Issue 49: Pure Imagination
MBK Search
We connect the best risk, audit, and compliance talent with the world’s leading firms.
Welcome to This Week in GRC, MBK Search 's?weekly digest of the news and views in the world of governance, risk, and compliance.
The Opening Bell
If there is a better photo produced in 2024 than that depicting actor Kirsty Paterson as a miserable oompa loompa at Glasgow's infamous Willy's Chocolate Experience, then it will be a banner year for photography.
The elaborate confection promised on the show's website wasn't close to what was on offer at Box Park. Bleak photos of slapdash sets and glum-faced actors greeted visitors who paid close to £35 ($44 USD) for the privilege.
If there is a lesson for GRC professionals in this world of pure imagination, it's that generative AI gives fraudsters unprecedented ability to deceive. That will be a focal point of next week's episode of MBK Talks with Nasdaq's Corey Lynch — details below.
Webinar: Fighting Global Financial Crime in 2024
In 2023, an estimated $3.1T in illicit funds flowed through the global financial system, according to?Nasdaq 's 2024 Global Financial Crime report. AML professionals are facing an enemy that's increasingly savvy and innovative.
So, where does the solution lie?
In this edition of MBK Talks, we'll hear from Nasdaq's Senior AML Product Expert?Corey Lynch, CAMS ?on what GRC teams are doing to meet the challenge and what steps can be taken to future proof their approach.
Fed VC calls for counterparty credit risk action
The Fed's Vice Chair for Supervision, Michael S. Barr, has outlined four key priorities for firms looking to sure-up their counterparty credit risk management.
In a speech delivered this week, Barr argued interconnectedness among large financial institutions can propagate systemic risk. He explains, "Shocks can rapidly propagate throughout the financial system along these interconnections, rather than being isolated or dampened."
He says that if major counterparties fail to manage risk appropriately at the firm level, government intervention can be required to prevent broader collapse.
To address these concerns, Barr outlines four priorities for enhancing the resilience of the core financial system:
1) Improving Transparency
Barr argues that greater transparency into firms' counterparty credit risk exposures is critical. Specific recommendations include improving reporting frequency, granularity, and inter-affiliate transparency. More robust disclosure to the public on gross derivatives and SFT exposures will also help markets discipline risky build-ups.
2) Enhancing Stress Testing
In terms of stress testing, Barr says firms need to better incorporate unlikely but very severe shocks into their credit exposure models and internal capital planning. This includes accounting for multiple counterparties failing simultaneously and for vulnerabilities from cross-margining programs and central clearinghouses.
3) Coordinating Regulatory Policies
Barr called for global regulators to work closer to ensure margin, collateral, and central clearing policies limit the chances for regulatory arbitrage. He said that cross-border fragmentation of policies governing derivatives and intra-group booking of trades remains a core challenge. Barr also maintained that dialogue through BCBS and FSB remained positive.
4) Improving Supervisory Data
Finally, Barr admitted regulators must keep working to address data gaps to see a build-up of exposures on a market-wide basis. He argues that access to more granular, high-frequency data on derivatives and SFT trades is necessary to enable macroprudential oversight. Trade repositories and leveraging technology can help overcome current limitations.
While regulations have expanded since the 2008 global financial crisis, risks from securities financing transactions and derivatives remain an "important source of systemic risk," Barr said. Ongoing oversight and coordination of counterparty risk management internationally remains essential for stability.
SEC tightens conflict of interest rules for staff
The Securities and Exchange Commission (SEC) has approved amendments to its Supplemental Standards of Ethical Conduct for employees and members. The changes aim to strengthen conflict-of-interest rules and public trust in the agency.
Restrict Ownership of Financial Industry Sector Funds
The amendments bar employees from owning funds concentrating investments in SEC-regulated entities. This includes registered investment companies, bank common trusts, and exempt or pooled funds with policies focused on SEC-supervised organizations.
Ease Requirements for Permissible Diversified Funds
The SEC maintains that certain diversified assets pose fewer ethical issues. The changes would exempt permissible diversified funds from pre-clearance, reporting, and 30-day holding requirements.
Covered assets include:
This eases administrative burdens for safer investments.
Allow Automated Reporting System
The amendments allow using an automated system for reporting securities transactions. Employees could authorize brokers/institutions to transfer data rather than manually filing it.
Supporters noted efficiency gains, while critics raised privacy and security concerns. In response, the automated system would now be voluntary vs. mandatory. Manual reporting requirements are kept for those not using the automated approach.
Apply IPO Rules to Direct Listings
When companies list shares directly on an exchange, direct listings can raise ethical questions like traditional IPOs. The new rules bar buying directly listed securities for seven days post-listing, just as with IPOs.
Study: Ransomware Attacks Hit Over 2 in 3 Organizations
A survey on cyber threats this week revealed ransomware incidents impacted over 69 percent of organizations in 2022 - a nearly 10 percent year-over-year spike. The findings highlight the scale and growth of attacks amid an evolving criminal capability landscape.?
Analysis from security firm Proofpoint covered trends across sectors. Researchers report increased exploit sophistication, with hackers more frequently bypassing multifactor authentication through intercept tools and session hijacking.?
Social engineering techniques also show continuous innovation, from personalized cross-language business email compromise scams to QR code-based phishing. Generative AI could expand lure content in the future.
On ransomware specifically, 60 percent of impacted entities reported four or more separate infection events just last year. And over half of victims admit to paying ransoms, often repeatedly.?
领英推荐
Insurer assistance with payments topped 90 percent - suggesting a cycle whereby payouts indirectly incentivize attacks and deter defenses. Critics argue that proper resilience guidance should accompany coverage.
Nonetheless, researchers found that most security professionals still over-rely on multifactor authentication despite growing evidence of bypass vulnerabilities. They urge recognizing its limits within defense-in-depth models.
Likewise, user behavior analysis revealed that convenience and deadlines overwhelmingly drive individual risk-taking. Hence, it calls for frictionless security, maximizing proactive threat disruption before reaching staff.?
Analysts advise technology controls targeting observed attack patterns to shelter human targets, often representing the most accessible route toward intrusion. But they argue that motivators behind negligence must be addressed too.?
In both cases, detailed threat intelligence tailors protection to counter actual real-world techniques in play. Fostering understanding builds a collaborative front against incredibly innovative adversaries through inevitable failures.
U.S. and South Korea to hold joint NFT regulation talks
South Korea’s financial overseers plan talks with the US Securities and Exchange Commission (SEC) on joint cryptocurrency policy approaches. Key points include classifying non-fungible tokens (NFTs) and approving spot bitcoin exchange-traded funds.?
Seoul excludes NFTs from “virtual asset” designations, bringing coins under regulations. The deliberations with SEC Chair Gary Gensler may alter that stance to impose stricter investor protections on surging digital collectible exchanges.
Discussions also tackle regionally disputed vehicles tracking Bitcoin’s market price. While still prohibited locally, South Korean ruling and opposition parties pledged to launch spot crypto ETFs given constituent demand.?
Approvals remain unlikely soon, however. Critics argue that additional scrutiny should apply given crypto complexity versus traditional assets. They want concrete guardrails that address proven risks before sponsoring retail investment channels.?
Nonetheless, sentiments among leaders show warming attitudes following China’s crypto ban. However, unsophisticated traders have suffered from highly volatile markets that lacked mature oversight.?
Stringent exchange requirements instituted in 2021 shuttered over 50% of platforms over control deficiencies. Surviving venues now see registration boosting accountability amid rebounding volume.?
After years of consultations, July brings additional conduct policies for South Korean crypto intermediaries. Officials framed US collaboration as smoothing alignment hurdles.
FATF Adds Kenya and Namibia to Money-Laundering Watchlist
An international anti-money laundering task force added Kenya and Namibia to its monitoring list this week over outstanding regulatory deficiencies. Conversely, the United Arab Emirates and two other members achieved removal through expected reforms.
The Financial Action Task Force (FATF), comprising 39 member countries, updates its “grey list” three times yearly. Addition pressures jurisdictions to address compliance gaps quickly by informing warnings and recommendations.
Inclusion considerations for Kenya included bolstering cooperative case assistance with global allies and refreshing national illicit finance strategies. Namibian authorities must boost supervision budgets, breach penalties, and adopt an ownership registry.?
Meanwhile, after just one year, the UAE earned removal by establishing specialized financial crime bodies and upping terrorism finance controls. Uganda and Barbados likewise exited the two-year watch after shoring financial sector oversight and shell company vulnerabilities.?
But a lengthy roster of nations with known money laundering risks remain listed for ongoing remediation pressure. They encompass corruption hotspots across Africa, Asia, Eastern Europe, and the Middle East.
Critics argue that FATF grading can appear subjective or politically motivated at times. They want mandatory public metrics gauging progress to combat gaming.
Supporters counter blacklist avoidance incentivizes otherwise reluctant reforms locally. Even non-members must heed the designation given impacts enabling shadow markets undermining stability worldwide.?
While welcoming recent progress, FATF officials caution that major work remains to strengthen oversight globally amid daunting resource challenges. They believe ongoing transparency on regime soundness aids setting shared expectations against threats outpacing many countries.
Financial technology also presses authenticated identity needs as gateways multiply and anonymity features advance. However, convergence on digital ID systems enabling rights protections remains to be disputed cross-border.
EU Sets 2025 Launch for AML Hub in Germany
The European Council announced this week that its forthcoming Anti-Money Laundering Authority (AMLA) will be headquartered in Frankfurt, starting operations in 2025 with over 400 staff. Germany's financial center prevailed, bidding to host the new supervisory body against seven other member state contenders.
Initially approved in late 2022, AMLA forms the centerpiece of sweeping legislative reforms to coordinate bloc-wide financial crime oversight. The agency will monitor and penalize firms with heightened money laundering, terror, and proliferation finance risks.??
Around 40 banks and financial institutions facing elevated cross-border exposure stand to gain inaugural AMLA inspection based on a risk-tiering assessment. All other lower-risk entities remain under respective national supervisors for now.?
Host selection timing also coincides with Germany's progressing plans for its domestic agency. However, officials believe coordinated mandates will align constructive authority between levels.?
Some analysts question another compliance layer between global and state-based regulators, however. They want more reforms focused on strengthening external borders first.
Nonetheless, policymakers believe centralized supervision powers can seal oversight gaps within the EU that serial scandals revealed. Recent cases saw funds move undetected across multiple jurisdictions through structural reporting loopholes.
Hence, it calls for consolidated oversight, closing weak links targeted by criminal exploitation. However, critics contend more robust data sharing and public transparency measures deserve prioritizing before additional bureaucratic oversight.??
They argue that new fact-finding capabilities should take precedence over punitive institutions still dependent on self-disclosure policies largely based on outdated models.
For EU authorities, launching AMLA boosts visibility in tracing regional laundering vectors regardless. But expectations hinge on matching strong coordination with national allies to oversight demands.
?
Trent Russell has delivered another fantastic episode of The Audit Podcast, speaking Pat Neimann, Partner of?Center for Board Matters at EY, about cybersecurity, IA, an ESG in 2024. Listen here .
?
See the full list of GRC jobs MBK Search is recruiting for on our website — mbksearch.com/jobs
At MBK Search, we help firms find world-class talent to build champion teams across regulated markets. Let's start building — visit our website to find out how. www.mbksearch.com