Compliance and Regulatory Update 2022
Jan 28, 2022
Compliance and regulation never get simpler or less onerous, and certainly not in the globalised world of wealth management. Banks and other wealth management institutions and disruptors have been facing a tsunami of new rules, tighter surveillance, and heftier punishments for transgressions. The onus is on them to ensure that they are not only compliant as a corporate entity but that their clients and their staff, from mailperson to CEO, are as well. RegTech and FinTech players are honing their solutions at the same time as the banks and other key product and advisory providers are improving their strategies and approaches. The Hubbis Digital Dialogue of January 20 delved deeply into all these key trends and the panel assessed what developments the wealth industry should be expecting in the months and years ahead and how they might be able to cope with what are surely additional demands and higher compliance costs. It will not be easy. The sudden arrival of the Omicron Covid-19 variant has again dashed hopes of a greater normalisation of travel, leisure and business connectivity in the near term. Accordingly, challenged compliance and legal teams and advisors will need to continue to manage teams and oversee colleagues working in disparate locations rather than in one office environment. Concerns over KYC, AML, and Source of Wealth only become more acute, while fines are becoming more prevalent in Asia, and the Culture & Conduct revolution is soon to get underway. The wealth industry is even embroiled more often these days in geopolitics, for example, country-specific sanctions. But at least the Asian private banking and wealth management industry has gone through various degrees of recalibration and strategic rethinking since the onset of the pandemic, digitisation has raced ahead, new software solutions have arrived or perhaps been refined. Nevertheless, the pace of evolution cannot slow, as one thing that has not changed is the relentless rollout of regulations across the globe, as seemingly nothing will halt the drive to regulate at local, regional and global levels.
- Hannah Cassidy, Partner, Head of Financial Services Regulatory, Asia, Herbert Smith Freehills
- Rolf Haudenschild, Co-founder, Ingenia Consultants
- Joshua Heiliczer, Managing Director, Protiviti
- Anu Phanse, Head of Regulatory Compliance, Revolut
These are some of the key questions addressed:
- What are the main compliance challenges for the year ahead, both globally and also specifically within Asia?
- What are the latest demand and solutions for KYC, AML and Source of Wealth?
- Have onboarding, KYC, AML, and transaction monitoring and reporting been functioning properly and what new rules and challenges lie ahead in these areas?
- What are some of the challenges banks face to meet the different Source of Wealth standards in Hong Kong and Singapore?
- In what ways has the pandemic impacted the wealth management community in its adaptation to the new rules, monitoring and enforcement of, for example, CRS, AEOI, Mandatory Disclosure, Economic Substance and BEPS, Accountability & Conduct?
- How do wealth management players need to approach ESG guidelines and what are the challenges and potential pitfalls?
- How can banks or firms spot ‘green washing’ and avoid marketing the wrong type of investments?
- What approach should you take to virtual assets such as cryptos, and will be there be any regulatory consistency soon to rely on?
- Are privacy, security and cyber hygiene an insurmountable challenge when most of the industry is working remotely?
- Are Financial Institutions in Asia really ready for the ‘Culture and Conduct’ revolution, and what role can ethics and self-regulation play in the evolution of the wealth industry?
- Where does the underlying wealth management business align with the demands of compliance, or is regulation so pervasive and indiscriminate that it is hampering the revenue generation and profitability of the players in this industry?
- Where do you see the key benefits digital compliance tools can bring in wealth management when it comes to connecting legal/compliance departments with business stakeholders?
- How does the wealth industry make its selections from the growing range of sophisticated solutions out there?
- What roles do training and further education play in the rollout of effective compliance?
- How can you scale up your organisational agility across different geographies? How powerful is digital innovation?
The Key Insights & Observations
ESG and greenwashing are areas of rising concern for the industry. But why?
An expert opened highlighted that as the impetus towards ESG investing accelerates, concerns over greenwashing increase and there is heightening regulatory scrutiny. “This can impact directly on reputations, as greenwashing involves essentially being implicit in misleading or untruthful statements, perhaps in annual reports, in prospectuses, product brochures and so forth,” they explained.
Increasingly, they elaborated, there are dangers in misleading statements in relation to ESG products, but right now the global regulatory landscape on ESG is quite fragmented. The International Organization of Securities Commissions is involved in developing a global baseline standard for corporate sustainability reporting; indeed, a prototype for that was published late last year, and that is going to be administered by a newly established board called the ISSB, the International Sustainability Standards Board.
The same expert added that ESG and sustainability lend themselves to complaints to the regulators about misrepresentation, so financial institutions need to be especially aware. Asia thus far has not seen any major issues arise, but there will be problems, and punishments essentially centre on transgressing rules around product suitability, investment risk disclosure, and so forth. “The Hong Kong SFC is really beefing up what must be disclosed and how in documents, ongoing monitoring, and a new requirement to conduct and disclose periodic assessments of how the ESG factors have been incorporated into any such fund.”
Another guest reported that the MAS is also focusing more effort and attention on this whole topic, including having already issued ESG guidelines in late 2020. “Singapore has been focusing so far, very much on the environmental side of ESG, not the social or governance aspects,” he reported. “The emphasis is on having the appropriate investment processes and risk management [for asset managers] and stewardship and reporting. We can also observe very generally in Singapore that MAS, and not only MAS but the entire government is very serious about environmental risks these days. Ravi Menon, the managing director of MAS, was recently appointed to chair an ESG and environmental risk group, the network for greening the financial system.”
Expert Opinion from Hannah Cassidy, Partner, Head of Financial Services Regulatory, Asia, Herbert Smith Freehills:
“How do we need to apply ESG guidelines and how is this evolving? ESG guidelines now touch every part of a business, and it is no longer just an issue for legal or compliance teams. This area will evolve rapidly as more regional guidelines are issued and global standards, such as the work of the ISSB, provide global templates for listed companies. Companies need to realise that ESG guidelines are not just about compliance but may provide strong business and reputational opportunities as the standards evolve.”
“And is ‘green washing’ an issue? What are the consequences? Well, many firms are trying to do the right thing and respond to mounting investor demand, but the reputational risk of rushing to market and getting it wrong is substantial. The regulatory and legal expectations remain unclear, and many firms are currently working in the dark. However, it is a trap for the unwary – at best, there could be enforcement action, and, at worst, it could destroy the long-term reputation of a business.”
Digital assets are rising in prominence, bringing numerous regulatory and compliance issues
A guest noted the concerns at the Singapore MAS over cryptocurrencies. “The recent circular from the MAS aims to put Singapore at parity with other markets,” he explained. “Because cryptos are so volatile, they cannot be promoted via advertisements, banners, or using public domains for advertisements. This is similar in many European markets.”
Another expert reported that in Hong Kong, the SFC is likely this year to ban retail investors in Hong Kong from investing in crypto. “You will have to be a professional investor with more than 8 million Hong Kong dollars, which is around a million US dollars, in order to invest. But until that time, anybody can put their money in cryptos as things stand today.”
He said he expects that there will be widespread tightening of the identities of the purchasers as well as the sellers of cryptocurrency, an enhanced KYC regime specifically for digital assets, leveraging technologies and analysis perhaps through firms such as Elliptic or Chainalysis which can forensically track identities and activity via software and the blockchain, and covering cryptos, ICOs, Non-fungible tokens and so forth. “I think you're going to have to prove that you have the requisite financial crime controls, the fraud controls, and audit of the tokens,” he explained. “If they're a stable coin, that's pegged to, let's say, the US dollar, you're going to have to disclose, probably at least quarterly, maybe even monthly how much [fiat currency] is actually backing that. Even the most high-profile stable coin out there is not 100% backed to the US dollar.”
He also observed that in decentralised finance, tracking is almost impossible. “You might have two people that are connected, maybe by an exchange or a website and then they engage in a transfer from their online banking to the other person, but nobody knows that crypto is involved, and then the person transfers the crypto to them. Accordingly, I think that from a regulatory perspective in particular, a lot of regulators are going to really focus in on making sure that they have more centralised exchanges, because that's going to really be the only way to regulate it.”
Expert Opinion from Hannah Cassidy, Partner, Head of Financial Services Regulatory, Asia, Herbert Smith Freehills: “What is happening around virtual assets such as cryptos? Crypto is too big an issue for the regulators to ignore and there has been a patchwork of responses – from enthusiasm to caution. Licensing and regulation have actually been in place for over four years in many of Asia's main markets, usually handled by updates to existing regulation. Most regulators are now looking at more nuanced regulation for institutional crypto assets and trading, as crypto moves mainstream within established financial institutions. The harshest regulation has been reserved for crypto providers that market to retail consumers, and regulators are also keen to ensure that rapid digital development doesn't outpace their own regulatory safeguards and expertise.”
A fellow panellist reported that as a provider of services, they are making sure that their financial crime controls around digital assets are very robust and that they provide the right levels of user protection, in order to protect vulnerable customers. “Regulators clearly do not want people to lose all their savings, so everyone needs to be extremely careful and for example apply caps on how much users can trade, which is our approach. It restricts the money we could make from this, but it protects the users, which is the right approach.”
Another guest agreed, noting that this centres back on suitability. “The MAS is now making it more explicit,” he said. “They had issued multiple warnings, but the regulation is tightening with these guidelines prohibiting advertisement to the general public. And I think there will be more to come in that regard. We are also seeing the MAS increasing emphasis on the crypto licensees or applicants, their technology and technology risk management. There will be another push towards customer education and generally, how customers are safeguarded in this digital environment.”
A panel member added that in Hong Kong, the SFC is considering amending existing regulation or perhaps introducing some new legislation to cover, for example, the issuing, creating or destroying of stable coins, managing reserve assets to ensure the stabilisation of the stable coin value, and validating transactions and records. “There is a consultation underway at the moment that will close at the end of March,” they explained. “And they've also signposted that they're going to issue some guidance for intermediaries that interface with customers and crypto assets. In short, lots of developments are expected in Hong Kong as well on these matters.”
Fraud is ever more of a threat in a digital world in which people are easy to outsmart
A guest reported how they were seeing reports of rising levels of fraud in Asia, related to both conventional and digital assets. This can arise through phishing or hacking, and then impersonating the customer, as well as sophisticated SIM card scams, particularly in Mainland China. These fraud issues cross over to AML controls as well, with clients increasingly combining some of the anti-money laundering and fraud controls together to gain some efficiencies. “You try to prevent a fraudulent transaction that might not be authorised by the customer, and you also try to prevent suspicious activity that might actually apparently be authorised. Merging the two identification and preventions is really key right now,” he reported.
Sanctions are on the rise, and getting more and more pervasive and expensive
The same expert also highlighted the convergence of sanctions, anti-fraud, and AML issues, all areas the compliance departments really need to get right. “They are huge risks from a fine perspective to an institution,” he remarked. “And there are many ways to actually gain efficiencies in all of these areas if you can utilise enhanced systems and investigators or people who are looking into it from a compliance officer’s perspective with a multifaceted mindset, a holistic view.”
Another expert agreed and pointed to the OCBC problems. According to the police, at least 469 people had fallen victim to the SMS phishing scams involving OCBC in December. The victims reportedly lost at least SGD8.5 million in total. Victims would receive an unsolicited SMS claiming that there were issues with their banking accounts, asking them to click on a link to resolve the issue. They would then be redirected to a fake website that mirrored OCBC's and asked to key in their i-banking account login details. Victims discovered that they had been scammed when they received notifications informing them of unauthorised transactions charged to their bank accounts.
“As we can see from this and other cases, these fraudsters are sophisticated in their exploitation of technology, so the only way to fight these frauds and scams is use of better technology than the fraudsters have access to,” he commented. “There is no way even a big team can detect frauds, the money will have already gone out of the accounts. So, the only way to kind of deal with these kinds of frauds and scams is more of preventative controls and use of RegTech.”
She explained her firm uses a lot of RegTech solutions, which are actually enhanced, but there are also external solutions available. “They use very sophisticated machine learning, artificial intelligence where you can train the machine actually to feed fraudulent cases and non-fraudulent cases, and the machine is constantly learning and trying to figure out which cases can be potential fraud even before they happen. So, that is something I would say is the trend, is the way to go in future, because it's going to be impossible for financial institutions to constantly be chasing the fraudsters, we need to get ahead of them.”
A fellow panel member concurred, adding that these problems serve to highlight inadequacies in financial institution controls. “The fraudsters are highly sophisticated, they get into the system, and this really exposes the institution's gaps and inefficiencies in relation to their controls, particularly where they're still quite heavily reliant on manual processes and procedures. There are many ways to improve things, both with technology and better protocols, but the institutions need to get ahead of the fraud and spend the money and make the changes in advance, otherwise customers are compromised, and the regulators are on your back.”
They added that the Hong Kong SFC issued a circular and report at the end of last year, bringing together much of its guidance and requirements around operational resilience, focusing as well on remote working. “Operational resilience is essential. That is a really good read for anybody who is looking at this area, offering lots of sort of suggested techniques, procedures, lessons learnt when it comes to controls and operational resilience.”
The Hubbis Post-Event Survey
What are the main compliance challenges for the year ahead, both globally and also specifically within Asia?
- Rising fraud
- Increasing volume and application of regulations
- The emergence of digital assets, and the governance and regulation of digital assets
- Mobility/travel constraints and onboarding of new clients
- New countries on AML blacklists
- Information gathering without offending the clients
- With the KYC, AML, Source of Wealth needing more detail, it is becoming more difficult and at times embarrassing to ask clients for info, especially for long-standing clients
- KYC, AML and client risk assessment
- Source of funds
- Culture & Conduct
- Increased regulatory focus on misconduct and sanctions
- Not enough talent
- Difficulty in retaining capable and experienced staff
- Lack of uniform rules and/or differences in stringency, for example, within this region between Singapore and Hong Kong
- Regulators are not up to speed in allowing the adoption of new technologies
- The expansion of decentralised (finance) systems
- Privacy and cyber-security
- Lack of regulatory clarity in digital assets
- Adoption of Fintech/RegTech - confusing
- Balancing business revenue generation and proper regulatory oversight
- The regulations are fast changing and in particular the sanctions regime is evolving which puts more burden on the regulated entities to ensure compliance at all times. The burden is increasing all the time
- Handling cross-border issues
Source of wealth is an increasingly problematic challenge for the wealth industry
Source of Wealth (SoW) becomes ever more complex these days, a guest remarked. “It used to be basic, addressed in a sentence, but today it is massive, a long and detailed narrative, everything must be justified, with a very significant amount of evidence. This could be salary slips, bonuses, it could be wills, inheritance, it could be things from 15, 20, 50 or more years ago. It is all really difficult.”
In Hong Kong, he added, the regulator’s standard has mainly focused significantly on understanding a client's source of wealth, allowing for some publicly available information as well to prove some points, whereas the Singapore standard is very much document base. “It has become very difficult for a number of our clients within the private banking space to open new accounts, to maintain their existing accounts, to get the legacy accounts up to the standard that they need to be, to also match up some of that source of wealth of information with some of the tax evasion related information that they're collecting,” he reported.
Further difficulties arise in then assessing information against the transactional activity that the client is engaging in as well too, because if they're now transacting and receiving funds from places where their source of wealth might not be from, or apparently receiving funds potentially in evasion of some of the tax requirements, this source of wealth narrative has then become a base for understanding the customer. What the regulators are really looking for now is that, firstly, you have the evidence to support what the narrative says, and two, that the activity that the client is engaging in gels with the first picture. “The MAS has really focused on having a holistic view and if things change then more information is required to verify and confirm.”
Another guest observed that accredited investors and institutional investors or HNWIs are quite used to being asked for source of wealth but obtaining the right information for retail or mass affluent accounts can be very troublesome, with customers pushing back on this. “I see a big gap in investor education, because it's basically we also need to let them know that this is to protect them, to protect the whole financial industry against financial crime, whether it's fraud or AML.” he commented.
Another panellist agreed but said that the issues are acute across all categories of wealth, and that these matters make for tough conversations. “I would really like to see some education coming from the regulators as well towards clients, so that they see more of a unified standard, because different financial institutions might have different requirements and expectations,” he said. “If customers have some demands from one bank and not from another, this makes automatically for a negative conversation with the customer, as opposed to maybe having a positive conversation with the customer around how this can help you understand their wealth, and maybe help them in their investment objectives. And from a front office perspective, a better start will maybe help them bring more share of wallet to you.” A panellist agreed, pointing to Singapore’s website moneysense.gov.sg as a good example of the right approach.
Technology can also significantly enhance SoW protocols and outcomes, and regulatory initiatives are expanding
Technologies are available now that can help connect the different dots around SoW, an expert said. “For example, how does that translate into the specific transaction? How does that relate across the entire customer relationship? How can that information be shared between the different silos you may have in your financial institution? And another interesting development in Singapore in 2021 was an effort to actually share information among financial institutions, where the MAS is now setting up a project with a few leading banks to share AML information. This is not the information about every customer, the background information you might have on them. It is about information where you have suspicions, you can ask other financial institutions about those transactions to obtain more information with regards to that specific transaction. So, we are at the outset of seeing also a sharing of information.
He added that there are some issues around sharing of information, and consent and so forth, but with the MAS and authorities promoting this initiative, we will all soon learn quite a bit more about how far that sharing of information can be taken.
Another expert agreed, noting the MAS would be the first regulator in Asia to drive this forward. “The US has actually had this type of information sharing for quite some time under the Patriot Act, and it works very well when banks can talk to each other and share the right information, and you're able to then engage in an investigation,” he observed. But one of the issues though is going to be probably from a particularly private banking perspective, is to what extent the private banks are going to feel that they're able to but not breach confidentiality concerns. Let’s see.
The Hubbis Post-Event Survey
Are privacy, security and cyber hygiene insurmountable or winnable challenges when most of the industry
is working remotely?
Comment: The replies here were split fairly evenly between insurmountable and winnable. These are some of the more detailed observations:
- Privacy, security (digital or physical), and cyber hygiene are a concern when working remotely due to various reasons - lack of IT security in an office workspace, lack of physical oversight of documents, non-commercial digital footprints. However, with the increased awareness and investment into cyber security space given today's technological landscape, as well as any government's role in educating people in the importance of cyber awareness, it can be mitigated to a great extent.
- Honestly, the smaller firms will struggle immensely.
- For sure, remote working create a higher security risk but most financial institutions, i.e., the banks have provided their staff secure devices that can only be used for work, they monitor breaches of protocols like file transfer from office to private address/devices, they enforce cyber hygiene through education, and they use MFA and limit user roles and permissions.
- Privacy, security and cyber hygiene are most definitely challenging, but not insurmountable.
- Documents are easily falsified. We need more verification before proceeding, and more technology.
- Greater care has to be exercised when working remotely in terms of cyber security. Companies may need to consider beefing up remote working equipment and software (virus scans, video conference, file transfer etc...) with increased budgets to ensure safety and security.
- We definitely need a very robust security cyber to prevent frauds and hackers, especially when the latter are getting more sophisticated. Working remotely is going to be norm, and the financial industry needs to beef up stringent measures, or else there will a loss of customer confidence and it also reflects poorly on the reputation of the jurisdiction as well.
- These are winnable challenges, but particular efforts have to be made to ensure that all employees adhere to the main principles. Remote work is making the task more difficult and monitoring efforts are more complex and awkward.
- Most employees working from home connected back to offices using the existing information technology systems such as VPN, clouds and department servers. This work from home or home-office practice has therefore resulted in an increase in cybersecurity risk.
- It is very difficult as fraudsters are generally two steps ahead of the curve when it comes to technological tools to achieve their objectives.
Is regulation today so pervasive and indiscriminate that it is hampering the revenue generation and profitability of the players in the wealth management industry?
Comment: Again, the jury was split on this issue. We have selected several more insightful comments below:
- Generally, a strong regulator and governance create a stable and reliable economy, and in return, enables the country to be viable and profitable in the long run as it will then attract more investors. Short term losses are necessary in view of the drive to achieve long-term profits.
- It is a problem because the regulation itself does not evolve fast enough to cope with the new challenges we all face.
- A double-edged sword, as regulation and compliance do reduce risks for the players in the industry, but they also demand we incur a lot of cost in record keeping and more time spent setting rules and then in decision-making. Naturally, all this does affect the cost and therefore profitability.
- Yes. It is a constant challenge that requires investment of resources and attention. But if you want to play the game you have to comply with the rules.
- In reality, regulators need to strike a balance between risk management and revenue generating. Any and all regulations become redundant if there no business to regulate!
- It is definitely getting more and more difficult to conduct business - and as I see it, it’s only going to get more stringent and more difficult.
- As we see it, regulation is definitely more and more pervasive, but not hampering the profitability. In fact, clients should learn to understand that any form of regulation is for their benefit.
- Regulation is a short term cost that is increasingly burdening the bottom line. However, it is also an insurance against massive losses in case of serious non-compliance.
- According to a survey by Duff & Phelps, compliance costs in the financial sector are on track to double by 2022. Financial professionals said they currently pour roughly 4% of their total revenue into compliance but expect that to increase to 10 percent over the next five years.
Culture & Conduct – a revolution that needs adjusting to, and requires better-trained foot soldiers
Culture and Conduct is all about the regulatory focus on individual accountability, a guest reported. There were very few who were held accountable for the GFC of 2008/9, and since then there has been a global drive, first from the UK with SMCR, and in Asia in 2017 the manager in-charge regime was introduced. “In the last couple of months, we've had three manager-in-charge enforcement actions, which is a clear demonstration of the SFC flexing their muscles in this area,” they reported. “We've known for a while that there were some manager in-charge enforcement cases under investigation, but they've now come to fruition, and we've got the public statements from these first manager in-charge enforcement actions.”
They explained the SFC also has the power to take action against not only licensed individuals but also unlicensed individuals, which ultimately might mean the CEO or COO, or others who are typically not directly licensed. “It will be interesting to see the first enforcement case against a manager-in-charge who is not a licensed individual, something we have not yet seen,” they commented.
Expert Opinion from Hannah Cassidy, Partner, Head of Financial Services Regulatory, Asia, Herbert Smith Freehills: “When people move from one firm to another – what information might need to be shared in the future? With three MIC enforcement cases now complete in Hong Kong, the regulators have flexed their muscles under the initial regime. The second generation of these legislative regimes – mandatory reference checking – is imminent and represents a more direct imposition of process upon banks and other regulated firms.”
They added that later in 2022, Hong Kong will introduce the Mandatory Reference Checking Scheme; as an individual leaves one institution, the new firm requires a reference from the old employers spanning back seven years potentially under the Hong Kong regime. “There is a working group that has been refining the details, and once released there is a further 12 months to prepare for that new requirement, and it will place considerably more onus on the banks to beef up their processes around reference checking, rather than the current rather generic material,” this expert reported. “This reference will potentially expose the reference giving institution to employment litigation risk.” It can work both ways – the reference provider could be sued for giving negative references, or for providing incomplete information, thereby essentially protecting both the new employer and the individual.
In Singapore, another panellist explained that the MAS also issued a consultation paper in 2021 around the reference regime. He explained that for Singapore, they plan to have a five-year period backwards looking, and that there will be in-built protections against unmerited negative references, or undisclosed negative activities.
Another guest addressed responsibilities beyond borders in international banks and firms, for example perhaps with the head of audit for Singapore based somewhere else such as Australia, the UK, Zurich and so forth. This makes for another challenge for compliance officers to make these people aware of what their responsibilities are, so that those who hold group functions, who are responsible for various jurisdictions need to be covered from a compliance perspective for officers or managers in-charge for multiple countries. “What we will perhaps see is more onus on individuals, more fines and other proceedings on individuals, which may change the way companies are set up, there might be more local roles, because they need to be closer to the business to be able to understand the responsibilities fully,” he commented.
The final word – watch out for more and more regulatory challenges, fines and sanctions ahead
A guest closed with a reminder that the wealth industry in general will get increasingly caught up in US or other sanctions that the Biden administration is rolling out, for example on companies that might seek to list in Hong Kong but have business or even shareholders in countries the target of sanctions, such as China, Iran and others. He cited a planned listing in Hong Kong that was withdrawn briefly shortly before the IPO as it was suddenly sanctioned by the Office of Foreign Assets Control, and when it did list US, the intermediaries were then barred from selling into US investors.
He also indicated that there will be far fewer Chinese stocks listed in the foreseeable future in the US, or stocks already listed there de-listing and listing anew in China, or perhaps Hong Kong or Singapore, largely due to tighter audit requirements in the US. He also highlighted the potential disruption flowing from other companies being placed on the OFAS list, or the Defence Department's list, or the US Commerce Department’s list.
“And finally, the US has an Act under which they're able to be to simply request any sort of financial information from any financial institution all over the world anywhere in any currency,” he reported. “This is yet to be used, but it is definitely a broad expansion of that power. And if that financial institution does not turn over that information, or doesn't have a good reason beyond just data privacy concerns or some state securities restrictions, then they can be barred from transacting in US dollars after that or fined a certain amount. In short, this is an increasingly difficult environment. But it is also an opportunity for a lot of banks to have good processes and procedures in place, so they're ready for potential concerns, whether it be around sanctions or fraud or a number of the key other areas we discussed today.”