Part 4 – A Strategic View on Compliance
Compliance often takes companies by surprise when there are changes to requirements. On this episode of the #GoStrategic series, Guest Host Stephanie Villatoro interviews Melody Hart, Senior Consultant at Strategic Treasurer, on how to transform an administrative burden by taking a strategic view on compliance. Listen in as they navigate a wide range of both existing and new compliance areas, and share how companies can better safeguard their assets.
Stephanie Villatoro, Strategic Treasurer
Melody Hart, Strategic Treasurer
Episode Transcription - A Strategic View on Compliance (#GoStrategic Series)
Welcome to the Treasury Update Podcast presented by Strategic Treasurer, your source for interesting treasury news, analysis and insights in your car, at the gym, or wherever you decide to tune in. On this episode of the #GoStrategic series guest host Stephanie Villatoro interviews, Melody Hart, Senior Consultant at Strategic Treasurer on how to transform an administrative burden by taking a strategic view on compliance. Listen in as they explore a wide range of both existing and new compliance areas and how companies can better safeguard their assets.
Hi, I’m Stephanie Villatoro and I am joined by Melody Hart, one of the Senior Consultants at Strategic Treasurer. Today we will be covering compliance as our part four of this series. Welcome, Melody.
Thank you Stephanie.
Melody, a lot has happened over the past few years in compliance. Can you tell us a little bit about just an overview of compliance in the past five to 10 years.
Sure, a lot of these things have happened in response to things in the marketplace. So we had Sarbanes-Oxley come in, what about 12 or 15 years ago? That was in response to issues at corporations. So they wanted to make sure that corporations were exercising diligence and then you had Dodd-Frank one come into place. Around 2010, FBAR came in, Dodd-Frank two come in at a later time and FATCA which was attempting to make sure that about income tax evasion. Money market reform was more recent ones, SWIFT, CSP individual FBAR. So there’s any number of things that have come into place and there’s many more that are going to come in the future like Basel IV in 2020.
Yes. It is an ever changing environment and compliance for the treasury organizations. Can you give us just a brief overview of each of the different compliance areas?
Okay. Well one you have FATCA. The US government was concerned that individuals were attempting to avoid tax on their income or tax on income of entities they owned. So they put in place FATCA to ensure there’s not tax avoidance and on income paid to foreign accounts. The IRS is the enforcer and companies are required to become withholding agents essentially on payments to individuals or their entities.
So it affects any payment made to foreign accounts and even affects intercompany payments. So if they are withholdable, they’re required to withhold 30%. So it’s an attempt to make sure that US taxpayers are actually paying their taxes and if they hold a substantial ownership interest in an entity that they’re paying taxes on that as well. FBAR is from financial crimes enforcement network, also known as FinCEN, which is a Bureau of Department of Treasury. The director from that reports to the treasury undersecretary for terrorism.
And their job is to gather information on financial transactions and analyze the data and disseminate to other law enforcement agencies with which they coordinate. So there are regulatory agency that functions on the bank account secrecy act of 1970, it’s attempt to enforce anti money laundering and antiterrorism. It applies not only to corporations but to individuals, including individuals who are simply signers on a corporations account. So this now requires actually mandatory electronic filing, which has made it a little bit more difficult for people. What you have to do is you have to basically report any foreign account on which you’re signer. Now corporations have to do an FBAR, they have to make a report of all of their foreign accounts and it has to give the highest balance and that type of thing. Unless they have a large number, then they don’t have to get the highest balance, they have to maintain that information.
But since individuals that worked for the corporation or maybe even used to work for the corporation may be impacted, many corporations are actually doing the filing on behalf of these people because they don’t really want to release their information on the company to individuals. So they’ll actually do the filing and it has to report what accounts that they are any US citizen who is a signer. It has to report the accounts they’re signer on. So that would be FBAR. And then you have GDPR, which is general data protection regulation. The objective is it’s an EU regulation, although it affects the UK as well as intends to go along with it, even though they’re going to exit the EU. It controls personal data of individual and essentially gives the control back to citizens and residents over their personal data. So there are strict requirements of the security and treatment of the data and the regular methylation is meant to simplify the regulatory environment for international business by unifying the regulation within the EU.
It has strict guidelines of encrypting and making sure that there’s not access to data when it’s at rest or when it’s moving. It regulates how the data is handled and affects any organization that does business in or with the EU regardless of where the location is. So you can be a US company if you’re doing business with the UK or the EU and with individuals there, you have to follow this rule to protect the data. And an individual has the right to say, I want to be forgotten and you have to be able to purge the data. And interestingly enough, most recently California was putting in place a similar law, which is problematic if it’s only one state because it’s hard to think of how to enforce that if it’s just one state rather than across the whole country.
But I think we’ll see more of that is the time goes on as well. Basel III that goes into effect in 2020, the goal is to further stabilized banking. Banks have to be able to withstand a 30 day system wide liquidity shack and it tries to strengthen governance and transparency. The deleveraging of bank as such have contributed to the spread of the 2007 financial crisis. So Basel III is set up to ensure banks have the liquidity needed and are not overly leveraged.
Another goal as I said strengthen governance with added discipline and providing greater transparency to regulators and investors. So that is coming on and how that affects us is as banks are regulated further. So as you have banks that are in the EU and they are subject to this, it’ll affect their operations and how they operate with their customers as well.
Another aspect is SWIFT CSP. This is not regulation but it is a requirement for those who use the SWIFT system. It’s meant to defend against fraud. So times have changed but there’s a lot of fraud that’s getting more and more complex and as you might remember there was the Bank of Bangladesh issue a number of a few years ago and that was a compromise of a system. So in SWIFT CSP you have to secure your system and all the way through. So it goes from one to the other all the way through. The whole system must be secured. The intent is to secure particularly the end points because of what the Bangladesh incident taught us is that although SWIFT itself is secure and had not been breached, the SWIFT community is only as secure as its weakest endpoint. So the focus of CSP is to secure the end points, the companies that use SWIFT.
This means your organization, your counterparties will have to self-attest and comply with the controls. It’s got three objectives and eight principles and 27 controls. You have to secure your environment, you have to know and limit access. You have to detect and respond to breaches. So that’s a SWIFT CSP in a nutshell. So I think those are the priorities is also KYC, which affects companies because it’s a regulation for banks. But we as companies have to suffer the consequences of that by making sure we get all the information and data that they need in order to work with us.
Thank you, Melody. So no matter what you’re looking at from a compliance standpoint, whether it’s a direct compliance requirement for a corporation or company or it’s a bank related compliance requirement, all of them have either direct or indirect impacts to an organization across the board. Given that of those different compliance areas, what do you think is the biggest headache for a company or an organization to keep abreast and keep a price and knowing, I guess more paperwork. So what’s the biggest headache for a company?
I think for most companies, the biggest headache is KYC. I think FBAR and GDP come in close after that. But I think KYC is the biggest issue because you have to keep doing it all over again and over again with banks and any financial institution that you deal with. It’s very cumbersome, very administrative. And you see this when you’re trying to open bank accounts. I remember early in my career you’d call the bank up and say open an account and they’d open it. Now it’s not just asking to open it. There’s all kinds of documentation that they have to request from you, some of which you may not be all that willing to give, but they have requests from you and you need to comply in order to get an account opened. It can take months, particularly with international accounts to open an account.
So it’s not a quick process. So that’s why I think it’s a headache. FBAR’s just a headache because it involves tracking bank accounts and the signers on them. And that’s always been problematic at companies. Not everyone has focused on bank account management as a discipline, but it has become where it needs to be a discipline in order to get the information and maintain it properly. And GDPR well, that’s a problem because you have different laws in different countries but these laws, the EU and the UK are forcing compliance elsewhere and it means a lot more diligence. It would actually be easier if all countries had the same regulation of that because then everyone would have to comply and everyone had to have the systems in place. It’s not easy to put these systems in place.
It almost seems like you just pick the most stringent and apply it across the board. But I know that would be difficult as well if you took Europe’s GDP law and applied it to an organization across the board in the US and Canada or South America, that would be a challenge. But it might make it easier if you just had one. I see your point on that.
So given all of this information you provided us just on compliance and overview of each one, what’s the headaches that are out there? Our series is on being strategic, so how would companies or organizations look at these different areas of compliance strategically?
I think for companies it’s hard to think of that strategically because most of this is administrative. You have a lot of administrative in order to accomplish all the things in these regulations and requirements. So I think the first thing you have to begin is to step back from it, step back from the administration and look at the goals of the company. Where is it you want your treasury focus? And more and more we see that companies, CFOs are wanting their treasuries to be more strategic, to focus on value add and less on the day to day.
Now, you have to have day to day, obviously in treasury to get your cash position, et cetera. But they’re wanting you to focus on things more strategically, which means automating for one and less administration. So the trend is to reduce administration, automate, look at the amount of effort that it takes to accomplish each of these different things. And then think about the effort and the cost and whether that is where you want to focus your time. If not, you need to think of alternatives of how you could handle this without the same amount of effort that you’re spending now. I mean if you’re sitting there with spreadsheets for FBAR, you’ve got a lot of administration going on.
You talked a lot about administrative tasks and things that were manual or are there other methods to handle some of these less value added tasks that are out there?
Yes. And that should be part of looking at it strategically is that you need to look at, okay, what would I do if I put technology in place, BAM system or TMS system, would that reduce the administration and reduce the cost and allow us to move forward, and would solve the problem.
Because sometimes you have technology, maybe it pulls the information but it might not actually complete the compliance step. But it still might be a good step to have the technology or maybe there are some things that can actually completely remove a portion of that.
I mean GDPR would be an example if you put in place the technology, you probably helped to solve that problem. FBAR maybe not. Maybe you need a little extra something to, you can gather the information but that’s not quite enough. You can also outsource. You can always look at outsourcing some of these, I’ve seen a number of things outsourced before and that can work well. Or is there somebody in the company that you think is better suited for a particular piece of this FBAR, that’s more administrative. It’s looking at all the options and then determining what makes the most sense for your company.
And that may have to do with the size of an organization, how much resources you have internally. Do you need to look for more outsourcing versus keeping it in house. So I can see that it does depend on the size of the organization as well as what different compliance are applicable to them. So what about the future? Do you see anything increasing or decreasing in regulation? Just to give a little more bandwidth around not just what’s today but what’s coming in the future.
I would say you can always expect there to be changes in regulations and requirements because one, you have administration changes, some administrations want more regulation, somewhat less. But additionally there are reactions to marketplace. We had a financial crisis that resulted in some increased regulation. That’s not going to be our last financial crisis. There’s always going to be one. There has been in the past, things will happen to address it depending on what created that, there might be more increased different types of fraud that might increase regulation.
There’s all kinds of things that can increase the risk regulation. I think it’s a very good possibility. We’ll see that going forward. And if you look at GDPR, California is the first state we’re looking at that type of regulation. There could be more in the future. And many times with these things, corporations have been caught by surprise by regulation, particularly ones where it’s a bank regulation and they aren’t realizing it’s going to affect them, but also in ones that do affect them.
So many were surprised by FBAR. In fact, even after FBAR went in place, many companies had not even done FBAR. And we’re having to file years into the past just to catch up. When Dodd-Frank went in, of course that’s mostly been repealed, it was mostly a regulation for banks on derivatives. But all of a sudden companies were caught by surprise. GDPR that’s more directly to companies, but it still caught people by surprise and no CFO wants a surprise.
So one of the parts of being strategic is get out in front of it. So first you need to assign an individual. Don’t just let everyone say, oh, we should keep our eye out for regulation changes. No, assign an individual or individuals to monitor regulations or types of regulations and be able to opine on them and their impact and keeping an ear to the ground for possible upcoming regulations. Then they can meet with treasury, with others in treasury and develop a plan for dealing with it prior to it going into effect. And this also helps because many regulations have a public comment period and you’ll want to be part of that comment period. So it’s important to know it ahead of time.
Okay. So for new regulations overall a company should assign someone that’s looking for new regulations on the horizon and that individual should work with other treasury people that’s going to impact in the organization. And it may be outside of treasury, so the organization overall and develop a plan, making sure you’re part of the comment period to provide feedback to whoever the regulatory authority might be before it comes into action and you’re required to do that.
Yeah, that’s right.
So thank you for your time. But do you have, Melody, any final thoughts about regulations overall or compliance regulations overall and for the treasurer to be more strategic going forward in the marketplace?
Yeah, I think we have to quit looking at these as administrative burdens and look at it more strategically as to how do we get out in front of it, what is the effort to comply and can we find a way to comply more efficiently? We need to take responsibility for these compliance issues by taking responsibility for them ahead of time and making sure that we’re ahead of it and provide our company with the good advice and the planning to make sure that they can comply when a regulation goes into effect.
Well, thank you for your time today, Melody. We appreciate your expertise in this area of compliance and enlightening everyone on listening to the podcast series. Please join us on our next episode five on SecureTreasury where Craig and Alexa will be joining us on the Treasury Update Podcast. Thank you.
You’ve reached the end of another episode of the Treasury Update Podcast. Be sure to follow the Strategic Treasurer on LinkedIn. Just search for Strategic Treasurer. This podcast is provided for informational purposes only and statements made by Strategic Treasurer, LLC on this podcast are not intended as legal, business, consulting, or tax advice. For more information, visit and bookmark strategictreasurer.com.
Strategic Treasurer’s Compliance Team can take on the burden of FBAR, freeing you up for high-level activities and decisions, while keeping you up-to-date and compliant.
A part of the Treasury Update Podcast, the #GoStrategic series covers a wide range of topics with a focus on how treasury organizations can go strategic. This includes freeing up the organization from operational activities in order to make more time for plans and activities that are considered strategic.