Risk Management in the Financial Services Industry in Argentina and the Changes Being Adopted

Introduction

Significant anti-corruption laws have been enacted in Latin America in the past decade, as well as country-specific anti-corruption compliance guidelines. This chapter does not intend to cover all the implications related to risk management in the financial services industry in Argentina, let alone Latin America. Instead, we briefly address the current status in Argentina, as well as the particularities that a risk-based approach to anti-bribery and corruption (ABC) programmes should consider in implementing an adequate integrity programme for financial services providers (FSPs).

A matter of self-perception and the adequacy of any ABC programme

Comparing anti-money laundering and ABC programmes: ­FSP point of view

The financial services industry has often been in the eye of the storm as regards matters relating to money laundering or the failure to prevent it. Several cases (many of them of massive proportion) have populated the mainstream news and legal forums during the past decade.

Because of that, regulations forced the industry to allocate large amounts of resources to create and maintain anti-money laundering (AML) departments, policies and procedures.

After many years, FSPs have become used to this new paradigm for doing business. Over time, they have made it an essential part of their day-to-day operations and have strongly embraced the many benefits of a robust AML programme. The strong enforcements made both locally and internationally have made Argentine institutions realise the severity of the new regulations and act accordingly.

In Argentina (and probably in many other places), that is not currently the case for ABC programmes in FSPs. While FSPs have addressed AML for many years, the same cannot be argued with reference to ABC programmes. Argentine financial institutions have not yet allocated to ABC programmes the same kind and amount of resources as they have with AML initiatives.

Local subsidiaries of foreign institutions may be in a better position. The reason for that is the extraterritorial application of foreign anti-bribery laws (the most relevant being the US Foreign Corrupt Practices Act (FCPA)). In that sense, the FCPA provisions apply broadly to three categories of persons and entities: (1) ‘issuers’ and their officers, directors, employees, agents and shareholders; (2) ‘domestic concerns’ and their officers, directors, employees, agents’ and shareholders; and (3) certain persons and entities, other than issuers and domestic concerns, acting while in the territory of the United States.^[2] Moreover, Argentina has been at the centre of many bribery investigations and settlements based on the FCPA, including Siemens Aktiengesellschaft, Olympus Latin America, Inc, Helmerich & Payne Inc, Ralph Lauren Corporation, Stryker Corporation, Zimmer Biomet Holdings Inc, IBM, Bridgestone Corporation and Ball Corporation, to name just a few.^[3] To this day, it remains one of the top-12 countries for conducting underlying FCPA enforcement actions, with 14 enforcement actions^[4] (i.e., proceedings brought by the US Securities and Exchange Commission (SEC), the US Department of Justice (DOJ) or both against individuals or entities based on violations of the FCPA or FCPA-related misconduct).

There is a simple explanation for it: Argentina enacted its major AML legislation in 2000 (although its enforcement came many years after that) but the Corporate Criminal Liability Act for corruption-related offences^[5] was only passed in late 2017. Hence for a large period, there was no local legal incentive for companies to develop robust anti-corruption control environments.

Although many financial institutions already had some kind of ABC programme before the enactment of the Act (mostly just a general code of conduct or similar and, in many cases, inherited from their holding companies), those were not (or, in some cases, are not) as well developed as the AML programmes. At the very least, they lack the same allocation of resources as the AML programmes.

In parallel with increased attention to ABC, AML efforts continue to increase substantially. This is not only because of the increase of formal banking transactions caused by the global covid-19 crisis (the majority of which are made by electronic means), but also because of new challenges that the near future requires. The most important one currently is the transactions regarding cryptocurrencies. Although the Argentine AML’s authority has warned about the relevant challenges when dealing with this kind of assets (warning about the risks involved and requiring a strengthened review of these transactions), no comprehensive regulations have been yet enacted.^[6] In the same sense, the Argentina AML authority has not broadened the definition of ‘reporting entities’ to expressly include trading platforms. FSPs have enriched their treatment to deal with this (rather) recent new form of transactions, but the lack of clear regulations (at least, in Argentina) has prevented the full management of this risk.

The FSPs’ self-perception

Other than the aforementioned legislative reason, an interesting phenomenon we have experienced in the case of financial institutions is that although their self-perception of risk with regard to AML issues is rather high, their self-perception with regard to ABC risks is rather low.

At least in appearance, they seem to have justifiable reasons for that:

• They are highly sophisticated companies, with a great deal of internal controls. Although those controls are not necessarily to address ABC issues, they generally have the effect of preventing any off-the-record outcome of funds or valuables; in a way, their main business is being accountable for the funds they manage.
• Although they are heavily regulated by the relevant supervisory authority (Central Bank, Securities Authority, etc.), the technical and professional nature (as opposed to political) of these regulators makes any type of corrupt behaviour unlikely.
• Generally, their core business is not related to the state as a client. They are not public-work contractors, customs brokers or any other company whose core business is based on their relationship with government. Therefore, their self-perception is that any non-regulatory contact with government officials is rather limited. While middle management’s contacts are regular, they are mostly technical in nature, and although contact of a political nature may exist, this typically involves high-level management. Therefore, the chances of occurrence of any act of bribery are lower.

Is this self-perception accurate? We believe not. Although the reasons listed above may help to reduce any ABC risk, this reduction is far from material.

In that sense, recently, major fines or settlements have involved large banks and other companies from the financial industry:

• Barclays, based in the United Kingdom, agreed to pay US$6.3 million to settle violations of the FCPA’s internal accounting controls and record-keeping provisions in connection with its hiring practices in Asia (27 September 2019);^[7]
• Deutsche Bank AG agreed to pay more than US$16 million to resolve violations of the FCPA’s internal accounting controls and record-keeping provisions in connection with its hiring practices (22 August 2019);^[8]
• Goldman Sachs Group Inc agreed to pay, as part of coordinated resolutions, more than US$2.9 billion, which included more than US$1 billion to settle the SEC’s charges for violating FCPA’s anti-bribery, books and records, and internal accounting controls provisions in connection with the 1Malaysia Development Berhad (1MDB) bribe scheme (22 October 2020); also, in December 2019, former Goldman Sachs Group Inc executive Tim Leissner had agreed to a settlement with the SEC that included a permanent bar from the securities industry, for engaging in the 1MDB bribery scheme to secure contracts for Goldman Sachs;^[9]
• World Acceptance Corp (WAC), a South Carolina-based consumer loan company, accepted to pay US$21.7 million to resolve charges that it violated FCPA anti-bribery, books and records, and internal accounting controls provisions, arising out of a bribery scheme orchestrated by its former Mexican subsidiary (6 August 2020);^[10]
• Asante Berko, a former executive of a foreign-based subsidiary of a US bank holding company, was charged by the SEC with orchestrating a bribery scheme to help a client to win a government contract to build and operate an electrical power plant, in violation of the FCPA; according to the SEC, the firm’s compliance personnel took appropriate steps to prevent the firm from participating in the transaction and is not being charged (13 April 2020);^[11]
• Deutsche Bank AG agreed to pay more than US$43 million in disgorgement and PJI (prejudgment interest) to settle charges that it violated the books and records and internal accounting controls provisions of the FCPA in connection with improper payments to intermediaries in China, the UAE, Italy and Saudi Arabia (8 January 21);^[12] and
• Credit Suisse Group AG agreed to pay nearly US$475 million to US and UK authorities, including nearly US$100 million to the SEC, for fraudulently misleading investors and violating the FCPA in a scheme involving two bond offerings and a syndicated loan that raised funds on behalf of state-owned entities in Mozambique.^[13]

Although it is true that the core business of financial entities is not strictly based on their relationship with state authorities as other high-risk companies, they also do regular state business in a country like Argentina:^[14] they expand territorially, for which they need to get permits to open new branches; they deal with judges (both judicial and administrative) to solve any disputes with their clients, partners or the state; they make corporate gifts to reinforce their client relationships; they organise marketing events, for which they need the relevant permits; and, most importantly, they do have business with the national government, provinces, municipalities, other state bodies or state-owned companies (e.g., payroll services for state-owned companies or state agencies, and public-debt services as arrangers, underwriters) but simply treat them as any other corporate counterparty.

Whether higher or lower, FSPs (as any other company) are subject to substantial ABC risks. All aspects of an organisation (internal policies, culture, inter­actions, etc.) need to be taken into consideration to ensure that an ABC programme is adequate under the Corporate Criminal Liability Act, and other applicable laws and rules in the matter. Furthermore, FSPs’ compliance progammes must be ‘adequate’, as required under the Corporate Criminal Liability Act (i.e., the same requirement levels as any other company). A more detailed explanation of the requirements for adequate compliance programmes is given in the section headed ‘The integrity programme adequacy’.

Corporate Criminal Liability Act and Anti-Corruption Office Guidelines

Long overdue

The introduction of the Corporate Criminal Liability Act has meant, among other things, the fulfilment of the long overdue obligation to make legal persons liable for bribery-related acts that Argentina assumed when signing the Organisation for Economic Co-operation and Development (OECD) Anti-Bribery Convention. The lack of implementation of corporate liability for these types of crimes had been considered in several reports by the OECD Working Group on Bribery in International Business Transactions, the last of which was the 2017 Phase 3 bis evaluation report. Its fulfilment has been a clear sign of the renewed interest Argentina has in carrying out its obligations, clearing its way towards becoming a full member of the OECD^[15] and adapting its legal system to the international standards in the fight against corruption.

Main purpose

In a very brief summary, the Corporate Criminal Liability Act has made companies liable for the criminal consequences of certain bribery-related crimes committed by individuals on behalf of the company or for its benefit or interest.

In addition (and probably as important), the Act defines the concept of an integrity programme as the set of actions, mechanisms and internal procedures promoting integrity, supervision and control, oriented to prevent, detect and correct irregularities and criminal acts listed in the Act.^[16] Although the law does not require companies to implement an integrity programme, it is highly advisable to do so, not least because it could be used as a defence in a criminal investigation. Furthermore, they are mandatory if the company does business with the national government.

Besides, in respect of FSPs, implementing effective compliance programmes became imperative after Argentina’s landmark case in anti-corruption enforcement, the Notebooks scandal.^[17] Made public in 2018, the case revealed a massive corruption plan that had taken place between 2005 and 2015 involving public officials and the private sector. Some of the people under investigation were, in fact, directors within the financial departments at the time the facts were under scrutiny,^[18] who had close connections with the national government. Moreover, the scandal affected the value of several companies’ shares (including some in the banking system).^[19]

Argentine legislation’s ‘long arm’ and international cooperation

Although the Corporate Criminal Liability Act was conceived from a local point of view, following the ‘long arm’ doctrine set forth in foreign legislation, it has also included provisions to extend the Argentine criminal courts’ reach beyond the national borders.

The Act has amended Article 1 of the Argentine Criminal Code to broaden the Code’s territorial scope. Consequently, and in addition to covering (1) crimes committed or with effects in Argentina and (2) those committed abroad by Argentine officials in favour of their functions, the Act has included a new case. For the purposes of the newly included crime provided in Article 258 bis of the Criminal Code (namely, bribery of a foreign official), the Argentine Criminal Code shall also be applicable for actions committed by individuals or entities domiciled in Argentina, even if the action is committed abroad.^[20] For these purposes, the Criminal Code broadly defines foreign officials as ‘any person from another state, or any territorial entity recognised by Argentina, designated or elected to comply a public function, at any level or governmental territorial division, or in any kind of organism, agency or public company in which such state has direct or indirect influence’.^[21]

Furthermore, Argentina is a member of several multilateral, regional and bilateral treaties that facilitate cooperation with other jurisdictions. Many of them specifically target corruption crimes.^[22] Moreover, Law 24,767 on International Cooperation in Criminal Matters is applicable when no treaty exists with other countries.

Law 24,767 sets forth the principle of ‘wide and prompt’ cooperation.^[23] This means that if judicial assistance is required by a relevant foreign authority, under the conditions established by this Law, Argentine authorities should cooperate. In this regard, the principle of reciprocity is the main condition for cooperation: in the absence of a treaty that requires cooperation, the assistance of Argentine authorities is subordinated to the existence or offering of reciprocity.

The central authority designated by Argentina for all cooperation treaties regarding criminal matters (and treaties containing norms on criminal matters) is the Ministry of Foreign Affairs and Worship. The only exception is the Treaty of Mutual Legal Assistance in Criminal Matters with the United States, in which the designated authority is the Ministry of Justice and Human Rights.

Some agreements concern specific cases. For example, in 2019, a prosecutor signed an agreement with Brazil’s Public Ministry to access evidence collected in that country concerning the payment of bribes by Odebrecht to Argentine public officials in Operation Car Wash.^[24]

There are several government authorities, such as the Federal Revenue Agency and the Financial Information Unit, that are part of international networks of cooperation.^[25]

The integrity programme adequacy

For any integrity programme to be effective, it must be adequate for the relevant company. This adequacy standard dictates that the content of the integrity programme shall have a direct relationship with the risks of the activity in which the company engages, its dimension and its economic capacity.

Following the enactment of the Corporate Criminal Liability Act, Decree 277/2018^[26] entrusted Argentina’s Anti-corruption Office to establish guidelines to help legal entities comply with the provisions of Sections 22 and 23 of Law 27,401.^[27] Consequently, the Anti-corruption Office approved the Guidelines on Integrity Programmes through Resolution 27/2018^[28] (the Guidelines).

These Guidelines aim to ‘provide technical guidance for companies, civil society organisations, other legal entities, state agencies, members of the judicial system and the professional community’. In this sense, ‘they must be understood as complementary to the various and rich specialised literature on compliance, available in Argentine and foreign sources’.

Furthermore, the document points out that even if it provides suggestions to design and implement integrity programmes, they must be necessarily tailored to each legal entity’s risks, needs and characteristics, and adapted to the context in which they operate and to their associated risks. For these reasons, the Guidelines highlight that carrying out a risk assessment prior to the design and implementation of the programme is a key step and goes into it in depth.

As mentioned above, the adequacy rule applies to all companies, including FSPs. Any particular risk (or lack thereof) to the relevant FSP should be initially and regularly assessed, balanced, and reflected in the integrity programme, as is the case for any other type of company.

In addition, when designing compliance programmes, FSPs should comply with other federal laws that also aim to tackle corruption. For instance, on 15 May 2019, the Argentine National Congress enacted a law that allows companies to make financial contributions to political campaigns, within certain limits. Law No. 27,504 establishes that, if made in cash, donations should be made via the banking system so that the donor can be identified, and the contribution traced reliably.^[29] This requirement gives banks a more relevant role regarding transparency in political funding.

We move on to the several elements that both the Corporate Criminal Liability Act and the Guidelines mandate or recommend should be included in any integrity programme.^[30]

The Act provides that (1) the ethical code, policies, and procedures of integrity, (2) the rules of integrity in public tender processes and other interactions with the public sector, and (3) training and awareness should be mandatory, while other elements are only advisable.^[31] Nonetheless, our belief is that all the elements listed in the Act should be included (or at least addressed) to guarantee the adequacy of the integrity programme.

As both the Act and Guidelines follow the generally accepted international standards in the subject matter, it is not necessary to provide a full description of each of them. Instead, we describe the specific particularities applicable to FSPs for the relevant elements of an integrity programme, as our experience on the matter has taught us. We address only those where particular considerations should be made.

Although we do not comment on them, the following elements are also mentioned in law as advisable elements of an integrity programme: internal whistle-blower systems; protection of whistle-blowers from retaliation; due diligence in mergers and acquisitions and other corporate transformations; and periodic monitoring and assessment of the adequacy of an integrity programme.^[32]

The elements of a successful integrity programme

Ethical code, policies, and procedures

These are essential parts of an integrity programme because they summarise the FSP’s general policies. These documents should clearly contain values, ethical patterns, prohibitions, and sanctions and be reader-friendly.^[33]

As any element of an integrity programme, an ethical code should reflect the proper risks of the activity in which the company engages (financial, in this case), its dimension and its economic capacity.

FSPs’ integrity programmes should be respectful of the specific activity to be carried out by the FSP, whether it is a bank, a credit card company, an underwriter, or a broker-dealer. It is quite a common practice for the specific companies within a financial group to adopt the group’s ethical code (as well as other elements of the group’s integrity programmes).

Although this practice provides for the coherency of a group’s ABC programme, one should avoid using an ethics code that is specific to one company as it is likely to be inadequate for another (a bank and a credit card company are not the same, even if they belong to the same group). Furthermore, an ethics code may not be sufficiently broad to be applicable to all companies in the group, given that it will lose effectiveness. If the latter approach is chosen, a complementary ethics code should be adopted in each company.

A similar situation may arise when trying to adapt the ABC programme of a foreign holding company to a local FSP. The reality of a foreign FSP (and risks) will never be the same as a local FSP – from something as simple as the exchange rate (e.g., a US$50 limit per permissible gift may not be much in Zurich but it will be an opulent gift in Argentina) to something as complex as the ability to terminate an employee agreement because of an ABC matter.

Wrongful adaptations may not only make an integrity programme ineffective but may also prevent the financial activity of the company, as it may turn out to be an obstacle (without technical justification).

The foregoing should not be interpreted as a rejection of the derivative work that is based on foreign ABC legislation, the most relevant being the FCPA. Argentine firms, lawmakers and attorneys have not only studied and used foreign legislation for technical purposes, but the potential consequences from foreign authorities are also borne in mind at the time of designing and implementing integrity programmes.

Integrity in public tenders

Integrity in public tender process and other interactions with the public sector relate to specific rules and procedures to prevent corruption during bids, tenders, entering into contracts with the government and any other interaction with the public sector. No other element of an integrity programme is more often neglected in the financial industry. There is a general self-perception that an FSP’s business (particularly in the case of banks) does not involve interaction with the public sector. State clients are generally not perceived as such, particularly in Argentina.

This phenomenon usually (but not only) appears in three lines of business: (1) credit agreements with state-owned companies; (2) payroll services for the benefit of state agencies and state-owned companies; and (3) perhaps the most neglected of all, issuance of public debt bonds (mostly sub-sovereign debt).

These lines of business are usually simply regarded as corporate banking (particularly the first two); in fact, they belong to the general corporate banking department. Although general compliance rules and controls are usually applied (typically addressed to prevent private corruption), no particular rules for dealing with state-owned or state agencies are in place. It is quite common for banks to simply trust in the word of the state-owned company or agency in the sense that no particular procedure or tender is necessary.

But, perhaps, the riskiest line of business may be found when dealing with public debt bonds, whatever the capacity of the bank (lender, underwriter, arranger, etc.). Bank officials usually deal in informal terms and off-the-record meetings within a fast-paced environment. No public tender rules are usually complied with, regardless of how substantial the involved fees may be. Furthermore, these issuances are generally highly controversial (given their political nature) and often subject to very strict public and media scrutiny. They are therefore very risky from a reputational point of view. In that sense, because of the renegotiation of the sovereign public debt in the context of the Argentine crisis between 1998 and 2002 (known as Megacanje, in which a substantial part of the payment of the sovereign public debt was delayed in consideration of higher interest rates), many high-ranking public officials were indicted, including the then Minister of Economy and president. Furthermore, many high-ranking officers at both domestic and foreign banks were also implicated in the criminal case.^[34]

The often used term ‘it is what it is’ would not hold in a court of law or public opinion.

Because of the foregoing, very close attention should be given to these interactions. However fast-paced they might be, a record should be made of every meeting and other interactions. Furthermore, all informal communications should be avoided (e.g., use of private messaging systems, such as WhatsApp). There is a tendency to believe that these types of communications should not be regarded as ‘official business’, a belief that should clearly be eradicated.

Training of directors, administrators and employees

The training of directors, administrators and employees is essential to create a culture of integrity. Members of the FSP and third parties should be prioritised according to risks, and training should be adapted to their needs, characteristics, and the company’s operational capacity, among other things.

In the case of FSPs, particular attention should be given to the different natures of AML and ABC measures. They may look the same but (needless to say) they are quite different. It is all too common when assessing an FSP’s compliance programme for even senior officers to fail to see the need for ABC training, arguing that they have already been trained in AML matters.

It is also interesting to note that, all too often, the main (or sole) training given on ABC issues is focused principally on foreign legislation (the FCPA, UK Bribery Act, etc.). In some cases, that training is provided by foreign law firms.

Regardless of the immense value of this type of training (mostly for those FSPs that may have liability in respect of that legislation), it is of the utmost importance to provide training specifically adapted and construed to the local reality, including to provide an adequate defence. Moreover, with the enactment of the Corporate Criminal Liability Act and the Guidelines, any training should be primarily focused on local legislation and circumstances.

Finally, an important consideration is the general dispersion of an FSP’s business in contrast with its management. Branches and offices are located through vast territories, but decision-making processes are often centralised. It is of the utmost importance that employees’ and officers’ training includes these distant branches and offices. A simple bribe made to a local police officer to keep a small distant branch under surveillance may have disastrous implications for the entire organisation.

Third-party due diligence

There is no need to highlight the importance of third-party due diligence to evidence the integrity and trajectory of third parties, business associates and intermediaries prior to contacting them or during the business relationship. In particular, consideration should be given to the broad liability that the Corporate Criminal Liability Act attributes for acts carried out in the name, interest or benefit of an undertaking.^[35]

In the case of FSPs, the importance of this issue is no different, especially given the fact that FSPs are sometimes prevented by the applicable regulations from engaging in activities not related to their core financial activity.^[36]

Periodic risk assessment

An adequate programme should be adjusted to the company’s risks, dimension, and economic capacity. Thus, according to the Guidelines, a periodic risk assessment is essential to ensure the adequacy of the programme.

It is particularly true in the case of fintechs, but no less true for general FSPs, that financial business is always evolving. New technologies and, consequently, more regulations are created each day. As an FSP’s business evolves and its internal organisation changes, a periodic risk assessment becomes more and more necessary.

Tone from the top

The commitment of top management to the programme should be ‘visible and unequivocal’, as the Corporate Criminal Liability Act and the Guidelines provide.

As has been mentioned, FSPs are highly regulated activities. Although the technical aspects of the regulations are usually carried out by mid-level officers, high-level officers (particularly those at large banks) are usually in direct contact with high-level public officers (e.g., the head of the Central Bank and the Secretary of Finance). It is quite usual to have both a consultancy and a lobbying activity, typically with other major banks.

Although it is difficult to refrain from these types of interactions (which, in general, are compliant with the law), the high profile of the people involved creates a major risk. Therefore, clear, written records of any interaction should be kept; if this is not possible, the interaction should be avoided.

In clear relation to the above notion, the Corporate Criminal Liability Act takes this aspect into consideration and provides the ranking of the officer or employee involved in the bribery action to graduate the entity’s criminal sanction.^[37]

Internal investigations

According to the Guidelines, it is essential to have an investigation protocol approved by the governing body to detect and mitigate risks, and to justify sanctions for violations.

In the case of FSPs, there is one investigative particularity that should be taken into consideration: an FSP (particularly a bank) has the ability to easily access a very important (and private) part of an employee’s life, namely a bank account (employees are often clients of the bank in which they work).

Although hard to believe, we have found that many employees in charge of internal investigations were not aware of the many serious implications of accessing these records for such a purpose. Not only may they be severely punished by privacy and bank secrecy laws, but also any product of the investigation would be deemed useless in a judicial or administrative case.

Internal officer

For large companies, the Guidelines suggest having an individual or even a team specifically for the function of developing and monitoring the programme. In smaller companies, this function can be assumed by a member of the company that has other duties.

In the case of FSPs, a very common query is whether the compliance officer’s role may be taken by the AML officer. Although the particular circumstances of the FSP should be taken into consideration, we believe that it is not advisable to concentrate both these activities in just one person (regardless of the subordinates the individual may have). Although we are of the opinion that both functions may be under the same direction, there should be a specific manager for ABC issues and another for AML issues. That does not mean that both departments would not be able to share common efforts, within the limits and confidentiality requirements provided by AML regulations. In fact, it is highly advisable that they do. In that sense, many of the databases and investigations resources used for AML tasks may be used in ABC efforts.

Compliance with relevant regulatory requirements

In a highly regulated activity such as finance, it is quite common that, in addition to specific ABC and AML regulators, activity-specific regulators often have their own set of AML or ABC guidelines, rules and procedures.

It is important that an FSP’s internal organisation allows the involvement of the compliance department in any interaction with the regulator that may involve any kind of AML or ABC issue, even if carried out by a completely unrelated department.

Risk management systems

It is important to highlight how ISO Standard 37001 (on anti-bribery management systems) has affected FSPs.

First, banks willing to comply with ISO 37001 are required to implement specific anti-bribery management systems.

In many countries, some banks seek to obtain ISO 37001 certification. For instance, in 2017, Crédit Agricole Group was the first French bank to obtain this certification.^[38] Banco del Pacífico was the first financial entity to obtain ISO 37001 certification in Ecuador, in 2019.^[39]

Although there are Argentine companies^[40] and state bodies^[41] certified under the rules, as at January 2022, no Argentine bank has obtained ISO 37001 certification.

Challenges that the global pandemic has triggered

We are living in unprecedented times. The global pandemic caused by covid-19 has deeply changed the world in ways not imagined at the beginning of the year. As with many other aspects of life, risk management has also changed dramatically, particularly with regard to FSPs.

Among other consequences arising out of social distancing measures, the most relevant one from a risk management perspective has been the significant and exponential increase in banking and financial transactions made through electronic means. Although this is true around the globe, in Latin America (where informal and off-the-book transactions still exists in considerable proportion), the rise of e-commerce and exponential growth of certain fintech providers allowed large portions of low-income sectors to be incorporated in the formal banking system.

Even if both the development of electronic transactions and e-commerce and the inclusion of low-income sectors has occurred during recent years, the global pandemic has certainly forced or, at the very least, sped up the process substantially.^[42]

This increase in electronic financial transactions has mainly brought to light two challenges (which already existed before), both affecting the traditional banking system as well as non-banking financial providers (including fintech).

From a cybersecurity standpoint, the increase in the quantity and amounts of transactions has exposed them (more than ever) to more and more attacks (just as an example, Banco de México directed that throughout April and November 2020, five financial entities reported cyber attacks).^[43] Locally, in 2021 alone, many public agencies such as the Civil Registry and the Public Attorney’s Office have experienced data breaches as a consequence of cyber attacks.^[44] As a consequence, the relevance of IT security has increased substantially. In a recent survey, it was reported than 96 per cent of respondents said that they would modify their cybersecurity strategy during 2021.^[45]

From an AML perspective, the onboarding of a new universe of clients and the need for providing a quick screening creates a trade-off with the speed of the detection measures, which may result in a less-than-ideal screening process in the context of a rapid growth expansion. With regard to non-banking providers, they are only partially and indirectly subject to regulations addressed to the financial-banking system, the insurance market, the securities market or the credit card market; however, there is a not a comprehensive regulation that encompasses all of the fintech activity undertaken in Argentina (which continues to increase in scope and kind of services).

Moreover, although FSPs responded to these new challenges in an effective and efficient way, most of them are also battling the lack of economic means to do so, which is a consequence of the general economic crisis (most relevant in Latin America) caused by the mandatory lockdown measures related to covid-19 and its effect on the economy.

Conclusion

Argentina has taken its first steps towards the implementation of adequate ABC laws and regulations. The Argentine financial industry has also done so. Although it is difficult to assess any progress at this early stage, key decision-makers are increasingly showing an interest in allocating resources to comprehensive integrity programmes. This investment is not only a matter of funds. High-level officers are increasingly willing to go the extra mile with ABC efforts and considerations.

Any efforts towards strengthening ABC measures is more than justified. Throughout Argentina’s recent political and economic history, financial entities (particularly those of foreign capitals) have been the target of investigations, accusations and criminal procedures, especially in respect of their role in sovereign debt. Whether those (mostly politically based) accusations are justified or not, financial entities need to be especially careful, not only because of the recent political history, but also because of the evolution of both foreign and domestic legislation on the matter.

Following the covid-19 crisis, FSPs face new challenges regarding cyber­security and new non-traditional currencies and means of operation (e.g., bitcoin and other cryptocurrencies) that, although present before lockdowns, have never before been the focus of the management of risks as they are now. These new challenges are met within a general economic context where the efficient use of resources would also be a challenge itself.

Footnotes