That Bermuda continues to strengthen its regulatory regime is very much a selling point for those thinking of doing business on the island. This year, the Caribbean Financial Action Task Force (CFATF) is assessing Bermuda, with a possible onsite in September. This follows its assessment of the Cayman Islands in December 2017.
On the back of these visitations, offshore regulators, broadly speaking, have really ramped up their focus on compliance, and AML in particular, to make sure there is a robust and rigorous set of regulations in place.
“What we’ve seen over the last 18 months is that as regulators are increasing their focus, the industry is doing the same; not just financial services. We are seeing the same happening in non-profit organisations, real estate agents, corporate service providers and high value dealers. The Bermuda regulatory landscape, as a whole, has really improved and evolved,” remarks Ian Mutch, Consultant, Oyster Consulting, a specialist professional in Risk and Compliance, with 20 years of global experience in the banking, insurance, foreign exchange, and payment solutions sectors.
Oyster Consulting is a compliance specialist firm, helping an array of financial services clients design their AML and compliance regimes and keep them ahead of the regulatory curve. Oyster’s primary goal is to ensure its clients have the knowledge and tools to manage their future at a time when regulatory compliance demands have never been higher.
“We provide services from the ground up, writing procedures and designing controls for our clients, through to reviewing and testing whole compliance programs. We can provide training at all levels from board level all the way down to front line employees, not only on clients’ expanded responsibilities in respect to current regulation but also advising them on impending or evolving regulations. That aspect of our work has proven very popular.
“For smaller organisations that don’t have the bandwidth to handle the Chief Compliance Officer role or the Money Laundering Reporting Officer (MLRO) role internally, they turn to us to provide outsourcing services to support them in that capacity,” explains Mutch.
Such are the reputational stakes at play that fund managers, regardless of their size, can ill afford to get on the wrong side of compliance. Bermuda has robust anti-bribery regulation that one could argue is even stronger than the UK Anti-Bribery and Corruption Act. For start-up managers in particular, knowing that they can turn to a trusted partner to help them navigate the regulatory landscape and establish basic compliance controls and protocols – whether those relate to corporate governance, AML, or any other areas of compliance – is a huge advantage.
“We help new managers wrap their heads around these compliance issues. What we tend to find is that their primary focus is on getting their business up and running, and managing the investment strategy. They don’t necessarily have the bandwidth to assign resources and time to build their compliance framework; that’s why outsourcing is so popular.
“This allows us to build a relationship with the manager from the beginning and we can continue to support them as they grow and mature as an organisation.
“That said, we do also get larger established fund managers coming to us. Maybe they’ve had an independent review of their organisation and realise that they’ve got gaps in their compliance program. Indeed, one of our core services at Oyster is to do an independent review and testing of a manager’s internal controls. We’ve found off the back of that, some companies need support to plug the gaps, while others use it as a good checks and balance exercise, using an independent party to assess their compliance stance,” explains Mutch.
As investors increase the scope of their ODD assessments, the bar is being raised in terms of operational and compliance expectations. Preqin notes that 45 per cent of investors said they would remove managers from their screening programs if they demonstrate poor governance. Managers are attuned to this.
Forty per cent of managers surveyed in the recent EY 2017 Global Hedge Fund Survey said they plan to invest in automating manual processes and more than a quarter of managers (27 per cent) have, or will be making, investments in AI and robotics to strengthen their middle and back office. Moreover, a 2017 SEI survey found that 68 per cent of managers outsource their cybersecurity function to present themselves in a good light to investors.
These are all encouraging signs and demonstrate the urgency/seriousness with which managers are addressing ODD. This includes the business continuity plans and disaster recovery plans.
‘Investors are requesting evidence of whether there is a good cybersecurity program in place and want some comfort that their data is not going to be compromised. This extends into business continuity where investors are asking for evidence that there are real plans in place and that they are being tested independently.
“The industry has evolved in that sense. Before they allocate to any fund management organisation, investors want reassurances that they are not going to fail, either because there is a data leakage, because they don’t meet compliance standards, because they are involved in an AML scandal, or because their BCP fails to work in the event of an emergency.
“Everyone is becoming more aware of the importance of these matters,” outlines Mutch.
Oyster is able to build and develop cyber risk management frameworks for its clients. In addition, the team gives each client advice and guidance on the technical tools that would help strengthen their security posture.
Mutch confirms that it also has an outsourcing review and assessment program, which is particularly useful for clients who need to demonstrate good vendor management in the eyes of investors and regulators.
“This all links back to the strengthening of Bermuda’s regulatory landscape,” says Mutch. “There are now specific regulations around outsourcing and what companies need to perform in respect to outsourcing: how they manage each outsourced relationship, making sure there are controls in place and that regular meetings are held to review performance.
“That has been quite a new development over the last 12 to 18 months and a lot of companies are having to get to grips with it. They need to determine which are the most important material relationships to their fund(s) and then put the necessary controls in place to oversee those relationships.”
At the end of the day, it all comes down to accountability. If there’s a failure in a particular service, is that going to impact your ability to operate and provide the service to your clients?
“If the answer is ‘Yes’, then you have to put some robust controls in place to make sure that the level of service is upheld and you have a contingency plan,” says Mutch.
It is good for the industry the everyone involved is taking compliance much more seriously.
“In support of the increased compliance focus, we continue to help our clients with the design and implementation of best-in-class policies, processes and controls as well as providing insight and training into the evolving regulatory and compliance environment,” concludes Mutch.