For operations and compliance professionals, the definition of financial crime is rapidly expanding to meet the threats of cyber crime, but the more common threat is money laundering or fraudulent wire transfers conducted by unscrupulous companies or individuals.
For depositories and custodian banks, this traditional abuse of the financial system has acquired an additional level of risk — that of intensified regulatory scrutiny and enforcement which could ultimately reach a customer’s client whose identity is masked through an omnibus account.
The standard approach to fraud risk management is focused on identifying and ejecting the dangerous participant before any harm is done through know-your-customer (KYC) practices. But just how far should — and can — a financial organizations go to track down potential perpetrators, before it becomes embroiled in a regulatory enforcement action?
It’s a difficult enough challenge to determine the risk of the financial firm’s own individual or corporate client. If the risk originates once removed — that is, with the customer’s client — whose identity may be masked by conventional account ownership methods such as omnibus accounts, the difficulty multiplies.
Such is the problem facing the world’s largest securities depositories and custodian banks who are now trying to come up with guidelines on how to meet new standards that are being discussed by regulators, but are already emerging on a de facto basis through hefty financial penalties.
Big-name Crime Fighters
Working under the umbrella of the Zurich-headquartered trade group International Securities Services Association (ISSA), a new working group to study financial crime compliance is looking for potential answers and new industry practices to the address the problem. The working group is led by SIX Securities Services and its membership is a who’s who of the cross-border financial services market: Brown Brothers Harriman, Deutsche Bank, BNP Paribas, JP Morgan Chase, UBS, Credit Suisse, and international securities depositories Euroclear and Clearstream as well as the US Depository Trust & Clearing Corp., South Africa’s Strate. Also represented are global message network provider and standards creator SWIFT, operations consultancy AlfaSec Advisors and the UK’s Coventry Law School.
Until an ISSA press release announcing the existence of the committee was issued last week, the working group members were sworn to secrecy regarding communicating any details with the press. The press release provided little information, except that the focus is post-trade processing of cross-border transactions. Upon request for clarifications, the ISSA’s press director, who is also head of media relations for SIX Securities Services, informed FinOps Report that no emailed questions would be answered and no one was available to comment further.
There are hints in the announcement of the reasons for the media sensitivity, such as “The objectives [of the working group] will include developing principles that should govern the securities intermediation process and the tools that are available to the industry to provide greater transparency where required.” Translation: In order to preempt new regulatory mandates that might not only be burdensome but also chaotic if not harmonized internationally, the securities depositories and custodians are taking it upon themselves to come up with ways to create transparency in transaction processing not only with their own clients, but also the ultimate counterparties that are their clients’ clients.
Just how they will do so is a matter of intense debate. Changing the status quo always comes with hefty operational and technological costs. From what FinOps was able to piece together from the press release and conversations with members of the working group who insisted on anonymity, the core operational problem faced by custodians and securities depositories in uncovering any potential regulatory breach caused by their clients’ client lies in the common type of securities registration in custodial or depository accounts — the omnibus account.
Layers of Masking
The practice, requiring each intermediary to consolidate multiple underlying accounts under its own name before passing them on to the next processing entity, is considered to be an efficient operationally. However, it comes with a downside. It ensures that the identity of the underlying buyer or seller of a securities is never known to the next processing entity. I.e., the asset manager forwards transaction information to the custodian bank under under the omnibus account in the asset manager’s name, rather than the beneficiary investor. The custodian bank or broker-dealer forwards instructions for settlement to the securities depository based on the omnibus account in the custodian’s name.
Given the practice is common, what are securities depositories, custodians and broker-dealers so worried about? Here’s what: it is becoming increasingly apparent that they might be held accountable — and be charged regulatory fines — for conducting business on behalf of a sanctioned or improper end-investor. Until now, they have been more or less insulated from regulatory enforcement by the principle of “equivalent regulation,” which holds the securities service provider responsible for policing only its own direct client base.
Therefore, securities service providers don’t have to investigate beyond their regulated omnibus account holders. So said IOSCO in 2004. The US Securities and Exchange Commission, and Commodities Futures Trading Commission subsequently agreed. But according to the ISSA, there are clear signs that regulators might be rethinking the equivalent-regulation approach when it comes to identifying beneficial ownership or the name of the true underlying investor.
Case in point: the well-publicized early 2014 US $152 million settlement reached between international securities depository Clearstream and the Office of Foreign Asset Control, the sanction-enforcing arm of the US Treasury, highlighted the pitfalls of asserting ignorance of the the end investor’s identity as a defense for running afoul of US rules. In fact, the Treasury itself said that the settlement should serve as a clear signal to financial firms that omnibus and custody accounts require “scrutiny” to ensure compliance with relevant sanctions laws.
Omnibus is No Defense
Just what did Clearstream do wrong? Here is what the Treasury ruled: Through its New York office, Clearstream had maintained an account with a US financial institution which enabled the Central Bank of Iran (CBI) to maintain beneficial ownership in 26 securities valued at US$2.8 billion held in a US central securities depository — Depository Trust Company. Clearstream had promised OFAC it would get rid of all of its business with Iranian banks. However in February 2008, the “securities entitlements” held by the Central Bank of Iran were transferred by Clearstream to a European bank, which opened a new omnibus account with Clearstream which Clearsteam serviced through its New York subsidiary.
As the OFAC settlement pointed out, that move didn’t solve the problem of Clearstream violating US sanctions and several Clearstream employees were aware of it. As a result of the transfer, “the record ownership of the securities entitlements on Clearstream’s books changed, but the beneficial ownership did not, resulting in the CBI interest being buried one layer deeper in the custodial chain.” wrote the US Treasury in its notice of settlement.”
In other words, omnibus accounting that masks true beneficial ownership is on the regulator’s radar. So what should and can custodians and securities depositories do to prevent themselves from targets of regulatory wrath?
The obvious solution would be do abolish omnibus accounts in favor of named beneficial accounts, but members of the working group told FinOps that a scenario isn’t likely. The ISSA press release gives no inkling of the options being considered by the working group, the same participants suggest that their group is looking at defining the “securities equivalent” of the Wolfsberg Anti-Money Laundering Principles for Correspondent Banking.
KYCC: Know Your Customer’s Customer
Under those high-level rules, established last year, financial institutions can’t rely simply on the fact that a foreign correspondent is subject to regulation to do business with it. The financial institution must address the business risk, the owner structure and the effectiveness of the foreign correspondent’s AML controls, as well as the downstream relationships with the correspondent’s clients.
Such new guidelines for securities processing might ultimately mean that a custodian bank or depository could refuse to accept the registration of a customer’s account in the omnibus name unless the financial institution has agreed to follow the Wolfsberg AML principles. A full copy of the guidelines, jointly agreed upon by Banco Santander, Bank of Tokyo Mitsubishi, Barclays, Citigroup, Credit Suisse, Deutsche Bank, Goldman Sachs, HSBC, JP Morgan Chase, Societe Generale, and UBS can be found here.
Yet another possibility would be to re-purpose SWIFT’s MT 202 COV message type used in correspondent banking for securities settlement messages. That means including fields to identify the ultimate buyers and sellers of securities the same way that the 202-type message shows the final payer and beneficiary details to the two financial institutions making the payment and the involved correspondents as well.
However, receiving end-to-end buyer and seller information down the settlement chain opens the possibility that asset servicing providers will have to handle data and potentially investigate parties that are not their clients. Automated screening software is used today in the correspondent banking industry to help prevent financial firms from doing business with illegal parties. It theoretically could be adapted for securities servicing, but only with substantial operational and IT investment from industry players.
What other options exist? Using a version of the US Consolidated Audit Trail sounds simpler than attempting to track beneficial ownership through a new type of securities settlement message. It limits the amount of data and the costs of screening and processing the data, as well as the legal risk from acquiring info on parties with which a financial firm has no contractual relationship. However, the idea has a two key hurdles to surmount. The first is that it is based on capturing order and event information from trade execution, not settlement. An even bigger obstacle is that CAT has yet to go live even in one market, the US, three years after it was first proposed by the US Securities and Exchange Commission. Therefore, its prospects for adoption in multiple countries are likely slim to none.
With the ISSA financial crime committee set to release its initial findings as early as next month, the securities industry will soon have a lot to talk about — and prepare for. With the omnibus account apparently being protected from change for the time being, that leaves few solutions and expensive ones at that.
Leave a Comment
You must be logged in to post a comment.