Q&A: Kari Markkula, chief risk and compliance officer
Kari gives us his view on the compliance landscape, the risks of non-compliance and the importance of Know Your Customer (KYC), and details the Nordea approach to trade finance compliance.
About Kari Markkula:
Kari Markkula is chief risk and compliance officer in Nordea’s Corporate & Institutional Banking division, a position he’s held for five years. His career spans nearly 30 years in international bank risk management across Europe and the Nordics.
How have you seen the compliance landscape changing?
The range of regulations covering terrorism funding, money laundering, competition law, bribery and related areas are all growing.
To keep it manageable, I recommend structuring your thinking about compliance risk on three levels:
- International - this includes the agreements and regulations around international trade in general.
- Country level - this includes trade regulations that every exporter/importer needs to know for their sector, such as customs duties and product regulations, whether that’s restrictions on alcohol and tobacco or safety and product testing. Clearly, some product areas are more active than others in terms of regulation. One fast-growing and very important area in this category is consumer protection law.
- Customer level - this basically covers checking that individual trade parties are operating above-board: that you’re not going to be involved in money laundering, funding terrorism, participating in corruption, or violating any sanctions.
It’s getting more complex, no doubt about it. Take sanctions as an example. The list of countries covered by sanctions can change rapidly – just look at the situation in the Crimea. The types of sanctions also vary greatly: in some cases sanctions are wide-ranging, others affect only certain named individuals, or types of products and services. The one constant is that today, sanctions are rigorously enforced.
The impact can be more far-reaching than you might assume. For example, your choice of shipping provider isn’t only affected by whether the company is under sanction; you need to ensure the vessels will not visit docks covered by sanctions. You have to understand every facet of the transaction.
What risks are involved with non-compliance?
Traditionally, if you failed to do your due diligence during a transaction, you could suffer commercial consequences: your buyer might find a contractual loophole to avoid paying or delivering your goods which would cost you money. Today, infringements of national or international law at any stage of the transaction could result in penalties ranging from confiscation of funds or goods to imprisonment for individuals involved.
How does Know Your Customer fit in?
Know Your Customer (KYC) is an important aspect of “customer level” compliance requirements, but in my view it’s a discipline that’s inseparable from effective risk management and commercial best practice.
Before starting work with a new customer, enter a new market, or take on a new supplier, you need some basic information. Who are the owners of your partner? What is their business strategy? What do their financials look like? Who are their other customer, partners and suppliers? Who are their banks? Obtaining this kind of information is sound commercial practice, and there are many public information sources that can help you lay the groundwork. This type of check also helps to meet anti-money-laundering and sanctions requirements.
Some companies have created comprehensive information packs about their customers and partners because it enables a wide range of risk management, not just financial trade risk (e.g. payment and delivery). Sanctions and anti-money-laundering checks just widen the information companies need to be comfortable with their partners in international trade.
Does this approach extend to compliance more generally?
It does. Forward-thinking organisations are documenting their codes of conduct, making strategic commitments to behaving appropriately. As the compliance landscape continues to grow more complex, this is the only sustainable way to continually meet the standards.
Is KYC something that can be outsourced, as a commodity?
There are many service providers offering basic risk information about banks and businesses - it makes sense to centralise information in a standard, accessible format. There are well-established service providers offering bank-to-bank KYC, which offer central depositories for your details, that other banks can obtain for a fee.
But I don’t believe this will ever be sufficiently comprehensive. You may have questions about the bank or customer that are specific to your circumstances, and you are likely to have specific detailed questions about individual transactions. Trade finance products tend to have a lot of verified information attached to them, but it might not include all the KYC information you need. Your bank will still need to do its own transaction monitoring and its own KYC work.
What goes on inside a transaction’s KYC check?
Banks comb through the transaction documentation for oddities and discrepancies in transaction flows and come back to question the parties involved. Banks check transactions against sanction lists of individuals, companies and product categories, and double check if the name of any company involved is similar to that of a sanctioned party or is affiliated with a sanctioned party. You can never be too careful when it comes to avoiding sanctions.
What effect has screening had on international trade?
It is likely that in some cases international trade has become slower, but it doesn’t have to be that way. At Nordea, we believe that by carrying out background checks in advance and building this into standard operating procedures, any special checks that are needed are likely to be much less invasive. Because Nordea only deals with banks that it has verified, if a transaction goes through those banks, one level of checking is already done. When it comes to handling payments, most are STP (straight through payments), and the screening only affects transactions where there is an anomaly. Here at Nordea, our checking machinery spots discrepancies on the same day; if nothing is flagged, the transaction is released without delay. If there are questions, we might have to delay the transaction, but we handle it as quickly as possible.
What is the future of compliance?
Increasingly, compliance requirements are shaping business codes of conduct, and I think that this will accelerate, with compliance increasingly touching corporate social responsibility (CSR) issues.
Companies can no longer absolve themselves from how their suppliers behave, the labour conditions at manufacturing plants, whether raw materials were sourced sustainably, or if the supplier is found to be polluting the environment. The very KYC checks that look for anti-money laundering or sanctions issues now will also illuminate broader reputational and business risks related to trade partner behaviour.
What’s Nordea’s approach to trade finance compliance?
Because compliance is so much broader and more important now, it’s critical to work closely with your relationship bank to keep your transactions flowing smoothly. We have a legal obligation to conduct checks, but you can make it less disruptive. Give us notice of new customers and upcoming transactions, and help us understand the whole transaction and the value chain behind it. With that insight, we can help you mitigate risks and prevent problems arising. The outcome should be that everyone is happy: we get the necessary information to handle the transaction swiftly, your risks get covered, and your customer gets good service.