As workloads are increasing, there is also a limit on the finite resources available to manage these growing compliance burdens. These concerns are compounded by a diverse and expanding range of subject areas with which compliance officers need to be familiar as well as an expectation of a greater volume of regulatory change. This larger picture is set against increased costs and difficulties in recruiting skilled compliance staff.

Overall, survey respondents outlined a sector that held greater responsibility but also contained practical operational challenges that threaten to undermine efforts to provide their firms with the level of compliance support required in today’s environment.

Thomson Reuters Regulatory Intelligence’s 14th annual survey of compliance leaders — distilled into the 2023 Cost of Compliance Report — was undertaken against this backdrop. The report explores the challenges that compliance officers face in 2023 and exposes the depth of issues that compliance leaders have encountered. The survey was taken of more than 350 practitioners, representing global systemically important banks (G-SIBs), other banks, insurers, asset and wealth managers, regulators, broker-dealers, and payment services providers mainly in the United States, the European Union, and the United Kingdom.

Overall, survey respondents outlined a sector that held greater responsibility but also contained practical operational challenges that threaten to undermine efforts to provide their firms with the level of compliance support required in today’s environment.

Some of the key findings of the annual report include:

• • • The volume of regulatory change was expected to increase and was seen as a key compliance challenge for boards and compliance officers.
    • Cost pressure and balancing competitive and compliance pressures were reported as key challenges, yet 45% of respondents did not monitor their cost of compliance with regulations across their organizations.
    • One-third of respondents expected compliance teams to grow, and the cost of compliance staff was also expected to increase, while turnover of staff and budgets remain at 2022 levels. An increase in the number of firms using outsourced providers for their compliance functionality was also reported.
    • Retaining skilled resources is seen as essential to deliver on a growing range of subjects with which the compliance function is involved. The recruitment of the appropriate talent comes at a cost, and the appeal of becoming a compliance officer has been reduced due to the potential for increased personal liability.
    • Low staff morale is emerging as a key conduct risk for many financial services firms. This may lead to wider noncompliance issues due to staff error or manipulation. Couple this with the identification of cybersecurity as a prominent culture and conduct risk, and it becomes more important for firms to ensure internal security controls are robust.
    • Firms operated an effective compliance culture despite the conduct and culture risks, with respondents predicting they will spend more time on culture and conduct issues in 2023.

The findings of this annual report are intended to help financial services firms with planning and resourcing while allowing them to benchmark their own approaches with those of the wider industry. The experiences of the G-SIBs are analyzed where these can provide a sense of the stance taken by the world’s largest financial services firms.

You can download a full copy of Thomson Reuters Regulatory Intelligence’s 2023 Cost of Compliance Report, here.

For several years, the SEC has monitored firms’ practices in offering services based on clients’ preferences on ESG and other investing factors related to corporate responsibility along with other factors that go beyond immediate bottom-line concerns.

In the past, the agency has cited the broad provisions of Section 206 of the Advisers Act, which requires disclosure of material facts to bring ESG-related actions. But since last November, the SEC has gained broader authority under the newly implemented Marketing Rule to examine all of firms’ compliance processes for advertising and marketing material, including ESG claims. “We’re testing under the Marketing Rule previously known as the Advertising Rule where you know the basic principle is to not make any misleading advertisement (related to ESG),” said Ashish Ward, the SEC Los Angeles branch chief.

Rulemaking by examination?

Some critics have argued that examiners are pushing ahead with their reviews of ESG at a time when the agency’s own rulemaking process has been facing challenges in defining the basic terms of what constitutes ESG.

However, the SEC sees it differently. Its SEC examinations unit says it has avoided substantive concerns of investment advisers’ ESG decisions, focusing instead on disclosure and documentation. The SEC exam unit also argues that it is implementing risk-based principles based on existing securities law, and it has taken the view that financial services firms must document and disclose the factors that they are using in advising clients.

“While the concern over whether the commission is using its examination or enforcement powers to advance its ESG-related rule making agenda is a fair question to raise,” said Ken Joseph, managing director for financial services compliance and regulation at Kroll. “The commission has already demonstrated in recent enforcement cases that the federal securities laws — including the anti-fraud provisions of the Advisers Act — provide a legal framework for charging alleged false or misleading ESG-related claims or inadequate compliance policies and procedures.”

“Examiners are tasked with evaluating claims made to clients or actual or prospective investors — neither the Marketing Rule nor the proposed ESG-related rule changed that dynamic,” Joseph adds.

Firms face widening ESG compliance risk

With the expansion of rules and priorities by the SEC, what is clear is that the risk of action by the agency because of compliance issues has expanded. Investment advisers will face compliance concerns they have never faced in the past under the new Marketing Rule because the rule adds even more emphasis on raising the bar for compliance units to have processes in place to assure ESG claims are accurate. In addition, the SEC has also created a 22-member Climate and ESG Task Force in its Division of Enforcement to better monitor firms’ and issuers’ ESG practices.

Navigating the complexity in compliance risk for issuers will be tricky in the near term, but adding ESG evaluations in disclosures only adds to the murkiness. “Due diligence can be become difficult with respect to evaluating ESG factors at issuers given the varying types of disclosures that they provide,” explains SEC branch chief Ward, adding that those

Bill Singer of the Brokeandbroker blog, a securities lawyer and former counsel for the Financial Industry Regulatory Authority (FINRA), says some brokerage firms are worried about how the SEC exam unit is viewing ESG. “There are a lot of concerns at firms that the SEC exams can look all over the firm for ESG issues that could pose compliance problems,” says Singer. “I’m hearing from firms that this ESG focus in examinations — and now with a special ESG task force — they will be getting hit with more deficiency letters and enforcement actions. They see it as rulemaking by examination.”

The SEC’s proposed ESG rules in total should give firms a reason to work on their compliance practices in advance of new rules, states law firm Mayer Brown LLP in a recent client note. “Although not directly embedded in any new rule or amendment, an SEC expectation is clearly set out in the proposal: that funds and advisers would adopt new compliance policies and procedures regarding their ESG-related strategies in order to help ensure the accuracy of the various prospectus and brochure disclosures,” the client note states.

“You should look at everything you say [on ESG] and ask if you can substantiate that it’s true,” the SEC’s Ward adds. “That’s going to flow through everything, and that’s going to help fix a lot of problems.”

Stress in the commercial real estate sector could be the next big concern for U.S. regional banks and regulators, as losses emanating from higher interest rates manifest over the coming months, analysts and bankers say. A portion of this fear stems from the possibility that each regional bank could be the next to suffer a major loss.

As banks report their first-quarter earnings, investors are scrutinizing the results for signs of stress or weakness following SVB’s collapse last month. So far, the earnings picture has not revealed any hidden bombshells, but experts say the pressures on banks’ financial health are likely to become more pronounced in the months ahead.

Of greatest concern is the banking sector’s exposure to commercial real estate (CRE), particularly the office sector. “Compared to big banks, small banks hold 4.4-times more exposure to U.S. [CRE] loans than their larger peers,” stated a new analysts report from JPMorgan Private Bank. “Within that cohort of small banks, CRE loans make up 28.7% of assets, compared with only 6.5% at big banks,” the report continued. “More worrying, a significant percentage of those loans will require refinancing in the coming years, exacerbating difficulties for borrowers in a rising rate environment.”

A separate Citigroup analysis found that banks represent 54% of the overall $5.7 trillion commercial real estate market, with small lenders holding 70% of CRE loans. More than $1.4 trillion in U.S. CRE loans will mature by 2027, with approximately $270 billion coming due this year, according to real estate data provider Trepp.

High vacancy rates

The office sector faces significant challenges following the COVID-19 pandemic, which forced a potentially permanent shift to remote work for millions of employees. A seismic shift in employee mentality following a period of flexible, remote working has led to a continued acceptance of remote and hybrid opportunities. With this change, office vacancy rates remain high across many U.S. cities. The current overall vacancy rate of 12.5% is comparable to where it was in 2010, one year after the onset of the Global Financial Crisis.

Further, chief executives from some of the largest banks have pointed to risks in the commercial real estate sector. “Weakness continues to develop in commercial real estate office,” said Wells Fargo Chief Executive Charlie Scharf on a recent earnings call with analysts. The bank set aside an additional $643 million in the first quarter for credit losses, mainly driven by expectations of higher CRE loan defaults.

California market in focus

With the tech and venture capital sector having borne the brunt of SVB’s collapse, recent data shows that California’s CRE market is one of the hardest hit in the country. San Francisco and Los Angeles had an average office vacancy rate of 21.6% in the first quarter, according to data from commercial real estate firm Cushman & Wakefield. And loans for San Francisco offices now face the highest risk of default of all U.S. metro areas.

“Difficulties are emerging by geography,” noted the JPMorgan report, adding that “Chicago and San Francisco are much more challenged than Miami, Raleigh, and Columbus, for example.”

CRE weakness is likely to affect banks of all sizes, but small and regional banks have, on a percentage basis, the greatest exposure. “While total exposure to the weakest CRE subsectors varies by bank, those with more than 100% of their capital in these buckets are more likely to be smaller regional entities,” the JPMorgan report stated, noting that Webster Financial Corporation, Valley National Bancorp, and Zions Bancorporation are a few of the banks with exposures exceeding 100% of their capital.

The bank’s base case scenario “assumes that aggregate CRE prices fall approximately 10% to 15% in the current cycle,” although for the office sector, the report revealed that price declines of 30% to 40% in the most stressed markets would be unsurprising.

Through taxes, governments can finance public initiatives and subsidize private investment in green industries and other initiatives, incentivizing a shift in private capital towards activities that will further the transition to net zero emission goals. Such investments will help prevent us from breaching our planetary boundaries and mitigate physical risks such as extreme weather, droughts, floods, and wildfires.

Tax credit investments

Investment tax credits at the federal level incentivize business investment. They let businesses deduct a certain percentage of investment costs from their taxes. In the context of green energy, tax credit investments return financial capital to companies to deploy directly into investments such as renewable energy, which boosts the investor’s ESG credentials and helps align the business with a low-carbon economy. Tax credit investments, which is a method used by corporations to provide funding for a project in exchange for the right to claim the available tax credit, enable corporations to use their access to capital to pursue their own path towards a sustainable economy in accordance with their risk/return assessments.

An increasingly popular option as part of an organization’s ESG strategy, tax credit investment has been and is set to become even more popular with the ambitious climate and energy policies of the Inflation Reduction Act (IRA), most of which relate to its more than 24 available tax credits. The IRA, which imposes a 15% corporate minimum tax, will drive $380 billion of investment into renewable energy and sustainable technologies, opening up new areas for tax credit investments such as electric vehicle charging infrastructure, bio-gas, green hydrogen, battery storage, and nuclear energy.

One significant change the IRA made to the clean energy tax credits is to make them refundable and transferable. Transferable tax credits allow companies to sell their tax credits to other entities for cash Refundable credits allow cash payment for tax credits if the amount owed is below zero.

Many U.S. companies need RECs in order to make progress towards their publicly stated goals, such as the country’s commitment to be net zero by 2050.

The Financial Accounting Standards Board, however, is now developing new guidance to clarify and smooth the process, and the Internal Revenue Service will be publishing guidance on the transferability of investment tax credits by mid-2023. Under the new rules, corporations can offset up to 75% of their federal income tax liability and roll this back three years, effectively gaining a rebate of taxes already paid to reinvest in ESG-positive opportunities.

Finally, renewable energy credits (RECs) are “tradeable, market-based instruments that represent the legal property rights to the ‘renewableness’ — or all non-power attributes — of renewable electricity generation,” according to the US Environmental Protection Agency (EPA). In effect, RECs assign ownership for the renewable aspects of the energy creation to the owner, allowing consumers to offset some of their carbon footprint.

Many U.S. companies need RECs in order to make progress towards their publicly stated goals, such as the country’s commitment to be net zero by 2050. Such credits provide a market and revenue stream for renewable energy-producing organizations. These opportunities enable companies to align themselves with a sustainable, green, low-carbon economy, which in turn, will likely lower companies’ transition and liability risks and their cost of capital.

There are also upsides as investors, lenders, and consumers recognize companies’ ESG-credentials. These opportunities for ESG-aligned investment will have notable social impacts around investments in infrastructure, human capital, and research & development. Job creation is a key outcome of investment in renewable energy, contributing to a just transition away from fossil fuels.

Under the IRA, a two-tiered system for renewable energy investment tax credits provides a base credit equal to 20% of the maximum credit and a bonus credit equal to an additional 80% of the maximum credit, but only if certain prevailing wage and apprenticeship requirements are satisfied in connection with the relevant project.

In addition, there are three adder credits that can be stacked on top of underlying credits for: i) meeting specific, domestic content requirements; ii) placing projects in the IRA’s defined energy communities; or iii) undertaking certain low-income solar activities.

While bringing more manufacturing jobs to the U.S. will strengthen employment overall, specifically selecting rural communities for large solar investments, for example, will provide an economic boom to those areas and enrich them through tax equity. There are further social benefits to community solar investments, which will have the ability to sell more than 50% of electricity generated to low-income families at discounted rates.

On the horizon

ESG alignment is the future of corporate investment, and companies should take advantage of the numerous investment opportunities that are emerging in the green transition.

In order to understand how companies can improve their status as social and environmental citizens and mitigate ESG-related risks, accurate measuring and reporting is needed as the first step. And tax credit investments are a direct, straight-forward way to turn this knowledge into a business upside.

In a time of economic and stock market uncertainty, tax credit investments offer a clear opportunity to grow and strengthen a company’s business strategy, while aligning it with the green transition.

This article was written for the Thomson Reuters Institute blog site by Foss & Co. For more information, contact ir@fossandco.com.

The International Monetary Fund (IMF) has warned that the fundamental question confronting market participants and policymakers is whether recent banking turmoil, sparked by SVB’s recent failure, is a “harbinger of more systemic stress, as previously hidden losses are exposed, or simply the isolated manifestation of challenges from tighter monetary and financial conditions after more than a decade of ample liquidity.”

One of the major factors behind the collapse of SVB and Signature Bank in New York was unrealized losses on their balance sheets. The losses stemmed largely from investments such as U.S. Treasury securities, which on paper were under water due to interest rate increases. Such paper losses are widespread across the industry. The Federal Deposit Insurance Corporation (FDIC) has estimated there are more than $600 billion of such losses sitting on U.S. bank balance sheets, a figure some say is conservative.

What appears to have caught regulators and investors off-guard is the broader market and industry impact from the SVB and Signature Bank failures. Neither bank was considered systemically important. And Congress even approved a rollback of financial regulations in 2018 on banks of this size.

“Even events at smaller banks can have systemic implications by triggering widespread loss of confidence and rapidly spreading across the financial system, amplified by technology and social media,” the IMF stated in its semi-annual Global Financial Stability Report, issued on April 11. “Because regional and smaller banks in the United States account for more than one-third of total bank lending, a retrenchment from credit provision could have a material impact on economic growth and financial stability.”

Tobias Adrian, IMF monetary and capital markets director, agreed this was a concern. “Even if you think that, on average, banks have a lot of capital and liquidity, there could be these weak institutions that then spill back into the system as a whole.”

Reverse 2018 ‘tailoring’ of bank rules

Additional bank failures, along the lines of an SVB, may well dictate the overall response by U.S. regulators and Congress. Upcoming bank earnings for the first quarter will give investors a glimpse into any further signs of weakness and possible contagion.

For the moment, however, with deposit flows having become stable, and investors slightly more confident, the next steps taken by regulators in response to SVB’s failure are likely to focus on several areas. At the end of March, top regulators from the Federal Reserve and FDIC appeared before Congress, and the discussions focused on several areas:

• • • Re-examination of regulatory tailoring — In his opening statement, Federal Reserve vice chair for supervision Michael Barr indicated that the central bank’s SVB collapse review will include the impact of reformed stress-testing, capital-planning, and liquidity risk management requirements implemented in 2018. At the time, the Fed decided that banks roughly the size of SVB did not require the strict regulatory standards imposed on systemically important banks, such as JPMorgan and Citibank. Both Barr and FDIC Chair Martin Gruenberg said that they will likely increase regulatory requirements for banks with between $100 billion and $250 billion in total assets. This might also include increased capital requirements.
    • Stress testing — There was a lot of discussion around stress testing for banks similar in size to SVB. According to the Fed, SVB was not tested for a rising rate scenario — which ultimately prompted the crisis. Barr said he will make changes to stress testing to capture a wider range of risks and channels for contagion.
    • Supervision issues — Numerous observers criticized how the Fed had highlighted liquidity and interest-rate modeling weaknesses at SVB as early as November 2021. The bank’s management, however, failed to address those concerns. The Fed is reviewing what went wrong in its supervision of SVB and will issue a report on May 1.

“Banks with between $100 billion and $250 billion in total assets can expect changes around capital adequacy, total loss-absorbing capacity, liquidity requirements, resolution planning, and the impact of accounting for unrealized gains or losses in securities portfolios,” consulting firm PwC wrote in a note to clients. “The starring role that stress testing played in the hearings demonstrates that the Fed is likely to not just reassess the frequency of tests but will look to expand their scope to capture a wider range of risks.”

Expanding deposit insurance

Then there is the thorny question of FDIC deposit insurance. In SVB’s case, more than 90% of its deposits were uninsured, held largely by venture capital firms and other businesses. That level of uninsured deposits is high in comparison to other U.S. banks, but FDIC data shows that many banks have deposits above the current $250,000 insurance threshold.

At the end of 2022, about 43% of all bank deposits were uninsured, according to the FDIC. Some of the country’s largest banks have above-average uninsured deposit levels. For example, 59% of JPMorgan’s deposits are uninsured, FDIC data shows, and at Citibank, that number reaches 85%.

Following SVB’s failure, regulators, lawmakers, and industry groups questioned whether the deposit insurance cap should be raised from the current $250,000 per depositor. A coalition of midsize banks has asked regulators to extend insurance to all deposits for the next two years.

Regulators have the authority to make changes to most of the areas described in recent Capitol Hill hearings, but raising the FDIC insurance cap would require bipartisan agreement in Congress.

With bipartisanship in short supply on many issues, however, an agreement on what to do with FDIC deposit insurance is unlikely to happen any time soon.

In this environment, robust and proactive compliance infrastructure is imperative to safeguard businesses and the broader macroeconomic landscape. U.S. Deputy Attorney General Lisa Monaco recently called on today’s business leaders to prioritize corporate compliance — not only to uphold the rule of law, but to recognize the role of compliance in strengthening financial markets and protecting national security.

At a time when internal budgets are being squeezed, the Department of Justice is doubling down on policy-driven strategies to hold both organizations and their leadership accountable “to promote and support a culture of corporate compliance,” she said. For workplaces today, where culture is key, Monaco’s remarks on safeguarding the business with a tenacious compliance and risk management posture are critically important.

Striking a healthy balance

Corporate departments and business units are often considered either as a cost center or profit center. During times of heightened economic pressure, unsurprisingly, the cost centers are often the first to be assessed for possible budget freezes or cuts to boost cost savings. In most organizations, the risk & compliance function is perceived as a cost center.

However, the role of an effective head of compliance is to communicate the importance of the compliance department and approach the role of the function as not only as a cost center, but as a way to drive business development and revenue. This requires striking a healthy balance between compliance and other leadership teams, articulating the business value of building a robust compliance program that assesses and mitigates risk.

A successful compliance program is designed around a heat map-like calculation, an exercise that evaluates the likelihood of risk against the impact of the stated risk. Adept compliance leaders will assess the industry environment, scan the horizon, and determine how certain variables might manifest as risks within their own organizations. This exercise is fundamental to quantify — and justify — the budget of a sophisticated compliance program that is equipped to safeguard the business.

Establishing a workplace compliance culture

Prioritizing compliance is not exclusively the role of the company’s compliance officer; in fact, if the compliance team is the only function of the business thinking about compliance and implementing the appropriate controls, the organization is not set up for success. From the senior leadership and board of directors, down to the roots of the organization, all employees are responsible for contributing and upholding a culture of integrity and compliance.

The top-down implementation of policies and expected behaviors, supported by good line management, can promote a more compliant and consistent approach across the business to better create a positive risk management culture. Establishing a strong culture includes fostering an entire organization’s approach to compliance, ensuring proportionate and cost-effective use of resources, and supporting efforts to build a dynamic and inclusive organization by promoting a speak-up culture.

Just as it is the role of all employees to strive towards annual business targets, so too is their role in upholding the organization’s compliance and ethics initiatives. It is equally important for organizations’ heads of sales to prioritize risk management and compliance as it is for heads of compliance themselves. The commitment to remain compliant is the responsibility of the entire organization.

The changing role of the compliance officer

The need to establish a robust compliance program, backed by a workplace culture that prioritizes de-risking and integrity, has become increasingly important for businesses today as policy and regulation continue to evolve. In February, a judge’s decision in a derivative lawsuit in Delaware to allow a shareholder lawsuit to go forward against a former McDonald’s Corp. HR leader set a meaningful industry precedent, another signal in recent regulatory activity that is continuing to shift accountability from the organization alone to include individuals as well.

This evolution of accountability over the last several years has been one of the most fundamental transitions in the role of the corporate compliance officer. Most importantly, this shift has changed how compliance leaders interpret their role and responsibility to the organization. When an individual is personally on the hook, it magnifies the context of accountability.

Coupled with this transformation is the U.S. government’s growing expectation to see data-driven approaches to compliance. Regulators increasingly require proof, backed by data and analytics, that a robust compliance program is in place and reinforced by a compliance-first culture.

Like most business functions, the increased use of technology and data has streamlined processes and accelerated efficiencies within compliance. Specifically, compliance leaders who are taking a more proactive approach to controls are looking to leverage data in order to understand how to better allocate limited resources across the business to areas that may be more at risk. As technology becomes even more sophisticated, so too does the expectation of the compliance officer’s responsibility to leverage it.

Compliance as a business driver

The most ethical and stable organizations are the ones with leadership teams that accept the ownership of risk, establish programs to mitigate risks, and leverage the compliance team as a vital resource to run the business more successfully. Especially as economic challenges persist, it is a business imperative that organizations — across all levels and functions — are committed to compliance.

At this year’s National Institute on White Collar Crime hosted by the American Bar Association, Deputy AG Monaco spoke about these recent policy changes that seek to promote cultures of corporate compliance and reinforce the personal role of individuals. “These policies empower general counsels and compliance officers to make the case to company management, to make the case in the boardroom that investment in a robust compliance program, including a forward-leaning compensation system, is money well spent,” she said.

While this is true in any climate, it is especially critical in today’s macroeconomic landscape. Indeed, it is the role of the corporate compliance officer that breathes this ethos into the organization to not only safeguard the business but to continue driving it forward.

Since 2019, compliance has seen a noticeable upward shift among corporate law departments’ strategic focus. While roughly 15% of respondents listed compliance as an area of strategic focus in 2019, that number increased to 22% by the end 2022.

Law departments realize that this shift in mindset does not come without cost. More than one-third (36%) of corporate law departments surveyed for the report say they anticipate increasing their legal spend on regulatory matters in the coming year, compared to just 8% that expect their spend to decrease in that area. The report also details a metric called net spend anticipation (NSA), which reflects the number of respondents expecting a decrease subtracted from those expecting an increase. Regulatory matters saw the highest NSA of any practice reported this year, 10 points higher than the NSA for labor & employment, the next closest practice.

All this suggests that there is a potential boom in regulatory work upon which law firms could capitalize. However, it is very much an open question as to whether law firms are positioned effectively to take advantage of this potential opportunity — or whether corporate clients are even really considering law firms for the work at all.

According to the Alternative Legal Services Providers 2023 report, regulatory risk and compliance services are the top use case that have corporate law departments turning to alternative legal services providers (ALSPs), funneling that work to ALSPs rather than traditional law firms. One-half of corporations surveyed for the ALSP report indicated that they used an ALSP for regulatory risk and compliance services. Indeed, across the globe, use of ALSPs for risk and compliance services was high and seen as likely to grow over the next five years.

Corporate clients are quite clear on why they are choosing ALSPs for regulatory risk and compliance services. A majority of respondents (57%) cited access to specialized expertise as one of the key reasons they use an ALSP for risk and compliance. Clients also look to ALSPs to help drive greater efficiencies and to help free up internal legal teams to work on higher value, more strategic work.

This is not a new finding either, corporate law departments have been citing risk and compliance as a key use case for ALSPs for as long as the report has been produced. Going back to the original ALSP report in 2017, risk and compliance was the top use case for corporate law departments using ALSPs. It has been clear for some time that when it comes to regulatory risk and compliance needs, corporate law departments have a preference for ALSPs.

This creates a potential problem for law firms that are looking to capitalize on any impending surge in regulatory work within corporate law departments. Beyond those corporate clients that already use an ALSP for regulatory work, another 24% expect to be using one within the next five years.

Some law firms are looking to bridge this gap through partnerships with risk and compliance ALSPs, with 52% of law firms reporting that they have created such partnerships. This can certainly help to round out the service offerings a law firm can make to clients, but it necessarily creates a revenue-sharing arrangement that can negatively impact law firm profitability. On the other hand, for law firms that have carefully considered the question, such arrangements may well be the outcome of a calculation that trying to spin up a separate, wholly owned ALSP offering from within the firm would be more difficult and less profitable, so the partnership creates the best potential outcome going forward.

The evidence from the research demonstrates a persistent gap between clients’ desires to use ALSP services for regulatory risk and compliance needs, and law firms’ willingness to create captive ALSP affiliate offerings to address this need.

Even with this being the case, however, relatively few law firms appear poised to take the step to create their own risk and compliance ALSPs as a captive unit. While 21% of law firms responding to the 2023 survey said it was “somewhat likely” that they would create an affiliate risk and compliance offering, only 4% said they “definitely will.” Looking back historically, this number is basically unchanged from the 4% of law firms that said they would likely set up a regulatory risk and compliance ALSP affiliate within the next five years in 2017.

The evidence from the research demonstrates a persistent gap between clients’ desires to use ALSP services for regulatory risk and compliance needs, and law firms’ willingness to create captive ALSP affiliate offerings to address this need — a problem present for half a decade now. Law firm captive ALSPs have been among the fastest growing segments of the ALSPs market for several years; according to the 2023 report, it was the fastest growing segment. The issue is not that law firms do not know how to create profitable captive ALSP offerings with high-growth potential; nor is the issue a lack of demand for ALSP services around risk and compliance. Rather, it appears that law firms are instead choosing to focus their captive ALSP efforts elsewhere, such as in eDiscovery, litigation support, and legal research services.

In a legal marketplace where demand appears to be tightening once again, and where law firms will need to be increasingly competitive in order to capture shifting market share, regulatory risk and compliance is one area where law firms may want to reconsider their go-to-market approach. Despite a high degree of demand, regulatory risk and compliance remains a playing field upon which relatively few law firm competitors aggressively have entered.

Total losses from online scams and identity theft reported to the Federal Bureau of Investigation (FBI) have increased to $10. 3 billion in 2022 from $6.9 billion the year before, according to the FBI Internet Crime Complaint Center report, and it is estimated that that numbers are much higher because less than 7% are assumed to report to any authority due to shame and embarrassment. One type of crime that is growing significantly is cryptocurrency investment scam, which climbed an alarming 183% to $2.57 billion in 2022 from $907 million in 2021.

With these monetary losses skyrocketing, one question arises: Who is protecting consumers? Many claim that this is a matter of personal responsibility, but with the alarming growth in losses, the societal impact of these scams is yet to be truly measured. Law enforcement and the FBI might investigate some cases, but the recovery possibilities are extremely limited once the money ends up in the hands of the criminals.

Of course, financial institutions hold some liability when it comes to fraudulent transactions, but the liability to reimburse customers only happens in the case of account takeover fraud, or unauthorized transactions. In this scenario, criminals will use an array of tactics such as stolen credentials or malware to login to the legitimate customer’s account or take over an existing online banking session.

In the United States, Regulation E (Reg E), which was issued by the Federal Reserve as an implementation of the Electronic Fund Transfer Act of 1978, determines the conditions under which financial institutions will reimburse their customers for unauthorized electronic transfers. While several clarifications have been issued over the years to outline specific cases for online banking and debit card activity, one thing remains clear — If a customer performed an authorized transaction even if they were manipulated to do so by a scammer, they will not be covered under Reg E and the bank will not be liable to reimburse customers. Given the amounts of money lost to scams such schemes as romance scams, investment scams, bank impersonation scams, and many others, and the implication of billions of dollars leaving the U.S. every year to illicit actors based in foreign countries, there is a need to take action.

Interestingly, there are several activities happening with numerous federal agencies pushing to do more around scams, such as the Federal Communications Commission (FCC) to take more action in detecting scam text messages, and the Federal Trade Commission (FTC) pushing social media and video platforms to address the surge in scams.

Embracing the Contingent Reimbursement Model

One interesting example of a model for scam loss reimbursement can be taken from the United Kingdom. The Contingent Reimbursement Model (CRM) was introduced in May 2019 in the U.K. in the form of an initiative designed to reimburse victims of authorized push payment fraud (APP fraud). This is a voluntary code that can be used by banks which agree to participate in the initiative.

Since its launch in 2019, the CRM has been successful in providing a more streamlined and efficient way of compensating victims of APP fraud. In fact, a total of almost 50% of reported scam losses have been reimbursed to victims of APP fraud under the CRM between the first half of 2020 and the second half of 2022, according to the latest figures released by U.K. Finance. This represents a significant increase compared to the previous reimbursement models, which often resulted in remaining financial losses to the victims. Under the CRM, the customer’s bank will reimburse the customer and take loss liability.

Unfortunately, the U.S. banking sector has been focused on an extremely narrow section of scams that has caught headlines, which is fraud on the Zelle payment platform. There has been a significant increase in Zelle fraud due to the nature of Zelle being a faster payment person-to-person network, with the money being transferred immediately to the beneficiary. Indeed, scams increased more than 250% to more than $255 million in 2022, compared to more than $90 million in 2020, according to a report released by Sen. Elizabeth Warren (D-Mass.) in October 2022.

From April to November 2022, Sen. Warren pushed the operators of Zelle — Early Warning Services, which itself is owned by a number of large U.S. banks — to provide numbers and explain their plan to reimburse customers and provide better protection. In November 2022, the seven banks that own Zelle started to work on a rule change that will require the network’s member banks to compensate customers who fall victim to certain kinds of scams. The shift would reverse the network’s current policy, which typically leaves customers with the losses on any Zelle transactions that the customers initiated themselves — even if they were tricked into sending their cash to a criminal.

Under the planned rules, if the banks determined that a customer had been deceived into sending money, the recipient bank — the one holding the scammer’s bank account — would be responsible for returning the money to the victim’s bank. That bank would then refund its defrauded customer.

This announcement is a huge change and brings a wave of optimism; however, there are many issues with the proposed reimbursement model. First, it is still unclear which cases will be reimbursed. The news of the proposal model has also received pushback by smaller banks that claimed that they cannot afford to pay for customer scam losses on Zelle, and they might need to leave the Zelle network if this rule will be reinforced, driving more competitive challenges for smaller banks. In addition, and perhaps most obvious, although Zelle scams are skyrocketing, we see other scam vectors growing significantly in which transfers to criminals are not conducted on the Zelle payment platform.

Clearly, the industry needs a more holistic approach to protect consumers who are losing money in growing amounts, especially since Zelle fraud is a comparative drop in the multi- billion-dollar ocean of similar financial scams.

So, to answer the original question: Could the U.K.’s CRM model be deployed in the U.S.? It seems like the Zelle liability initiative that was taken to address a very isolated issue might quiet broader conversations for the time being. However, with the sophistication of the banking ecosystem in the U.S. and the many stakeholders that would need to get involved, it is highly unlikely that this model will be implemented in the U.S. as a voluntary measure.

There is a broader ecosystem that needs to take more responsibility across the scam lifecycle, starting with telecom companies and social media platforms, which facilitate communication, and then onto the banks which enable these illicit transactions.

There definitely should be more collaboration and data-sharing across sectors, and that should be facilitated by the government. At a minimum, banks should take better care of their customers by erecting stronger controls to prevent scams and drive better awareness of these schemes.

For more on protecting yourself from online scams, check out the author’s recent podcast on the Scam Rangers site.

Congress enacted the transparency legislation as part of the AML Act of 2020. It aims to stem criminal abuse of shell companies by creating a national registry to identify the beneficial owners of complex corporate and legal structures. Slated to be operational on January 1, 2024, the registry will ultimately contain data on tens-of-millions of legal entities.

The senators’ letter urged the Financial Crimes Enforcement Network (FinCEN) to amend a proposed rule governing access to the non-public registry. As written, the proposal “deviates from congressional intent by inappropriately restricting financial institution access to and use of (beneficial ownership information, or BOI),” it said.

The proposal’s public comment period ended in mid-February 2022, but not before the American Bankers Association (ABA), an influential trade group, submitted a letter labeling it “fatally flawed” and recommending its withdrawal. The proposed access rule “creates a framework in which banks’ access to the registry will be so limited that it will effectively be useless, resulting in a dual reporting regime for both banks and small businesses,” the ABA said.

The senators’ letter to FinCEN seemed to support elements of the ABA’s position, calling on regulators to ensure that financial institutions can use beneficial ownership information across their anti-money laundering, combating the financing of terrorism (CFT), sanctions-screening, and broader financial crime compliance programs.

Access rule should “track closer” to Congressional intent

Senators Sheldon Whitehouse (D-RI), Chuck Grassley (R-IA), Ron Wyden (D-OR), Marco Rubio (R-FL), and Elizabeth Warren (D-MA) submitted the letter, stating they want FinCEN’s rulemaking to “track closer” to Congress’s intent in the CTA.

“As drafted, this proposed rule risks impeding financial institutions’ timely access to the beneficial ownership directory,” the senators said. “Once the database is live, financial institutions across the country will immediately begin requesting access to BOI for the 32 million reporting companies in the country. It is essential that FinCEN establish an automated process (ideally one that integrates with existing compliance systems at financial institutions) for fielding and responding to these requests.”

The letter adds: “If FinCEN manually reviews every request from each financial institution, it risks overwhelming the capacity of the agency, generating major delays in the financial system, and undermining the utility of the directory.”

FinCEN takes feedback from public comments on its proposed rule “very seriously” and “are carefully considering all comments as we complete our work,” a FinCEN spokesperson stated. “FinCEN is committed to implementing an effective regime that enhances transparency on who ultimately owns or controls a company and to making this historic beneficial ownership database a highly useful tool for all stakeholders, including financial institutions, and others.”

The senators also urged FinCEN to clarify in the final rule that financial institutions “are not expected to affirmatively obtain new consent from an existing reporting company customer each time a financial institution needs to query the directory for information on such customer — assuming the customer previously provided the financial institution with its consent to request BOI from FinCEN.

“The current proposal could be read to forbid financial institutions from accessing the directory to assist with most of their Bank Secrecy Act, anti-fraud, and sanctions-screening requirements,” the letter also stated. “Congress intended that the directory be ‘highly useful’ to financial institutions, among other authorized users, and the CTA explicitly contemplates that financial institutions will incorporate BOI into their AML/CFT programs.”

Notably, however, the senators’ letter did not address all of the ABA’s concerns. It did not, for example, ask FinCEN to allow banks to share BOI with bank personnel in foreign jurisdictions, nor did it request a safe harbor from liability for financial institutions that use information obtained from the registry.

Other requested amendments

In addition to urging greater registry access for financial institutions, the senators also asked FinCEN to make other adjustments to the proposed access rule, including:

• • • Ensuring that state, local, and tribal law enforcement can effectively access the beneficial ownership directory.
    • Ensuring that beneficial ownership information can be used in court at the conclusion of a case.
    • Nixing and clarifying certain filing requirements that, as drafted, risk slowing investigations, overwhelming FinCEN’s capacities, and/or generating major delays in the financial system.
    • Ensuring that Treasury’s Office of Inspector General and the Comptroller General of the United States have access to the registry.
    • Mandating that FinCEN verifies the beneficial ownership information it receives.
    • Ensuring FinCEN creates clear, concise, and tailored templates, forms, training videos, and step-by-step guides to help authorized recipients request and access the registry.

Nervous sentiment triggers crisis at Credit Suisse

A crisis of confidence among already-jumpy global investors played a major part in the downfall of Credit Suisse. The 166-year-old institution has been besieged by a series of compliance failures, poor investment decisions, and senior managerial turnover since 2020.

At the same time, the bank was also considered well-capitalized and compliant with international regulatory capital requirements. At the end of 2022, Credit Suisse had a Common Equity Tier 1 ratio of 14.1% and a liquidity ratio of 144%, both substantially higher than applicable requirements.

In a staff memo issued in late September, ahead of an announcement on the outcome of a strategic review, Credit Suisse CEO Ulrich Koerner advised staff not to confuse the bank’s day-to-day stock performance with its strong capital base and liquidity position. That statement proved insufficiently reassuring.

Credit Suisse customers withdrew roughly CHF 110 billion (US$119 billion) from the bank last year, mostly during the fourth quarter. Additionally, the reputational damage from enforcement actions, leadership turnover, and investment losses have left the organization increasingly vulnerable to systemic events. This February, Credit Suisse disclosed that in 2022 it had suffered its biggest annual loss since the global financial crisis in 2008. Investors reacted, and the bank’s shares plunged by 15% upon the disclosure of the results.

A panic sale ensued on March 15, following new reports that Saudi National Bank (SNB) had ruled out additional investment in the Swiss bank beyond its existing 9.88% stake, due to regulatory constraints. Despite subsequent clarification from SNB chairman Ammar Al Khudairy that any investment above 10% would trigger regulatory hurdles both domestically and internationally, investors reacted to the remarks by heading for the exit in droves, withdrawing billions as the bank’s share price continued to fall. Despite also expressing confidence in Credit Suisse, describing it as a “strong bank” and saying SNB’s investment was opportunistic and long-term, Al Khudairy’s vote of confidence came too late.

The subsequent sell-off was so impactful that even a credit line from the Swiss National Bank failed to restore confidence. On March 19, UBS announced it would take over Credit Suisse, with the former left as the surviving entity once the transaction closes.

Contagion fears spur bank run at First Republic Bank

The recent run on First Republic Bank is an even starker illustration of the potential systemic threat posed by nervous market sentiment.

Following the collapse of Silicon Valley Bank (SVB) and Signature Bank, concerns of contagion among smaller, regional banks prompted depositors to withdraw money from such institutions in the U.S., in favor of larger financial institutions. First Republic Bank was among some of the firms to experience a bank run from those outflows.

The bank sought to respond swiftly to assure investors by disclosing that it was financially sound and had obtained additional financing to withstand potential systemic risks posed by the collapses of SVB and Signature Bank. At the time, bank capital and liquidity at First Republic Bank were considered well above the regulatory standard for well-capitalized banks in the United States. The bank also has a fairly clean compliance record.

None of these assurances, however, were sufficient to stem customer outflows or keep the bank’s share price from sinking. U.S. regulators and a consortium of large financial institutions are in discussions to provide additional emergency liquidity to First Republic Bank.

Regulatory considerations of broader financial crisis

Regulators are emphasizing that the current environment differs significantly from the period preceding the 2008 financial crisis. They point to years of regulatory reform since then, aimed at ensuring banks are better capitalized. Some supervisors have also hurried to hint at plans for more regulation, including higher bank capital requirements.

Indeed, this crisis differs from 2008. This crisis of confidence in the banking sector is also a crisis of confidence in bank supervision. Significantly raising capital standards to the point where financial institutions should — in theory, at least — be able to withstand the scale of recent bank runs without raising capital, would have drastic implications for retail and commercial lending, at a time when the world is anxious about economic growth.

Setting aside the potential impact on small-to-medium business growth and the opportunity for wealth generation among lower net-worth demographics, further curtailing credit would also affect higher-risk but meaningful initiatives to advance the environmental, social, and governance (ESG) objectives to which many nations and industries have committed.

When a global systemically important bank and a compliant regional lender — both considered well-capitalized above regulatory requirements — fall into distress within the same month, despite regulatory assurances, authorities may need to consider a risk-management approach that speaks more directly to a trepidatious and distrustful global market.