Competence Center Finan-
Our Competence Center Financial Services (CCFS) focuses on regulatory motivated projects. Here we mediate between specialist and IT departments, and in doing so minimize the risks involved in the operational implementation of compliance projects. To ensure they are on a level technical footing with our customers, our CCFS
consultants all have one thing in common: they are bankers. The combination of banking expertise and technological excellence is the decisive added value that is really appreciated by our customers.
THINGS TO KNOW:
- Even though regulatory requirements have been accompanying banks for some years, recent developments in the financial markets have resulted in a sharp rise in the importance of compliance. It is noticeable that alongside national initiatives (such as MaRisk, BDSG, WpHG, etc. in Germany), international regulations at EU (MiFID, Basel II, VKRL, etc.) or global level (e.g. SOX), for instance, are having a growing impact on banks' business activities. The same is true of industry standards (such as PCI DSS), even though these are not stipulated by the legislator.
Not only that, but in this age of global markets, national legislation may sometimes have less relevance than foreign regulations (as in the case of SOX), which especially affects global players in the banking sector. This makes day-to-day business activities exceedingly complex. Usually, new regulations result in the need to modify existing process landscapes.
BDSG, Basel II, SOX, MiFID: this list can be continued at will. The ever growing number of national and international regulations, which have to be complied with by you as a global player in the banking sector, are becoming more and more relevant. Trivadis supports you with your compliance projects in two respects. On the one hand we make your everyday business activities less complex, while on the other we organize your infrastructure so that future law amendments can also be implemented in a timely, efficient and flawless manner.
We have bundled our profound technical know-how and practical experience for you in so-called architecture blueprints. This knowledge lead enables us to significantly cut your project time requirements. Our knowledge of your needs results in state-of-the-art IT structures, shorter processes and future-proof solutions that sustainably secure your investments. Consequently, you will even gain a telling competitive edge from implementing legal requirements.
- Basel III: is the next installment already just around the corner?
Back in December 2010, the Basel Committee issued the Basel III regulations, which foresee stricter equity requirements and a new global liquidity regulatory framework.
The adopted rules stipulate that the capital base of financial institutions, alongside a number of other measures, is to be improved to establish a greater resistance to unfavourable developments in both the economic and financial sectors. Financial institutions should be able to stabilize (i.e. "save") themselves in times of crisis and return to normal business operations through their own efforts and without external aid.
This is nothing new (see Basel II), but the past (and in particular the 2007 financial crisis) has shown that the quality of the various components was not yet sufficient. All the Committee members therefore agreed to gradually adapt the capital and liquidity regulations from January 1, 2013.
The defined scenario envisages the partial withdrawal of investments, unscheduled usage of unused credit lines, and the loss of unsecured refinancing plans. A differentiation is made, for instance, between those assets where the tangible assets are counted at 100% of their market value, and such assets that can have a tangible proportion of up to 40%. The liquidity cover ratio (LCR) is due to be introduced on January 1, 2015.
However, the Basel Committee on Banking Supervision scrapped this schedule on January 6, 2013. Instead of having to meet the LCR in full in 2015, 60% of the reserves will suffice by this date. This figure will then be increased in annual increments until 100% is attained in 2019.
A situation analysis is initially required before the regulations can be implemented. The findings should show the networking and interrelations of the various IT systems in deployment at the financial institution. At the same time, what data is actually available for calculating the ratio should be determined. The open need for action is then derived from the identifiable difference between both analyses, which have to be compared with one another.
But what sounds so simple requires spending the corresponding time and costs on the implementation. To assure technical and procedural adherence to the prevailing time constraints, it is crucial that the granularity of the requisite data is made available to the national and international organizational units or subsidiaries. The current IT landscape and the findings of the all-round examination of the systems and business processes have a significant impact on the implementation burden.
Even before the Basel III regulations are fully implemented, recent developments have revealed foundations for extending and modifying the regulations. Various supervisory authorities have suggested that the risk modeling should be made less complex. This also concerns the reliability of the associated risk weighting in Pillar I. In the recent past, the Basel Committee has likewise instigated consultations and discussions that go beyond Basel III.
In December 2014, the Basel Committee on Banking Supervision (BCBS) published a set of proposals for a revision of the standardized approach for credit risk. Key points in these proposals concern the "abandonment of external ratings". This is intended to counter the problem which risk-weighting for bank and corporate exposures brings with it for certain risk drivers. The proposal also addresses the "enhanced granularity and risk sensitivity". Here, the current proposal foresees a revision of the exposure classes.
In addition, the proposal describes the "adjustment of the calibration of risk weights", as well as the improvement in the "comparability of capital requirements", and also the "reduced discrepancy over the IRB approach".
All of these steps/measures through to Basel IV are characterized by
- a higher leverage ratio, a lower limit in Pillar I for the mandatory capital requirement
- restrictions/constraints in existing advantages in the use of internal models (calculation of the capital requirements in accordance with Pillar 1)
- the establishment of simplified rules with comparable results
- higher/more stringent requirements for stress tests
- improved disclosure of information pursuant to Pillar II
The projects on the implementation of Basel III have revealed differences between individual countries. This affected both the formulation and the interpretations of the text of the directive, as well as the time frame.
These differences are not only the cause of inconsistencies in the implementation of Basel III, but also create the fertile ground for the drifting apart of the developments. Since Basel II has not yet been finally and comprehensively implemented, measures are now already being initiated that will go beyond Basel III.
The outlined developments in the direction of Basel IV already indicate fundamental implications for banks.
The Competence Center Financial Services (CCFS) team at Trivadis has intensively occupied itself with the initiative and the submitted proposals and has collated some interesting details, and above all addressed the impact on financial institutions and on IT in particular. We would be pleased to present our expertise in a personal meeting.
- AML (anti money laundering) and KYC (know your customer)
We have sound and long-standing experience in the regulatory environment of the Money Laundering Act. We provide our customers with process design support in various theme areas including the following:
- Initial collation of customer data
- Efficient post-collation of customer data
- Ongoing monitoring of customer data and/or transactions
Especially in recent years, new guidelines or amendments to existing legislation have made it necessary to extensively modify the aforementioned processes.
Compliance is therefore also becoming more and more a business enabler. Where customer data is obsolete or even incomplete, the Money Laundering Act stipulates that banks may not even establish the business relationship in the first place, or must terminate relationships with existing customers. Work instructions can be helpful in the first approach; in the long term, however, the IT systems in particular must support and therefore assure compliance with the guidelines. In the aforementioned theme areas, we bring our experience to bear in your project throughout its entire cycle (gap analysis, process concept, process testing and implementation). Backed up by our in-depth knowledge, we identify the relevant customer groups, prioritize them, navigate the groups towards sales activities, or initiate customer communication through different communication channels. Additionally, we know which situations are suitable for purchasing data, assist in contract negotiations, and conduct data purchases from various credit agencies (including semi- or fully-automated data processing).
On request, we can also apply our experience in setting up a compliance warehouse to facilitate future implementation through the efficient and correct provision of data in the KYC environment by means of consolidated data repositories.
Trivadis disposes of a high level of expertise in this field, and has successfully implemented many such projects during the past three years. Our Competence Center Financial Services can provide you with additional information material and further details at no obligation.
- Digitization - now or never?
The term 'digitization' is making the rounds in banking circles, and frequently implicates a total overhaul of existing infrastructures. But why right now?
15 years ago, the New Economy was a huge hype on a slow road to success. In the meantime, the ideas put forward then have been turned into reality. Network infrastructures and internet access are today a commodity.
Smartphones have brought the online world into our pockets, and customer wishes and market requirements have been transformed accordingly.
Banking products are also digital and virtual, making them perfect for tech-savvy start-ups, so-called FinTech companies. From these market changes has emerged the need for modified processes. Digitization, however, is decided in back-end processes and the data storage, and not in the front-end processes.
The CCFS team at Trivadis accompanies banks and insurance companies in the integral implementation of digitization strategies.
Our Competence Center Financial Services can provide you with additional information material and further details at no obligation.
- BCBS 239, risk data aggregation
Following consultations in 2012, the Basel Committee on Banking Supervision subsequently published its "Core principles for effective risk data aggregation and risk reporting" in January 2013.
The rules include requirements that have to be fulfilled for the organizational structure and processes of the risk function at financial service providers. For the very first time, financial institutions are obliged to satisfy specific regulatory requirements pertaining to IT architectures and data management.
The policy stipulates that, from January 2016, globally relevant financial institutions must flawlessly and transparently guarantee and substantiate the origin of their data.
The requirements that have to be met by the financial institutions are formulated based on the principles, and are divided into five, closely intermeshed thematic areas:
- Overall corporate governance and infrastructure
- Risk data aggregation capacities
- Risk reporting
- Regulatory reviews, utilization of tools and international collaboration.
Four spheres of activity are therefore derived from the principles of the Basel Committee, from which the implementation requirements can be structured.
- IT architecture
- Organization incl. IT management
- Data quality framework
- Risk reporting
The quality of the data (accuracy, flexibility, up-to-dateness and granularity) form the underlying basis. The quality is to be achieved with an extremely high degree of automation, which is also intended to minimize manual intervention in conjunction with a reduction in error rates.
One consequence of BCBS-239 is that it may be necessary to initiate more group-wide projects to satisfy the requirements of the regulatory code; transitional and shadow BI solutions building on Excel or Access solutions within the departments will additionally make a timely implementation more difficult. The dominance of workarounds and Excel tables is currently still too high.
The focus is therefore shifting to data management and risk reporting systems as the essential prerequisites for a functioning risk management; in particular, a group and department-wide definition, acquisition, and processing of risk-related data are required.
What is needed, therefore, is an extensive to-do list for being able in future to generate BCBS 239-compliant reports. Large gaps have to be closed in IT systems and processes before a standardized and automated quality assurance, as well as the preparation and documentation, can be established.
With the implementation of these measures, the regulator expects that the risk management at financial institutions will be consolidated, and that banks will become more capable of handling stress and crisis situations through improvements in the decision-making processes and systems.
These activities belong to one of the domains covered by Trivadis. The collaboration with our IT specialists and CCFS staff with their banking experience are a guarantee for the successful implementation of the stipulations laid down in the BCBS 239 rule code. Consequently, compliance departments at financial institutions will have higher quality data at their disposal. A well-documented system provides for clarification regarding data and data flows.
Our operative and clearly defined approach accompanies you from the initiation of your project, through a feasibility study and decision-making model, and culminating in the implementation. This approach has been put to the test on many projects, and has proven its effectiveness. Get in touch with us. We look forward to meeting you personally.
- The MiFID (Markets in Financial Instruments Directive, also referred to officially or abbreviated as the financial market directive) is a directive adopted by the European Union (EU) for harmonizing the financial markets within the single European market.
Not only in Europe are securities markets subject to constant changes. Alongside resolving many open issues, this rule code is also intended to facilitate securities transactions executed by both private and institutional investors. The basic concept makes it easier for investors to invest within the EU as well as beyond its borders, for example by introducing equal conditions for all European trading markets.
The reforms are also aimed at achieving a continuing harmonization of the EU's domestic markets, greater market transparency and integrity, and consequently a strengthening of confidence in the financial markets. Questions that are to be considered as to-do items can arise during the course of presentations or workshops. A list produced from workshops can serve as a member and be used as a basis for further activities.
The 5 main areas of influence are taken into account:
- Market structures
- Transparency and consolidation
- Investor protection and rules of conduct
- Monetary benefits for consultants
- Consolidation of supervisory authorities
Competence Center Financial Services at Trivadis, with its know-how of the financial environment, can assist you with a rough analysis and initial recommendations for action. During the implementation phase, concrete measures are developed from the detailed analysis, and the first quick wins are quickly realized. We would be pleased to present our competence center and explain the latest new aspects of the legislative initiative in a personal meeting.
- OECD Common Reporting Standard (AEOI/CRS) against tax evasion
Governments, the EU and the OECD have been focusing more and more in recent years on combating tax evasion.
On October 29, 2014 in Berlin, representatives of the OECD's "Global Forum on Transparency and Exchange of Information for Tax Purposes" signed an agreement governing the automated exchange of data on financial accounts (or CRS - Common Reporting Standard, also called the AEOI - Automated Exchange of Information). With this treaty, 51 participant states agreed right from the outset to share with the state concerned data on financial accounts held by taxpayers who are resident for tax purposes in another state. Some states (including Switzerland) will not begin sharing data until 2018, while some other states want to join the initiative at a later date. Over 90 states have meanwhile endorsed this agreement. The first transfer of data will take place for the tax year 2016, and must be concluded by 31.7.2017.
This marks a new phase of the OECD project, which was initiated by Germany and is aimed at closing tax loopholes affecting income from foreign capital investments. More stringent reporting obligations on the part of financial institutions regarding accounts held by non-resident taxpayers, and the exchange of tax details between the participating countries, form the nucleus of the project.
In particular, the IGA Model 1 for FATCA delivered the blueprint for the AEOI/CRS-compliant identification and reporting obligations. Financial institutions in the participant states must determine to what extent they are affected by the CRS. Reporting financial institutions are obliged to check their customer base (private individuals and legal entities) with regard to their liability to taxation in other participant states. The CRS likewise differentiates between new and existing accounts, while the rules differ in detail from those familiar from FATCA.
The following data (excerpt) is fundamentally shared:
- name, address, tax identification number, as well as the date and place of birth of every person subject to registration,
- account number(s),
- end-of-year balances for the financial accounts,
- all credited capital income, including redemption amounts and sales proceeds.
AEOI/CRS is also a treaty between nation states; however, there is no compulsory registration as is the case with FATCA, nor is penalty tax levied on payments to non-participant financial institutions. The large number of participant countries, as well as the accession of further countries in the future, will pose an exacting new challenge.
The time frame for introducing the AEOI/CRS is extremely ambitious. The new account process is due to begin for early adopters on 01.01.2016, while all existing accounts are to be analyzed by the end of 2017. The first exchange of data is scheduled for July 31, 2017. The requisite legislation on the exchange of information about financial accounts (FKAustG) was adopted by the German parliament at the end of 2015. Trivadis has accumulated extensive experience in the sharing of account data during the course of several FATCA implementation projects. We look forward to applying this experience on your CRS implementation project. Competence Center Financial Services will be pleased to answer your detailed questions.
- 4. EU Money Laundering Directive and the new credit transfer ordinance
The CCFS team at Trivadis supports companies from the financial services industry in implementing regulatory changes. We successfully supported banks during the course of the 3rd EU Money Laundering Directive.
Contact us, because there will again be much to do in the course of the 4th EU Money Laundering Directive. In 2012 and 2013, the European Commission laid down the proposals for the 4th Money Laundering Directive. This contains the around 40 recommendations made by the "Financial Action Task Force (FATF)" for combating money laundering and the financing of terrorism. Experience gained in the recent past and threat scenarios have also been incorporated in this directive.
All member states must implement this additional EU directive in their national legislation; in the Federal Republic of Germany, this is supposed to have taken place by the end of 2015. Only then will the ordinance, together with the credit transfer ordinance, finally come into legal force.
The previous directive still contained a list of predefined situations with a low or high risk of money laundering. The risk-based approach is new. Obligated parties are now required to check every individual business relationship and transaction with regard to the respective risk of money laundering. A final evaluation is only deemed to have been rendered once all the relevant risk factors have been taken into account in the overall context. Here, the ranking of the individual situation as being a low or increased risk plays a crucial role. A general, automated risk assessment should make way for an individual risk assessment. No rules without exceptions. The automatic ranking of the high risk situation remains in place for PePs (politically exposed persons), correspondent banks, and customers from certain high risk countries. For PePs, the perpetuation of the status following resignation from office has been extended from 12 to 18 months.
A focused exchange of information at both national and international level should take place through better networking of the individual measures.
The legal frameworks already exist in Germany for credit and financial institutions (financial service providers) in § 25h, Para. 3 of the German Banking Act (KWG), and in § 6, Para. 2, of the Money Laundering Act (GWG).
The scope of validity of the directive for persons who commercially trade in industrial goods is rated from 15,000 and 7,500 euros with cash deposits; the recipient financial institution must fulfil the corresponding identification obligations. The due diligence obligations now also extend to the gaming industry for transactions above 2,000 euros. Agents in the property rental sector, supplementary to the purchase/sale of properties, are also covered by the new directive.
The new regulations affect not only the obligated parties. Companies are also obliged to provide "reasonable, precise, and up-to-date information" about the economic beneficiaries. This information must be made available to the competent supervisory authorities on request.
In the case of legal persons (incl. societies pursuant to the German Civil Code, clubs, foundations, trusts), the economic beneficiary or beneficiaries must always be recorded in future. If there are no economic beneficiaries over 25%, the management, for example, must be recorded instead. In future, there will be a central register in which the economic beneficiaries, together with their contingents, of companies that are obliged to register are recorded. In the event of any inconsistencies, the duty of care lies with the banks, which means that they must clarify discrepancies in the information by involving the customer.
The European Commission has not given a final statement on the technical implementation of this regulation. It is foreseen that this information will be collated in public registers. Initial framework conditions were created in the 2012/17/EU Directive. However, the registers should be accessible to the "beneficiaries".
With regard to the imposition of more severe sanctions, the directive stipulates fines amounting to 10% of the turnover for legal persons, and up to 5,000,000 euros for natural persons.
It will certainly be possible to implement several requirements from the 4th Money Laundering Directive without any major difficulties.
The implementation of some others, however, will be more time-consuming and costly. Contact us, because there will again be much to do in the course of the 4th EU Money Laundering Directive.
- FATCA review
CCFS has supported various financial institutions in Germany and Switzerland in preparing technical concepts as well as several studies. Our experience of project management and the analysis of IT environments was held in high regard. Our purview included screening existing banking applications and evaluating the associated processes.
- BDSG amendment
The amendment to the Federal Data Protection Act (BDSG) pertaining to the storage and processing of personal data, which came into effect on April 1, 2010, requires that supplied information be supplemented with an explanation. Our approach brought together these two documents, which previously used to be created separately. The project showed a return in investment within just one year by virtue of the savings in postal charges alone.
- Platform for automated performance figures
CCFS put together a rough concept for a Swiss customer demonstrating how such a representation could be built up (modeling), and what has to be taken into consideration with regard to data quality, availability and delivery times, etc. Since the realization, automated performance numbers and KPIs can now be made available via the new platform based on daily time series.
- Cash-flow calculations
CCFS supported a customer in Germany in reorganizing the system architecture and consulting services for the overall architecture to make the previously time-consuming and flawed cash-flow calculations faster and more informative.
- Safeguarding, stabilization, standardization
For a foreign branch of a German financial institution, CCFS provided know-how backup in restructuring its IT systems for safeguarding, stabilizing and standardizing the overall operation. In preparation, CCFS also conducted software assessments (analysis and documentation) in an Avaloq environment as the basis for restructuring and standardizing the database operation.
- Test coordination, customer communication, quality enhancement
This involves management of the test coordination process, as well as identifying and communicating priority work packages and associated risks in the release management. CCFS takes over management of the sub-project, as well as supporting the planning and implementation of the release cycles of individual software and peripheral systems ('run the bank'). One partial aspect concerns developing and monitoring quality enhancement measures in the development process for the deployed software.
Our Competence Center Financial Services can provide you with additional information material and further details at no obligation.