Economy & Business
The importance of supervision
Maintaining compliance and preventing financial crime is not just a matter of following laws and regulations but requires effective leadership and supervision within financial institutions
By Paul Shelton
Financial institutions are generally large and ponderous institutions with a multiplicity of branches (on-shore and off-shore) and subsidiaries. All these entities rely on the effective supervision of their employees in addition to their employee’s inherent honesty and integrity.
Many banks find it important to reinforce this message of honesty and integrity with specific training and I for one am a vigorous supporter of regular monitored training (and so are the regulators). It is all part of the overall risk management and compliance within a financial institution. I my opinion, micromanagement within a financial institution simply doesn’t work well (and, more often than not, simply serves to turn off the next generation of young, motivated, and talented employees). On the other hand, a well-managed financial institution should give its leaders (this is not just the C-Suite but anyone who manages a group of employees) freedom within boundaries to pursue their areas of interest. These leaders must effectively supervise their group, be it large or small, to ensure their part or aspect of the business is operating in accordance with policies, laws, and regulations and that the end goal, a profitable financial institution, is achieved.
The following principles are what I believe form the basis of an effective approach to ensure that supervision is effective and consistent:
1. Take responsibility
- Know what you are accountable for.
- Make yourself available for those who
- You supervise
- Support your business.
2. Organize your business/section/department
- Know who and what are your responsibilities.
- Document your reporting lines.
- Delegate effectively.
3. Know your team and what they do
- Know their level of competence and understand any weaknesses.
- Identify problematic behavior early and act upon it.
- Ensure you and your team are properly trained and informed (join with them in training sessions to reinforce the message of the team). If you aren’t getting the training, find out why or create the training yourself.
- Trust but verify (but do not overreach with destructive micromanagement).
4. Know your business
- Understand the area/business you are responsible for.
- Know your systems and controls – how do they work? (Can you explain to a new joiner how they work? If not, then you won’t be able to explain it to a regulator).
- Know your authority and approval limits (know the authority and limits of your team if you have delegated any authority or limits).
- Understand your risk framework – understand the consequences of something going wrong in your area/section/department – what impact it may have on your institution and/or you personally?
5. Foster a strong risk culture
- Set the tone from the top – we so often mistake this to mean the C-Suite or senior executives – but in your area/section/department, you are the leader.
- Lead by example.
- Be consistent (never show favoritism either within your own team or to your “customers” (internal or external).
6. Recognize, respond to, and resolve issues
- Spot red flags and deal with them swiftly.
- Follow up on issues until they are closed and resolved – this may be a long-term endeavor and require patience and resilience – but that is why you are a leader!
- Provide complete and accurate information to management. This is vitally important. Hiding an issue will only result in greater problems in the future. I always tell my teams, upfront, that “I don’t like surprises!”. If the news is bad, tell me so that we can act upon it! If the news is good, let’s celebrate that achievement.
- Escalate effectively – I would add not only escalate upwards but where possible (in terms of balancing the duty of confidentiality in any instance – cascade downwards as well – make your team aware of the issue – they may well have the answer!)
I won’t for a moment suggest that if you follow all six items that you will have all the bases covered. Systems that all financial institutions rely upon may malfunction or not be properly calibrated or not be up to date, so you need to ensure that they are. It is your responsibility! We refer to this as “noise” from a system.
Some “noise” is good. It shows a system that it is most likely working appropriately. An excessive amount of noise may mean your institution is really dealing with inappropriate clients and your system is actually doing the right thing by identifying issues or your system’s algorithms need urgent attention (as noted above, follow up on issues/red flags until they are closed or resolved). You would be surprised at how the state and age of algorithms are ignored.
In the present geopolitical environment, sanctions-related systems are particularly vulnerable if they are not up to date with the latest sanctions (at the economic, legal entity and personal levels) to ensure a financial institution is not in breach and thereby opening itself up to not only being named and shamed by regulators but also subject to substantial fines. Never underestimate the damage of being named and shamed even if the ultimate financial penalty is not that large. Also, nothing makes a shareholder move aggrieved than seeing their investment losing value (whether it is through reputation, the stock price or potential decrease in dividends due to decreased revenue).
Also, human nature being what it is, there are always likely to be individuals within financial institutions who, for reasons of greed, put the institutions and themselves at risk. There are frequent cases of employees of financial institutions finding a weakness in a system or procedure and deciding to take advantage of that for their own financial benefit. Besides greed, it is sometimes debt or addictions that lead these employees down the dangerous path of greed and corruption.
The same can be said about individuals or groups outside of a financial institution (or perhaps using an “insider” for the initial lead and then acting upon that information). Financial institutions should always be on the lookout for hackers, fraudsters, and other such criminals.
I’ve seen my fair share of these individuals within financial individuals and the incidents they have created in my years in financial institutions. I’ve seen campaigns of “poison letters” aimed at destroying the reputation of fellow team members (mostly due to petty jealousy or the mistaken belief that their desired promotion has been thwarted), all based on false allegations that were easily refuted.
I’ve seen actual financial fraud when, as I noted above, an employee has identified a vulnerability in procedures and believes it will never be discovered. It usually starts out with just small amounts of money (perhaps testing the waters), and it may just remain that way, just siphoning off small amounts regularly. It may start small and then inflate to larger sums as the arrogance and confidence of the fraudster grows. Counterintuitively, the perpetrators often believe that they are benefiting the financial institution by identifying these loopholes (but contrition for such activities always comes after they have been caught). Inevitably these schemes are identified by a simple error or the gut instinct of an honest employee who sees or senses something is just not right and makes a report to a manager (one who understands their supervisory responsibilities).
It is not a fond memory of mine to be sitting across the table from law enforcement officers detailing a particular instance of fraud (this was some years ago and not in Taiwan). It was a legal obligation to make such a report - and to then escalate/cascade the details once the investigation was complete.
Such incidents do, unfortunately also occur in Taiwan’s financial institutions. A quick review of the Financial Services Commission’s (FSC’s) website provides us with the following examples in 2021 and 2022.
In 2021 and to date in 2022, the FSC has taken the following actions against Taiwanese banks directly relating to the fraudulent and or inappropriate behaviour of bank employees (I have deliberately removed the names of the banks and in the rare occasion the family name of the employees involved):
- 2022-09-02 - a former employee of a bank had misappropriated customer funds. The FSC therefore imposed an administrative fine of NT$14 million on the bank.
- 2022-06-24 - a former employee of a bank had misappropriated customer deposits and tax payments in a manner that revealed a failure to properly establish and sufficiently implement internal controls, resulting in an administrative fine of NT$4 million on the bank.
- 2022-06-24 - a former employee of a bank misappropriated cash from ATMs and customers’ funds, resulting in an administrative fine of NT$4 million on the bank.
- 2022-06-23 - The FSC discovered that former employees of a bank had misappropriated customers' funds and engaged in abnormal fund transactions with customers that revealed a failure to properly establish and sufficiently implement internal controls, resulting in an administrative fine of NT$6 million on the bank.
- 2022-06-23 - The FSC imposed fines on a bank after discovering that a former employee at the bank had misappropriated customers' funds and engaged in abnormal fund transactions with customers, resulting in an administrative fine of NT$4 million on the bank.
- 2022-06-23 - The FSC discovered that a former relationship manager at a bank had engaged in abnormal fund transactions with customers that revealed deficiencies in the bank's handling of anti-money laundering operations, resulting in an administrative fine of NT$14 million on the bank.
- 2021-09-01 - The FSC imposed sanctions on a bank after discovering that its wealth managers had misappropriated customers' funds and engaged in abnormal fund transactions with customers and improper business, resulting in an administrative fine of NT$30 million. Also, the FSC issued an official reprimand and ordered the bank to suspend the deputy head of the bank’s Retail Banking Group for three months, ordered two of the bank's branches to suspend all conduct of insurance agency business with new customers for three months with the suspension to remain in force until the FSC determines that proper corrective action has been taken.
- 2021-02-01 - The FSC imposed sanctions on a bank after discovering that its former wealth manager had misappropriated customers' funds and the bank had failed to conduct KYC process and failed to properly establish a check mechanism for operations carried out after solicitation and before submission of application documents. The FSC imposed an administrative fine of NT$12 million on the bank and the FSC also ordered one of the bank's branches to suspend all insurance agency business and money trust business for one month.
- 2021-01-19 - The FSC imposed an administrative fine of NT$20 million on a bank after discovering that a former wealth manager at the bank had misappropriated customers' funds and engaged in abnormal fund transactions with customers. The FSC also ordered the bank to suspend the vice-president in charge of the bank's wealth management division as well as the person in charge of the bank's consumer banking division for three months.
According to my calculations, that’s a total of NT$108 million in fines (in just under a two-year period) relating directly to employees’ malfeasance. The sum is minor compared to other jurisdictions but still clearly demonstrates that the regulators have no tolerance for fraudulent activities. Trust in financial institutions is paramount in any jurisdiction.
Whilst we see most of the fines being applied to the banks themselves, we also see regulatory action being taken against individuals (a growing international trend). We can assume that the banks have also taken appropriate internal action against the individuals involved. Careers ended and futures lost, all in the name of greed.
Fraud, malfeasance, bribery, and corruption create an uneven playing field for honest financial institutions and can cut deep into the social fabric of developed and developing countries alike.
In 2020, the World Economic Forum (an independent international organization that brings together decision-makers from across society to work on projects and initiatives that make a real difference and aim to deliver concrete and sustainable results and a positive impact at all levels of society) through its Global Future Council on Transparency and Anti-Corruption estimated that corruption (as broadly defined) costs the world economy 5% of GDP a year or the equivalent of some US$3.6 trillion. While the percentage and dollar amount have been disputed, fraud, malfeasance, bribery, and corruption can present very serious problems for a financial institution along with money laundering and terrorist financing.
Taiwan, through the Ministry of Justice and the FSC, has a raft of legislation and enforcement mechanisms that deal with the illegal issues raised above (relevant provisions can be found in the Anti-Corruption Act, the Criminal Code, the Organic Statute for Anti-Corruption Administration, the Banking Act, and the Securities Exchange Act, inter alia).
And while laws and regulations are absolutely essential, proper internal managerial supervision can act as a real bulwark against issues before they occur.
Paul Shelton is a consultant with 30 years of experience in the international financial services and related industries with skills in all aspects of legal and financial crime compliance and regulatory relationship advisory and management.