Categories
Innovation in Compliance

Integrity Matters: AML Trends for 2022


Welcome to this special podcast series, Integrity Matters sponsored by K2 Integrity. For this series, I visit with Koby Bambilia, Managing Director, and Olivia Allison, Senior Managing Director. Over the series, we look some issues and trends going forward into 2022. In this Part 2, I am joined by Koby Bambilia who looks at trends regarding AML going into 2022. Some of the highlights include:

  • Impact has there been to-date from the  passage of the AML Act of 2020?
  • What has been on the mind of clients and others in the market?
  • Has COVID and the global crises created shifted just how bad actors take advantage of the financial system?
  • How are you advising your clients to mitigate these risks and get ahead of the rule making as we head into 2022?

Resources
Koby Bambilia Profile
K2 Integrity

Categories
Blog

AML Trends for 2022

I recently had the chance to visit with Koby Bambilia, Managing Director at K2 Integrity. We looked at some key anti-money laundering (AML) trends in 2021 and how they might impact AML investigations, prevention and enforcement going forward into 2022. We consider the impact to-date from the passage of the AML Law of 2020 then move to some of the key questions on AML going into 2022. Has COVID and the global crises created shifts which allowed bad actors take advantage of the financial system? Finally, what are some of the key risks to mitigate these risks and get ahead of the rule making as we head into 2022?
We began by considering the focus of Department of Treasury (Treasury) and its regulators. Here there are several topics that were given priority as part of the national Strategy for Countering Corruption, terrorism and other illicit activities. These priorities include cybercrime, virtual foreign currency, domestic terror financing, criminal organizations, human trafficking, smuggling, drug trafficking, corruption, fraud and proliferation financing. Bambilia related, “we can easily see that the list is quite extensive yet. There is something in common for all these priorities. If you look at the priorities, they include predicate crimes that generate illicit funds thought assets, which allows criminal actors to launder through the financial system.” As money laundering is linked to all these priorities it remains a priority.
Bambilia believes financial institutions need to incorporate these AML priorities into their risk-based Bank Secrecy Act (BSA) compliance programs by assessing the potential risk associated with the client base, the products and service services they offer, in conjunction with their geographic areas and countries of operations. Bambilia believes that government examiners will soon ask to see and review what steps banks and financial institutions have taken with regards to these priorities. In other words, whatever steps you take Document, Document, and Document so you can show the regulators when they come knocking.
As Treasury continues to issue regulations stemming from the AML Law of 2020, banks and financial institutions should be prepared to face new and revised beneficial ownerships and obligations in 2022. Bambilia believes, “December’s proposed rule to implement the Corporate Transparency Act, gave us all the preview into the Treasury Department’s mind and approach to developing a national registry of beneficial ownership information.” Moreover, this should also act as a reminder to meticulously follow the Beneficial Ownership Rule, which requires covered financial institutions to identify beneficial owners of each customer at the time a new account is being opened and to determine the true and official owners based on both the control and ownership prongs. Bambilia also noted, “looking ahead into 2022, beyond the immediate implications, the proposed rule will also require changes to existing customer due diligence obligations for financial institutions.” Finally, they will most probably be the subject of a future FinCEN rule making.
It is clear that COVID-19 had immense impact on everything relating to illegal activities and bad actors. Ransomware is the tool most bad actors are using, even with financial institutions. Bambilia related, “those nefarious actors are probing to obtain both customer and commercial credentials, as well as proprietary information to defraud financial institutions and to disrupt business functions.” Interestingly, Bambilia and colleagues observed a significant increase in criminal attempts to exploit the pandemic through phishing campaigns and business extortions, email compromise and traditional fraud schemes.
Tying all this back to our initial discussion, the proceeds of these activities are being channeled and funneled through the regular banking and financial systems. This puts a higher burden on financial institutions as they are uniquely positioned to observe and detect the suspicious activity that results from cybercrime. Now they are required to report it through the normal channels of Suspicious Activity Report. This has led to an increased need for financial institutions to process, review and monitor transactions that go through their system and evaluate those transactions with a sufficient and comprehensive set of skills required to identify the illegal activities and to properly report it to authorities.
Just as ransomware attacks have become more ubiquitous so have ransomware payments. In September 2021, OFAC issued an updated advisory on potential sanction risks for facilitating ransomware payments, which is specifically designed to disrupting criminal networks and virtual currency exchanges responsible for laundering these ransom payments to encourage improved cyber security across all sectors, including the banking industry. Bambilia said this “emphasized the need to properly report ransomware incidents and related sanctions to US government agencies, including both Treasury and law enforcement.” It also re-emphasized the need to properly monitor bank transactions for potential illegal activities.
We turned to a discussion of what businesses and financial institutions need to do to prepare for the upcoming regulations and increased enforcement. Bambilia emphasized that a strong compliance program for AML, BSA and sanctions is the best place to start and build upon going forward. Bambilia laid them out as follows:

  • First, make sure that your policies and procedures adequately address the new regulations, then update and validate your BSA risk assessment accordingly. Your risk assessment should consider factors like banks, products and services, customer entities and geographic locations and operating jurisdictions.
  • Second, a designated individual that is responsible for the day-to-day compliance and who is familiar with the new requirements, who has the full support of both senior management and the Board of Directors to manage these changes.
  • Third, update your current system of internal controls to reflect the change in regulation, then monitor and update as appropriate. Your controls testing should help you determine if your internal controls can effectively detect and identify possible breaches of your policies and procedures.
  • Fourth, work together with your internal audit function to assure their yearly audits to assess the effectiveness of the updated compliance program.
  • Fifth, training. Here Bambilia re-emphasized the importance of training via properly tailored and targeted trainings. They constitute a key element in the ability to successfully implement any new policies, procedures and controls for any new regulations.

We ended  by recognizing that it is up to all employees, not simply the compliance function, to be a part of these new efforts. Employees need to understand their role on the first line of defense and how to report up violations or raise their collective hands to ask for information as AML regulations continue to evolve. COVID-19 has impacted compliance functions in many ways so compliance will have to re-double its efforts as well. Banks and financial institutions must commit the requisite resources to upgrading their compliance programs to meet these new regulatory requirements as well.
Bambilia concluded, “I will end by saying that the world of financial crimes continues to evolve. And our thinking must be as always one step ahead of those looking to take advantage of our financial systems. It is not just about identifying it, understanding today’s threats, but also being prepared for the threats of tomorrow.”
Check out the K2 Integrity website here. Check out my full interview of Koby Bambilia here.

Categories
Innovation in Compliance

Integrity Matters – Fraud Trends in 2022

Welcome to this special podcast series, Integrity Matters sponsored by K2 Integrity. For this series, I visit with Koby Bambilia, Managing Director, and Olivia Allison, Senior Managing Director. Over the series, we look some issues and trends going forward into 2022. In Part 1, I am joined by Olivia Allison who looks at fraud trends going into 2022. Highlights include:

  1. WFH and RTO will continue to present evolving challenges for fraud prevention.
  2. Controls must be assessed and enhanced based upon changed working environments.
  3. Impact of the Great Resignation and workforce mobility.
  4. Multi-vector crisis and fraud prevention.
  5. Use of fraud dashboards.

For more information, check out K2 Integrity.

Categories
Blog

Fraud Trends for 2022

I recently had the chance to visit with Olivia Allison, Senior Managing Director at K2 Integrity. We looked at some key fraud trends in 2021 and how they might influence fraud investigation, prevention and enforcement going forward into 2022. We began with a discussion of general fraud trends from 2021, particularly around Covid-19 issues, such as personal protective equipment (PPE), and monies distributed by governments to bolster national economies, such as Paycheck Protection Program (PPP) in the United States. Allison added that supply chain issues were also a contributing factor to these issues. She found that during investigations related to COVID procurement and healthcare procurement specifically in relation to the pandemic there were supply chains issues regarding fraud.
She believes going forward there will continue to be fraud investigations as more allegations are put forward about fraud in both COVID procurement and public procurement. Of course, the government is interested in these categories because fraudsters are trying to defraud the government out of funds. Interestingly, she found issues around fraud and data security, particularly in the heyday of working from home (WFH). This may well change in 2022 when we have a Return to the Office (RTO) but with the surge of the Omicron variant many companies are shelving RTO plans until the spring 2022.
WFH led to wider fraud inside of companies because employees were “bypassing controls, sometimes maliciously, sometimes it’s not fraudulent, but they just think that the controls are inconvenient.” This was coupled with the troubling phenomenon that Allison has seen reported recently that millennials “just think that some controls are inconvenient and they just try to work around them.” This obviously puts organizations at risk and from a culture perspective can be very damaging.
Allison noted that another risk factor for fraud she is following in 2022 are two related phenomena. They are the mobility of the work force coupled with the Great Resignation. These have led to people moving around a lot more in the labor market. With folks changing jobs and working remotely;  it is very difficult to have the same level of connection with your employer. Companies must work much  harder to build some kind of consistent culture. One of the prongs of the Fraud Triangle is Rationalization, that “the company owes me a bit more or something like that and if you do not have that level of loyalty, there is a kind of widespread risk that people may be justifying certain actions to themselves.” Allison believes that there are “a lot of things brewing that are difficult for companies, whether it’s supply chain or data, or employee loyalty, that may cause problems in the future.”
We then turned to what Allison characterized as “multi-vector crisis” which is when multiple crises coming from many different directions. As a compliance officer or fraud examiner, you are not simply responding to one threat or even one threat vector but several at the same time. Allison believes are some steps an organization can take to manage such risks. The first is “you need to make sure that your protocols, data security, policies and procedures are clear and manageable. Then train when onboarding your staff so employee understand your procedures and monitor that they are actually following them.” Finally, ensure “what is written on paper is also what happens in practice.” I would also add Document Document Document.
Additionally, companies are building dashboards of different fraud indicators. But that is only a starting point as they then must use the data to prevent fraud. She added, “I think that is a trend and also something that companies need to be looking at as they are using data. It is more than just gathering data, its actually using the data to drive decisions.” Finally, if you have not done so since the pandemic shut down the country in March 2020, you should “refresh your training.” From the training perspective, Allison believes that more frequent, yet shorter messaging is better. You can certainly have a longer annual targeted training but here she agrees with Tina Rampino that an “espresso shot” of training can be more effective.
From the controls perspective, you need to determine if different types of frauds are happening within your organization or if the situation is simply that controls are being bypassed. If there is a control bypass or override, this needs to be closed off or the bypass needs to be approved by senior management with an appropriate business justification. Of course, controls issues need to be considered when thinking about different working practices and where your employees work; whether that is WFH, RTO, work outside the physical office or a hybrid situation.
We concluded by looking at whistleblowers and the recently implemented EU Whistleblower Directive, which came into force in December 2021. In at least the last four or five ACFE Reports to the Nations, one of the consistent themes is that fraud is almost always detected internally and either reported internally or picked up through internal audit or internal controls or some other mechanism. With the EU Whistleblower Directive and the governmental monies being poured into the economies to rebuild infrastructure and other projects, Allison expects to see an increase in whistleblowers reporting fraud. This includes internal reporting and reporting to the government where a potential bounty is in play. But Allison also cautioned that the “media is a sort of third line of whistleblowing” which we saw in 2021 with the Facebook whistleblower, Francis Haugen.
All of these factors lead Allison to believe that the risk of fraud and fraud reporting will increase in 2022. Companies need to train their front-line employees to prevent fraud before it happens. Controls need to be assessed in light of the evolving work locations. Of course, the government is very interested in both fraud prevention but also fraud detection and prosecution so 2022 could well be a more significant year than 2021.

Categories
Innovation in Compliance

Integrity Matters: Culture, Training and Compliance – Part 5: Operational Aspects of Training

Welcome to this special podcast series, Integrity Matters: Culture, Training and Compliance, sponsored by K2 Integrity. This week I visit with Koby Bambilia, Managing Director, and Tina Rampino, Associate Managing Director. Over the series we have broken down corporate culture, compliance training and communications. Topics included breaking down the big picture on culture, espresso shots of training, skills development and regulatory changes, tailored and risked based training and operational aspects of training. In this concluding Part 5, I am joined again by Tina Rampino who reviews key operational aspects of training, including budget, delivery and more.

We began with a discussion of one of the most critical issues around compliance training, but one I believe does not get nearly enough discussion in the compliance community, that being the issue of budgeting. During times of economic stress compliance training budgets are often tightened. Rampino believes this approach needs to be avoided. The reason is straight forward, “investing in training and professional development for employees can save money in the long-run, both operationally and when it comes to regulatory requirements. An institution’s greatest asset is their employees and especially when you’re entrusting them to protect your institution from risk.”
This means that if you are providing employees with ongoing training to assist them to continuously refine their knowledge and skills; it will also keep them engaged and incentivized to take compliance more seriously. Moreover, as Rampino noted, “developing and retaining employees is beneficial to financial institutions in the long-run and demonstrates sustainability within the compliance program.” Instead of cutting back on training budgets in general, institutions should assess the training needs as they align with the greatest risk and find ways to deliver the most targeted and relevant training across the enterprise. Rampino advocates several different styles of compliance training. These include, having a “balance of online/in-person training; including independent or self-guided training; as well as hands on training with an instructor.”
We then turned to the concept of compliance training as a cost saving exercise. Rampino reiterated that “skilled and experienced employees are a critical part of a sustainable and effective program. While training may not be the highest priority, when a compliance officer is looking at their list of money spend for year; training is critical in proactively reducing compliance errors and risk.” Additionally, employees who receive timely and engaging training often feel that an institution is investing in them and their professional growth, which can lead to less turnover. Rampino concluded, it demonstrates “an institutions appreciates the importance of career pathing and skills development. It is not just for the regulators, but for health and wellbeing of an institution.”
Think about that for a minute; training should also assess the skills needed for each role and provide a career path for employees. Employees want to understand they are growing professionally. Management desires its employees to “understand that people they have in those roles have the right training and are experienced.” Rampino concluded that this means “training is a resource bigger than what it looks like on paper. That’s why budget and resources for training is so important. Training is a way to mitigate risk within the institution—both in terms of real risks that come in the door every day and demonstrating a sustainable way to do so.”
We concluded with Rampino’s thoughts on regulatory expectations around compliance training.  She believes, “Regulators are more interested than ever in seeing that an institution is investing in a sustainable, scalable, and dynamic training program. They want to know that an institution understands their risks and that it demonstrates that with the training that is provided to their employees. Regulators are expecting more targeted and role-based training offerings and that the content is evolving as the risks evolve.”
In the vein of my mantra Document, Document, and Document, Rampino also noted that regulators are “more focused than ever on how the financial institution is assessing compliance skills needed for critical roles and demonstrating that their employees meet the skill requirements for the roles that they are in.” This means a potential audit on areas as wide-ranging as “how an institution provides career pathing, professional development, and cross-training opportunities for their employees.” But this is much more than a myopic view of compliance training only as it “ensures sustainability of the program but also allows for flexibility as financial institutions adapt to the changes and may face organizational or structural changes, as many do due to a host of issues ranging from regulatory remediation to right-sizing.”
Training and its attendant skills development have become critical in empowering employees to move into new roles as needs arise and offers growth opportunity which is valuable beyond measure in the current environment that institutions are operating in. She concluded by stating that regulators “want to know that compliance employees not only understand their institutions internal risk, policies/procedures, and escalation processes but also that they are staying current with industry best practices and emerging risks.”
K2 Integrity has developed an online training platform and resource center, Dedicated Online Financial Integrity Network (DOLFIN), to help clients with their training requirements and provide more diverse options for training content and modalities. Find out more about DOLFIN here. For more information on K2 Integrity click here.

Categories
Blog

Culture, Training and Compliance – Part 2

I recently had the chance to visit with Koby Bambilia, Managing Director, at K2 Integrity. We discussed skills development and regulatory changes, together with tailored and risked based training. Bambilia has an interesting perspective on compliance training because of his unique background in the field. In addition to being a former compliance professional, he is also a former prosecutor. You do not often see that combination in a person specializing in compliance training.  We started with the basic concept of training – in any regulatory guidance, both here in the US or abroad, which is always considered by the regulators as one of the pillars of Bank Secrecy Act (BSA) compliance program.
 Skills Development and Meeting Regulatory Needs
Bambilia emphasized the regulators’ expectations for skills training. He has increasingly seen that “regulators are looking at the skills and career paths of bank employees. In other words, do the employees in their specific roles have the right set of knowledge, skills, and expertise to carry out their compliance responsibilities?” This has moved beyond strictly “compliance related roles but business-oriented roles as well.” He provided some examples such as private banking, loan officers, tellers, trade finance functions and correspondent banking departments. He stated, “The examiners will sample and check what experience and skills such employees have and what type of training they have received.” This led Bambilia to conclude, “thinking critically about whether the employees in key roles possess the right set of skills and expertise should guide institutions as they develop their training program, especially the long-term ones.”
I asked Bambilia if he could provide an example of such a situation. He recalled one institution where he worked which had more than 13,000 employees. As you might expect, there were multiple training requirements for employees. One of the challenges faced by the compliance function was how to verify all employees had completed the compliance training. Some 93% of employees completed compliance training so the challenge was to reach the remaining 7%. As Bambilia remarked, “We understood that it must be dealt with, and sometimes you have to take drastic measures to demonstrate that you are serious about compliance and serious when it comes addressing the regulatory expectations around compliance training.”
The compliance department went to the Board and proposed that any employee not completing their required compliance training would receive a 33.3% cut of the annual bonus. This stick approach worked and the completion numbers when up to 98%. What about the remaining 2%? They lost 33.3% of their annual discretionary bonus. The result was the next the completion rate for compliance training went up to 100%. But completion rates on employee compliance training are not enough as Bambilia said the regulators also want to see that the “compliance function has the right set of skills needed to perform their respective roles and duties. So, it’s something to think about and be prepared for before your next examination.”
We concluded our discussion by considering if finding solutions for compliance training “workarounds” or lack of employee participation has improved or dropped. Bambilia began by noting a very important aspect of compliance training, “with the right approach employees can be educated that training is not a form of punishment but actually a valuable tool which can help them do their job right. This is critical in keeping institutions “out of trouble.”” As Bambilia further explained, one of the functions of compliance is to “protect the Bank and the clients but it is also there to protect employees. And employees knowing through training what they have to do will keep them safe.”
Bambilia believes that now there are “better systems for e-learning and training solutions to ensure people are actually taking and completing these trainings. These systems can track, check the number of tries for passing the exam and even send the reminders.” Finally, institutions are moving toward more bite sized training (See: Espresso Training Shots). Bambilia explained that this can lead to not an entire day/week course but something that can fit within the regular workday; and this is even more applicable in today’s environment where most of us are working remotely, either in full or in hybrid mode.
Tailored and Risked Based Training
We next turned to why tailored and risked based training is so now critical. Getting ahead of regulators and ensuring your institution has skills-based trainings is critical. But more than this, regulators now want to see specific risk-based training, tailored to individual needs. This approach is not limited to financial institution regulators but the US Department of Justice (DOJ), Securities and Exchange Commission (SEC), FinCEN, Office of Foreign Asset Control (OFAC) also favor this approach. Initially, he noted that an institution cannot have a blanket training without follow-up trainings on specific job functions.
Some of the different needs for different employee classifications include bank tellers, who need to know more about cash transactions and regulatory requirements, such as Currency Transaction Report (CTR) and pouch activities. This is obviously different from private wealth managers. Employees in trade finance departments need to know more than others on sanctions and embargoes. Moving on to third party relationships, correspondent banking departments need to know, for example, the red flags for nested accounts. Private bankers, who are covered under the Foreign Account Tax Compliance Act (FATCA), must be trained on the law so they can be more vigilant and aware for detecting tax evasions.
The key is that each group requires its unique training and since every institution has a different set of risks, institutions should understand that one form of training cannot fit all situations. Tailored training is a key element and, as Bambilia noted, “a universal one, regardless of the institution’s size, risks, and resources. The example of the examiner saying training is like a burger…demonstrates the need to assure proper and tailored training throughout the institution.” The bottom line is that there is no one training model which will fit all your employees.
Training begins, literally at the beginning with the requirement that a compliance professional must know the risk-profile of an organization, where the blind spots may be, and what exposures may emerge. Obviously, the past year during Covid-19 brought new risks in the working from home environment and those risks are changing again as we return to work. Your risk profile would include the types of products and services the institution provides. If you do not have corresponding banking accounts and your bank does not provide banking services to other financial institutions – and in this case corresponding bank related training may not be relevant. Similarly, if you are a financial investment institution and do not deal with cash, you do not need to train on those requirements. Yet as risks change and new threats emerge, it is important to equip your operational teams on the front lines with the skills to manage these changes, which can be triggered either by a new regulation or by a new product or service your institution wants to provide going forward. A compliance professional must continually assess compliance risks. Here Bambilia recommends having regular ongoing communication with the ““field”, don’t just stay at the headquarters and send emails – go visit some of the branches, and some of the departments; you get valuable insights.”
Bambilia concluded that it “may feel like a heavy lift up front, it can pay its dividends – not just from a compliance perspective but also from an angle of operational efficiencies – you are assuring that your operation and IT staff know what to do going forward. If they know what to do – that will save a lot of pain and effort on their side, but also for you as a compliance officer.”
K2 Integrity has developed an online training platform and resource center, Dedicated Online Financial Integrity Network (DOLFIN), to help clients with their training requirements and provide more diverse options for training content and modalities. Find out more about DOLFIN here. For more information on K2 Integrity click here.

Categories
Innovation in Compliance

Integrity Matters: Culture, Training and Compliance – Part 4: Tailored and Risked Based Training

Welcome to this special podcast series, Integrity Matters: Culture, Training and Compliance, sponsored by K2 Integrity. This week I visit with Koby Bambilia, Managing Director, and Tina Rampino, Associate Managing Director. Over the series, we break down corporate culture, compliance training and communications. Topics include breaking down the big picture on culture, espresso shots of training, skills development and regulatory changes, tailored and risked based training and operational aspects of training. In Part 4, I am joined by Koby Bambilia to discuss why tailored and risked based training is so critical now.

In this episode we went into the weeds of specific tailored and risk-based training. Getting ahead of regulators and ensuring your institution has skills-based trainings is critical. But more than this, regulators now want to see specific risk-based training, tailored to individual needs. This approach is not limited to financial institution regulators but the US Department of Justice (DOJ), Securities and Exchange Commission (SEC), FinCEN, Office of Foreign Asset Control (OFAC) also favor this approach. I asked Bambilia if he could provide some examples from the world of financial institutions and financial services firms. Initially, he noted that an institution cannot have a blanket training without follow-up trainings on specific job functions.
Some of the different needs for different employee classifications include bank tellers, who need to know more about cash transactions and regulatory requirements, such as Currency Transaction Report (CTR) and pouch activities. This is obviously different from private wealth managers. Employees in trade finance departments need to know more than others on sanctions and embargoes. Moving on to third party relationships, correspondent banking departments need to know, for example, the red flags for nested accounts. Private bankers, who are covered under the Foreign Account Tax Compliance Act (FATCA), must be trained on the law so they can be more vigilant and aware for detecting tax evasions.
The key is that each group requires its unique training and since every institution has a different set of risks, institutions should understand that one form of training cannot fit all situations. Tailored training is a key element and, as Bambilia noted, “a universal one, regardless of the institution’s size, risks, and resources. The example of the examiner saying training is like a burger…demonstrates the need to assure proper and tailored training throughout the institution.” The bottom line is that there is no one training model which will fit all your employees.
Training begins, literally at the beginning with the requirement that a compliance professional must know the risk-profile of an organization, where the blind spots may be, and what exposures may emerge. Obviously, the past year during Covid-19 brought new risks in the working from home environment and those risks are changing again as we return to work. Your risk profile would include the types of products and services the institution provides. If you do not have corresponding banking accounts and your bank does not provide banking services to other financial institutions – and in this case corresponding bank related training may not be relevant. Similarly, if you are a financial investment institution and do not deal with cash, you do not need to train on those requirements. Yet as risks change and new threats emerge, it is important to equip your operational teams on the front lines with the skills to manage these changes, which can be triggered either by a new regulation or by a new product or service your institution wants to provide going forward. A compliance professional must continually assess compliance risks. Here Bambilia recommends having regular ongoing communication with the ““field”, don’t just stay at the headquarters and send emails – go visit some of the branches, and some of the departments; you get valuable insights.”
 Bambilia provided a couple of specific examples. In July 2017 FinCEN has announced changes to the CTR form 104, which included some fundamental changes and significant modifications to the CTR batch submissions. The client understood the importance in assuring their relevant staff were in full understanding of the new requirements and asked us to conduct in person training sessions for the relevant departments. Bambilia related, “this pro-active approach gained some priceless credit points at the very next regulatory examination, when examiners asked specifically to review how the Bank dealt with these new regulatory obligations.”
Bambilia pointed to another example, FATCA, a massive regulation imposed mostly on non-US financial institutions and had tremendous impact on almost every aspect at a Bank’s operations. One of the first challenges was how to introduce 500+ pages of new regulation to employees. Some ways Bambilia and his compliance team did so was to create “animated video clips of no more than 120 seconds which jumped into the employee’s screens once a month and while not interfering with their daily work – we got really good feedback on how they made the new regulation more manageable and understandable.”
Bambilia concluded that it “may feel like a heavy lift up front, it can pay its dividends – not just from a compliance perspective but also from an angle of operational efficiencies – you are assuring that your operation and IT staff know what to do going forward. If they know what to do – that will save a lot of pain and effort on their side, but also for you as a compliance officer.”
K2 Integrity has developed an online training platform and resource center, Dedicated Online Financial Integrity Network (DOLFIN), to help clients with their training requirements and provide more diverse options for training content and modalities. Find out more about DOLFIN here. For more information on K2 Integrity click here.

Categories
Innovation in Compliance

Integrity Matters: Culture, Training and Compliance – Part 3: Skills Development and Meeting Regulatory Needs

Welcome to this special podcast series, Integrity Matters: Culture, Training and Compliance, sponsored by K2 Integrity. This week I visit with Koby Bambilia, Managing Director, and Tina Rampino, Associate Managing Director. Over this series, we are breaking down corporate culture, compliance training and communications by discussing topics such as breaking down the big picture on culture, espresso shots of training, skills development and regulatory changes, tailored and risked based training and operational aspects of training. In Part 3, I am joined by Koby Bambilia to discuss the intersection of meeting compliance skill development and regulatory requirements.

Bambilia has an interesting perspective on compliance training because of his unique background in the field. In addition to being a former compliance professional, he is also a former prosecutor. You do not often see that combination in a person specializing in compliance training.  We started with the basic concept of training – in any regulatory guidance, both here in the US or abroad, which is always considered by the regulators as one of the pillars of Bank Secrecy Act (BSA) compliance program. Obviously the more your staff is trained, the easier your job as a compliance officer will be.
This is where the first line of defense becomes so critical. Who knows clients better than the front-line bank officers who deal with them on a regular basis? This leads Bambilia to note that the role of a compliance professional is to provide the first line of defense with “the appropriate tools so in turn they will to be able to perform their duties; and the method in which you provide such tools are through robust and comprehensive training program.”
Additionally, Bambilia emphasized the regulators’ expectations for skills training. He has increasingly seen that “regulators are looking at the skills and career paths of bank employees. In other words, do the employees in their specific roles have the right set of knowledge, skills, and expertise to carry out their compliance responsibilities?” This has moved beyond strictly “compliance related roles but business-oriented roles as well.” He provided some examples such as private banking, loan officers, tellers, trade finance functions and correspondent banking departments. He stated, “The examiners will sample and check what experience and skills such employees have and what type of training they have received.” This led Bambilia to conclude, “thinking critically about whether the employees in key roles possess the right set of skills and expertise should guide institutions as they develop their training program, especially the long-term ones.”
I asked Bambilia if he could provide an example of such a situation. He recalled one institution where he worked which had more than 13,000 employees. As you might expect, there were multiple training requirements for employees. One of the challenges faced by the compliance function was how to verify all employees had completed the compliance training. Some 93% of employees completed compliance training so the challenge was to reach the remaining 7%. As Bambilia remarked, “We understood that it must be dealt with, and sometimes you have to take drastic measures to demonstrate that you are serious about compliance and serious when it comes addressing the regulatory expectations around compliance training.”
The compliance department went to the Board and proposed that any employee not completing their required compliance training would receive a 33.3% cut of the annual bonus. This stick approach worked and the completion numbers when up to 98%. What about the remaining 2%? They lost 33.3% of their annual discretionary bonus. The result was the next the completion rate for compliance training went up to 100%. But completion rates on employee compliance training are not enough as Bambilia said the regulators also want to see that the “compliance function has the right set of skills needed to perform their respective roles and duties. So, it’s something to think about and be prepared for before your next examination.”
We concluded our discussion by considering if finding solutions for compliance training “workarounds” or lack of employee participation has improved or dropped. Bambilia began by noting a very important aspect of compliance training, “with the right approach employees can be educated that training is not a form of punishment but actually a valuable tool which can help them do their job right. This is critical in keeping institutions “out of trouble.”” As Bambilia further explained, one of the functions of compliance is to “protect the Bank and the clients but it is also there to protect employees. And employees knowing through training what they have to do will keep them safe.”
Bambilia believes that now there are “better systems for e-learning and training solutions to ensure people are actually taking and completing these trainings. These systems can track, check the number of tries for passing the exam and even send the reminders.” Finally, institutions are moving toward more bite sized training (See: Espresso Training Shots). Bambilia explained that this can lead to not an entire day/week course but something that can fit within the regular workday; and this is even more applicable in today’s environment where most of us are working remotely, either in full or in hybrid mode.
K2 Integrity has developed an online training platform and resource center, Dedicated Online Financial Integrity Network (DOLFIN), to help clients with their training requirements and provide more diverse options for training content and modalities. Find out more about DOLFIN here. For more information on K2 Integrity click here.

Categories
Blog

Culture, Training and Compliance – Part 1

I recently had the opportunity to visit with, Tina Rampino, Associate Managing Director at K2 Integrity. Tina has one of the top phrases I have heard around compliance training. It is ‘espresso shots’ of training to help facilitate attainable training demands. We also discussed the operationalization of compliance training.
Espresso Shots of Training
Rampino advised on what she called “an espresso shot” of compliance training which can be both shorter and more concise, but drills down to specific risks relevant to an institution. She went on to relate that she has been involved in creating solutions that can deliver shorter and more tailored training which will result in increased relevance to the employee and have a lighter burden of training hours. Rampino said, “The concept of espresso shot training can assist employees to better manage their workload while keeping up with important issues relevant to their roles. For example, institutions should think creatively on delivery and modality of training content. Not only in an e-learning format: something engaging, cartoons, videos, interactive virtual training.”
I think that every compliance professional strives to find the right balance between training on general awareness topics and shorter, more relevant and practical training opportunities.  Unfortunately, compliance training is viewed as a “check the box” activity or worse, something that is dreaded and is usually ineffective. Rampino suggested compliance training incorporates real life scenarios, case studies or simulations to give employees an opportunity to learn in a sand box environment and to practice the skills that they are being taught.
Some of her suggestions include keeping your compliance training segments concise as “shorter, bite-size learning is a trend in training programs.” This means that instead of offering half-day and full-day sessions, break programs into shorter segments of 20 minutes or less, which are easier for participants to absorb – and schedule. Another example is that short cartoons or animated videos can be excellent quarterly reminders. Done properly, they do not feel like an assessment or certainly not a ‘check-the-box’ exercise. The bottom line is that with all training most employees must undergo now and even more so in the continued time of the Covid-19 Delta Variant, espresso shots give people back a lot of time.
Operational Aspects of Training
Next we turned to key operational aspects of training, including budget, delivery and more. We began with a discussion of one of the most critical issues around compliance training, but one I believe does not get nearly enough discussion in the compliance community, that being the issue of budgeting. During times of economic stress compliance training budgets are often tightened. Rampino believes this approach needs to be avoided. The reason is straight forward, “investing in training and professional development for employees can save money in the long-run, both operationally and when it comes to regulatory requirements. An institution’s greatest asset is their employees and especially when you’re entrusting them to protect your institution from risk.”
This means that if you are providing employees with ongoing training to assist them to continuously refine their knowledge and skills; it will also keep them engaged and incentivized to take compliance more seriously. Moreover, as Rampino noted, “developing and retaining employees is beneficial to financial institutions in the long-run and demonstrates sustainability within the compliance program.” Instead of cutting back on training budgets in general, institutions should assess the training needs as they align with the greatest risk and find ways to deliver the most targeted and relevant training across the enterprise. Rampino advocates several different styles of compliance training. These include, having a “balance of online/in-person training; including independent or self-guided training; as well as hands on training with an instructor.”
We then turned to the concept of compliance training as a cost saving exercise. Rampino reiterated that “skilled and experienced employees are a critical part of a sustainable and effective program. While training may not be the highest priority, when a compliance officer is looking at their list of money spend for year; training is critical in proactively reducing compliance errors and risk.” Additionally, employees who receive timely and engaging training often feel that an institution is investing in them and their professional growth, which can lead to less turnover. Rampino concluded, it demonstrates “an institutions appreciates the importance of career pathing and skills development. It is not just for the regulators, but for health and wellbeing of an institution.”
Think about that for a minute; training should also assess the skills needed for each role and provide a career path for employees. Employees want to understand they are growing professionally. Management desires its employees to “understand that people they have in those roles have the right training and are experienced.” Rampino concluded that this means “training is a resource bigger than what it looks like on paper. That’s why budget and resources for training is so important. Training is a way to mitigate risk within the institution—both in terms of real risks that come in the door every day and demonstrating a sustainable way to do so.”
We concluded with Rampino’s thoughts on regulatory expectations around compliance training.  She believes, “Regulators are more interested than ever in seeing that an institution is investing in a sustainable, scalable, and dynamic training program. They want to know that an institution understands their risks and that it demonstrates that with the training that is provided to their employees. Regulators are expecting more targeted and role-based training offerings and that the content is evolving as the risks evolve.”
In the vein of my mantra Document, Document, and Document, Rampino also noted that regulators are “more focused than ever on how the financial institution is assessing compliance skills needed for critical roles and demonstrating that their employees meet the skill requirements for the roles that they are in.” This means a potential audit on areas as wide-ranging as “how an institution provides career pathing, professional development, and cross-training opportunities for their employees.” But this is much more than a myopic view of compliance training only as it “ensures sustainability of the program but also allows for flexibility as financial institutions adapt to the changes and may face organizational or structural changes, as many do due to a host of issues ranging from regulatory remediation to right-sizing.”
Training and its attendant skills development have become critical in empowering employees to move into new roles as needs arise and offers growth opportunity which is valuable beyond measure in the current environment that institutions are operating in. She concluded by stating that regulators “want to know that compliance employees not only understand their institutions internal risk, policies/procedures, and escalation processes but also that they are staying current with industry best practices and emerging risks.”
K2 Integrity has developed an online training platform and resource center, Dedicated Online Financial Integrity Network (DOLFIN), to help clients with their training requirements and provide more diverse options for training content and modalities. Find out more about DOLFIN here. For more information on K2 Integrity click here.

Categories
Innovation in Compliance

Integrity Matters: Culture, Training and Compliance – Part 2: Espresso Shots of Training

Welcome to this special podcast series, Integrity Matters: Culture, Training and Compliance, sponsored by K2 Integrity. This week I visit with Koby Bambilia, Managing Director, and Tina Rampino, Associate Managing Director. Over this series, we will break down corporate culture, compliance training and communications. Topics include breaking down the big picture on culture, espresso shots of training, skills development and regulatory changes, tailored and risked based training and operational aspects of training. In Part 2, I am joined by Tina Rampino who discusses ‘espresso shots’ of training to help facilitate attainable training demands.

We began with the status of compliance training after 18 months of Covid-19. Here Rampino noted, “in the early phase of the pandemic, institutions had to quickly change to a fully virtual working environment. They had to find creative solutions to adapt their training programs in response. All planned instructor-led training was cancelled or transitioned to virtual training.”
But what was the impact of Covid-19 on compliance training plans? She said it varied between each organization but “the delays, rescheduling, and redesigning of mandatory trainings to accommodate the virtual working environment caused a big training load and a heavy training burden for institutions. Many institutions delayed mandatory training as they tried to work through issues as mundane as bandwidth as all employees were now remotely logged in to the same Learning Management Systems at the same time every day.” The bottom line is that many organizations pushed training to the end of the year or into 2021 and competing priorities and demands had to be managed. Moreover, we are now into Q3 2021 and even though the virtual work environment has become routine for compliance professionals, the pressure is on to get back up to speed on all those trainings.
If your organization finds itself in that place, Rampino advised on what she called “an espresso shot” of compliance training which can be both shorter and more concise, but drills down to specific risks relevant to an institution. She went on to relate that she has been involved in creating solutions that can deliver shorter and more tailored training which will result in increased relevance to the employee and have a lighter burden of training hours. Rampino said, “The concept of espresso shot training can assist employees to better manage their workload while keeping up with important issues relevant to their roles. For example, institutions should think creatively on delivery and modality of training content. Not only in an e-learning format: something engaging, cartoons, videos, interactive virtual training.”
I think that every compliance professional strives to find the right balance between training on general awareness topics and shorter, more relevant and practical training opportunities.  Unfortunately, compliance training is viewed as a “check the box” activity or worse, something that is dreaded and is usually ineffective. Rampino suggested compliance training incorporates real life scenarios, case studies or simulations to give employees an opportunity to learn in a sand box environment and to practice the skills that they are being taught.
Some of her suggestions include keeping your compliance training segments concise as “shorter, bite-size learning is a trend in training programs.” This means that instead of offering half-day and full-day sessions, break programs into shorter segments of 20 minutes or less, which are easier for participants to absorb – and schedule. Another example is that short cartoons or animated videos can be excellent quarterly reminders. Done properly, they do not feel like an assessment or certainly not a ‘check-the-box’ exercise. The bottom line is that with all training most employees must undergo now and even more so in the continued time of the Covid-19 Delta Variant, espresso shots give people back a lot of time.
K2 Integrity has developed an online training platform and resource center, Dedicated Online Financial Integrity Network (DOLFIN), to help clients with their training requirements and provide more diverse options for training content and modalities. Find out more about DOLFIN here. For more information on K2 Integrity click here.