Treasuries globally are being pressured by the increasing demands of regulatory compliance.  Domestic and international organizations are responding to a broad range of new and changing regulatory requirements, which if not met, will result in a number of adverse consequences, including poor audit reports, negative publicity, and severe financial penalties. Regardless of which regulation corporations are facing, treasury organizations must respond within the timelines given by regulatory bodies, and often turn to their treasury technology providers to help them comply.

Regulatory compliance technology and support solutions

Ashley Pater, senior vice president of product management at GTreasury explains how GTreasury performs the necessary quality control functions to support clients’ compliance requirements: ‘We have a Compliance and Regulatory team, which is responsible for multiple aspects of compliance assurance,” she says.  “The team verifies the accuracy of each compliance solution, provides strategic advice and educates clients as necessary about the practical aspects of any given regulation.”

Contemporary treasury and risk management technology provides essential support for corporations and financial institutions seeking an effective way through the regulatory maze, reducing risk and operational burdens, and providing higher levels of management assurance about the control, security and quality of financial operations and reporting. Consider the range of domestic and international regulations below and the practical application of compliance technology available today.

FBAR – Federal Bank Account Reporting: This onerous regulation imposes stringent control and reporting requirements on those responsible for all U.S. bank accounts, including accounts belonging to U.S. subsidiaries of foreign corporations.  It requires detailed tracking of account ownership, signatory history, and other data.  It is hard to see how compliance can be achieved without fully- automated bank account administration to manage the data repository and updating process and to generate the necessary volume of reporting in a controlled and transparent environment.  

IFRS9 Hedge Accounting: IFRS 9 has replaced IAS 39, which included several paradoxes resulting in inefficient hedge accounting practices.  Effective compliance to IFRS 9 hedge accounting standards must meet the following key tests: 

1. Does the hedge accounting methodology reflect the core business?
2. Can you justify the hedge accounting approach adopted?
3. Is the hedge accounting documentation sufficiently robust to withstand examination? 

(CTMfile’s analysis* confirms that these three issues are current, pressing concerns for many corporate treasurers.  Note that they apply generally to effective solutions for different regulatory compliance obligations.

Peter Seward, GTreasury’s vice president of market development, risk, explains, “Under IFRS 9, today’s compliance practice now aligns much more closely with business and economic realities.  For example, exposure aggregation is now permitted, and hedging with multiple derivatives is accommodated.  This requires an IFRS solution that can accurately perform these additional calculations. It is now possible to achieve compliant hedge accounting in cases such as a Sterling-based company issuing a Dollar denominated fixed rate bond, swapping the Dollar obligation into fixed Sterling cashflows, and then swapping the resultant fixed Sterling cash flow to floating Sterling; hedging the copper component of a copper wire transaction in isolation from the insulation; hedging commodities such as oil and natural gas independently of transportation and other factors.  The hedge accounting process now generates less noise and superior effectiveness results, which we see at more than 50 operational clients, with the validity of the results and completeness of the documentation confirmed by Big Four audits.”  

Similar changes are coming with the Accounting Standards Update (ASU) for ASC 815 on 1 January 2019 in the U.S.  

GDPR: The European Union General Data Protection Regulation safeguards the privacy of EU citizens, and strictly controls the confidentiality of their personal information.  Compliance requires a secure, encrypted database, with strong access rights control, and with definitions of policies which enable their automated enforcement, and their updating under a controlled and transparent mechanism.  “For customers, GDPR applies equally to their employees, and their customers’ employees,” Ashley Pater comments.  “We advise customers strategically on compliance and provide the necessary education to assure accurate implementation and continuity as the regulation evolves.”  

PCI: Payment Card Industry (PCI) Data Security Standard (DSS) compliance relates primarily to companies such as retailers and insurance brokers which process credit card payments.  Requirements around logical and physical security, processes, access control, and monitoring provide a baseline for securing valuable card and personal information in a manner consistent with auditor expectations.

SOC 1 and 2: Compliance with the Service Organization Controls SOC 1 and SOC 2 is critical for confirming that a system is performing as required in a client’s business environment.  The reports objectively evaluate the operational controls of treasury processes and verify their robustness, integrity, and security, including the protection of confidential data.  They are essential tools for effective audits.  

US State Tax Compliance: Companies that trade across state lines inevitably encounter the complexities of individual states’ tax legislation.  Ashley Pater explains how the GTreasury solution operates: “The system uses tax templates to manage the tax calculation and reporting processes.  It provides automated jobs to facilitate change management with a minimum of human intervention.”  GTreasury recently worked with a U.S. client to update tax payment templates to meet the particular regulatory requirements of 40 different states. As GTreasury is a SaaS solution, those templates are now available to help all GTreasury clients streamline their tax payment process.

SWIFT Alliance Lite 2: Successful AL2 compliance requires the organization’s financial technology, including applications, database, server and communications to satisfy the standards of a SWIFT audit.  This applies equally to customers that transact payments through AL2 and includes powerful security functions combined with user and transaction authentication mechanisms.  

IFRS 16: The extension of IFRS standards to leasing will become mandatory for this complex topic in 2019.  

“Adjusting our lease accounting and hedge accounting solution to provide audit-ready IFRS 16 compliance is one of our current product development priorities,” Seward says.

PSD2: This potentially revolutionary EU directive requires banks to open many of their APIs to provide access to their customers, and to qualified and approved third parties.  So, the compliance obligation resides with the banks.  PSD2 provides significant opportunities for corporate treasury and finance operations to gain real-time visibility of payments in the process, and of up-to-date balance and transaction data.  The potential gains in treasury control, transparency and performance are substantial, using compliant technology for secure communications with banks.    

---

Many corporate treasurers and finance directors will privately admit that their compliance with – and even adoption of – some regulations is inadequate, behind schedule, or effectively non-existent.  Practitioners that upgrade and modernize their compliance technology can take advantage of the operational efficiencies and risk reductions that can be achieved with today’s solutions. 

—————

*. Modified from ‘Is your transfer pricing approach ready for BEPS?’ by Bija Knowles, CTMFile August 1st, 2018, with acknowledgment.