This is the end: Swiss-US data sharing agreement smashes bank secrecy

Wenceslas Hollar – Secrecy 2 (Photo credit: Wikipedia)

The US and Switzerland finally inked an information sharing agreement which will give US authorities access to Swiss bank records, the accounts of US correspondents and  those who opted out of filing their Foreign Bank and Financial Account reports with the US tax office. From now on, Swiss banks are no longer a safe hiding place for US tax evaders.

The agreement is analysed in this great special report from the US based Association of Financial Crime Specialists. Industry insiders claim the agreement is ‘ the most far-reaching, expensive and ominous set of obligations, conditions and hazards ever imposed on a nation’s banking industry.’

Is there really nowhere to hide?

As Swiss banks will no longer be in a position to hide anything from the US, this effectively renders the sector less than appealing to anyone with some money to hide, whether you are a drug trafficker, terrorist financier, political campaign funder, tax evader or a corporate entity with skeletons in the financial closet. And those people will be looking for somewhere else to bank, with Asia’s increasingly sophisticated and well serviced

Mountain Jungfrau in The Sommer left at the Top, you See The Spinx Tower, in The Rock is the Final Railway Station, Just the Top of Europe (Photo credit: Wikipedia)

banking centres looking favourable.

However, Singapore has taken steps in the past year to stem the flow of untaxed funds into its coffers.

In 2011, Singapore signalled its will to align itself with the Financial Action Task Force‘s ‘designated categories of offences’ by making tax crimes predicate to money laundering and detailed its plans in this consultation paper from October 2012.

In May 2013, Singapore’s Ministry of Finance, Inland Revenue Authority (IRAS) and Monetary Authority (MAS) issued a joint statement outlining its intentions to obtain bank and trust information without the inconvenience of first obtaining a court order.

As of July 1st, all tax crimes committed in Singapore are predicate offences to money laundering and should be managed by financial institutions as such. This means applying customer due diligence skewed to identifying potential tax criminals and tweaking transaction monitoring systems to track their financial dealings.

For FIs, this means conducting reviews of all existing clients to assess the tax legitimacy of the assets held. If they discover the clients asset contain the proceeds of foreign tax crimes which would also be a crime in Singapore, or have reasonable grounds to suspect this, they should file a suspicious transaction report. The response to the October consultation contains some useful work on this area.

I’d be interested to hear about any plans the US has to broker agreements with other nations, particularly those in Asia.

Wrestling with dimplomacy: Has Iran ruler’s Twitter account helped ease OFAC sanctions?

Wrestling with diplomacy – Iran tackles US head on

 

The Iranian President Hassan Rouhani has taken to using his Twitter account to share his ideas and movements and promote diplomacy,  which is a far cry from his predecessor’s tactics. Although a recent breakthrough in sanctions on Iran may not be directly linked to one of Rouhani’s tweets, his efforts to create transparency in Iran since he took office on August 3rd, less than 40 days ago, have been effective to say the least.

The US Treasury‘s Office of Foreign Assets Control has issued two general licences which authorise the exportation of services and funds transfers by non-governmental organisations (NGOs) to support humanitarian needs and athletic exchanges.

The OFAC press release and details of General Licence E (humanitarian) and General Licence F (athletics) are here.

Wrestling with diplomacy

In February, the US national wrestling team touched down in Tehran to compete alongside Iranian and other national wrestling teams in the World Cup Tournament. This scored a diplomatic coup for both countries and may have allowed the US Government direct access to next ruler of Iran before candidate registration opened in May. Either that, or the trip to Tehran may have been a fortuitous coincidence. 

Nonetheless, the limited application licenses demonstrate clearly the US is willing to reopen communications with Iran and this may be due in no small part to efforts by Iran’s Twitter using, moderate cleric President Hassan Rouhani who is actively trying to re-establish Iran’s reputation on the global scale and to reinvigorate an economy severely damaged by sanctions on oil, gas and financial transactions. This week, he even tweeted good wishes to Israel for Rosh Hashanah.

Rouhani has repeatedly called for a lift on social media black-outs in Iran, and despite some opposition, has formed a task force dedicated to studying the legality of what Iranian’s say online and how they use the internet. Rouhani has used his twitter account in the past to comment on education, women, chemical weapons use and ‘Al Qaeda wreaking havoc’ in Syria.

The Iranian leader’s use of twitter as a diplomatic channel is a far cry from ex-President Mahmoud Ahmadinejad‘s ultra-conservative, Holocaust denying approach to building bridges.

Follow Rouhani on Twitter @HassanRouhani.

Related articles

• Criminal Prosecutions for Sanctions Lobbying in Usa (europeansanctions.com)
• Sudan wants to take advantage of loophoples in US sanctions regulations (sudantribune.com)

Data risk: six foundations of a robust data risk management programme

The Australian Prudential Regulation Authority (APRA) has published new guidance for regulated firms to address the developing a risk based approach to data management. Alongside six foundation principles for building a sound data risk management (DRM) framework, the guidance gives examples of data risks, how to measure data quality, pillars to build your DRM framework around and more.

The regulator underlines that the guidance does not cover every possible data risk, does not provide checklists and that firms should use the risk based approach to assess their own unique risks and build a DRM framework that addresses those risks. Any risk management framework applied under a risk based approach is underpinned by knowledge of the business. Fundamentally, if you do not understand your own business inside out, you will not understand the risks and not be able to apply an effective risk management system. This could lead to regulatory censure and ultimately loss of business.

The final guidance found on the APRA’s website applies to all authorised deposit taking institutions and provides guidance on risks associated with the use of data, including data application, retention, storage and security. Although this prudential practice guide is aimed at Australian authorised firms, it provides a useful tool for other deposit taking firms in terms of building a sold risk management framework which is in keeping with international standards.

Here are some of the highlights from the guidance:

Six high level principles for building a sound DRM system

Access to data is only granted where required to conduct business processes;

Data validation, correction and cleansing occur as close to the point of capture as possible;

Automation (where viable) is used as an alternative to manual processes;

Timely detection and reporting of data issues to minimise the time in which an issue can impact on the entity;

Assessment of data quality to ensure it is acceptable for the intended purpose; and

Design of the control environment is based on the assumption that staff do not know what the data risk management policies and procedures are.

Four common data risks

Fraud due to theft of data;

Business disruption due to data corruption or unavailability;

Execution delivery failure due to inaccurate data;

Breach of legal or compliance obligations resulting from disclosure of sensitive data.

Ten dimensions for measuring data quality

Accuracy: the degree to which data is error free and aligns with what it represents;

Completeness: the extent to which data is not missing and is of sufficient breadth and depth for the intended purpose;

Consistency: the degree to which related data is in alignment with respect to dimensions such as definition, value, range, type and format, as applicable;

Timeliness: the degree to which data is upto-date;

Availability: accessibility and usability of data when required; and

Fitness for use: the degree to which data is relevant, appropriate for the intended purpose and meets business specifications

Confidentiality: restriction of data access to authorised users, software and hardware;

Accountability: the ability to attribute the responsibility for an action;

Authenticity: the condition of being genuine; and

Non-repudiation: the concept that an event cannot later be denied.

Seven pillars to build your DRM framework around:

Includes a hierarchy of policies, standards, guidelines, procedures and other documentation supporting business processes;

Aligns with other enterprise frameworks such as operational risk, security, project management, system development, business continuity management, outsourcing/offshoring management and risk management;

Includes the expectations of the Board and senior management;

Assigns a designated owner or owners;

Outlines the roles and responsibilities of staff to ensure effective data risk management outcomes;

Enables the design and implementation of data controls. The strength of controls would normally be commensurate with the criticality and sensitivity of the data involved; and

Is reviewed on a regular basis, with periodic assessment for completeness against current practices and industry standards

Four keys to creating and maintaining effective data architecture

It is important for the regulated entity to:

Understand the nature and characteristics of the data used for business purposes;

Be able to assess the quality of the data;

Understand the flow of data and processing undertaken (i.e. data lineage); and

Understand the data risks and associated controls.