in the UK. And think also of the reputational impact on the firms involved in these scandals.

How are businesses responding?In all these cases the authorities areholding business leaders to account – in the most serious cases through thecriminal courts – for regulatory failures.How are successful business leadersresponding to this challenge? Through a focus on corporate governance with a combination of:

• Setting out a clear vision for theorganization, with clarity around valuesand desired culture.

• Recognition that primary responsibilityfor regulatory risk management restswith the board and seniormanagement.

• Clear accountabilities, delegatedauthorities, objectives and performancemanagement and reward.

• Unequivocal business standards andexpectations of behavior.

• Risk management and oversight.• Independent internal audit.• A function that advises on and monitors

regulatory risks and standards ofcompliance.

An increasingly vital element of theresponse of businesses is this lastdevelopment: a function whose purposeis to help businesses manage regulatoryrisks and compliance. This articleexplores how the function is developingand evolving in different parts of theworld, and some of the essentialingredients for success.

As a reader, your response to thechallenges set out in this article will varydepending on the jurisdictions in whichyou operate. Those sitting in Australia,the US and the UK, for example, whichare more mature markets in terms ofregulation, may welcome the opportunityto go back to basics, to stand back fromthe day-to-day challenges of heavilyregulated markets and ask: what is our

The art of compliance

Amid the constant ramping up of expectations by the public,by government, by consumers and by regulators, and thespate of corporate scandals over the last few years, those whorun financial services organizations are asking “Are we doingeverything we should be doing to prevent a problem blowingup in our face?”. By Pamela Hauser and Marcus Sephton

compliance function trying to achieve,and what progress have we madetowards that objective? Those in othercountries may be asking themselvesdifferent questions – where do we beginin developing a compliance function andwhy do we need one anyway? Surely ourlegal/internal audit/risk functions coverour regulatory responsibilities?

This very fact illustrates one of thegreatest challenges for multinationalgroups – how to establish compliancefunctions and a compliance frameworkwhich are capable of providing anexecutive and board with appropriateinformation to assess the level ofregulatory risk within a group, when‘compliance’ means different things indifferent jurisdictions and the skill basefor conducting the work varies so widelyaround the world.

The changing face of complianceand regulatory risk management‘Compliance’ is a term that has beenaround for some time in many countries,but it is often used without consistencyor consensus as to its meaning and oftenwithout too much thought. ‘Compliance’– and the associated scope of the



compliance function – can thereforemean many different things to differentorganizations. For some, that scopeembraces all or many of the laws andrules that the business faces, includingfinancial services regulations, dataprotection, disclosure requirements, etc.For others, the scope can be limited toelements of the rules of the financialservices regulator(s), including:

• How the business conducts its affairswith customers and other externalparties.

• How the business manages its owncapital.

• The effectiveness of internal systemsand controls.

• Corporate governance and seniormanagement responsibilities.

These variations in the scope of thecompliance function are largely due tothe fact that the need for such a functionhas emerged as regulatory regimes havedeveloped, and the scope and role of thefunction is often shaped by the regulatoryfocus in that regime.

In the US, for example, the in-housefunction has had a long history, initially in the areas of anti-trust laws, highlyregulated industries such as financialservices, and activities involving risk topersonal safety or the environment. Oftenthis function has been staffed by lawyersand has tended to focus on technicalaspects of interpretation of the rules.

Outside of the US, in the UK andAustralia, the breadth of regulation haschanged to cover not just prudentialrequirements but also the manner inwhich products are sold, theresponsibilities of senior managementand the effectiveness of controls.Compliance functions have thereforebecome business consultants, whoadvise the business across a whole rangeof activities which may be impacted byregulation. This requires a completelydifferent mind – and skill – set.

This more active role is also illustrated bythe way in which compliance functions inmore highly regulated jurisdictions

monitor the extent to which theircompanies are complying with the rules– a responsibility which is recognized inthe October 2003 Basel consultativedocument, “The compliance function inbanks.”

In summary , taking a broad view ofcompliance functions around the world,what we can say is that:

• Whatever the jurisdiction, there isincreasing acceptance among financialorganizations of the need for aspecialist function that assists thoseorganizations in understanding how tocomply with a defined set of rules andregulations. For each organization thatset of rules might be different; thecrucial thing is to be clear about thescope of the function.

• But this does not mean that thecompliance function is responsible for‘ensuring’compliance with the rules –there is widespread recognition amongregulators that the burden ofmaintaining adequate controls to meetregulatory requirements rests squarelywith management. At the same time,regulators themselves recognize thevalue of a separate and independentcompliance function that supportssenior management in relation to theirregulatory responsibilities, monitorsstandards of compliance within thebusiness and alerts seniormanagement to key regulatory risks. In the absence of such a function,regulators understand that there is avery real risk that those at the top oforganizations will be unaware of thestandards of compliance within theirorganizations.

So, the need for a compliance function is accepted. But in regulatory circles the talk now is not just of compliance – a simple ‘meeting the letter of theregulations’ approach – but also of‘regulatory risk management’, sinceregulators and financial services groupsin many countries are increasingly seeingcompliance with regulations as anotherarea of risk to be managed – indeed as asubset of operational risk.

Unlike other forms of risk management,there is less scope to live with or takesteps to mitigate regulatory risk; ascompliance with the law and regulationsis not optional. Where responsibility forregulatory risk management lies withinorganizations varies significantly. Insome countries the move is towardsdeveloping compliance functions thatcan take on this new and moredemanding role.

A clear sign of this change in thinking is evident in both the UK and Australia,where the function now commonlyreports through to the Head of Risk andis positioned internally to work closelywith the operational risk team. This isopposed to the strong trend in the USwhere the function typically reportsthrough to the Head of Legal.

So what is the role of a compliancefunction and what can and should itachieve?

Different places, differentchallengesWhen establishing compliance functionsthere is no ‘one size fits all’ solution. Theresponse will vary according to therelevant jurisdictions. Some things,however, are clear:

• The role of the function must be clearlydefined with measurable objectivesagainst which its progress can bemonitored and assessed. In simpleterms this means considering theextent to which the compliancefunction will take responsibility for:– educating and briefing the business

on the regulatory requirements whichimpact upon it;

When establishingcompliance functions there is no‘one size fits all’solution. The response will vary according to therelevant jurisdictions.



– assisting the business to develop itsown controls and associatedprocedures;

– monitoring the effectiveness of thosecontrols, reporting on the results anddefining remedial action to addressweaknesses identified;

– tracking regulatory developments and maintaining good relationshipswith regulators.

• The compliance function must beindependent. Successful compliancefunctions within groups often have tworeporting lines – one to the CEO of therelevant business unit and one to theHead of Group Compliance whoreports in to the parent company.

• The compliance team must have theright skill set. In countries where theconcept of a compliance function isnew, these skills are often drawn fromlegal and internal audit departments.What is vital is that the compliancefunction understands not just theregulations but also the business –indeed the markets – in which anorganization operates and can providepractical solutions to regulatorychallenges that do not involveexcessive or disproportionate costs,where this is avoidable.

The forces that are shaping the functionDespite all we have said about thedifferences in compliance functionsaround the world, there are a number of forces at work that are pushing in the same direction:

• The convergence of regulators’thinking: Regulators increasingly agreeon the need for a compliance function.However, in many countries thisconcept is a new one, not just fororganizations but also for regulators, soexpectations for the function will vary.

• The impact of Basel: The Baselconsultative document was issued aspart of the ongoing efforts of the BaselCommittee to address banksupervisory issues and enhance soundpractices in banking organizationsaround the world. The documentprovides basic guidance for banks and

sets out banking supervisors’ views oncompliance in banking organizations,although it acknowledges the differingregulatory environments and approachesto compliance functions that exist fromjurisdiction to jurisdiction.

• Cost effectiveness and businessbenefit: All businesses, wherever theyare located, operate under costconstraints and these apply as much to compliance functions as to any otherpart of an organization’s operations. In fact, some might argue that the costpressures are greater on a functionwhich is often seen as an expensiveoverhead, rather than a vital part of therisk management framework.

The concern among senior executivesis that the compliance function thatthey establish will grow exponentially,as it addresses the need to monitor thebusiness. This is not necessarily so: incountries where compliance functionshave matured over time, experiencehas shown that the key to success isnot to employ armies of compliancemonitors but rather to ensure that thereis a partnership approach between thebusiness and compliance oversight,that key risk areas within the businessare identified and that resources aretargeted appropriately. Also, with theefficient use of technology, for exampleto assist in the collation of managementinformation, some financial servicesorganizations are finding that theircompliance function has grown smallerover time as they learn the art ofcompliance.

As regulators’ thinking on compliancefunctions converges, and as businessesbecome more complex in terms of thenature of their activities and thecountries in which they operate, theneed for an effective compliancefunction becomes ever greater. Thatfunction will evolve over time – as itdoes, it can develop its role and take onmore active oversight of the business.The end game must be that thecompliance function becomes anessential part of the risk managementuniverse.


New compliance functions

➜ Have you established a compliancefunction for all of your operations?

➜ If not, what objectives do you havefor your compliance function?

➜ Where can you find the necessaryskills for this function?

➜ How will you maintain theindependence of the function?

For those where the function

is already set up

➜ How does your compliance functionmatch up to its original objectives?

➜ To what extent is that functionactively helping you to manageregulatory risks?

➜ How do you measure the cost ofcompliance and how is this beingmanaged for cost effectiveness over time?

Pamela Hauser

Director, KPMG in AustraliaKPMG’s Regulation and Compliance practiceTel: +61 (3) 9288 6074Fax: +61 (3) 9288 6666e-Mail: [email protected]

Marcus Sephton

Partner, KPMG LLP (UK)KPMG’s Regulatory Services practiceTel: +44 (0) 20 7311 5171Fax: +44 (0) 20 7311 5882e-Mail: [email protected]






Preparing for Basel II, and complyingwith Basel I‘s market risk requirements,has compelled many banks to investsubstantially in highly sophisticated riskmeasurement models and managementpractices to satisfy their regulators andhelp maintain their competitive positionin the marketplace.

Even those banks regarded assophisticated, however, have beendaunted by Basel II’s data and systems’requirements and their implementationcosts. At the same time, they have yet to see the effects of the enhancedtransparency expected to result fromincreased disclosures. As Basel IIcontinues to evolve, however, itsinfluence is extending beyond banking tochallenge the insurance sector with theprospect of a new approach to capitaladequacy that is risk-based and marketfocused.

Risky business The European Commission’s (EC)development of Solvency II is onesignificant indication that prudential

regulation within the insurance sector is moving inexorably towards a Basel II-type model – one in which internalmodels are used to establish capitalrequirements, and the risk managementframework adopted by the board andsenior management is scrutinized byboth regulatory authorities and themarket (see sidebar). However, theoutcome for Solvency II is by no meanscertain and there is still a lot ofnegotiating to be done.

Many international bodies are seeking to influence Solvency II: the InternationalAssociation of Insurance Supervisors(IAIS), for example, which represents150 jurisdictions and has a set of coreprinciples for insurance supervision, isexpected to be extensively involved inthe evolution of Solvency II. Moreover,countries including the Netherlands and the UK are anticipating its policies by developing their own risk-basedapproaches to insurance regulation. In the wake of these developments,insurance leaders worldwide havenumerous questions, including:

Capital adequacy:insurers play catch-upThe insurance sector has generally followed the lead of others with regard to risk management and capital adequacypractices. Change is coming, however, driven by regulators,the capital markets, and, increasingly, leading insurers thatrecognize the business benefits of a new regulatory model. By Tim Childs and Peter de Groot

• Why is a new approach appropriate forinsurance regulation?

• How are new risk-based approachesdeveloping, and what are their potentialimplications for insurers?

• What business benefits could offsetthe potential cost of compliance?

A Solvency I I snapshot

Like Basel II, Solvency II in theEuropean Union (EU) is expected totake a three-pillar approach to capitalrequirements, regulatory supervision,and market discipline. Its aims include:

• Enhanced policyholder protection.• Greater transparency, comparabilityand coherence.

• A methodology positioned to reflectrisks in individual companies and avoidunnecessary complexity.

• Avoidance of unnecessary capitalcosts.


in this region for many years, butcountries including Singapore, Korea,and Hong Kong are beginning to focusmore on managing their capital, data, and shareholders’ expectations. They are looking to Australia, Europe, and the US for useful lessons.

A risk-based model offersinnumerable benefits…A fundamental business question forinsurers is: Are you charging enoughpremium to cover your risks and yourcapital costs? The argument is that if you can’t prove to shareholders that abusiness is profitable, you should not beunderwriting it. Being focused on risk,Solvency II can be expected to addressthose issues:

• A more transparent system will helpinsurers make decisions based oncapital needs; thus, business strategycan be aligned with the capital used in the business.

• Risk modeling can help you assesscapital needs more closely, identify andevaluate major risks, and determinecapital implications by risk category.

• Scenario analysis can enable a futurefocus, rather than past-period snapshotanalysis.

…but, the transition posesconsiderable practical difficulties The problem, of course, is that manyinsurance companies lack sufficient lossdata, and highly developed riskmanagement models, to make riskdecisions effectively. Taking risk isinsurers’ bread-and-butter, but,paradoxically, their own risk managementsystems have long been considered lessrobust than that of banks:

• Many insurers lack a sophisticatedmeans of evaluating exposures tolosses – the foundation of a capitalrequirements calculation. Or, they donot trust the data: if their modelsrecommend a GBP£600 premium, butthe market will bear only GBP£400,some may choose to maintain marketshare by charging the lower price – atactic that has resulted in some largebusiness losses.

Changing approaches to capital adequacy When the EC and its member statesinitiated the Solvency II project in 2000, a primary goal was to better align capitaladequacy requirements with the truerisks of insurance companies. The capitalmarkets will increasingly demandimproved transparency in the insurancecompanies in which they invest. To thatend, closer alignment between SolvencyII and the proposed InternationalFinancial Reporting Standards (IFRS) isexpected, which could pose significantthreats to Europe’s current fixed-ratiocapital adequacy model.

Moreover, in the wake of Basel II, the EUand other regulatory bodies also saw anincreasing need for a level playing fieldacross the financial sector globally aswell as an emerging trend towardconvergence of prudential rules fordifferent sectors.

Talking to KPMG, Paul Sharma, Head ofPrudential and Accounting Standards atthe UK’s Financial Services Authority(FSA), says “Basel is exerting indirectpressure on insurance regulators inEurope to move to a risk-basedapproach. Within single regulators, likethe FSA, there’s a lot of institutionalpressure that says, ‘we’ve got onereputation, one quality way of doingthings; it’s not acceptable to offer asecond-rate product when it comes toregulation in the insurance sector.’ Incountries with separate regulators, theinsurance regulators are recognizing theneed to ‘show that they’re able tomodernize without being merged’.”

Several market factors intrinsic to the insurance sector also play an important role in the drive forSolvency II: The presence of financialconglomerates (of banks and insurancecompanies), and regulators’ consolidatedsupervision of such entities, createsadditional pressure on regulators toimpose similar capital and accountingstandards across sectors.“If I were theleader of a conglomerate,” notesSharma, “why would I want strong riskmanagement in the banking (less risky)part of my business and less strong riskmanagement in the insurance (morerisky) part of my business?”

Cross-sectoral arbitrage – where risk is transferred from the banking sector to the insurance sector because lesscapital is required to support the risk,such as in the use of credit derivatives –is becoming increasingly prevalent andhas the potential to create increasinglylarge flows of capital from one sector to another.

High-profile failures of insurancecompanies in countries worldwideunderscore the need for regulators tocatch up with the market – and forinsurance companies to betterunderstand their risks.

Foreign investor expectations are alsoimportant factors in some Asiancountries. Growth has been the model




• Like banks, insurers struggle withdefining risk appetite (that is, what aremy major risks, how much risk am Iprepared to accept, am I taking enoughrisk?) and then building the answersinto a policy framework that drives therisk management of the business.Solvency II can be expected to focusminds on establishing a clearer linkbetween how much capital is used inunderwriting and how much is used to value that potential business.

• Banks have long relied on formalizedkey performance indicators andscorecards. Many insurers, on theother hand, have yet to differentiatetheir risks – insurance, market, credit,liquidity, operational – and to work outthe interactions between them.

• Many insurers are unable to quantifytheir exposures to individual re-insurerswithout significant manual interventionin systems that do not capture thatfundamental information.

These data inadequacies are formidable.Yet building the systems, and capturingthe necessary data, will demand sizableinvestments of time, energy, andfinancial resources. Many companieshave yet to be persuaded of the value ofthose investments.

Why are some insurersembracing a new model?Even among those US, Australian andAsian insurers that use risk-based capitaladequacy models, the goal of increasingmarket share has historically takenprecedence over improving profitability.But some senior leaders around theglobe are reconsidering their businesspriorities. What factors are driving thisshift?

Capital is expensive. Effective use ofcapital becomes increasingly importantin an environment in which insurers havelost money on their investments, and, as in Japan, face a negative spread. To secure lower-cost capital, and to meetshareholder expectations, insurers willface increasing pressure to demonstratehow they calculate both premiums andtheir risks.

Profitability is increasingly preferableto volume. Increased capital marketscrutiny means that competitors thatunder-price will find their ability to stay in the market severely limited.

Regulators worldwide are holdingsenior management to a higherstandard. A comprehensiveunderstanding of different risks and theirimpact is not common among insurers’senior management and boards.Information may be available internallybut may not be shared appropriately withthe most senior level of management – a situation that regulators will finduntenable in a post-Enron world.

What are the implications forinsurers?As Solvency II evolves, nationalregulators worldwide are moving towardrisk-based capital adequacy models in a variety of ways and at varying speeds.Insurers now need to consider theirstrategies for meeting the increasedregulatory burden to preserve, orenhance, their competitive position inthe market. They also need to considerhow to align systems and datamanagement strategies with parallelstandards such as IFRS. New resourceswill inevitably be needed.

Solvency II is more than a regulatoryissue. In fact, it is a business opportunityCEOs should use – not just respond to –as a means of improving their ownmanagement information systems andincreasing organizational awareness ofthe high costs of unknown risk.


➜ Do I genuinely know my risk-adjusted return for variousbusinesses and products, or just my return?

➜ Do we have the data and systems to achieve internal models’ relianceand, if not, will we be at acompetitive disadvantage? What willit take to get the data and developthe needed risk managementsystems?

➜ Will our risk management frameworkwithstand scrutiny?

➜ Can we achieve capital savings andmore efficient capital allocationsthrough the adoption of more robustrisk measurement models?

Tim Childs

Senior Manager, KPMG LLP (UK)KPMG’s Financial Risk Management practiceTel: +44 (0) 20 7694 2040Fax: +44 (0) 20 7311 1489e-Mail: [email protected]

Peter de Groot

Partner, KPMG Business Advisory Services B.V. (The Netherlands)Head of KPMG’s Insurance Risk Managementpractice Tel: +31 (20) 656 7489Fax: +31 (20) 656 7966e-Mail: [email protected]


The problem, of course, is that many insurancecompanies lack sufficientloss data, and highlydeveloped risk managementmodels, to make riskdecisions effectively.


In many countries, especially where the spirit of free enterprise is mostenthusiastically embraced andcompetition is fiercest, financial sectorregulators are asserting that prosperingorganizations are failing to meetcustomers’ needs. Indeed, regulatorsare intervening more deeply in howbusinesses go about marketing andselling to their customers. They may not have the same approach, or evenfocus on the same issues, but they are promoting an increasing level ofconsumer protection regulation.

How can global organizations takeaccount of this consumerist regulatorytrend in shaping their commercialstrategies and managing their regulatoryand reputational risks? And how shouldthis align with global branding and thedesire to achieve a consistent approachto the treatment of customers, whereverthey are located? To answer thesequestions, we need to reflect on thedynamics of the trend itself.

The trendRegulators’ growing assertiveness isdriven by:

• Information asymmetry: An increasinggap between the sophistication offinancial products and the financialliteracy of consumers, leading to a lackof confidence among regulators that

consumers understand the products orservices that they are buying; and

• Recent regulatory failures: A spate of high profile cases around the worldthat have led regulators to strengthenconsumer protection regulation.

While regulators around the world mayagree on the problem, their response toit is globally disparate. In some countriesthe focus is on product regulation, inothers on disclosure of financialinformation, and in still others on sellingpractices. In some countries, regulatorsare seeking to close the gap betweenproducts and consumers’ financialliteracy. In others, the view (and the law)is that it is not the regulator’s job toeducate consumers. And while regulatorshave introduced consumer protectionmeasures and pursued enforcementactions, many have also recognized aparadoxical effect. Well-publicizedregulatory action can create an unhelpfullevel of risk aversion in investors.

Indeed, critics of aggressive consumeristregulation argue that there is a large and developing risk: heavily regulatedjurisdictions will increasingly foster acompensation culture which will, in thelong run, hamper innovation andentrepreneurial behavior and increasecost. This risk is recognized by the UK’sFinancial Services Authority (FSA) where


Beware:consumersAs Adam Smith1 articulated over 200 years ago, a key justification for free enterprise capitalism is that organizations survive and prosper throughmeeting the needs of customers.By Douglas Hendersonand Sarah Willison



Anna Bradley, Head of Retail Themes,acknowledges to KPMG, “Competitionis fantastically important. In trulycompetitive markets, consumers do verywell. So, in addressing market failures,we have to be careful not to put shackleson firms and prevent them fromdeveloping innovations. It’s the first-stepfirms that will drive change in this arena.”

An overview of consumerprotection regulation in key jurisdictionsWhile the trend in prudential regulationhas clearly been one of internationalharmonization, there has been nocomparable unifying force in consumerregulation. This may well be becausevariations in product development andselling practices reflect the cultures of individual countries and the strengthof the consumer lobby. The challenge for multinational firms is to comply withthe accompanying regulatory variationswhile achieving consistency in customerexpectations.

Below are examples of key markets andtheir consumerist regulatory approach.

Europe

The European Commission’s FinancialServices Action Plan (FSAP) includesconsumer protection among thecornerstones of its design for a singlemarket in financial services by 2005, andmany directives address aspects of thesubject (e.g. the Investment Services,the Distance Marketing, and InsuranceMediation Directives). Nevertheless, theapproach and scope are very fragmented,and the philosophy of implementationbetween member states is very diverse.Some countries (e.g. the UK)unapologetically go far beyond theminimum directive requirements in theirconsumer regulation; others appear totake a very light-touch approach toimplementing or enforcing even theminimum requirements.

In the UK, the FSA’s current campaign of“Treating Customers Fairly” emphasizesthe responsibility of financial servicesfirms to incorporate a consumer-focusedapproach in the development ofbusiness strategy.


In discussing the concept of “TreatingCustomers Fairly”, the FSA’s AnnaBradley says, “Financial institutions needto ask themselves whether or not theyhave properly integrated thinking about‘treating customers fairly’ into theircorporate strategy – not delegated it to a compliance department but takenresponsibility for it at a seniormanagement level.”

Bradley goes on to articulate the kind of measures which the FSA believesorganizations should have in place inorder to ensure that they treat theircustomers fairly, including:

• Processes to identify the long-termneeds (not just short-term appetite) of consumers for whom they aredesigning and distributing products.

• Approaches to advertising and saleswhich take account of the financialliteracy of customers.

• Stress-testing of product risks againstchanging economic scenarios.

Australia

Financial services reform has seen theintroduction of a new ‘single’ licensingregime, new rules at point of sale includingenhanced disclosure requirements andan attempt to raise the standard of advicegiven to retail customers generally withextensive new training requirements forthose providing ‘advice’.

Asia

Historically, very little consumeristregulation has existed in the region. So-called ‘know your client’ issues havebegun to emerge, and this has beenencouraged through the presence of the global players operating in the region.At the same time, Asian regulators arebecoming more protective of theconsumer and take the view thatvoluminous disclosures to the consumeraround, for example, illustrations ofinvestment return are not in practiceprotecting most consumers due tocomplexity.

Meeting the challengesRegulators and firms may agree with theprinciple of fair treatment of customers,but there is widespread debate abouthow best to put it into practice. The basictask for firms is to explore whether, andto what extent, their business operationsagree with regulators’ expectations ofcustomer treatment. We suggest thechallenge is at two levels.

The first is strategic, whereby firms mustensure that there is alignment ofcommercial and regulatory objectives.When deciding what products to offerthrough which distribution channels, i.e.in developing their commercial strategy,organizations must take into account thelong-term needs of their customers. Inother words, firms must considerwhether their strategy is designed tocontribute to meeting their customers’needs, rather than just their own short-term profitability. As Bradley says, “Thefirst thing I would ask CEOs is whether ornot they can put their hands on theirhearts and say that they, as a firm, aretreating their customers fairly.” Apreliminary step in this process is toengage with regulators, to convince


• Stress-testing of risks to the firm itselffrom its retail strategy, includingcustomer types/segments, producttypes,sales and distribution methodsetc.

United States

In the US, the focus is shifting frommandatory disclosure of financialinformation to measures to protect theconsumer against what regulators deemabusive practices. Historically in the US,caveat emptor has been the guidingprinciple, with regulations focusing onfull disclosure. Sales practice regulationin the securities, investments andinsurance sectors and fair lendingregulation in the banking sector havelong been in evidence. But the much-publicized prosecutions by New YorkAttorney General Elliot Spitzer havebrought a fresh regulatory prominence tothe fair treatment of customers andmeasures to combat abuses. Thischanging focus may encourage theadoption of more principles-basedstrategies among firms.



them that consumer needs are beingconsidered at the strategic level.

The second challenge is at the level ofbusiness control and execution. This istougher. Here the managementchallenge is to embed in the organizationa customer-led culture by incentivisingthe right behaviors in staff; and todevelop customer- and quality-orientatedmanagement information which can giveearly warning of customer neglect andnon-compliant behavior.

Here an essential step is to developsubstantive compliance controls, toenable compliance not just with theletter but also with the spirit ofregulation. In meeting disclosureregulations, for example, firms havebeen able to develop processes thatprovide customers with essentialinformation without antagonizing themwith an unnecessary cascade of paper.

Another step is the development ofsystems to monitor all the disparateconsumer regulations governing a firm’soperations in every location and all thecompliance processes embedded in the business to meet them. Becauseregulators almost everywhere aregetting more aggressive, thereputational risk is huge.

Among the dangers formultinationals attempting tomeet these challenges, two are key:

• Failure to comprehend the scope of regulatory requirements in everyjurisdiction where you operate.Overseas companies entering newmarkets frequently make the error oftransporting successful products orselling practices from another marketwithout properly assessing the impactof the new regulatory regime on thoseproducts or practices.

• Failure to understand who yourcustomers are, including their levelof financial literacy and their range of needs. At present, regulators assertthat an in-depth understanding of the

dynamics of consumer needs andbehaviors is lacking in the industry.There is developing agreement amongregulators and firms that consumersmust learn to be responsible for theirown financial decisions, but that theindustry must help them get there.

The really enlightened – and successful –business will be one that can integratecompliance in its operations and by doingso meet the rising challenges withoutcommitting the above mistakes.

Consistency of approachA complementary aim for multinationalsis to have their global brands associatedwith consistent customer expectationsaround the world. Customers flying fromSan Francisco to Singapore expect toreceive the same level of service in bothplaces, and when they do, their trust andloyalty are strengthened. Sharingexperience of good practice in differentjurisdictions can help multinationalsdefine global compliance standards,meet regulatory requirements in eachjurisdiction and achieve consistency incustomer expectation and satisfaction.

In summary, then, regulators arebecoming more assertive in theirprotection of consumers, although theyare approaching their objective in widelydifferent ways. Multinational firms mustmeet this challenge at two levels – thestrategic and the operational. Failure todo either can expose them to significantregulatory and reputational risk. Inaddition to the risks, however, there aresignificant business opportunities. Byadopting a consumer-driven approachmultinational firms can begin to establishglobal compliance standards and achieveconsistency of service for theircustomers around the world.


1 “An Inquiry into the Nature and Causes of the Wealth ofNations”, 1776.


➜ Are we having a meaningful dialoguewith our regulators on the matchbetween our business strategies andtheir expectations?

➜ How do we gain assurance that wehave understood the panoply ofrelevant consumer regulations in allthe countries where we do businessand have adequate awareness andcompliance processes to satisfythem?

➜ Are we stress-testing our productsand business models for thoseproducts to see if they are meetingour standards of consumer service?

➜ Do we have adequate systems andcontrols in place to understand thelong-term impact of our products onour customers?

Douglas Henderson

Managing Director, KPMG LLP (US)Head of KPMG’s Securities Segment of the USRegulatory Advisory Services practiceTel: +1 (212) 872 6687Fax: +1 (212) 954 7251e-Mail: [email protected]

Sarah Willison

Senior Manager, KPMG LLP (UK)KPMG’s Regulatory Services practiceTel: +44 (0) 20 7694 2206Fax: +44 (0) 20 7311 5861e-Mail: [email protected]




on financial institutions, as the criminalsneed to bank and invest their ill-gottengains. More specifically financial crimewill impact financial institutions in avariety of ways:

Money laundering

• The United Nations Office of DrugControl and Prevention estimates thatUS$500 billion to US$1 trillion in fundsis laundered worldwide annually bydrug dealers, arms traffickers, terroristsand other criminals4.

• US federal law enforcement agenciesseized more than US$300 million incriminal assets that were attributable tomoney laundering in fiscal year 20015.

The terrorist threat

• ATM and credit-card fraud by organizedcriminals and terrorist cells is on therise, as well as soaring levels of identityfraud, which compound the globalproblem.

Credit risk

Levels of corporate fraud have continuedto rise in recent years:

• KPMG’s LLP (US) 2003 Fraud Surveyindicated that 75 percent of the 459listed companies surveyed reportedthat they have experienced an instanceof fraud6.

Financial institutions face increasingthreats from a wide range of financialcriminals. Globalization, increasing politicalpressure, economic conditions, and thesophistication of information technologyare among the factors that are helping tocreate an environment in which fraudstersand money launderers can prosper.

The problemFraud increasingly poses a threat tosociety as a whole – and the scale of the problem is growing exponentially:• The UK’s Home Office estimates fraud

in 2003 to have cost approximatelyGBP£14 billion1.

• The Hong Kong Police measured a 59 percent increase in fraud in the firstnine months of 2003. With a significantmigration to e-based transactions(estimated to rise in Hong Kong by3,500 percent from US$2 billion in 2000to US$70 billion by 2004), the HongKong Police anticipate increasedpotential for fraudulent activity2.

• The US-based Association of CertifiedFraud Examiners estimated that sixpercent of revenues would be lost in2002 as a result of occupational fraudand abuse, equalling US$600 billion ofUS GDP3.

In addition to the wider implications forsociety, these findings inevitably impact

Fighting financial crime The profile of financial crime continues to rise, butwith the help of law enforcement, new regulation, and strong internal controls, financial institutions can fight back. By Bernard Factor and Giles Williams



Similar trends have emerged in bothEurope and Asia with highly publicizedcases in which senior management oremployees have been able to borrowlarge sums with no realistic prospect ofrepaying the funds.

The UBS money-laundering case studythat follows this article, bears out thatthere are ‘many faces’ of financial crime.Examples of the guises in which financialcriminals come include:

• Fraudulent borrowers, who takeadvantage of non-existent orinadequate internal credit controls andpoor due diligence practices.

• Money launderers, who subvertaccount monitoring policies andprocedures.

• Terrorists, who use depositoryaccounts to fund day-to-day activities.

These financial criminals createsignificant risks for institutions’reputations. Moreover, their activitieshave a variety of regulatory complianceimplications. Financial institutions andregulators have discovered that fightingsuch crime requires a multi-facetedapproach based on the specific risksthese widely divergent crimes present.More importantly, regulators are askingfinancial institutions to explain how,specifically, they are analyzing their risksand, at a practical level, fighting thevarious forms of financial crime.

steps to combat financial crime and haveregulatory structures requiring financialinstitutions to establish and maintainspecific systems and controls. Forexample:

• In the UK, the Financial ServicesAuthority (FSA) has increased its focuson reducing fraud. New legislationrequires regulated individuals to reportwhen they have reasonable grounds tosuspect that financial crime hasoccurred. The Proceeds of Crime Act(2002) requires that suspicioustransaction reports be made not justwhen a person ‘knows or suspects’that a person is engaged in moneylaundering, but when a person has‘reasonable grounds for knowing orsuspecting’ such activity is occurring.

• The European Union (EU) has issued anew directive to combat the launderingof the proceeds of serious crimes.Member states must enact this newdirective into local legislation.

• In the US, the Patriot Act’s information-sharing statute (section 314) requiresthat virtually all financial institutionsreview their records every two weeksand report concerns about moneylaundering and terrorist financing to theFinancial Crime Enforcement Network.The Patriot Act also requires US banksto document the identities of thosewho control foreign customers’accounts as well as the sources offunding for those accounts.

• The US’s Sarbanes-Oxley Act (2002)provides international direction on fraud control and management issuesincluding the responsibilities of seniormanagement to ensure that soundinternal controls exist and areimplemented appropriately.

• Australia, among others, announced in 2003 its intention to align its AMLregime with international standards,based on the 40 recommendations ofthe Financial Action Task Force (FATF).

• New auditing standards (ISA 240/SAS99), require auditors to take a proactiveapproach to assessing whethermanagement has in place appropriatesystems and controls to manage therisk of fraud.


Questions to be answered

As a result financial institutions need acoordinated approach to identify theirrisks and create a risk-based controlframework to address them. Keyquestions to ask at the outset are:

• Credit policy: Who is the potentialborrower, and why is thatindividual/corporation seeking a loan?What is the money being advancedfor? Does the transaction makeeconomic sense? An understanding of such risks and their controls must be built into the credit process.

• Anti-money laundering (AML): Whois the customer, and what is the sourceof the funds? Policies and proceduresdesigned to help institutions know theircustomers and monitor transactionsmust be in place and in use.

• Terrorist activity: Institutions need tobe closely involved with appropriategovernment bodies and lawenforcement agencies to help preventterrorists from gaining a foothold withinthe institution. Is the institution up todate with the latest thinking on howterrorists fund their activities?

The regulators’ response Disruption of criminal activities calls forcoordinated activity and intelligencesharing among individual financialinstitutions, regulators, and lawenforcement agencies. Many countrieshave taken a number of important legal



How can firms address the issueFinancial institutions need to takedifferent approaches to managingfinancial crime, depending on the extentto which they are exposed to each type.Such approaches tend to encompassfive broad elements, which can bedescribed as follows:

• Governance: the role of seniormanagement is to provide direction onhow the institution should manage theissue; establish key responsibilities andestablish internal and external reportingprotocols. Senior management need toassume ownership of financial crimegovernance. In addition to setting apractical strategy and organizationalframework, management needs toensure there are appropriateperformance measures and monitoringprograms to test the robustness of thecontrol systems.

• Strategy and policy involvesestablishing a comprehensive approachto managing financial crime andmisconduct in order to ensure that theorganization has appropriate anti-financial crime policies and proceduresin place. Policy and procedures mustprovide clear guidance to staff on howand what to report in relation to eachtype of financial crime.

• Risk involves a financial crime riskassessment undertaken by thebusiness and operational risk functions.Enhancements can then be made tomanage the risk of fraud throughimproved controls. A properassessment needs to be made of thethreats posed by financial criminalsthroughout the business, includingassessment of the risks specific to theproducts and markets in which theinstitution is involved.


➜ How well has the business identifiedand analyzed the risks of financialcrime across the institution?

➜ Has the system of internal controlskept pace with changing risks andthe growth of the institution? Howdo I know that these controlsaddress the real financial crime risksfaced by the firm?

➜ Are the appropriate controls fullyintegrated into the business lines?

➜ Is there an effective whistleblowerprogram in place so that employeesare aware of it and are encouraged to use it?

Bernard Factor

Partner, KPMG LLP (UK)KPMG’s Forensic practiceTel: +44 (0) 20 7311 3987Fax: +44 (0) 20 7311 3626e-Mail: [email protected]

Giles Williams



Governance Strategy and policy

Risk Culture Investigation

• Culture aims to ensure that training is provided as appropriate, taking intoaccount the different needs ofmanagement and staff and whatimpact they can have in preventing anddetecting financial crime. Employeesneed to be trained to understand thewarning signs of fraud, their reportingobligations, and the internal processesavailable for confidential reporting. The environment should be one inwhich staff feel encouraged to escalatetheir concerns, knowing that relevantsafeguards are in place for theirprotection.

• Investigation: firms need to adopt arobust and well coordinatedinvestigative approach to assessexposure risk, identify how fraud ormisconduct arose and implementrecovery plans. The use of appropriateinvestigation techniques is also criticalfor enhanced checking of potentiallyhigher risk customers and employees.

ConclusionFinancial institutions have an obligationto the community to take theseimportant steps as well as regulatory and shareholder responsibilities to do so. However, they cannot operate in a vacuum: to be successful in fightingfinancial crime, financial institutions need the support of regulators and lawenforcement. They also need acomprehensive, risk-based program forfighting financial crime which is based on a sound understanding of the types of financial crime to which they areexposed.

1 Home Office Research Study 217 – The Economic and SocialCosts of Crime.

2 http://www.info.gov.hk/police/pprb/peb/english/102502_e.html3 Association of Certified Fraud Examiners. “2002 Report to the

Nation: Occupational Fraud and Abuse,” p. ii.4 US General Accounting Office, Report to Congressional

Requesters, “Combating Money Laundering – OpportunitiesExist to Improve the National Strategy,” September 2003, p.6.

5 National White Collar Crime Center, August 2003, citing the USDepartment of the Treasury, The Office of Enforcement (2002,July). The 2002 national money laundering strategy. RetrievedJuly 23, 2003, fromhttp://www.treas.gov/offices/eotffc/publications/ml2002.pdf

6 KPMG LLP (US) Fraud Survey 2003, p. 2.


No entry for money launderersSwiss legislation governing financial institutions is among the most rigorousin the world. ‘Know Your Customer’ and transaction monitoring processes and tools developed by the Swiss financial services community are highlysophisticated in the areas of fraud prevention and detection, anti-moneylaundering (AML) and identification of terrorist funds. The following textillustrates the thorough approach which one of the largest Swiss global banks,UBS, applies. It is based on discussions with UBS’s internal money launderingprevention specialists headed by John Cusack, Managing Director and DeputyGroup Compliance Head. By Stuart Robertson




‘Pecunia non olet’ – money is odorlessS. Mute is an experienced client adviserat UBS. One day, B. Clean, Senior Partnerat the law firm Clean & Partners, calls tointroduce a new client to UBS, as he hasregularly done in the past. At the agreedmeeting, Mr. Clean introduces a Germannational, Mr. Schmidt. Mr. Schmidtinforms Mr. Mute that he earns his livingas a consultant and has been living in aLatin American country for more than 20 years. Given the volatile politicalsituation in this Latin American country,he would now like to open an account in the name of his Panamian-basedcompany, ‘Perfect Co.’. Within thecourse of the next two years Mr.Schmidt introduces two more businesspeople from his adopted country in Latin

America to Mr. Mute, again via the lawfirm Clean & Partners. Both Mr. Gonzalesand Mr. Garcia open a numberedaccount with UBS.

According to somewhat imprecise (giventhe nature of the issue) estimates byexperts of the International MonetaryFund (IMF), worldwide criminaltransactions amount to approximatelyUS$1,000 billion to US$1,500 billion per annum1, even though the amount ofcriminal funds laundered is much lower.This is about one eighth of the grossdomestic product of the US. Roughly 10 – 30 percent of the overall monetaryturnover remains in the various cycles ofthe financial system. Money launderersaim to wash their loot by transferring itinto a squeaky clean account balance.

The various laundering programs includefictitious transactions in goods, securitiestrading, insurance policies, real estateand commodities. In order to suppressall doubts about the legality of thesefunds, different amounts are movedaround via transactions in varyingdegrees of complexity. Nowadays, onlyHollywood gangsters turn up in the lobbyof a Swiss bank with a suitcase full ofmoney and try to open a numberedaccount. In reality, any physical monetarydeposits exceeding CHF100,000 from anew client must be carefully investigatedin line with regulatory decrees.

Gatekeepers of the financialsystemOne fine day, Mr. Mute learns of abusiness scandal in that specific Latin



American country. According to thenewscast, the CEO of Oil Co., a Mr.Garcia, has negotiated an oil deal with aUS company at a price well below themarket price. In return, he is said to havereceived a kickback. The personal adviserof the president, Mr. Gonzales, informsthe press of an impending investigation.Client adviser Mr. Mute immediatelycontacts the compliance department.

Since banks and finance intermediariesact as gatekeepers of the financialsystem, they have an important role inthe prevention, detection and reporting of relevant criminal activity and the fightagainst money laundering. The Swiss

Money Laundering Reporting Office,MROS, received a total of 863notifications of justified suspicious factsin 2003, amounting to a total value ofCHF 616 million2. The number ofnotifications in Switzerland has thustrebled within the last four years. This is mainly due to the tightening of thecompulsory reporting requirements and their application to financialintermediaries in the non-banking sector.Today, approximately 500 banks,securities brokers and fund managers,more than 7,000 financial intermediariesin the non-banking sector (assetmanagers, fiduciaries, law offices andnotary offices), as well as life insurersand gambling establishments, aresubject to compulsory reporting.

John Cusack, Head of Money LaunderingPrevention at UBS, points out that everyaccount application is subject to a clearlydefined vetting process. UBS develops a risk profile based on the applicant’sdomicile, nationality, and economicbackground, but also on the amountdeposited and a number of othercriteria.The higher the risk, the morethoroughly the prospective client isscrutinized. This evidently poses acertain dilemma to the bank. On the onehand, the checks need to be watertightto avoid any future allegations of abettingmoney laundering. On the other hand,the bank does not want to alienate newclients by excessively questioning theirintegrity. If too many ambiguities exist,the bank will opt not to enter into aparticular client relationship.

Awareness of potentate fundsMost deposits into the account ofPerfect Co. were made by US banks.The deposits were evenly transferred to the accounts of Garcia and Gonzales.Given the context, the bank’s complianceunit suspects that the depositsconstitute in fact the reported bribesfrom the US oil company.

Funds from potentates such as Marcos,Mobutu and Abacha have made thefinancial services community sit up andtake notice. UBS now has access to adatabase containing the names of more

than 500,000 politically exposed persons(PEPs). However, solely being considereda PEP does not in itself represent asufficient reason for suspicion.Nevertheless, if the first triage identifiesa prospective new client as a PEP, thePEP Special Unit will investigate further.

The same procedure applies to so-calledsensitive countries; i.e. states in whichcorruption is a fairly commonphenomenon given the prevailingpolitical risks, stability of the legalsystem, corruption index and otherclearly defined criteria. Governmentaland non-governmental organizationsprovide the relevant indicators. Thedelineation of the world into sensitiveand non-sensitive countries does notmean, however, that money launderingis a problem exclusive to developingcountries. According to MROS, the vastmajority of suspicious notificationsreceived in the course of the last yearalso related to Swiss contractual partiesand economic stakeholders.Nevertheless, as Cusack points out, bydeploying and aggregating relevant riskfactors tailored to each client segment,only a small fraction of clients areclassified in the higher-risk sector.Corporate audit helps ensure that allclient advisers and compliancespecialists are applying the sameyardstick and that all client relationshipsare periodically reviewed. Thismethodology further serves the purposeof enhancing the aptitude of the systemthroughout the audit process. However,no matter how sophisticated theseprocesses may be, the decisive factor inthis matter is the experience and powerof judgment of the client advisers andcompliance specialists.

Money laundering has manyfacesWith media reports being too impreciseand names such as Gonzales and Garciabeing very common, the bank initiates a special investigation. The resultscorroborate the suspicion that MessrsGarcia, Gonzales and Schmidt areactually involved in this scandal. Thenotification of MROS is thus based onsubstantiated suspicions.

The Swiss MoneyLaundering ReportingOffice, MROS, received atotal of 863 notifications ofjustified suspicious facts in2003, amounting to a totalvalue of CHF 616 million.



If a crafty money launderer was actuallyable to convince the bank of the legalityof his assets and open an account, or ifan account holder becomes delinquent,the transaction pattern quite often givesthe game away. Substantial cashtransactions or frequent transfers ofsignificant amounts attract attention. Of course, such transactions may wellbe legal and justifiable. For this reason,the UBS specialists investigateconspicuous transactions based on theindividual client profile. They comparethe client’s transaction pattern with thatof a peer group. If any doubts persist, theclient adviser seeks a consultation withthe client. If such a discussion does notlead to clarification or if the client refusesto disclose the required information, asubstantiated suspicion is filed withMROS and the relevant account isusually blocked.

Given the total number of four millionretail and private clients, highlysophisticated systems are imperative fortransaction surveillance purposes. UBSinvests substantial funds in IT-based AMLsupport systems. Its current objective isthe availability of a data-warehouse withhistorical data serving as a basis for theidentification of transaction behaviorpatterns and for building meaningful peer groups. According to Cusack, suchexpenditures have become necessaryand in the long-term interests of theBank. The challenge is in the selection,implementation and management ofthese IT-based tools in order to properlyprotect the Bank against accepting ordealing with criminal funds and in sodoing, get value for money: the legalrequirements in Switzerland and theFederal Banking Commission rules areparticularly exacting. This, Cusackbelieves often leads to the perception inSwitzerland that Swiss banks aresaddled with a competitive disadvantage.In fact, the success Switzerland has hadin dealing with money laundering isbeing emulated by others and recognizedas international best practice, and soconsequently a level playing field is oncemore being laid.

Fighting terrorismThe preliminaries of money launderingusually aim at obtaining an economicadvantage. Hence, there is a fundamentaldifference in comparison to the financingof terrorism. The monetary transactionsin support of terrorism are precursors tothe act, and the transferred amounts arecomparatively modest – a fact whichpresents particular difficulties for banks.Financial institutions are thus dependentupon a close cooperation withinvestigative and surveillance authorities,specifically on lists of names that can berun against their own client database.The ‘Lists’ provided by governmentalauthorities based on intelligence can beone of the most important tools in thiscontext. It remains imperative, however,that the lists contain accurate andsufficient details about the personsidentified and that the process leading up to the naming of persons on such listshas the confidence of the internationalcommunity.

Cusack believes that with thesesafeguards in place there is no questionas to whether or not such lists wouldcontribute to eroding Swiss bankingsecrecy because, put plainly, Swissbanking secrecy does not protectcriminals and terrorists. Only accountsfor which a suspicion can be clearlysubstantiated are reported to MROS. In 2003, all institutions subject to MROSreporting filed a total of five notificationson account of suspected terrorism.During the year, in the aftermath of thetwin tower disaster in New York, 95notifications were filed. These 95 reportsaccounted for 99 percent of all theassets frozen on the basis of the 115reports recieved since 11 September. In their fight against terrorism, the UBSspecialists need to develop a particularlysensitive nose, since money is odorless– or is it?

The names in the above illustrations arepurely fictitious.

Stuart Robertson

Partner, KPMG Fides Peat (Switzerland)Head of KPMG’s Audit Financial ServicespracticeTel: +41 (0) 1 249 3345Fax: +41 (0) 1 249 2121e-Mail: [email protected]

Recommended Reading:

Annual Report of the MROS; www.fedpol.ch

Politically ExposedPerson (PEP)

Throughout the world, there are about500,000 persons identified as PEPs.This means approximately 2,000persons in each country, no matterwhat its political situation may be.

Head of states and other dignitaries, as well as Cabinet Members andMembers of Parliament belong to thecircle of PEPs.

Simple affiliation to a certain group of people does not in itself constitutesuspicion. Together with otherelements, however, it may provide the basis for further investigations.

Even members of the diplomatic corpsare – despite their diplomatic immunity– registered in the PEP database offinancial institutions.

1 Jean-François Thony (2004), “Money Laundering and TerrorismFinancing: An Overview, in: Current Developments in Monetaryand Financial Law”, Volume 3, International Monetary Fund 2004.

2 Federal Department of Justice and Police, Money LaunderingReporting Office Switzerland (MROS): 6th Annual Report 2003: first published in March 2004.




Avoiding the regulators’red flag on outsourcingOutsourcing may be good for your bottom line – butregulators want to know whether it’s good for yourcustomers. As regulators sharpen their teeth, be carefulyour plans don’t get the wrong sort of attention.Article by Michael Conover, Scott Harrison and John Machin



What common principles ofregulation apply?Though approaches vary (see tableoverleaf for some examples), in generalregulation shares three commonprinciples:

•Responsibility: Outsourcing an activitydoes not mean outsourcing responsibilityor accountability – in other words, youcan delegate but not abdicate.Regulated firms must demonstrateproper due diligence on the choice ofsupplier, setting and enforcing servicestandards, implementing the rightmanagement structure to oversee theoperation and introducing adequatemonitoring. If outsourcingarrangements fail, it is the regulatedfirm (and its senior management) thatwill be subject to regulatory action.

•Risk management: Regulators expectfirms to conduct a thorough analysis ofthe strategic issues and risks of theoutsourcing (as opposed to keeping itin-house), to show that the benefitsoutweigh the risks and to haveimplemented strategies to mitigate risk.If regulators are not confident that therisks of outsourcing have been properlyassessed and mitigated, in somejurisdictions they can prevent theoutsourcing from going ahead or atleast delay it.

• Access: Moving activities offshoredoes not place them outside thejurisdiction or reach of regulator(s).They have the same rights of access tooperations conducted offshore and willexercise them. What’s more, regulatorsnow speak to their counterparts inother countries (see ‘Expandingregulatory horizons’ article on page 6) –so don’t assume out of sight will be outof mind. This is particularly true forglobal outsourcing agreements withone service provider – we have oftenseen a problem in one country lead todiscussions with regulators in othercountries.

Although the principles are similar, eachjurisdiction has different regulatoryrequirements. In emerging markets, such

Outsourcing key business functions tooffshore locations, and offshoring yourown operations, are increasingly popularamong financial institutions. Whenimplemented properly, outsourcing hasproven its potential for lower costs andincreased flexibility.

Warning notesHowever, regulators are soundingwarning notes to financial institutions on the need to consider outsourcingcarefully before taking the decision,following three recent developments.

The first is the type of activities beingoutsourced – which have moved ‘up thevalue chain’ from the back-office (dataentry and order processing) to front-office activities much closer to the heartof regulated financial activities. Forexample, outsourcing partners in Indiaare now providing mutual fundaccounting activities, and dealing directlywith firms’ customers.

Secondly, many organizations aremoving these outsourced activitiesoffshore, whether through an agreementwith an outsourcing supplier, an offshore‘captive’ office where activities areconducted by the firm’s own employees,or a mix of both. Popular destinationsinclude India, South Africa and China.

And outsourcing doesn’t work foreveryone, which leads us to theregulators’ third concern – the failure rate of outsourcing. Indeed, in a numberof high profile cases recently, financialorganizations have brought outsourcedactivities back in-house.

Together, these developments have ledto significantly higher risks for firms –and regulatory concern that they willincrease the risk of poor service tocustomers. The regulatory consequencesfor companies can be significant – fromprevention of the outsourcing, toonerous control requirements to adamaged reputation with the regulator.All of these underline the importance of convincing your regulator that youhave identified and mitigated the risks of any outsourcing.



What brings outsourcing overseasup the risk register?Offshoring raises particular risks that arehigh on regulators’ agendas:

• Market stability: There is a concernthat suppliers will over-commit, and toomany businesses will be contractedwith too few suppliers – which couldconstitute a risk to the industry as awhole. Market stability can also bedisrupted by geopolitical and terroristrisks, so expect business continuityand disaster recovery plans to bescrutinized. Viable exit strategies are a must. Firms need to plan ahead andhave back-up arrangements in case the supplier cannot meet the requiredstandards either through a lack of

as South Africa and China, outsourcing ismoving up the risk register but specificguidance is still forthcoming. This addsto the complexity of a multi-site or globaloutsourcing, i.e. moving a number ofoperations in different countries to onelocation, or outsourcing to a serviceprovider – who will deliver those servicesin multiple locations. In Europe there isrecognition among banking supervisorsof the risks associated with differingregulatory standards; for this reason, theCommittee of European BankingSupervisors has published proposals fora set of principles to be adopted byregulators in order to provide a commonregulatory approach on outsourcing.

Though regulatory powers vary fromcountry to country, they may include:• Requiring pre-approval for (and so power

to prevent) ‘material outsourcing’.• Conducting supervisory visits of

outsourced operations (whereverlocated).

• Ordering detailed investigations ofoutsourced arrangements by skilledpersons.

• Requiring organizations to makealternative arrangements for theoutsourcing.

• Ordering remedial action to addressfailings (including insourcing orchoosing alternative suppliers).

• Disciplining and fining firms and seniormanagers for regulatory failings.

Country

UK

US

Germany

Hong Kong

Regulator(s)

FinancialServicesAuthority (FSA)

Office of theComptroller ofthe Currency(OCC) andother bankingregulators

BaFin*

Hong KongMonetaryAuthority(HKMA)

Approach

Principle-based

Principle-based

Rule-based(guidance hasbeen issuedunder theBanking Act).Current rulesdo not apply tothe insurancesector.

Principle-based

Developments

The FSA is tightening up on outsourcers and is introducing further guidance in 2004 tostrengthen the existing requirements.

Key concerns are:•Risk rating of outsourcing proposals, including the specific risks of overseas jurisdictions(e.g. data privacy).

•The supplier’s capacity to take on the contract.•Appropriate oversight of the outsourcing.•Contingency plans and exit strategies.•In the case of offshoring, the extent to which the specific risks of the locality have beenfully considered (e.g. infrastructural issues).

The OCC issued official guidance in 2002, and the Federal Financial InstitutionsExamination Council is likely to issue additional guidance in 2004.

Key concerns are:•Risks associated with the bank’s outsourcing relationships.•Due diligence (including careful consideration of contract matters and choice of law andforum provisions).

•Ensuring effective risk management practices are in place (including compliance risk).•Oversight of processes and how relationships with foreign service providers will bemanaged.

Key concerns are:•The extent to which the central management function is weakened by the outsourcing.The central management function cannot be outsourced under German rules.

•The outsourcer’s ongoing ability to control the risk of the outsourced activity.•Whether outsourcing contracts fulfill the regulatory requirements.•The control and monitoring of the performance of the supplier on an ongoing basis.•Whether the firm’s controls and the audit rights of the BaFin and external and internalauditors are sufficiently guaranteed in the contract and in practice.

•Whether the outsourcing leads to a ‘virtual bank’ which is not permitted under German law.

The regulator has issued a great deal of guidance, with key concerns around:•Due diligence on suppliers.•What to include in the Service Level Agreement – including rights of access of theoutsourcer, its auditors and regulator.

•The adequacy of contingency plans. •Complying with legal obligations under the Banking Ordinance; an independent securityassessment.

•The firm’s understanding of the issues specific to the offshore location (legal system –including data protection, regulatory regime, and infrastructure).

*Bundesanstalt für Finanzdienstleistungsaufsicht



finance, resources, or poor controls.• Protecting rights of customers:

Organizations must provide assurancethat suppliers are adhering tostandards for privacy, data protectionand regulation (especially regardingcustomer contact). They must alsodemonstrate effective ‘remote’oversight regarding the training andcompetence of staff performing theoutsourced functions.

• Reducing financial crime: Locatingoffshore does not excuse financialinstitutions from establishing andmaintaining effective ‘Know YourCustomer’ and anti-money laundering(AML) procedures, which will need tobe customized and appropriate to thedelegating business.

Gaining the confidence of the regulatorWhether or not outsourcing/offshoringhas to be formally approved, obtainingand maintaining the confidence of yourregulator is vital. To achieve this, youmust get your risk/reward ratio right.

The risks of outsourcing must be balancedagainst the benefits – before outsourcingbegins and on an ongoing basis. Before ithappens, you need to ensure the balancefavors outsourcing – and not just in theshort-term. And throughout the lifecycle of the outsourcing you need to be able todemonstrate proper oversight of theoutsourcing, including appropriatemonitoring of performance against servicestandards. If performance levels drop overa sustained period, there should be aformal process for determining whetherto transfer to another supplier or take theactivity back in-house.

To get the balance right, you need to:• Identify the relevant risks, especially

those relating to the location you havechosen.

•Measure the risks – this often meanstalking to people on the ground whocan advise you how much of a riskinfrastructure, availability of skills, etc,really pose.

An assessment based on a thoroughconsideration of all risks will be a valuabletool in establishing an open dialogue withyour regulator(s). You should involvethem at an early and appropriate stage,be willing to talk through your riskassessment and explain any areas (suchas geographical, political and terroristsrisks) that may need clarification.

With this foundation in place, you stand amuch better chance of managing the long-term relationship with your regulator on asound footing and getting the green light.

ConclusionOutsourcing can be an extremelyeffective means of reducing costs whileat the same time maintaining – or evenimproving – standards of service.However, regulators are increasinglyrecognizing the risks of outsourcing andacting to protect customers.

The primary requirement from aregulatory perspective is a strong riskcontrol framework throughout thelifecycle of the outsourcing.

Those that fail to identify and mitigatethe risks of outsourcing, or fail tomanage their relationship with theregulator(s) in an appropriate way, facesignificant regulatory hurdles, fromprevention of the outsourcing, detailedand costly investigations, and onerousreporting requirements through to takingthe outsourced activity back in-house.


➜ How material is this outsourcing toyour business?

➜ Why did you decide to outsource –what was the decision process andhow was it documented?

➜ What due diligence has beenundertaken on the preferred supplier– capacity, governance, views ofreferees – and location?

➜ Do the outsourced activities meetyour organization’s data protection,customer privacy, ‘Know YourCustomer’ and AML standards andrequirements?

➜ What contractual arrangements havebeen put in place?

➜ What contingency, including exit,arrangements have been establishedin the event of supplier failure?

➜ What reporting arrangements are inplace with the supplier?

Michael Conover

Partner, KPMG LLP (US)Head of KPMG’s US Financial Risk ManagementpracticeTel: +1 (212) 872 6402Fax: +1 (707) 982 0277e-Mail: [email protected]

Scott Harrison

Managing Director, KPMG LLP (US)KPMG’s Regulatory Risk Advisory Servicespractice Tel: +1 (202) 533 3092Fax: +1 (202) 533 8528e-Mail: [email protected]

John Machin

Partner, KPMG LLP (UK)KPMG’s Risk Advisory Services practiceTel: +44 (0) 20 7311 5454Fax: +44 (0) 20 7311 1489e-Mail: [email protected]




Tracking the Europeansingle market The European single market is slowly evolving, but the long-termmarket impact remains uncertain. Financial services institutions needto understand how evolving single market legislation could affectthem – as well as consider how they may still be able to influence itsdevelopment. By Dirk Auerbach, Richard Cysarz and Jonathan Jesty



When the European Council met inLisbon in March 2000, it set out anambitious ten-year strategy to make theEuropean Union (EU) “the world’s mostdynamic and competitive economy.”1

The Financial Services Action Plan(FSAP) was conceived to achieve theframework for the completion of thesingle market in financial services. The FSAP is a program of 42 measurestargeted for completion by 2005 that isdesigned to enhance competition andchoice, deliver efficiency gains, fuelinvestment, and facilitate job-creation(see sidebar)2.

Most of the FSAP measures (39 of 42)have now been agreed at the EU level(mostly in the form of new and amendedEU directives), although several keydirectives have yet to be proposed orcompleted, including the Risk BasedCapital Directive (the Basel parallel).

Financial institutions with operations in(or wishing to be active in) Europe needto understand, and establish how best to participate in, this evolving process(see sidebar on following page).

Wholesale vs. Retail MarketImpactThe status of the single market and theimpact of the FSAP are very different forthe wholesale and retail markets.

Different countries still have varyingaspirations about how harmonized theEuropean market should be and howquickly. “We are probably all workingtowards the same goals, but such amarket could arrive at different times in different sectors”, Michael McKee,Executive Director of Wholesale Banking

and Regulation within the UK’s BritishBankers’ Association (BBA), tells KPMG.

Wholesale

• A cross-border market in inter-bank,bond, and over-the-counter (OTC)instruments has thrived for many years,though less so in the equity markets.

• Anticipation of the single market, alongwith the introduction of the euro, hasbeen broadly encouraging of the cross-border market.

• Clearing, settlement and paymentsinfrastructures are commonly agreedas a future priority area for furtherintegration.

• The revised Investment ServicesDirective (ISD) is expected to drive morecompetition between exchanges andmarket participants for market shareand the trading of European securities.

Retail

The retail markets have so far remainedessentially local. National championsremain the dominant model. Structuralobstacles to consumers embracing theconcept of buying retail financialproducts ‘cross border’ are considerable.They include:

• Language differences.• Culturally disparate approaches to

personal financial planning and savings. • Desire for face-to-face advice on

investment products (despite thegrowth of internet business).

• Ingrained retail distribution structures,particularly retail banks, against thebackground of, in some countries likeGermany, a highly fragmented bankingindustry.

• Still divergent consumer protectionrules.

• Disparate tax regimes.

Progress in achieving anything like aneffective single cross-border retail marketvaries greatly across sectors. One of thegreatest areas of achievement is in themarketing of retail mutual funds. Here,significant progress has been achievedthrough ‘BtoB’ marketing of fundproducts, rather than ‘BtoC’ relationships,as Sheila Nicoll, Deputy Chief Executiveof the UK’s Investment ManagementAssociation (IMA), points out to KPMG.As competition increases, and investorsand distributors become more educated

Getting to knowthe Financial ServicesAction Plan (FSAP)

The FSAP is intended to:

• Complete a single EU wholesalemarket – in which market participantscan buy and sell financial instrumentsfreely across borders and raise capitalin other member states on the basisof domestic financial disclosuredocuments.

• Create open and secure retailmarkets – in which financialinstitutions can provide services to EUconsumers on the same terms andconditions as they do domestically.

• Establish high and consistentprudential requirements to helpensure the safety of the financialmarkets and support the full utilizationof the single ‘passport’ based onhome-country authorization andsupervision.



and selective, this trend should continue. However, there’s much still to do and theIMA is seeking change in three areas inparticular:

Deregulation of local registrationrequirements: The IMA believes thatthe European passport under theUndertakings for Collective Investmentin Transferable Securities (UCITS)Directive (which established mutualrecognition of mutual funds meetingprescribed criteria) should mean what itsays: if a fund is accepted as a UCITS inone state, it should be marketable in theothers. There should be no need for

restrictive and time consuming localregistration requirements.

Facilitation of fund mergers: It is verydifficult in some member states tomerge funds domestically and evenharder to do cross border; simplified,harmonized rules are needed to makethis much easier and enable firms toreap the benefits of consolidation andefficiency. The European market is halfthe size of the US but has three times as many funds. The IMA believes thatconsolidation is overdue.

The ability to pool: firms should be ableto centralize as many of their back-officefunctions as possible so that they canoperate one product infrastructure andadapt their offerings to differentmarkets, rather than replicate theiroperations across all the states in whichthey have products.

“These are needed steps we hope willbe part of the ongoing UCITS debate”,says Nicoll.

Time to focus on enforcementThe greatest threat to the hoped-foreconomic benefits from the FSAP willlikely be market distortion arising fromsituations in which individual memberstates choose to go beyond therequirements of the directives (so-called‘super-equivalence’) or a failure on thepart of regulators to enforce the newstandards.

So far, implementation of the variousmeasures (and predecessor directives)has been mixed:

• Ambiguity in directive texts allowsinconsistent and sometimes illogicalimplementation.

• Additional local regulatory rules,registrations, and approvals oftenconflict with the spirit of the freemarket, sometimes veering towardprotectionism.

• Differing interpretations by memberstates of directive requirements, ordifferent domestic regulatory‘overlays’, result in vastly differentimpacts in member states.

Lamfalussy and CESR

the banking and insurance sector havealso been created.

Says McKee, “We think that Lamfalussyis the right approach because it allowsthe regulators to work on morecommon approaches in discussion withindustry and the EU institutions.”

Financial institutions have theopportunity to influence policydevelopments at the various levels, in particular during consultation on the directives themselves, CESR’srecommendations and proposedregulations and proposals for nationalimplementation.

Involvement sooner rather than later is important, as any involvement left until national implementation may be severely limited.

“A legislative framework in and of itselfdoes not deliver a single market,”notes McKee. ”A single market isdelivered by economic actors, fundmanagers, corporations, all seeingeconomic opportunities in cross-borderbusiness. On the other hand, the FSAPwill produce a range of changes thatwill lead to better integration – but notnecessarily complete integration.”

The FSAP enables financial servicesinstitutions to influence how theregulatory requirements develop at fourlevels of the process: the Council, theParliament, the Commission, and theRegulators.

“The biggest benefit of the FSAP,”says McKee, from the BBA, “is that it’s driving discussion between themember states, the marketparticipants, the regulators and the law-makers, about what sort of Europeancapital market they want. And eventhough some of those participants maybe more reluctant than others to bedriven forward, on balance that iswhat’s happening – Europe is beingdriven forward to a more integrated,developed pan-European market, in arange of products”.

To that end, the ‘Lamfalussy approach’was designed within the FSAP processto speed up and increase theeffectiveness of the single marketregulatory initiatives. It created theCommittee of European SecuritiesRegulators (CESR), a group of 25regulators (one from each memberstate), who work together onregulations and measures to implementthe directives. Similar committees in

There is widespreadskepticism about howmuch overall economicdifference the singlemarket will make in theshort-term.



At the same time, a consensus isemerging that the focus should now be on effective implementation andenforcement of existing directives; littleappetite remains for additional legislativeinitiatives. Both the Commission’s andCESR’s recent reviews have promisedsuch a focus – a move that will bewelcomed by institutions that want topenetrate a single, free market. Butenforcement of single market legislationalone will not be enough to address theremaining gaps. More robust controlsaround competition and proactiveenforcement of competition law willlikely also be needed.

Issues for accession countriesThe challenges of a multi-facetedEuropean regulatory regime that hasevolved over decades are exacerbated for the ten accession countries, whichjoined the EU in May. By 2007 there will be 27 member States in the EU.

However, many accession countries’banks have already been purchased bylarge EU banks, which are alreadyfamiliar with the European agenda/regulation and direct compliancearrangements from their established EU head offices. But for others, and forthe regulators, the ‘catch up’ challengewill be significant.

What institutions can doWhat can – and should – institutions doin this environment?

• Consider the potential impact of thedirectives on your business. Effectiveconsideration needs to be at severallevels: strategic, operational andcompliance. Many focus (if at all) onlyon the latter, to their potential long-termcost.

• Plan for different scenarios withinEurope. Various very differenteconomic outcomes (and timings) arestill possible as a result of regulatoryand other changes, and they will varyacross sector. Is your business strategy‘stress-tested’ against potentialscenarios?

• Don’t wait for nationalimplementation proposals. It may be easier to understand them and theirpractical effect, but by the time theyemerge it is probably too late to changethem. Keep an eye, especially, on theCESR proposals, as this is the level atwhich substantive policy is now made.

• Use and participate actively in tradeassociations. Find out what issuesthey are championing, whether youagree, how you can use them to helpyou keep track and leverage your voice.

ConclusionWhen considered alongside thecompliance issues financial institutionsface in implementing Basel II,International Financial ReportingStandards (IFRS), and other evolvingregulation, just keeping track of thevarious FSAP and other Europeaninitiatives represents a tough challenge.And there is widespread skepticismabout how much overall economicdifference the single market will make in the short-term.

Over the longer term, however,consistent regulation and alsoderegulation, if achieved, shouldgradually be recognized as a cornerstoneof a free, open, single market in financialservices, with the attendant benefits ofcompetition, efficiency, and choice. Butthere is a long way to go, and factorsother than regulation are more likely toset the pace – factors such as the speedof wider acceptance of the euro, appetitefor major cross-border bank mergers,progress with tax harmonization, and theextent of enforcement against nationalanti-competitive practices.

1 http://europa.eu.int/comm/lisbon_strategy/index_en.html 2 Frits Bolkestein, Member of the European Commission in

charge of the Internal Market, Taxation an Customs, “Learningthe lessons of the Financial Services Action Plan,” Address atEdinburgh Finance and Investment Seminar Edinburgh, 29January 2004.http://europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=gt&doc=SPEECH/04/50|0|RAPID&lg=EN

Dirk Auerbach

Partner, Frankfurt/Main office of KPMG’sGerman member firm*Head of KPMG’s Regulatory Services practice Tel: +49 (69) 9587 2793Fax: +49 (69) 9587 2958e-Mail: [email protected]

Jonathan Jesty


Richard Cysarz

Partner, KPMG Polska Sp. z.o.o. (Poland)Head of KPMG’s Financial Services practiceTel: +48 (22) 528 10 80Fax: +48 (22) 528 10 69e-Mail: [email protected]



➜ How well do I understand the FSAPand how it could affect my businessmodel?

➜ What key potential Europeanscenarios should I be planning for?

➜ Has my organization sought toinfluence the European debate?What are the priority issues for us toinfluence?

➜ How well do we use our tradeassociations?

➜ To what extent have we consideredwhat opportunities there are inaccession countries?

* KPMG Deutsche Treuhand-Gesellschaft AktiengesellschaftWirtschaftsprüfungsgesellschaft, the German member firm ofKPMG International, a Swiss cooperative that serves as acoordinating entity for a network of independent member firms.




Aquiet revolutionChina’s financial regulators are broadly sticking to the marketopening promises of their World Trade Organization (WTO)commitments, but will they relax their iron grip on foreign businessoperations? By Jack Chow, Paul Kennedy, Bonn Liu and Stephen Yiu




China’s accession to the WTO hasprofound implications for the country’sfinancial services markets, with anongoing program of deregulation whichwill open China fully to foreigncompetition by the end of 2006. Exactlywhat the transformed industries will looklike is anyone’s guess, but with theChinese economy in transition andregulation in a state of flux there areclearly risks, challenges andopportunities in equal measure.

Since the markets originally opened inthe 1980s, foreign financial enterprisesin the country have operated under aregulatory straitjacket, with manyexperiencing painful losses. Their fate isnow in the hands of China’s three newindependent financial regulators, theChina Banking Regulatory Commission(CBRC), the China Insurance RegulatoryCommission (CIRC) and the ChinaSecurities Regulatory Commission(CSRC). The regulators’ priority is healthydevelopment of the home market.Restructuring and new regulation aretherefore geared towards increasing the competitive ability of domesticbusinesses in preparation for whenthings really open up.

Rates of change and progress across the banking, insurance and securitiesmarkets differ, but a common theme is that regulators welcome foreigninvestment and want local businesses to be able to learn and improve throughjoint ventures. However, there are stillstiff entry qualifications and tight limitson investment and business scope – allof which may have the effect ofmaintaining barriers to entry. A keychallenge for foreign businesses is tounderstand and negotiate the complexregulatory framework and ensureappropriate regulatory risk managementstructures are in place to ensurecontinued compliance.

Let us consider the current position inthe quite different sectors of banking,insurance and securities/fundmanagement.

Is the tide turning for foreignbanks? Despite the tight regulatory restrictions,high capital requirements and low returnswhich have kept foreign banks out ofmany sectors of the market, bottom lineresults have been slowly and steadilyimproving and asset bases increasing.The number of foreign banks obtaininglicenses for new branches or Renminbibusiness has also been growing steadily.Now in 2004, it’s clear that the frostyattitude of China’s regulators to foreignbanks is finally thawing.

The last year has seen renewed focus by China’s policy makers on restructuringthe beleaguered state banks,culminating in the December 2003injection of US$45 billion1 of China’sforeign exchange reserves into two ofthe big four state banks (which togetheraccount for two thirds of the country’sbanking assets).

The formation of the CBRC in April 2003saw a marked change of attitude to therole foreign banks can play in developingthe local banking sector. Encouragingmoves from the CBRC have included aproposal to reduce capital requirementsand increase the upper limit for foreigninvestment in local banks. BNP Paribasformed China’s only wholly foreignowned bank2 when it bought out its jointventure partner in October 2003. InFebruary 2004 a handful of major foreignbanks were granted licenses to carry onlocal currency business with People’sRepublic of China (PRC) corporates,continuing the market-opening trend thatwill culminate in granting access to thelucrative local currency retail businesssome time after December 2006.

However, the regulator is unlikely toloosen its grip on existing and newforeign bank branches. New licenses forexisting branches will continue to requiretwo years’ profitable operation at branchlevel. Foreign banks will be limited to amaximum of one new branch a year.Regulators are also likely to continuetheir requirements for high levels ofcapital at individual branch level –regardless of the bank’s overall capital

A key challenge for foreignbusinesses is to understandand negotiate the complexregulatory framework andensure appropriate regulatoryrisk management structuresare in place to ensurecontinued compliance.


Entering the Chinese market for

the first time

➜ Do we have a clear understanding ofthe regulatory requirements in ourproposed market sector?

➜ What are our requirements for speedof entry into the market versuscontrol?

➜ Do we know enough about potentialjoint venture partners, their culture,aspirations and strategies?

➜ What regulatory risk factors are likelyto have an impact on our financialmodel (for example pricingderegulation, relaxing of sales andinvestment channel limitations)?

Existing interests in China

➜ Do we fully understand theregulatory risk profile of our existingChinese interests?

➜ What influence do we have on thedirection of thinking of regulators?

➜ Do we have a clear strategy tohandle change as the Chinesemarkets open up?



position. In addition it is expected thatforeign banks will soon be required torecapitalize those branches that havesignificant accumulated losses broughtforward from prior years, regardless ofcurrent levels of profitability.

The market will become morecompetitive. Local banks are adaptingquickly to improve their service and canbe expected to leverage their access tocheap funds from local savings and theirbranch networks. This, together withregulated interest rates and the lack of a convertible currency will continue tofrustrate foreign banks and limit theirability to exploit their competitiveadvantage.

As a final twist, China has recently givenfast track access to Hong Kongincorporated banks through the CloserEconomic Partnership Agreement(CEPA) signed with Hong Kong last year.This will bring a batch of hungry HongKong banks to join the party – inparticular in Southern China where theywill enjoy a cultural advantage. Sixty-twoforeign banks with 191 branches andsub-branches3 are already operating inChina’s larger cities, in what might fastbecome an over-banked market.

Despite the many challenges, the outlookis more positive. While regulation remainsrestrictive, it is gradually moving closer toless oppressive international norms. Theeconomy remains vibrant and consumersare showing a distinct appetite for creditproducts. Access to the retail market iswithin sight. Those canny enough tonegotiate the pitfalls and stay the distancemay get one of those fabled money-printing licenses after all.

Changing the shape of insurance Since the mid 1980s, when Chineseinsurance was dominated by thePeople’s Insurance Company of China(PICC), the industry has moved slowlytoward a more competitive model. Butthere is still a long way to go:

•The life market is in its infancy. Three insurers hold 92 percent of the market4 and penetration is low:

China’s potential

demands capital. Wealth levels are onthe increase: the richest 10 percentenjoy an average disposable income of US$2,300 per month.

Those at the high end of the incomespectrum will clearly demand moresophisticated and competitive financialservices and products, as will businessenterprises in busy sectors likeimport/export. One indicator of themarket’s potential is the country’ssubstantial savings rates, currentlyrunning at 42 percent of GDP in 20026.Local banks are sitting on almostUS$1.25 trillion in household deposits7.On the credit side, the potential forconsumer banking services is indicatedby the current very low penetration incredit cards: only one million8 real creditcards circulate in China compared withapproximately 450 million debit cards9.Growth in total consumer credit has alsobeen around 50 percent per annum forthe last two years.

Domestically, the State banking andinsurance sector faces seriousrestructuring to make it efficient andcompetitive. Financial enterprises aredogged by historical problems includingoverstaffing, weak internal controls,poor or mandated lending andinvestment decisions, and a marketwhich historically has not required thebreadth of products offeredinternationally. There is culturalresistance to borrowing and debt, andthe choice of quality products forinvestment is limited.

On the upside, China’s potential as agrowth market for financial products isvast, both in traditional banking and thedeveloping insurance, investmentbanking and securities sectors. Fasteconomic growth, boosted by exportsand substantial foreign directinvestment, has led GDP to increase by9.1 percent in 20036, higher than mostother countries, and this rapid expansion



premiums were just 3.33 percent ofGDP in 20035, compared with a worldaverage of 4.7 percent

•Non-life is dominated by one playerwith 70 percent10 of the market (the topthree hold 94 percent4). But there is fastgrowth, boosted by growing disposableincome, increasing investment in fixedassets and rising ownership of motorvehicles and private homes.

Until recently, the regulators have beensticking to their guns about strictsegregation between life and non-lifebusiness. However, since its formationat the end of 1998 the CIRC seems nowto be having a change of heart. The CIRChas issued a revised rule allowing bothlife and non-life players to provide short-term health business and accidentbusiness.

In common with the banking industry,China’s insurance businesses are in need of large cash injections to resolvecapitalization problems. Over the lasttwo years, the regulator has revised thesolvency margin regulations. Domesticinsurers are keen to resolve this issue byIPO listing or by inviting foreign investorsto inject capital.

In China, although insurance companiesand banks cannot participate in eachothers’ businesses, bancassurance isbecoming an important distributionchannel for insurance. Bancassurance isallowed on very restricted terms, in thatbanks can carry products on behalf ofinsurance companies – but strictly on abranch by branch basis rather thanthrough a centralized relationship. Theregulators are determined to keepsectors separate and this is unlikely tochange in the near future.

We are, however, seeing a more relaxedattitude to the insurance companies’investments. In the past, they were notallowed to invest in equities or any otherhigh risk vehicles. Now the investmentmarket is opening up and returns areimproving, the regulator is slowlystarting to permit insurance companiesto participate. We can expect to see

Finding your way around the regulatory maze

work of each sub-division of theregulators is very specific and may berather narrow. Foreign investors mayneed to arrange a number of separatemeetings with the regulator’s licenseapprovals, business and accountingdepartments to work out the possiblesolution to a complex issue. And even if you do all of that, it can be difficult to obtain a firm final answer.

Building a good relationship with theregulators and policymakers is clearlythe key to speeding up the businessestablishment process. Somebusinesses have approached this byhiring ex-regulators as consultants, toadvise them on how to negotiate theregulatory system, make the rightconnections and establish channels of communication.

Heavy administrative burden The regulators have a lengthy catalog ofmatters on which market entrants haveto seek approval before they canproceed. Regulatory reporting forestablished entities is also very paperintensive and bureaucratic. Evenopening a bank account in a foreigncurrency can be a tedious processrequiring approval from both therespective business regulators and theState of Administration of ForeignExchange. Even though this situation is likely to improve, it is also likely filingrequirements will remain burdensomefor the foreseeable future – and thatmeans lots of paperwork.

Foreign entities often find the regulatoryenvironment onerous because theyhave less knowledge of the system,what is required and what is standardpractice. Clarification of regulations canbe difficult to pin down, can changewithout notice, and can be applied withdifferent emphasis by different officers.As a result, the cost of ensuringcompliance – as well as the risk of non-compliance – can be very high. As aforeign entrant, you need to be aware ofthe subtleties of application and practice.

Why might the rules be unclear?The local Bureau may interpretregulations differently to the State andadopt different practice. To make thingsmore difficult, it is not common forregulators to issue written conclusions – they prefer to give you an oral answer.The risk here is that if the officer incharge moves on to a new post, thenew incumbent may change thedecision about your case.

It can be difficult to find your wayaround which authority stands behindthe various rules, circulars and noticesissued by different supervisory bodies.For example, regulatory bodies mayissue rules or circulars on accountingand disclosure for certain items whichare not consistent with those issued bythe Ministry of Finance (MOF), and itmay not be obvious whetherclarification should be sought from theregulators or the Ministry.

It can also take a long time to cascade a new rule from the State to theprovinces. Usually, the local Bureau willneed a specific, detailed rule in placebefore they will implement any newState regulation.

Complex communicationchannelsForeign investors may have difficultyeven arranging meetings with theregulators. Additionally, the scope of



1 Christine Chan, South China Morning Post, Business Post, 7 January 2004.

2 Mark O’Neill, South China Morning Post, Business Post, 19 January 2004.

3 Andrew K. Collier, South China Morning Post, Business Post,2 December 2003.

4 Section 2.2 Insurance companies, EIU Country Finance, 31 August 2003.

5 Xinhua Economic News Service, World News, 11 February 2004.

6 South China Morning Post, 16 February 2004.7 Figures at 31 December 2003 – People’s Bank of China

websitehttp://www.pbc.gov.cn/baogaoyutongjishuju/2003S1.htm

8 Nikkei Weekly, 23 February 2004.9 Dennis Eng, The Standard, 27 October 2003.10 Christine Chan, South China Morning Post, Business Post,

7 November 2003.11 Funds under an umbrella structure are counted as one fund,

extracted from Huaan Fund Management Co., Ltd. websitehttp://www.huaan.com.cn/fundinfo/fundBase/fundList.jsp?topcol=5

12 Establishment of fund management companies with ForeignEquity Participation Rules, China Securities RegulatoryCommission, 1 June 2002.

13 Securities fund law, People’s Republic of China (28 Oct 2003.)14 For full information on these requirements, see KPMG’s

Financial Services practice industry report “Sino-foreign jointventures in fund management: It takes two to tango”published by The Economist in January 2004.

Ultimately, success for foreign investorswill depend on setting the right price andbuilding trusting relationships withregulators, government and localpartners. The rewards should be worthwaiting for.

major growth in asset management as a consequence.

Securities: majoring on fundmanagementIn the PRC securities arena, fundmanagement seems to be the sector of most interest to foreign players.Securities brokerage is out of boundsand although there are some Sino-foreign joint ventures in securities, theyare limited to areas like advisory workand IPO underwriting.

At 31 December 2003 there were 35licensed fund management companiesin China, managing 95 funds11 wortharound US$22 billion – small potatoes in relation to the total assets of bankingand insurance. But fund managementhas only existed as a regulated industryin China since 1997, and up until 2001 it was completely closed to foreigners.The regulator – the CSRC – is tenaciouslypursuing reforms to strengthen thefinancial markets and enhance corporategovernance. Their goal is to establish amature industry, harnessing the technicalcapability and experience of the largeinternational players in mutuallybeneficial joint ventures.

The CSRC deals with investment fundsthat manage listed assets. It grantsapproval to the business plans of fundmanagement companies, and setseligibility conditions for their seniormanagers. Unlike the banking regulator,they grant licenses for nationwideoperation.

Foreign institutions can either set up ajoint venture arrangement with a localpartner or acquire an interest in anexisting Chinese firm. The foreignpartner can hold a maximum stake of33.3 percent, increasing to 49 percent bythe end of 200412. In practice, foreigninvestors are putting policies andshareholder agreements in place toprotect their interest as far as possibledespite having a minority interest in thejoint venture. Only securities houses ortrust investment companies arepermitted to set up fund managementfirms. Almost all successful foreign

interests in fund managementbusinesses to date are joint ventureswith Chinese securities firms, ratherthan fund management firms. FromJune 2004 new legislation comes intoforce to cope with the new productsthese companies are issuing13.

Entrants need a large capital base(approximately US$39 million paid-upshare capital) and the founding partnersmust have recorded profits and have aclean record with no regulatory violationsin the three years prior to setting up. Noforeign firm can invest in more than twofund management firms in China, andcan be in a controlling position in onlyone of them. There are also tightregulations on joint venture fundsspecifying everything from the minimumnumber of subscribers at launch (100) tothe maximum eventual size of the fund(US$25 million14).

The macroeconomics of China indicategood prospects for foreign investors inthis sector: there is a large savings pooland an absence of products to invest in.Most intriguing of all is the predictedpensions shortfall. The government islooking to offload the 125 billion yuan14

state pensions burden: professionalmanagement of these funds willprobably be called for, and the Statepensions operator has already made thefirst moves toward this by inviting sixdomestic fund managers to manage partof the portfolio. We believe the plan isgradually to permit a proportion ofpension assets to be diversified in equitiesdirectly or via domestic mutual funds.

Patience is a virtue…As the WTO terms kick in there shouldbe a leveling between foreign anddomestic businesses. Over time, theregulators want to create anenvironment where local financialservices operators are more modern andcompetitive. Foreign investors will findtheir niches, develop by joint venture oracquisition and settle down to servicingtheir chosen markets. However, growthmay be slow and steady rather thandramatic.

Jack Chow

Partner, KPMG in China and Hong KongKPMG’s Advisory Services practiceTel: +852 (-) 2826 8066Fax: +852 (-) 2845 2588e-Mail: [email protected]

Paul Kennedy

Partner, KPMG in China and Hong KongKPMG’s Financial Services practiceTel: +86 (21) 6288 2338Fax: +86 (21) 6288 1889e-Mail: [email protected]

Bonn Liu

Partner, KPMG in China and Hong KongKPMG’s Financial Services practice Tel: +852 (-) 2826 7421Fax: +852 (-) 2845 2588e-Mail: [email protected]

Stephen Yiu

Partner, KPMG in China and Hong KongKPMG’s Financial Services practiceTel: +852 (-) 2826 7126Fax: +852 (-) 2845 2588e-Mail: [email protected]



A common languagefor a common goal




The ABCs of XBRLXBRL is a freely available standarddeveloped by a 200 plus memberinternational not-for-profit consortium.Members include accountingorganizations, regulators, financialinstitutions, corporations, softwarevendors, and government entities.

Often referred to as ‘bar codes forfinancial statements,’ XBRL providesorganizations with a way to prepare,

The drive to enhance business reportingis fast accelerating among regulators and industry groups around the world.What’s more, in response to higherlevels of market scrutiny and anintensified regulatory environment,leading financial services organizationsare working toward closing their booksfaster, more accurately, and with greaterconfidence. They are also stepping uptheir efforts to improve the education of investors and analysts.

The success of such efforts ultimatelywill depend on two key factors:•The quality, integrity, and timeliness ofinformation; and

•The evolution of web-based technologytools that increase the flexibility andcomparability of reported information,thus enhancing its value.

XBRL (eXtensible Business ReportingLanguage) ‘fits the bill’ as an importantinnovation that is gaining momentumworldwide in meeting these two goals.

Financial sector regulators and XBRLXBRL is also receiving substantialattention from regulators worldwide as a way to reduce provider burden and toimprove the quality of information usedby government. Among the moreprominent to announce its use are theUS Federal bank supervisory agencies,the UK Financial Services Authority(FSA), and the US National Association of Insurance Supervisors, while manyothers are examining its utility.

We believe that ultimately XBRL willunderpin improvements across thespectrum of business reporting.

Moreover, credit and investmentdecisions will gradually evolve to dependon ready access to financial informationin XBRL form. Initially, companiesproviding data to capital markets in thisformat will stand out. Over time, webelieve use of XBRL will become abusiness necessity.

Thus, XBRL warrants the attention notjust of financial institutions’ ITdepartments but of their senior leaders.

Figure 1 So why consider XBRL?

Proprietary Non-XML – an in-house definition and messaging technology.

Proprietary XML – an in-house designed data representation for moving information from onesystem to another. Like XBRL but without the benefit of being a standard that many systemsconform to.

Fully meets this criteria Partly meets this criteria

Somewhat meets this criteria Does not meet this criteria

Paper Proprietarynon-XML

ProprietaryXML

XBRL

Regulators worldwide are working to improve reporting processeswith the help of the computer language XBRL. A coordinatedapproach to regulatory reporting will be one of the first ways thatfinancial services entities can benefit from its use. By Michael Elysée, Geoff Shuetrim and John Turner

Facilitates system-to-system dataintegrity

Supported by development tools inuse by companies

Supported by accounting packagesin use by companies

Facilitates data definition

Facilitates validation definition

Can leverage public accountingframework

Implementation time

Availability of technical knowledge



publish in a variety of formats, reliablyextract, and automatically exchange awide variety of business reportinginformation – financial and otherwise. Use of XBRL allows organizations to:

• ‘tag’ or label information so that it has structure and context;

•enter it into a system once, and then; •make it available for multiple purposesand in a variety of accountingenvironments.

Pros and cons Of course, XBRL is a very newtechnology, and it has been slow toaccelerate. Without the right technicalsupport, which to date comes from asmall number of vendors and serviceorganizations, users face relatively slowimplementation times while technicalknowledge improves. Scarce resourcescertainly drive up the cost of adopting anew technology, and that is somethingusers will likely face in the short-term.However, we believe that financialinstitutions should begin to examineXBRL. Reasons include:

• The standard has stabilized.• Vendors are adopting XBRL quickly.• Regulators are increasingly treating the

standard as something they have tomove towards.

• Taxonomies (the XBRL representationof reporting standards) are beingfinalized.

• Tools, techniques, and familiarity withthe technology are starting to becomean action point for IT professionals inthe financial sphere.

XBRL in action

and release information to bankexaminers. The development directlyaffects the approximately 9,000 USbanks that must submit the quarterlyfinancial filing forms known as ‘CallReports.’2

• The UK’s Inland Revenue departmenthas developed a set of XBRLtaxonomies that will allow the agencyto shift from paper-based to XBRL-based electronic filing of corporate taxreturns.3

• Responsible for analyzing the financialregulatory filings provided byAustralia’s 12,000 banks, insurers, andpension funds, the Australian

Prudential Regulation Authority

(APRA) has offered these financialinstitutions the option of filing in XBRLformat since 2001.4

Already supported by the large ERPvendors, the standard is increasinglybeing supported by a wide range ofaccounting vendors as well as specialistconsolidation and reporting tools.

More information is available atwww.kpmg.com/xbrl

1 http://www.eogs.dk/sw660.asp2 American Banker, ‘FDIC to Debut System to Speed

Disclosure,’ 23 September 2002.3 Discussion with Jeff Smith, Service Development Leader

for Companies, UK Inland Revenue, 2 December 2003.4 Australian Financial Review, 25 October 2001.

XBRL is already a prominent issue foraccounting organizations around theworld, and substantial effort has goneinto the development of accountingconcept classifications (called‘taxonomies’) that express accountingstandards in XBRL:

• The American Institute of CertifiedPublic Accountants (AICPA) has ledthe effort to capture US GAAP.

• The International AccountingStandards Committee Foundation (theIASB governing body) has sponsoredthe development of InternationalFinancial Reporting Standards (IFRS)taxonomies.

In addition: • The Danish Commerce and

Companies Agency (DCCA) nowallows electronic filing of companyfinancial statements in XBRL, creatinggreater visibility and improvedtransparency for Danish businessesand the framework for improvedcompliance reviews.1

•The US Federal Deposit Insurance

Corporation (FDIC) is replacing itsmost important quarterly datacollections from banks with mandatoryXBRL-based filings, reducing by halfthe time needed for US bankregulators to process these returns

XBRL offers sophisticatedusers of information a newway to define and automatedata exchange, without theneed to replace existingsystems.



Why XBRL is important tofinancial institutionsHarmonized regulatory reporting

Financial services organizations thatoperate across country borders generallyneed to provide regulatory data in everycountry in which they are licensed. Similarbut slightly different reporting obligationscreate re-work and substantial effort, notjust for accounting, capital management,and risk management specialists, but alsoin terms of IT capital spend.

For the first time, XBRL allows regulatorsto cooperate across borders and agreenot just to the broad principles associatedwith regulation but also to the specificdefinitions of regulatory reportingconcepts. We believe financial institutionsare well placed to encourage this type of cooperation.

Enhanced credit risk analysis

Reducing manual effort is the top prioritywhen examining the efficiency andeffectiveness of credit scoring. We havefound that banks that can shave even asmall proportion of the cost of thisbusiness process will do so. By reducingprocessing costs with XBRL, financialintermediaries can also realize improvedlevels of analysis. Better information,benchmarking, and more frequent reviewof a client’s financial performance shouldbenefit banker and customer alike.

Improved business processes

For banks and other large-scale users of complex internal managementinformation, the ability to acquire financialstatements and management reports ina platform-independent format via XBRLshould help simplify complex reportingprocesses and help leaders to makequicker and more reliable decisions.Manual processing (i.e. re-keying anddata handling) accounts for too much of the real-life time, effort and riskassociated with report production. Eachtime information is re-keyed or manuallytransformed, the process is slowed and,inevitably, errors occur. XBRL offerssophisticated users of information a new way to define and automate dataexchange, without the need to replaceexisting systems.

ConclusionOver the next several years we expect tosee increasing pressure from marketparticipants on the reporting function ofthose companies seeking debt andequity. Much of that pressure relatespurely to regulatory and market reformconcerning disclosure rules and practices.But some will relate to the seeminglymundane issue of information supply.

Eventually, a new equilibrium will bereached. Providing performanceinformation in XBRL form will be thenorm, and we believe those that fail todo so will be penalized by the market viareduced visibility and other barriers,including handling and administrationcharges. And until that time we expect tosee increasing incentives for companiesseeking capital to embrace XBRL in theirreporting strategy.

Michael Elysée

Partner, KPMG LLP (UK)Head of KPMG’s Financial Services InformationRisk Management practice, London Tel: +44 (0) 20 7311 5429Fax: +44 (0) 20 7311 5836e-Mail: [email protected]

Geoff Shuetrim

Associate Director, KPMG in AustraliaTel: +61 (2) 9335 7032Fax: +61 (2) 9299 7077e-Mail: [email protected]

John Turner

Senior Manager, KPMG LLP (UK)Tel: +44 (0) 20 7694 8835Fax: +44 (0) 20 7694 4038e-Mail: [email protected]



➜ Are our IT professionals familiar withXBRL?

➜ Do our staff manually re-entergeneral ledger transactions andbusiness unit financial statements toget them from format to format?

➜ Should we be examining the impactof XBRL on the cost of carrying outcredit assessments?

➜ Are our regulators moving to use thisstandard? If so, can we encouragethem to coordinate their efforts withthose of other jurisdictions in whichwe operate?

➜ Are management decisionssupported by business performancemeasures? Is the enterprise run fromreliable numbers? How often does‘gut feeling’ substitute for qualitydata?


Basel II is nearly upon us. The taximplications of the new Basel CapitalAccord may not be at the top ofeveryone’s agenda, but they will bringmajor change and they coincide with the OECD’s ongoing discussions aboutinternational taxation.

However, many organizations areconsidering how to restructureoperations to meet the new BaselAccord. If you intend to do this, you needto consider the tax implications carefully– both now and in the future as yourcapital funding structures change overtime. If you do not, you run the risk ofyour regulatory capital being eroded bytaxation.

Depending on the final shape of the newCapital Accord, your capital requirementsmay be greater or less. With Basel II lessthan a year off, many banks are alreadyputting funding in place to cover extracapital requirements – although it isdifficult to quantify how much you needand in some cases you may ultimately

need no extra funds. One certainty isthat once you start to move moneyaround your organization, there are goingto be tax consequences – possibly eventax costs.

Also, regulators are increasingly awarethat tax is itself a significant operationalrisk. So how are you responding to thetax implications of Basel and theregulatory requirement to manage taxrisk? Do you understand how tax andregulation impact on each other and whatyou should be doing now to prepare?

Basel II and the OECD ‘workinghypothesis’: a complexinterrelationThe original Basel Accord adopted a ‘onesize fits all’ approach, under which it wasrelatively easy to identify where marketand credit risk belonged and allocate itappropriately around the world.

Basel II, effective in 2007, is going to mixthings up a little. Firstly, it will introduce a more sophisticated way of categorizing

loan assets, allowing banks todifferentiate between relatively low- andhigh-risk lending. But it also adds a trickynew element into the mix: operational risk.

For those planning to adopt moreadvanced approaches to operational risk,allocating risks and associated capitalgeographically could present a complexproblem. If your risk lies in your ITsystems or your management structure,how can you say where in the world thatrisk belongs? One thing is certain: tax, asa major element of operational risk, willnow have more effect than ever beforeon capital requirements.

Since the release of its initial discussiondocument concerning the taxation ofPermanent Establishments (i.e.branches) in 2002, the OECD hascontinued to grapple with the issue ofdouble taxation. The current drafts of the working hypothesis cover banks andglobal trading organizations and came upfor another round of discussion in March2004. Their basic proposition (referred to

Basel II, OECD and tax: a complex relationship?

The Basel II and Organisation for Economic Co-operationand Development (OECD) consultations continue to moveforward in parallel, with similar timeframes – emphasizingthe impact tax and regulation have on each other and theregulators’ sharpening focus on tax as an operational risk.By Jörg Hashagen and Jane McCormick



as the ‘working hypothesis’) is thatbranches should be taxed broadly asthough they were separate legal entitiesand that regulatory capital should beallocated to individual internationalbranches according to the risk-weightedassets of each branch. If this practice isadopted, the tax treatment of branchbanks will be inextricably linked to thebank’s regulatory capital.

Key questions still unansweredSome countries may be ‘early adopters’of the working hypothesis: the UK, forexample, has decided not to wait for final conclusions, and has already putlegislation in place in line with currentOECD thinking with effect from this year.On the whole, though, it is likely to besome time before the OECD publishesfull conclusions and their approach isadopted internationally. In this light, it issurprising that the OECD’s debate is stillbeing conducted with reference to theexisting Basel Accord, without takinginto account the changes expectedunder Basel II.

There are big problems with the workinghypothesis even under the existingCapital Accord, largely because itrequires banks to divide risk assetsbetween geographic locations whilstBasel looks at the bank as a whole. Theworking hypothesis might be more validif risk measurements only referred tocredit risk. The inclusion of market riskmakes the proposition much moredifficult to sustain: a global bankingoperation may well hedge market riskacross different locations. It gets evenmore difficult with Basel II’s inclusion ofoperational risk. The fact that operationalrisk cannot necessarily be tied tophysical operations in a particularjurisdiction is given no consideration inthe OECD discussion document.

Another problem which the workinghypothesis raises is that a proportion ofregulatory capital may be in the form ofdebt instruments or ‘innovative’structures, which may carry taxdeductible interest under the tax rules of a bank’s home state or under those of the particular branch which issued theinstrument. The question remains howthese instruments should be dealt with,especially where payments aredeductible in one jurisdiction whichwould not be deductible in another. This problem will remain under Basel II.

What action can you take now?Making strategic decisions – plan

ahead

Assuming that both Basel II and theOECD working hypothesis are adopted,the action which financial institutionstake to manage their regulatory capitalposition will have a big tax impact, bothin terms of overall taxable profits and thejurisdiction in which they are taxed.Long-term strategic decisions about thelocation and funding of operations should

The action which financialinstitutions take to managetheir regulatory capitalposition will have a big taximpact.




be taking this impact into account. Ahealthy exercise you can carry out now is to look carefully at where you arelocating risk, where there might bedegrees of flexibility in relocating it, andquantify the relative impact on tax costs.

In considering long-term structures it is also worth bearing in mind that thecapital funding requirements of differentbusinesses are likely to change as aresult of the new Capital Accord. Somebusinesses, such as mortgage lendingwhere there is a high level of collateral,may require less capital in the future.Others -– especially those where there isa high degree of operational risk – willneed more. Moving capital, especiallyacross international borders, often has atax cost. This means that ideally anycapital funding structures put in placeshould be capable of being unwound orrestructured in the relatively near futurewithout adverse tax consequences.Capital funding structures may be

available which should help banks toachieve this flexibility.

Smart use of compliance data

If your organization is aiming to adopt theinternal ratings based approaches tocredit risk, you are probably puttingmodels in place to measure and monitorrisk assets in preparation for Basel II.Your tax professionals need to take alook at what is proposed, to assesswhether the models will help in collatingthe data you need for tax purposes,if the working hypothesis is adopted.Significant additional compliance costscould be in prospect if you need to put

together a completely separate set ofdata for tax purposes. A good questionto ask is whether the data you arecollating on risk-weighted assets can besplit on a geographic basis and whether– if you are making changes to yoursystems/implementing new systems inorder to meet the Basel requirements –the needs of your tax department can be taken into account in relation to datacollection and analysis.

You may also need to consider whereassets are booked and whether thebooking location can be defended asvalid for tax purposes. The OECD mayconsider representations on this point,but one can foresee circumstances inwhich the initial booking location ofassets (or their transfer betweenbranches) may not be accepted. Thisissue can be particularly difficult wherebooking is centralized for purposes ofoperational efficiency or in the case ofglobal banking facilities.

The question you need toask is where and how taxissues might arise whichcould directly or indirectlyhave a significant adverseimpact.



What we really need is further guidancefrom the OECD: the existing discussionof this issue is somewhat outdated andvery limited on the question of capital.Greater cooperation between the OECD,Basel and the EU would be most helpful.As an organization, it may be helpful foryou to engage personally with regulatorson the tax implications of the New Accord.

Looking at tax as an operational riskTax is an operational risk. Any financialinstitution intending to adopt theadvanced approach to operational riskwill be interested in tax riskmanagement, and it’s certainly an arearegulators are becoming more aware ofsince it can erode capital if not managedeffectively. The question you need to ask is where and how tax issues mightarise which could directly or indirectly(e.g. by affecting the viability of aparticular product) have a significantadverse impact.

To be classed as good managers of taxrisk, banks will need to take acomprehensive approach to identifyingwhere tax risk may arise and developapproaches to monitoring and managingthese risks – many and varied as theywill no doubt be.

Experience suggests that financialinstitutions tend to be good at managingrisk in areas where the tax position of theorganization itself is a core component ofthe business in question – leasing, forexample. They are less good atidentifying and managing the moreobscure or non-core areas of risk: forexample, where the risk is that the taximpact on a customer or counterparty isnot as represented to them.

Giving thought now to developing a solidstrategic approach to management ofthese risks is sure to pay off.

Jörg Hashagen

Partner, Frankfurt/Main office of KPMG’sGerman member firm*Global Head of KPMG’s Financial Services Risk Advisory practiceTel: +49 (69) 9587 2787Fax: +49 (69) 9587 2652e-Mail: [email protected]

Jane McCormick

Partner, KPMG LLP (UK)Global Head of KPMG’s InvestmentManagement and Funds Tax practiceTel: +44 (0) 20 7311 5624Fax: +44 (0) 20 7311 5844e-Mail: [email protected]



➜ How well have we evaluated the taxcosts associated with restructuringin order to meet regulatory capitalrequirements?

➜ How confident are we that our taxrisk is well controlled?

➜ Where might we be at risk of doubletaxation as a consequence of BaselII? Have we taken account of theOECD working hypothesis?

➜ Would systems we are building forBasel compliance also be useful fortax compliance?

➜ Are we collecting the right kind ofgeographic data?




Regulation: all risk and no reward?Introduction

Brendan NelsonGlobal Chairman, KPMG LLP (UK) KPMG’s Financial Services practiceTel: +44 (0) 20 7311 6157Fax +44 (0) 20 7311 5891e-Mail: [email protected]

Expanding regulatory horizons

Hugh C KellyDirector, KPMG LLP (US)KPMG’s Regulatory Risk Advisory Services practiceTel: +1 (202) 533 5200Fax: +1 (202) 533 8528e-Mail: [email protected]

John SomervillePartner, KPMG in AustraliaHead of KPMG’s Financial Risk Managementand Regulation and Compliance practicesTel: +61 (3) 9288 5074Fax: +61 (3) 9288 5977e-Mail: [email protected]

The art of compliance

Pamela HauserDirector, KPMG in AustraliaKPMG’s Regulation and Compliance practiceTel: +61 (3) 9288 6074Fax: +61 (3) 9288 6666e-Mail: [email protected]

Marcus SephtonPartner, KPMG LLP (UK)KPMG’s Regulatory Services practiceTel: +44 (0) 20 7311 5171Fax: +44 (0) 20 7311 5882e-Mail: [email protected]

Capital adequacy: insurers play catch-up

Tim ChildsSenior Manager, KPMG LLP (UK)KPMG’s Financial Risk Management practiceTel: +44 (0) 20 7694 2040Fax: +44 (0) 20 7311 1489e-Mail: [email protected]

Peter de GrootPartner, KPMG Business Advisory Services B.V. (The Netherlands)Head of KPMG’s Insurance Risk Management practice Tel: +31 (20) 656 7489Fax: +31 (20) 656 7966e-Mail: [email protected]

Beware: consumers

Douglas HendersonManaging Director, KPMG LLP (US)Head of KPMG’s Securities Segment of the USRegulatory Advisory Services practiceTel: +1 (212) 872 6687Fax: +1 (212) 954 7251e-Mail: [email protected]

Sarah WillisonSenior Manager, KPMG LLP (UK)KPMG’s Regulatory Services practiceTel: +44 (0) 20 7694 2206Fax: +44 (0) 20 7311 5861e-Mail: [email protected]

Fighting financial crime

Bernard FactorPartner, KPMG LLP (UK)KPMG’s Forensic practiceTel: +44 (0) 20 7311 3987Fax: +44 (0) 20 7311 3626e-Mail: [email protected]

Giles WilliamsPartner, KPMG LLP (UK)KPMG’s Regulatory Services practiceTel: +44 (0) 20 7311 5354Fax: +44 (0) 20 7311 5882e-Mail: [email protected]

No entry for money launderers

Stuart RobertsonPartner, KPMG Fides Peat (Switzerland)Head of KPMG’s Audit Financial Services practiceTel: +41 (0) 1 249 3345Fax: +41 (0) 1 249 2121e-Mail: [email protected]

Avoiding the regulators’ red flag onoutsourcing

Michael ConoverPartner, KPMG LLP (US)Head of KPMG’s US Financial Risk Management practiceTel: +1 (212) 872 6402Fax: +1 (707) 982 0277e-Mail: [email protected]

Scott HarrisonManaging Director, KPMG LLP (US)KPMG’s Regulatory Risk Advisory Servicespractice Tel: +1 (202) 533 3092Fax: +1 (202) 533 8528e-Mail: [email protected]

John MachinPartner, KPMG LLP (UK)KPMG’s Risk Advisory Services practiceTel: +44 (0) 20 7311 5454Fax: +44 (0) 20 7311 1489e-Mail: [email protected]

Tracking the European single market

Dirk AuerbachPartner, Frankfurt/Main office of KPMG’sGerman member firm*Head of KPMG’s Regulatory Services practice Tel: +49 (69) 9587 2793Fax: +49 (69) 9587 2958e-Mail: [email protected]

Richard CysarzPartner, KPMG Polska Sp. z.o.o. (Poland)Head of KPMG’s Financial Services practiceTel: +48 (22) 528 10 80Fax: +48 (22) 528 10 69e-Mail: [email protected]

Jonathan JestyPartner, KPMG LLP (UK)KPMG’s Regulatory Services practiceTel: +44 (0) 20 7311 5293Fax: +44 (0) 20 7311 5882e-Mail: [email protected]

A quiet revolution

Jack ChowPartner, KPMG in China and Hong KongKPMG’s Advisory Services practiceTel: +852 (-) 2826 8066Fax: +852 (-) 2845 2588e-Mail: [email protected]

Paul KennedyPartner, KPMG in China and Hong KongKPMG’s Financial Services practiceTel: +86 (21) 6288 2338Fax: +86 (21) 6288 1889e-Mail: [email protected]

Bonn LiuPartner, KPMG in China and Hong KongKPMG’s Financial Services practice Tel: +852 (-) 2826 7421Fax: +852 (-) 2845 2588e-Mail: [email protected]

Stephen YiuPartner, KPMG in China and Hong KongKPMG’s Financial Services practiceTel: +852 (-) 2826 7126Fax: +852 (-) 2845 2588e-Mail: [email protected]

A common language for a common goal

Michael ElyséePartner, KPMG LLP (UK)Head of KPMG’s Financial Services InformationRisk Management practice, London Tel: +44 (0) 20 7311 5429Fax: +44 (0) 20 7311 5836e-Mail: [email protected]

Geoff ShuetrimAssociate Director, KPMG in AustraliaTel: +61 (2) 9335 7032Fax: +61 (2) 9299 7077e-Mail: [email protected]

John TurnerSenior Manager, KPMG LLP (UK)Tel: +44 (0) 20 7694 8835Fax: +44 (0) 20 7694 4038e-Mail: [email protected]

Basel II, OECD and tax: a complexrelationship?

Jörg HashagenPartner, Frankfurt/Main office of KPMG’sGerman member firm*Global Head of KPMG’s Financial Services Risk Advisory practiceTel: +49 (69) 9587 2787Fax: +49 (69) 9587 2652e-Mail: [email protected]

Jane McCormickPartner, KPMG LLP (UK)Global Head of KPMG’s InvestmentManagement and Funds Tax practiceTel: +44 (0) 20 7311 5624Fax: +44 (0) 20 7311 5844e-Mail: [email protected]

Contact information for KPMG member firmsRegulation: all risk and no reward?




01 Introduction

For financial institutions, regulatoryrisk is on the increase but there arebenefits to be had, if it is managedproperly.Brendan Nelson

06 Expanding regulatory horizons

Regulatory risks around the worldare escalating and regulators arenow interacting on many levels. So how can you protect yourorganization everywhere from risksthat can rise anywhere?Hugh Kelly and John Somerville

10 The art of compliance

The role of the compliance functioncontinues to evolve but what does asuccessful function look like?Pamela Hauser and Marcus Sephton

14 Capital adequacy: insurers play

catch-up

Prudential regulation within theinsurance sector is moving towards a Basel II-type model. Can insurersstep up to the challenge?Tim Childs and Peter de Groot

18 Beware: consumers

How can organizations successfullyrespond to an increasing consumerregulatory trend and what are thedangers they face?Douglas Henderson and Sarah Willison

22 Fighting financial crime

Financial crime continues to pay, butfinancial institutions can fight back byimplementing a comprehensive, risk-based program.Bernard Factor and Giles Williams

26 No entry for money launderers

UBS, one of the largest Swiss globalbanks, shares its thorough approachto combating financial crime.Stuart Robertson

30 Avoiding the regulators’ red flag

on outsourcing

When implemented properly,outsourcing has proven its worth,but regulators are insisting financialinstitutions exercise more care.Michael Conover, Scott Harrison andJohn Machin

34 Tracking the European

single market

Financial institutions need tounderstand how evolving singlemarket legislation could affect themand how they could influence itsdevelopment.Dirk Auerbach, Richard Cysarz andJonathan Jesty

38 A quiet revolution

China’s accession to the WTO hasprofound implications for thecountry’s financial services markets,creating risks, challenges andopportunities in equal measure.Jack Chow, Paul Kennedy, Bonn Liuand Stephen Yiu

44 A common language for a

common goal

A computer language, XBRL, willhelp regulators worldwide improvetheir reporting processes, and itsvalue will extend to financialinstitutions.Michael Elysée, Geoff Shuetrim and John Turner

48 Basel II, OECD and tax: a complex

relationship?

Banks need to consider carefully how tax and regulation impact oneach other and what they should be doing to manage the effect.Jörg Hashagen and Jane McCormick

In this issue

The information contained herien is of a general nature and is not intended to address the circumstances of any particularindividual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that suchinformation is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on suchinformation without appropriate professional advice after a thorough examination of the particular situation.

KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent firms. KPMGInternational provides no audit or other client services. Such services are provided solely by member firms in their respectivegeographic areas. KPMG International and its member firms are legally distinct and separate entities. They are not and nothingcontained herein shall be construed to place these entities in the relationship of parents, subsidiaries, agents, partners, or jointventurers. No member firm has any authority (actual, apparent, implied or otherwise) to obligate or bind KPMG International or any member firm in any manner whatsoever.

© 2004 KPMG International. KPMG International is a Swisscooperative of which all KPMG firms are members. KPMGInternational provides no services to clients. Each memberfirm is a separate and independent legal entity and eachdescribes itself as such. All rights reserved.

Editor: Melanie Hutchings e-Mail: [email protected] by Mytton WilliamsPrinted by Jevons Brown, UKProduced by KPMG’s Global Financial Services practice

208652



Reg

ulatio

n:all risk an

d n

o rew

ard?

fron

tiers in fin

ance

jun

e 2004


frontiers in financefor decision makers in financial services June 2004

Expanding regulatory horizonsRegulatory risks around the world are escalating andregulators are now interacting on many levels. So howcan you protect your organization everywhere fromrisks that can rise anywhere?

The art of compliance The role of the compliance function continues to evolve but what does a successful function look like?

Capital adequacy: insurers play catch-upPrudential regulation within the insurance sector ismoving towards a Basel II-type model. Can insurers step up to the challenge?

Beware: consumersHow can organizations successfully respond to an increasing consumer regulatory trend and what are the dangers they face?

A quiet revolutionChina’s accession to the WTO has profoundimplications for the country’s financial services markets, creating risks, challenges and opportunities in equal measure.

FINANCIAL SERVICES

For further information on issues raised,please contact:

Brendan Nelson

Global Chairman, KPMG’s Financial Services practiceKPMG LLP (UK)1 Canada Square Canary Wharf London E14 5AG United Kingdom

Tel: +44 (0) 20 7311 6157 Fax: +44 (0) 20 7311 5891e-Mail: [email protected]

Joseph Mauriello

Regional Coordinating Partner, KPMG’s Financial Services practice, AmericasKPMG LLP (US)757 Third Avenue New York, NY 10017 USA

Tel: +1 (212) 954 3727 Fax: +1 (212) 954 2394e-Mail: [email protected]

Steve Roder

Regional Coordinating Partner, KPMG’s Financial Services practice, Asia PacificKPMG in Hong Kong8th Floor, Prince’s Building 10 Chater Road Central Hong Kong

Tel: +852 (-) 2826 7135 Fax: +852 (-) 2845 2588e-Mail: [email protected]

Peter Nash

Head of KPMG’s Financial Services practice,Australia KPMG in Australia7th Floor, KPMG House 161 Collins Street Melbourne, Victoria 3001 Australia

Tel: +61 (3) 9288 5613 Fax: +61 (3) 9288 6986 e-Mail: [email protected]

Georg Rönnberg

Regional Coordinating Partner,KPMG’s Financial Services practice, Europe, Middle East and Africa (EMA),KPMG Deutsche Treuhand-Gesellschaft AG. Marie-Curie-Straße 30 D-60439 Frankfurt /MainGermany

Tel : +49 (69) 9587 2686 Fax. +49 (69) 9587 2688e-Mail: [email protected]

kpmg.com

Please visit www.kpmg.com/financial_services to learn more about KPMG’s Global FinancialServices practice


Documents

frontiers in finance - KPMG