In brief:

The cross-border activities of financial institutions are still considered a major risk and remain the focus of FINMA's supervisory activities.

  • As a result, institutions providing services or distributing financial instruments on a cross-border basis must take the necessary strategic and organizational measures to eliminate and minimize risks.

These measures include having the necessary specialist knowledge in each country where these activities are carried out, defining specific service models for the countries served and training their employees accordingly.

Standfirst/Teaser/description:

Financial service players must adapt to the stricter rules oncross-border activities by improving their cross-border business framework.

Introduction:

On December 13, 2022, the Swiss Financial Market Supervisory Authority FINMA published the revised Circular 2023/1 "Operational Risks and Resilience - Banks". The revised circular entered into force on January 1, 2024.

In doing so, FINMA is adapting the circular to technological developments and concretizing supervisory practice on topics such as the management of operational risks (including risk management for cross-border services), the handling of critical data, the management of risks associated with information and communication technology (ICT) and cyber risks.

Once the risk has been considered, banks must be able to demonstrate that they have put in place adequate mitigating measures. Employees are expected to have knowledge of the relevant country specific manuals, depending on their activity and the service provided. For the first time, FINMA mentions that being familiar with cross-border regulations means having been adequately trained.

Cross-border training: a key element in risk mitigation

  Banks with international client bases are confronted with a multitude of country-specific regulations and are subject to ever-increasing controls in an ever-stricter regulatory environment. Therefore they need to ensure clear, traceable and accurate answers as to whether, for example, a relationship manager is permitted to offer a particular financial instrument to an existing customer in a given market.

Only a solid, dedicated framework within the company enables banks  to conduct compliant cross-border activities. One of the cornerstones of this framework is the establishment of country specific manuals that describe the permitted or restricted activities, services and products in each country.

In order to ensure that the country specific manuals are used effectively by the stakeholders concerned, it is essential that they are familiar with their content and how to apply the specific rules.

To this end, the provision of appropriate training is a sine qua non condition for an efficient and compliant cross-border framework.

Content of cross-border trainings

The training courses are supposed to provide sufficient understanding of complex scenarios and potential implications of conducting financial services that span across different jurisdictions. They should reflect and summarize the content of country specific manuals and enable employees to familiarize themselves with the rules, in order to avoid any regulatory breaches. In this regard, the following topics should be notably covered in a cross-border training:

  • Definition of cross-border activities
  • Reasons for regulatory restrictions when acting across borders
  • Risks when conducting cross-border activities
  • Differences between client categories that are being serviced on a cross-border basis
  • Compliance requirements (incl. documentation) when conducting cross-border business
  • Types of regulated services in each jurisdiction

Employees should be aware of the consequences when the bank provides services to its customers in another country by considering several scenarios:

  • Client visits the bank: Both the client / prospect and the advisor are physically in the jurisdiction of the bank.
  • Cross-border communication: The client / prospect is in the targeted jurisdiction and the advisor is in the jurisdiction of the bank; any means of communication between the client / prospect and the advisor (mail, e-mail, call, fax, chat, mobile messages, mobile applications, etc.) are included.
  • Advisor visits the country: The client / prospect and the advisor are both physically in the targeted country.

At the end of a training, ideally a certificate should be issued to the employee, certifying the acquired know-how and therefore enabling him/her to continue carrying out this type of activity in the targeted jurisdiction(s). Depending on the internal framework, this certification might also trigger the right to perform the specific activity. The system could, for example, coordinate the certification with access to certain tools needed to carry out specific cross-border activities (travel booking, marketing activities, etc.).

Did you know?

An existing training process and documentation of cross-border trainings with certifications are always part of an internal and/or external audit within the cross-border process.

Digital cross-border training tailored to employee skills

To ensure optimal and effective training, it is important to:

  • Adapt the level of training to the knowledge and skills of the people involved
  • Offer a simple, user-friendly platform.

Digitizing your training courses enables you to draw up a set of rules for cross-border business for each jurisdiction. The idea is to design rules to cover the relevant financial services and instruments, tailored to your specific needs. Indeed, implementing regulatory guidelines via digitized content enables a flexible, automated process for compiling, updating, and maintaining content.

The training could be adapted to the specific needs of the bank and considering the different knowledge level of their employees. As an example, the trainings could be divided into different blocks, some of which might always be compulsory, and others optional depending on the level of knowledge of the trainee, as follows:

A digitized, modular, and tailored training offering will ensure that employees will have the appropriate knowledge to perform their activity and that the financial institutions are in line with regulatory requirements.

However, the implementation of a fully embedded digital solution related to cross-border activities would potentially enable a bank to waive the need for country specific trainings. In practice, a complete and optimized digital solution would reduce the legal and reputational risk: employees would not need to know the specific rules for each country as they would be embedded in the system they use to perform their activity on a daily basis. The system would prevent the employee to perform an activity that is not permissible from a cross-border perspective.

Such type of digital solution would allow banks to combine a solid framework for cross-border business with annual limited budgets. Indeed, updating the system on a frequent basis (to be determined according to the markets targeted by the bank) or when new regulations come into force, is beneficial on several levels: it allows banks to be up to date from a regulatory point of view, to integrate new growth markets in a compliant way, and to have a clear vision of their budget for cross-border activity.

Potential sanctions

If the bank or any of its employees carries out any activity subject to authorization without the appropriate license, the following sanctions may, inter alia, be imposed:

  • Criminal sanctions
  • Administrative sanctions
  • Civil liabilities, e.g., compensation for damage, agreements become unenforceable
  • Reputational damage, e.g., negative media and press
  • Loss of client relationships / Loss of profits (market share)
  • Risk of losing or jeopardizing potential local licenses etc.

Summary:

Country specific manuals help all employees conduct cross-border business by providing country-specific knowledge and guidance in the form of Do’s and Don’ts. To ensure the appropriate use of these manuals, banks must train their employees and ensure compliance with the guidelines through appropriate organizational measures, guidelines, remuneration models and sanctions.  However, the provision of these trainings can be replaced by a comprehensive cross-border digital offering, embedding country-specific rules and enabling banks to effectively manage cross-border compliance, not only to reduce the risk of fines and penalties, but also to guarantee operational models within limited budgets, and eliminate the risk of missing out on growth. Reach out to EY’s Cross-border Center of Excellence team to learn how we helped clients realizing above benefits.