“This is the tenth topic and the eleventh article in a series on leading practices in corporate treasury.”
Compliance may not be top of mind for most large organizations, but it is close. Having a compliance-oriented mindset is considered critical to corporate treasury because it now has to wade through a continual stream of regulations to protect the business against a range of internal and external exposures and risks.
Dealing with a flurry of shifting regulations brings with it compliance risks and challenges that exceed anything experienced by corporate treasury in the past.
As regulations evolve, treasurers are paying close attention to compliance efforts enterprise-wide. They are reviewing procedures, standards and processes across geographic boundaries and global business units to improve visibility into their regulatory compliance and effectively manage and reduce compliance risks, major failures and violations.
Here are our recommendations on how corporations can reap the benefits of regulatory compliance to strengthen the robustness of the treasury controls environment and enforce a culture of efficient compliance across the organization.
The level of care required to ensure effective implementation of leading compliance practices could vary by industry, location, level of globalization or other areas of treasury intensity or complexity. Nonetheless, there are some consistent aspects that stand out.
Assign compliance responsibility
Compliance expectations have never been higher than following the COVID-19 pandemic to shape business strategy, in addition to maintaining regulatory compliance and capital conservation.
This requires that the treasury compliance function’s desired outcomes are understood by internal and external stakeholders to support organizational strategic objectives, address the hotspots and prevent issues before they occur. Outlining clear roles and responsibilities is the important first step to effective regulatory compliance.
“There should be a clear assignment of responsibilities and accountability for individuals who track existing, new and potential compliance activities. They should track regulatory and industry developments, provide independent oversight of business activity, monitor whether the corporation meets its regulatory obligations (policies, controls, risks, processes and standards) and report possible errors, loopholes and violations,” said Craig Jeffery, managing partner at Strategic Treasurer, a leading treasury consulting firm. ⃰
Regular, indepth compliance reporting provides a comprehensive picture of a corporation’s current performance, identifies areas for improvement, and highlights any compliance risks that aren't currently being adequately addressed.
Assigning compliance responsibilities is imperative and must be done to prevents duplication of activities and enable demarcation of risk ownership.
Hold systematic meetings on compliance
It is recommended that systematic meetings on compliance be held every quarter or at the very least on a semi-annual basis.
The intention of periodic meetings must be to ensure that individuals responsible for compliance activities advance and track the progress of all compliance assessments. In addition, they must report what they have learned and what the company needs to do to elevate compliance and strengthen controls.
“Given the increase in the compliance-related activities that treasury faces, it is important that treasurers establish a more formal process in monitoring pending and emerging compliance issues. This process must be appropriately calibrated and presented to ensure that the limited meeting time is properly utilized to address the most urgent and emerging issues in this domain,” observed Jeffery.
Such meetings are a terrific opportunity to get the key stakeholders up to speed, disseminate understanding of the application of the compliance requirements to the corporate group or its subsidiary corporation, gather feedback on the quality of compliance efforts and services, and ensure leadership commitment to compliance. After all, if the leadership is committed to compliance, the treasury team will be too.
Areas of focus
- BAM, KYC and Banking
Another aspect of improving efficiency while supporting compliance is implementing leading practices on bank account management (BAM), tracking and reporting. As Jeffery remarks, “Every bank account is a point of exposure. It’s a point of cost and is a part of your overall treasury structure to manage your flow of cash while supporting prudent discharge of compliance obligations for your corporation.”
Corporate treasurers should view their entire domestic and international account balances and transactional activity on a daily basis (intra-day or current). Having daily and real-time visibility over all their global bank accounts, services, signers, fees, legal entity and bank relationship information helps corporations stay compliant with their own internal guidelines and reduces risks associated with its cash inflows and outflows.
Most corporate policies, including those for financial accounts, have a compliance reporting component. This reporting should include general data as well as an exception report – e.g., accounts that are missing required account level controls, the reason for the exception, and any plans for correcting the exception.
Know-your-customer (KYC) compliance requirements pose considerable challenges for corporate treasurers operating internationally because of increasing regulatory scrutiny around money laundering and disparate regulatory regimes in different parts of the world.
A company must meet regulatory requirements in two broad ways. First, they must comply with banks regardless of the number of banking relationships. This means they need to verify the identity of their suppliers and customers (ultimate beneficiaries). Performing due diligence of customers and suppliers to assure compliance with anti-money laundering regulations is recommended.
Treasury management technology is not a panacea to regulatory compliance, but it plays a vital role in enabling data to be collated and reported in the appropriate format, implementing processes and controls. Use treasury technology to track information requested by each bank and the responses that were sent. Consistency in compliance requests and responses eases the challenges of meeting KYC requirements and streamlines the process.
Leveraging emerging technology such as artificial intelligence (AI) and machine learning (ML) to respond to changing regulations, perform due diligence for resolving suspicious cases, and reduce the operational burden and costs is another recommended approach for making KYC compliance more efficient.
The onslaught of regulations (FBAR, FATCA, EMIR, Dodd-Frank Act) coming from many different jurisdictions impacts treasury-intensive corporations and makes them more deliberate and formal about monitoring and reporting compliance activities than in the past.
Compliance is an ongoing journey, and as standards evolve, so do the reporting processes. A strong reporting process has integrated checks and balances to reduce deviations. These processes must support external reporting and optimize internal efficiency. Automating compliance reporting processes increases the speed, accuracy and efficiency of the process and improves information security and corporate governance.
- Payments screening
The Office of Foreign Assets Control (OFAC) mandates complete corporate compliance with OFAC regulations. Comprehensive and targeted sanctions screening of suppliers and customers with a self-imposed system of checks should be undertaken as a part of an effective OFAC compliance programme.
An important component of OFAC compliance is payments screening. Payments, both outgoing and incoming are a significant part of a corporation’s activities. Cross-border payments pose a higher potential OFAC risk, and
Automated OFAC screening of electronic payments is also advocated, as is the inclusion of every field on payment records with respect to wire transfers and international ACH transactions, and customer identity confirmation and validation on setup.
- Payment controls
Corporations are known to make erroneous payments, from accidental double invoicing to wilful acts of employee or vendor fraud. Traditional controls over payments include approvals as preventive controls and rudimentary duplicate checks before payments. However, these controls aren’t sufficient to stop duplicate payments or identify instances of over-payment. Centralizing payment processes and transitioning to electronic payment methods enable a more secure, efficient and expedited payments process.
It is also recommended that the principle of checks and balances be integrated into the payment process. For sensitive activities such as approving payments, setting up and changing vendor information, or accessing or changing confidential information, dual controls should be in place. This means two or more people are required to authenticate and complete the activity.
Segregation of treasury duties is an important issue for corporations to ensure compliance with laws and regulations. Different people should be in charge of initiating the payments process, handling invoices and issuing approvals. Back-office employees should stick to regulatory compliance, accounting, settlement and clearing, while front-office staff can focus on cash management, offer pricing, risk management and deal initiation.
Implementing payment controls and monitoring compliance is easy with an automated accounts payable system. When you’re dealing with inventory, ensure the invoice, the received goods, and the purchase order all match. An automated system can check this automatically, as well as confirm the legitimacy of invoices that are close to the approval threshold.
It is also a good idea to create a schematics diagram (single, centralized visual view) to depict the relevant payment control regulatory elements and their significant components.
- Identification and sizing of compliance risk exposure
Corporations should view compliance with laws, rules and regulations as a zero-tolerance activity. Nevertheless, the time spent on each compliance activity must be differentiated according to the organization’s highest vulnerabilities, sensitivities and risks in noncompliance.
Compliance risks are a significant source of risk exposure, particularly for large corporations operating in highly regulated industries and regions. As companies grow in size and expand the scope of their activities, compliance risks grow and become more difficult to manage.
To understand the full range of their risk exposure, the likelihood that a risk event may occur and the potential severity of its impact, it is recommended that corporates leverage internal and external data sources and cross-functional subject-matter expertise to conduct a focused and actionable compliance risk identification and assessment process. An effective compliance risk assessment also helps organizations size the risk exposure, prioritize risks, and effectively allocate resources to risk mitigation.
The treasurer must evaluate and report on the hedge programme’s performance, ensure that the organization’s hedging policy is compliant with regulations and confirm that it meets its primary objective – “It is the volatility in asset classes that you are trying to hedge or protect against; not necessarily trying to buy or sell at the best price,” as Jeffery puts it.
An overall environment that emphasizes compliance and values integrity and ethical conduct is the best foundation. This starts at the top – with the executive management and the board, including treasury and finance leaders who must model appropriate behaviour, adhere to the rules and comply with multiple local regulations as well as international regulatory scrutiny.
Compliance is an increasingly complex and diverse area of business and legal activity, and it should be intentionally managed. It can even be a driver of sustainable corporate growth and long-term competitive advantage. These time-tested leading practices will help you put in place a globally efficient and effective compliance programme, one that states that compliance is a marketplace differentiator.
⃰⃰ Disclosure: Strategic Treasurer owns CTMfile.
Like this item? Get our Weekly Update newsletter. Subscribe today