Group Services

Alastair Lauder

Financial Crime Regulatory Landscape

2

Who are our Key Regulators?

Region Country Regulator

UK & Ireland UK Financial Conduct Authority / Prudential Regulation Authority / Payments System Regulator

UK & Ireland Ireland The Central Bank of Ireland

EMEA Netherlands De Nederlandsche Bank

EU EU European Banking Authority

Americas USAFederal Reserve Board of Governors & District Banks(Boston, Washington and Chicago) Financial Industry Regulatory Industry Authority (FINRA) Office of Foreign Asset Control (OFAC) – department of the US Treasury

Americas USA Office of the Comptroller of the Currency

AsiaPac Hong Kong Securities and Futures Commission

AsiaPac Hong Kong Hong Kong Monetary Authority

AsiaPac Singapore Monetary Authority of Singapore

AsiaPac India Reserve Bank of India

AsiaPac China China Banking Regulatory Commission

AsiaPac China China Insurance Regulatory Commission

Overall the Group has c.120 Regulators across the world in over 50 Countries

3

The Regulatory Landscape is changing

“People should be very frightened of the FSA”

March 2009

“Central to [the PRA’s] supervisory model is the presumption that regulators cannot rely on the judgement of the management of the firms they supervise, and must take their own view formed from their own analysis… where that judgement differs from the firm’s management, the regulator must act.”

May 2011

Hector Sants,

Former Chief Executive, FSA

“We will simply not wait until things go wrong, where we see issues we will intervene early to avoid later problems”

July 2014

Tracey McDermott

Director of Enforcement & Financial Crime, FCA

4

The Regulatory Landscape is changing

2005 – 2008 – FSA guidance grew by some 27%. The model was designed to reduce uncertainty and manage risk more effectively, but ended up doing the exact opposite. The strong bias for rules over ethics fanning the flames, the growing rulebook did not prevent problems caused by cultural weaknesses.

2013 FCA Aim – put conduct in the board room, ensure firms put consumers and the integrity of the markets at the heart of their business. For too long, managing conduct risks has been seen as a function of compliance and not the responsibility of the business.

5

FSA Fines- Higher or Lower (£m)

7.4 11

24.817 13.3

5.3

22.7

35

89

66

0

10

20

30

40

50

60

70

80

90

100

2002 2003 2004 2005 2006 2007 2008 2009 2010 2011

£17m Shell£13m

Citibank

£17.5m Goldman Sachs

£33m J.P Morgan

£59.5m Barclays

£8.75m Coutts

6

FSA Fines- Higher or Lower (£m)

£160m UBS£59.5m Barclays£8.75m Coutts

£137.6m JP Morgan£105m Rabobank

£87.5m RBS£28m Lloyds

£105m Lloyds£37.7M Barclays

£14.4m RBS

7

Types of Regulatory Reviews

Targeted

Reviews

Themed

Reviews

S166

Reviews Attestation

8

Types of Regulatory Reviews

• Targeted Reviews: – These reviews target a specific business, product, department, etc.

Examples of Targeted reviews include;– Commercial Credit Review– Allowance for Loan and Lease Losses– Asset Liability Management– Fair Lending – Community Reinvestment Act– AML Review (perhaps of a specific legal entity or business line)

– The reviews can be desk based or on site at the firm depending on scope and deadlines.

– The length of these exams varies based on the scope, risk and complexity of the area under review.

9

Types of Regulatory Reviews

• Themed or Horizontal Reviews: – Regulators review a particular area or product across several

institutions, often to establish if there is an issue.

– Examples include:

FCA;– Investment Fraud & Mobile Banking, – Interest Rate Swaps, Complaints handling, – PPI – Pension transfers

10

Types of Regulatory Reviews

• Section 166 Reports:– Section 166 of the Financial Services and Markets Act gives the FCA the power to

require firms to provide reports by skilled persons as one of its regulatory tools. The number of section 166 report ordered by the FCA has increased since the financial crises and indications are that the trend is unlikely to reverse.

– The power does not limit the types of skilled person that may be used. They can be accountants, actuaries, compliance consultants, lawyers, IT specialists or other experts, depending on the subject of the report.

– Skilled persons reports meet a range of FCA requirements: for information; for an analysis of information; for an assessment of a situation; and for expert advice or recommendations; and for the purposes of risk assessment, risk mitigation and for responding to risks which have crystallised.

– The cost of producing the report is borne by the firm not the FCA.

11

Use of Section 166 Reports

56

8895

111 113

50

12.824.7

32.2 31.2

176.4

145.7

0

20

40

60

80

100

120

140

160

180

200

2008/09 2009/10 2010/11 2011/12 2012/13 2013/14

Number

Cost (£m)

12

True cost of a S.166

Fine and Skilled Person Cost

Consultant Cost

Compensation and Redress

People and Time Cost

Remediation

13

FCA expectations of a S.166

– Increased engagement between the FCA and the Skilled Person in order to improve the outputs from the review

– Increased request for more than one Skilled Person to be nominated, concentration currently in the big four.

– FCA Skilled Person Panel for Financial Crime has approx 20 companies listed

– Information will be requested from firms on use of contractors in completing S.166s

– Increased feedback to Skilled Person firms– Both the PRA and the FCA have noted they expect to increase the

use of S.166 powers

14

Types of Regulatory Reviews

• Attestation:– Used to gain personal commitment from an approved person at a regulated firm that

specific action has been taken or will be taken.– Aim is to ensure that there is clear accountability and senior management focus on

those specific issues where FCA would like to see change within firms, often without on-going regulatory involvement.

– Focus is usually on firms putting things right (e.g. changing governance arrangements, system and controls, delivering redress) rather than seeking to better understand the extent or materiality of an issue.

– Attestation should be given by the most relevant significant influence function holder (e.g. the SIF who is responsible for the area of the firm at which the issue has arisen or which is responsible for addressing the issue).

15

Changing Landscape = Changing Approach & expectations

• With the establishment of the FCA and PRA there has been a noticeable shift in supervision approach;

– Increase in the scope and level of information requests– More challenging timescales and expectation for information to be

‘off the shelf’ whether it is or not– Show me don’t tell me approach– Forward looking approach- Faster Payments– Peer approach- Interest Rate Swaps, Complaints Handling & PPI– Attestation – more individual accountability

16

Financial Crime Regulatory Landscape

UK Immigration Act 2014 – new rules that require the Bank to screen customers against Home Office created lists to identify customers who are illegal immigrants and prevent them opening a new current account

4th EU Directive / Regulation on Wire Transfers – both progressing through EU parliamentary committee with approval sought by end of 2014. UK will have a further 2 years to implement

UK Payment Systems Regulator – created April 2014, full operational launch planned for April 2015, it will be competition-focused, utility style regulator similar to OFCOM, with 3 objectives

1. Promote effective competition in the markets for payment services

2. Promote development and innovation in payment systems

3. Ensure payment systems are operated & developed in a way that takes account of and promotes the interests of service users

EU Payment Services Directive (PSD2) – EU updates to current Directive, draft changes will tighten up a number of areas, reduce national variations and make the PSD more uniform. It continues to seek a more competitive and consumer friendly payment market EU-wide with an enhanced role for the European Banking Authority (EBA)

The UK Government's Cabinet Office estimates that banks are together spending more than £700 million a year on fighting cyber-crime. According to a recent survey by PwC, 70% of bank CEOs identify cyber insecurity as a threat to their growth prospects.

Increasing use of Sanctions – Russia/Ukraine

17

Key Points

1. The Regulatory landscape has changed and will continue to change

2. Regulators expect to be shown proof of changes not just told about it

3. Interaction with the Regulators must be open and honest in order to be constructive

4. Financial Crime will remain one of the highest risks for the foreseeable future

5. Movement towards personal accountability will continue

6. Moving towards conduct and consumer focus legislation