Compliance in Ukraine: problem loans drew attention to the antidote

Andrii Spektor
Date: 21 Feb , 5:27
1044 read
​ ​

The in-time minimization of business risks, the ability to manage them is a key factor in the safe and profitable operation of banks and companies

The so-called “bank fall” in 2014-2015 provided an opportunity to look in a new way at the application of the institution of compliance. As you know, this term means compliance with banking institutions and business entities of certain rules or conditions in accordance with applicable law. The main purpose of compliance is to minimize legal and reputational risks, which is the key to the effective operation of any business and its survival in competition.

For today, it is difficult to imagine a bank, large business structure, or company with foreign capital that does not have a developed policy or strategy for compliance risk management. Although business owners constantly complain that the implementation of compliance management in the company's corporate governance system requires additional material and human resources, the creation of such protection can quickly pay off by effectively eliminating compliance risks, minimizing the number of unscrupulous contractors and employees who can damage the company's financial condition and business reputation with their illegal actions.

A relatively young phenomenon

The term "compliance" has entered into the official terminology relatively recently, since the adoption in the United States of the Sarbanes-Oxley Act (2002), which maximized the requirements for securities market regulation and financial reporting to prevent corporate scandals, including corruption.

In Ukraine, compliance first appeared in the financial sector as part of banking supervision. The term itself was enshrined in the Resolution of the Board of the National Bank of Ukraine №867 dated 29 December - 2014 "About approval of the Regulation on the organization of internal control in banks of Ukraine", where the concept of "compliance" is defined as compliance with legislation, market standards as well as the own standards and internal documents of the bank, including procedures. Also the definition of "compliance risks" was set as the probability of losses/sanctions, additional losses or loss of planned income, or loss of reputation due to non-compliance with the law, regulations, market standards, fair competition rules, corporate ethics, the emergence of conflict of interest, as well as the internal bank documents.

​ ​

With the time, this resolution of the National Bank of Ukraine was replaced by another one - №88 dated 02 July - 2019 "Statement about approval of the Regulations on the organization of internal control in banks of Ukraine and banking groups", in which the issue of compliance control of the bank and compliance risks in the banking sector further development. In particular, it was explained that compliance is the obligation to ensure the operation of the bank in accordance with law and international norms by developing and adhering to certain domestic policies and procedures.

In addition, the National Bank of Ukraine Resolution № 64 dated 11 June - 2018 approved the "Regulations on the organization of risk management systems in banks of Ukraine and banking groups." This provision obliged to introduce the compliance control unit into the structure of banks, the functions of which included the following: ensuring the organization of control over the bank's compliance with the law and timely implementation of the amended legislation in the bank's activities; ensuring risk management in the relationship between the bank and customers; ensuring training of bank employees on compliance with the law; ensuring control, monitoring, reporting on compliance risks.

The picture will be incomplete if we do not mention another requirement of the NBU (Resolution № 65) regarding the banks' financial monitoring of their customers. Clear rules of such control were introduced after the entry into force on 20 April - 2020 of the Law of Ukraine No. 361-IX "About Prevention and Counteraction to Legalization (Laundering) of Proceeds from Crime, Terrorist Financing and Financing of Proliferation of Weapons of Mass Destruction". The essence is that the relevant services of the bank should conduct a constant analysis of suspicious financial transactions of the customer, as well as practically study the customer to make sure that he is not fictitious, not transit, not one-day, that he has a real beneficiary and real business. Today, except for the banking sector and activities in the stock markets, the direction of compliance is regulated nowhere. However, elements of compliance are often used by businesses on a voluntary basis.

Thus, compliance is a process of management of the compliance risks. It is also important that the compliance function should not be performed ex-post facto, after committing any illegal actions, but should be aimed at preventing such phenomena in the future.

​ ​

Lines of protection

Compliance-control around the world uses the model of three lines of protection which has already become a classic:

1. The first line includes business units that can generate compliance risks and which carry out primary management;

2. The second line includes compliance defenders who ensure coordination of measures on compliance risk management and consolidation of information on them, the carry out regular monitoring and control of all compliance risks;

3. The third line includes internal audit which assesses the effectiveness of risk management of the first and the second lines.

The objectives of compliance risk management, for example, in the banking sector are:

• prevention of losses / sanctions, additional losses or loss of planned income, or loss of reputation due to non-compliance with the bank's legislation, regulations, market standards, rules of fair competition or minimizing the impact of these negative factors on the bank;

• ensuring compliance with the requirements of internal regulations and administrative documents of the bank;

• ensuring proper management of ‘’conflict of interest’’ situations: prevention of abuse of these situations, minimizing the consequences of the implementation of events related to conflicts of interest;

• ensuring compliance with corporate ethics requirements, including honestly informing the owners (shareholders) and their authorized persons on the key areas of the Bank's activities, fair treatment of customers and ensuring a fair approach in their advice.

​ ​

X-ray of customers

Financial and reputational losses can really put an end to all activities of the bank, so detailed collection and analysis of information about customers and business partners, verification of their data, detection and termination of cooperation with unreliable counterparties, who conduct dishonest and unreliable activities, is the key establishing quality business processes, minimizing losses.

Today, a bank that wants to feel safe about the fate of the loan will not decide to grant it until it checks the borrower's business reputation. It will first identify the beneficial owners of the legal entity and related parties. Then the bank will check the credit history of the borrower and related parties, will get sure to look at the register of court decisions, "blacklists" of fraudsters, data from open registers and other resources. Things such things as transparency of the ownership structure and complete disclosure of the real owners evoke greater trust in the customer. Banks are also interested in the business connections of the owners, the availability of start-up capital, thanks to which the owner started the business. Attention is also paid to the conditions of doing business - the availability of staff, production facilities, necessary premises, road transport, etc.

Clients' counterparties are also studied, especially by foreign companies. That these were not so-called "shell companies". Registration in offshore jurisdictions, minimum staffing, lack of accountability, and the presence of owners of large numbers of companies are signs of this.

Such meticulous verification is carried out at the beginning of customer service, and then more attention is paid to the essence of those transactions that customers conduct through bank accounts.

Other factors are important here, the presence of which can also lead to the closure of the company's account:

• frequent change of ultimate beneficial owners, statutory documents;

• confusing or unusual nature of concluded agreements that do not have an obvious economic meaning or obvious legitimate purpose;

• non-compliance of agreements with the interests of the company's activities specified in its constituent documents;

• lack of feedback, ignoring bank requests.

​ ​

To hide behind the “Great Wall of China”

Equally important is compliance with the bank's own staff. After all, the human factor can also cause a lot of damage.

First, to build business ethics it is better for each institution to have its own code of corporate conduct or ethics. It regulates the moral and ethical norms of employee behavior, determines the principles and values of business, sets requirements and restrictions. Among other things, this code may regulate business gifts. The concepts of "gift" and "bribe" can be easily separated by setting the threshold value of gifts and procedures for monitoring their provision.

Secondly, it is important to resolve the concept of conflict of interest. The interests of the employee may conflict with the interests of the bank, the interests of one customer - with the interests of another, and so on. Therefore, in the code of corporate conduct it should be noted that the interests of the bank are always placed above the interests of its individual employees.

Third, today the protection of the bank's property is relevant, which applies to both tangible and intangible assets, "know-how", intellectual property rights, confidential information. For example, an unscrupulous employee of a company may seize the customer base, personal data of customers, or disseminate insider information about the financial condition and investment plans of the bank in order to obtain additional income. Protection against such encroachments in international practice is called the policy of “the Great Wall of China”. Thus, in order to ensure security in the field of information as part of compliance control, internal documents (regulations on trade secrets, etc.) are developed, which regulate the protection of important data, personal information, interaction with customers, other employees, contractors in the performance of their duties and after quitting. The most effective in this regard is the conclusion of non-disclosure agreements. The better such an agreement is drawn up and the conditions of responsibility for the disclosure of confidential information are taken into account, the less likely it is that such information will be disseminated.

This is, in fact, only a small digression into the field which is slowly growing on Ukrainian soil and has not yet become the norm for all domestic business, but the future seems to go for that.

We advise you to read

View all articles


To apply online with your question kindly send your letter to the below email.

Andrii Spektor

Andrii Spektor

Bankruptcy and Taxation Attorney

Download Contact
Phone number +380 97 656 71 35

Use your smartphone to read the QR-code, after which you can add me to your contacts.