Q & A with Mark Batts
Former Managing Director, Financial Institutions Group Head of Enhanced Due Diligence (EDD) HSBC, London
1. Please tell us a bit about yourself, your work, and your relationship with Sigma Ratings
I have more than 35 years of experience working in international banking. My experience has encompassed change management, financial crime risk assessment and control framework design. I have restructured, re-positioned and managed a range of business lines. I also have extensive knowledge of banking sectors in many countries, particularly the developing economies, through working with both financial institutions and corporate clients. My current focus is working with bank clients to develop intelligent and proportionate financial crime compliance control frameworks.
In my last “institutional” role as Managing Director, I was invited by HSBC to design and manage their Global EDD team for correspondent banks and HSBC affiliates. This was in order to respond to an immediate demand from the US regulator to have a robust process in place that could perform EDD on those correspondent banks (CB) and affiliates that posed the highest financial crime risk in high risk countries. This also necessitated the design and creation of a CB Risk Appetite Statement and Risk Assessment Methodology. The initial regulatory imperative was to structure a global team to perform site visits on circa 200 banks and affiliates in 35 countries in a 15-month time period. The team had to operate globally and to produce consistent output in terms of reports and recommendations. In addition to an EDD methodology, a process also had to be developed to perform EDD on several hundred legal entity banks that were also categorized as high financial crime risk, although operating in medium and low risk countries.
I formally joined Sigma on February 1, 2018, however, I had been talking to Gabrielle and Stuart for quite some time before then. I joined because I am keen to see thoughtful standardization of the Customer Due Diligence (CDD)/EDD process for banks and other financial institutions. Sigma is the first organization that has actually come with a scalable methodology for making this happen.
2. What does Sigma Ratings do that differentiates it from others?
Sigma combines field experience and technology in a way in which other companies cannot compete. For example, Sigma uses proprietary algorithms to scrape the web for all publicly available information on a financial institution and then goes a step further to refresh that information dynamically. No one else comes close to tracking such data with similar frequency. I should add that Sigma is able to do all this without being disruptive to the bank. Essentially, there’s a lot of insight without the hassle. They apply smart technology where appropriate, but still conduct rigorous risk assessments where technology can only go so far, such as with their solicited ratings.
3. You are a veteran in the compliance space, working across markets and on different issues related to correspondent banking and illicit finance—why is financial crime risk assessment and management of equal or greater importance than compliance in today’s day and age?
I’ll take veteran as a compliment! I think that compliance is part of the story, but it is not enough. Compliance denotes simply making sure an institution is complying with regulations. I’d rather talk about financial crime risk assessment and management. That’s what institutions need to live and breathe. After all, “risk,” per se, is not a bad thing; it’s the management of that risk that truly matters. Once you have measured your financial crime risk then you can think about how you are going to manage it. This is a very strong value-add from Sigma.
4. Having worked in all aspects of compliance, what changes or trends stand out in today’s environment?
Technology, technology and technology. It brings down costs, standardizes procedures, reduces the potential for human tampering and should allow for the real exceptions to be thought through properly. Machine learning, for example, can help firms draw connections across terabytes of internal data in ways that would not have been possible even a few years ago. This helps firms spot patterns and move beyond static alert scenarios. Algorithms such as those that Sigma has developed can help firms see across public data and markets at an entity and/or country level cost-effectively and in totally new ways.
5. How have governments, companies, and individual investors’ perception about compliance evolved in the last few decades?
In some cases, they haven’t changed nearly enough. Some people pay lip service only, yet there remains much to do. That being said, there is growing consensus that this is a fight against financial crime, as well as a realization that these are not victimless crimes and that it’s in everyone’s interest to deter, detect and protect against financial crime. I think that people these days increasingly realize the criticality of risk management and of applying thoughtful and commensurate control frameworks.
6. From both the global and emerging markets (EM) perspective, what could banks do better to increase transparency in EMs and, potentially, alleviate issues related to de-risking and the skyrocketing costs of compliance?
As a matter of course, I would strongly encourage the adoption of Sigma’s proposition. EM banks should certainly do more to showcase the efficacy of their risk mitigation controls. As noted earlier, risk is not a bad thing when managed properly. Sigma can help these institutions to differentiate.
On transparency, there is certainly room for improvement. Many people and regimes still hide behind complex structures designed to protect anonymity. In a world of increasing concern regarding ultimate beneficial ownership, anonymity will suffer from demand for greater visibility. EM banks must be prepared for this eventuality.
Compliance is a (human) resource-intensive endeavor. Technology will be essential to reducing costs.
7. Are we on the cusp of a new era of standardization and bench-marking for non-credit risk?
I hope so. The more that institutions manage financial crime risk in the way that they manage credit risk, the more likely it is that institutions and regulators will realize that a lot of the information-gathering and risk assessment can be offloaded in a cost-effective manner to a third party, like Sigma Ratings. The offloading of the standardized part allows institutions to concentrate their resources on deep dive and thematic financial crime issues. And yes, the bench-marking availability is as important as the utility aspect as it allows for comparison across markets.
8. If Sigma Ratings existed when you were head of Financial Institution EDD, how would you have thought about using it?
I would certainly have recommended using Sigma during my time with HSBC. Although there were many client groups that HSBC banked, there were literally thousands of legal entity banks that had US Dollar and other denomination accounts with HSBC. It would have been much more cost effective for Sigma to have performed the EDD on these banks, excluding the account analysis piece, leaving HSBC to target more of its “compliance dollars” on the most critical issues. In addition to this, by using Sigma’s standardized assessment methodology, the bank would have had the ability to better assess the relative financial crime risk of banks in each country, and possibly even country by country.