North American Regulatory Outlook 2021-2024: the Road Ahead for Financial Regulatory Reform North American Regulatory Outlook 2021-2024

Whitepaper

North American Regulatory Outlook 2021-2024: The Road Ahead for Financial Regulatory Reform North American Regulatory Outlook 2021-2024

Contents

Contents...... 2

Executive Summary...... 3

Introduction...... 4

AML in Focus: Examining Program Effectiveness Reform...... 5

The Patchwork Paradox: What’s Next for Data Privacy Regulation...... 9

Sustainable Finance Outlook: Addressing Climate-Related Risk...... 13

The Road Ahead...... 17

References...... 19

Report Contributors...... 21

Glossary...... 23

About Fenergo...... 25

Executive Summary

Optimizing regulatory change management is an ongoing challenge for financial institutions, particularly as firms recover from the effects of the global pandemic. In the wake of the FinCEN Files, regulators in NorthAmerica are increasingly focused on Anti-Money Laundering (AML) reform and implementing a more holistic, risk-based approach to combat financial crime. Data privacy is also growing in importance with proposed privacy bills in 26 states while Environmental, Social and Corporate Governance (ESG) and sustainable finance is also proving to be hugely topical amongst US regulators and supervisors.

In this report, we will examine the key regulatory milestones and future developments that financial institutions in the US and Canada can expect over the next three years, from an AML, data privacy and sustainable finance perspective.

Helpful Notes

A glossary of terms and acronyms has been included as an appendix, which may be of assistance when reading the report.

Introduction

It is fair to say that 2020 delivered the biggest shock to the financial services industry since the financial crash. With entire firms working Meet the Experts remotely due to the COVID-19 pandemic, many financial institutions grappled with the operational, financial, risk and regulatory compliance implications. Indeed, the pandemic laid bare many legacy technology and process deficiencies, as well as the need to improve compliance systems at scale.

As widespread vaccination continues to roll-out and the world bounces back from COVID-19, the pace of regulatory change is accelerating across all regions. Regulators continue to refine existing regulations implemented in the wake of the financial crisis and are now focusing their attention on new policy areas such as climate risk and digital Edel Brophy, operational resilience. Global Director of Tax & Regulatory Compliance Recent enforcement actions also send a clear message that regulators are demanding higher levels of accountability from boards of directors and senior management for the laws and regulations that are currently in place.

In the US, AML reform is top of the regulatory agenda following the publication of the FinCEN Files, with the new Anti-Money Laundering (AML) Act set to radically reshape the Bank Secrecy Act (BSA) and AML/CTF (Anti-Money Laundering and Counter Terrorist Financing) landscape. Ned Kulakowski, Meanwhile, in Europe and the Middle East, AML and data privacy Senior Financial Crime Consultant reform, along with sustainable finance, are critical areas of regulatory focus, with a number of new initiatives in play. Similarly in the APAC region, data protection and governance are under increasing scrutiny, with both China and India set to implement far-reaching legislation that will impact over 2.7 billion consumers.

In this regional report, our team of regulatory experts will focus on three key areas where important regulatory changes are emerging or set to accelerate over the next three years in the US and Canada.

They will also offer best practice guidance on how financial institutions can strengthen their compliance processes and procedures to prepare James Dooley, for the new regulations and guidance ahead. Privacy & Risk Analyst

We hope that you find this report useful and informative, as you continue to navigate the ever-evolving regulatory landscape.

If you have any questions on the three-year roadmap for US regulations, please email us at [email protected] or visit www.fenergo.com for more information.

AML in Focus: Examining Program Effectiveness Reform

Ned Kulakowski,

Senior Financial Crime Consultant

The BSA and AML/CTF regulatory landscape in the US is set to change dramatically over the next year with the introduction of the new Anti-Money Laundering Act of 2020 (Act).

It is important to note that this is part of a larger picture of AML reform across the globe, ushered in by the impact of Financial Action Task Force (FATF) assessment activity, increasing regulatory enforcement and events such as the publication of the Financial Crimes Enforcement Network (FinCEN) Files.

In 2020, US regulators issued $4.4 billion in AML fines. They were noticeably more heavy-handed in penalizing domestic banks than in previous years, fining US-based financial institutions and individuals $3.2 billion compared to the $1.2 billion levied on foreign banks.

1 AML Act 2020 Implementation In the US, there is a growing consensus among Furthermore, the Act requires millions of business legislators, regulators, law enforcement and those entities to reveal their owners to the federal government within the industry that current industry practices and in the form of the Corporate Transparency Act (CTA). requirements are inefficient and do not optimally serve This is intended to close a gap in the current regulatory the original purpose of the BSA, which was to assist law regime, whereby individuals can form corporations and enforcement to help deter and combat financial crime. shell companies to obscure sources of wealth. It also mandates the creation of a government-maintained registry of beneficial owners of certain entities formed or The new legislation lays the foundations for a more registered to do business in the US. Although the logistics holistic, risk-based approach to combat financial crime. of this database are currently uncertain, it appears that It actively encourages technological innovation and the law enforcement bodies and financial institutions will be adoption of new technology by financial institutions (FIs) able to use and access this information. to more effectively counter money laundering and the financing of terrorism. FinCEN is obliged to promulgate these regulations by December 26th, 2021. Once the AML Act regulations are The Act also requires FinCEN to establish national put into effect, there will be a revision of the 2016 Client Strategic AML Priorities for FIs to incorporate into their Due Diligence (CDD) requirements for FIs in 2022, which AML programs. It further requires these priorities to may introduce significant change for onboarding teams. be incorporated by regulators and examiners into their BSA innovation officers are also set to be appointed for rules, guidance, and examinations. Another significant various regulators. legislative change is greatly enhanced whistleblower awards and protections.

2 Key Developments - 2021-2024

In June 2021, we will also see the key AML and CTF In December 2021, we will also see a report priorities published by various US agencies. This will published on the impact of FinTech on financial crime be interesting because it will provide everyone with compliance, which is intended to drive investment in a general direction of where the federal government smarter compliance and automation. Finally in March is going in terms of future regulatory developments. 2022, Treasury will issue a report for FinCEN on the In the same month, the FinCEN Suspicious Activity anticipated plans, goals, and resources necessary Report (SAR) assessment will be published, which to implement this current set of regulations. This will will deliver insights on SAR filing in the provide a detailed roadmap of what lies ahead over the COVID-19 landscape. next three years.

4 The Canadian Perspective Back in 2016, FATF in its mutual evaluation report (MER) acknowledged Canada for its strong financial crime legislation but noted gaps in high-risk areas, including gatekeepers such as lawyers and non-bank groups. It requested better results for law enforcement investigations.

Since then, the country has overhauled its AML/CTF regime to improve the quality of financial intelligence made available to law enforcement and, thereby, improve efforts by authorities to combat money laundering and terrorist financing.

Spearheaded by leading banks including BMO, HSBC, CIBC, RBC and Scotiabank, these groups have partnered with Canada’s financial intelligence unit to use data and investigator intelligence to understand, report on and take down illicit networks, according to the Association of Certified Financial Crime Specialists.

In June 2021, certain amendments under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the PCMLTFA) will come into force (the Amendments). The Amendments represent the latest development in a series of ongoing changes that have been made to this legislation since 2019. The new guidance sets out Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) expectations under the Amendments for recordkeeping, client identification, beneficial ownership, screening for PEPs, ongoing monitoring, and business relationship requirements.

Best Practice Guidance

In our North American regulatory outlook webinar, 45% of attendees said financial crime prevention was their organization’s No. 1 regulatory challenge.

When preparing for the new AML regulations and guidance, financial institutions should consider the following six actions:

Establish risk-based AML/CTF programs in line with the risk profile of the institution. This will allow the FI to • direct resources towards those areas where higher risk needs to be addressed, while at the same time utilizing technology to tackle and automate areas where more manual processes, and often less risk, are presented.

Keep upper management abreast of all upcoming regulatory changes and encourage the increased use of • technology to address these upcoming challenges.

Communicate new penalty enhancements under the AML Act to your board and senior management so that • they understand the potential financial consequences surrounding this new set of legislation.

Continue to collect valid beneficial ownership data and shore up information on existing customers in • anticipation of the requirements under the Corporate Transparency Act.

Enhance policies and procedures around whistleblowers and Politically Exposed Persons (PEPs) in line • with increased regulatory scrutiny and penalties.

Take note of the increased focus on foreign threats and increased sanctions focus on certain jurisdictions, • including Russia, the Middle East and especially China.

of FIs say financial crime prevention is 45% their No.1 regulatory challenge

What has been music to my ears with the AML Act is the implementation of the risk-based approach and a greater focus on effectiveness rather than a ‘check- “ “ the-box’ and merely compliant culture. Technology is also set to play a big part in streamlining STR and SAR filing processes and alleviating unnecessarily burdensome requirements.

Ned Kulakowski, Senior Financial Crime Consultant

The Patchwork Paradox: What’s Next for Data Privacy Regulation

James Dooley,

Privacy & Risk Analyst

From a data privacy perspective, the situation in the US privacy legislation progress, though what it will contain is changing rapidly. remains a matter of intense debate.

Privacy has been a simmering issue in the United States Recently, a comprehensive privacy bill, the Information recently. With little federal action, thus far, states have Transparency and Personal Data Control Act, was really begun to turn up the heat with their legislative introduced in Congress. This will likely see intensified activity. debate over the coming months. At the moment, attention

is focused at a state level, where bills are further along the To date, 26 states have proposed privacy bills, including legislative process. Alaska, Connecticut, Colorado, New Jersey and Nevada. Two states (Virginia and Nevada) have passed legislation while Colorado is on the verge of passing its consumer- There is huge potential over the coming year for a major data privacy bill. This is not an ideal scenario from an shift in the US data privacy landscape. For the moment, industry compliance perspective – ultimately, we do not the three certainties we have, in terms of overarching want to have 52 laws, each with different obligations for consumer privacy legislation, are in Virginia with the banks and financial institutions to comply with. Virginia Consumer Data Protection Act (VCDPA), in California with the California Privacy Rights Act (CPRA) and finally in Colorado with the Colorado Privacy Act (CPA). There does, however, appear to be significant political will on both sides of the house at a federal level to see All three acts are set to be operative from 2023, specifically January 2023 in Virginia and California and July 2023 in

WA ME MT ND OR MN ID SD WI NY WY MI IA PA NV NE IL OH NH UT IN CO WV MA KS VA CA MO KY VT CT Enacted Legislation NC TN NJ RI AZ OK AR DE MD NM SC Active Legislation MS AL GA DC LA TX Inactive Legislation FL Excluded Legislation

2021 State Privacy Law Tracker (Source: Husch Blackwell)

1 Virginia, California and Colorado – Setting the Tone Colorado. under the act include the transfer of enforcement responsibilities from the Attorney General to the new The CPRA will then be enforced from July 2023. It California Privacy Protection Agency. There will also be new is important to note that the CPRA will apply to data obligations in terms of data minimization, purpose limitation gathered or collected from January 2022. Financial and storage limitation. These are good data governance institutions should bear this in mind when putting their practices that many companies familiar with GDPR will have controls in place to comply with the new requirements. dealt with previously. Data subjects will also have the right to know if automated decision-making is occurring and to opt out. Virginia is the second state in the US to enact a customer

data privacy act. Some of the new rights will follow the One of the more significant aspects of the CPRA is in relation same lines as the General Data Protection Regulation to third parties and service providers. There will be new (GDPR) in the EU and the California Consumer Privacy contract requirements for third parties detailing how privacy Act (CCPA), including the right of a customer to confirm protections should flow down through the data protection whether a company holds data on them and the right to supply chain. opt out of processing in relation to advertising the sale of

data or profiling. In relation to service providers, we will see the sale of

personal data or the sharing of it prohibited in contracts. Two areas of particular interest in the Virginia Act include Retaining or disclosing personal information beyond the the lack of a monetary threshold for businesses like that business purpose within the contract will also be prohibited. found under the CCPA, and the extent of the exemptions Many of the additional requirements that we are seeing in the act. The number of consumers whose personal under the CPRA are similar to Standard Contractual data companies will process will serve as the qualifying Clauses in Europe for transfers between EU controllers threshold for whether the act applies to a business. The and non-EU processors. act will apply to a business that controls or processes

the personal data of at least 100,000 customers within Colorado is the third state to pass a comprehensive a 12-month period or of 25,000 customers where the consumer privacy law. Similar to the California and Virginia company earns 50% of their gross revenue from the laws, the CPA affords Colorado ‘consumers’ certain privacy sale of personal data. rights and imposes duties on the controllers and processors In terms of California, the CPRA will serve as an of those consumers’ personal data. The CPA, similar to the addendum to the CCPA. Some of the largest changes VCPA, has an entity-wide exemption for financial institutions and affiliates regulated under the Gramm-Leach Bliley Act.

2 Canada The Government of Canada proposed Bill C-11 or the There are five key areas within the act: Digital Charter Implementation Act in November 2020 to bring its legislation into line with the EU GDPR. If 1. New data subject rights the act comes into force, it will replace the privacy component of the Personal Information Protection and Electronic Documents Act (PIPEDA) with the 2. Consent and consent exceptions Consumer Privacy Protection Act (CPPA) and the Personal Information and Data Protection Tribunal 3. New de-identification provisions (PIPDT).

4. The Personal Information and Data Protection Tribunal, Under the proposed new legislation, the federal Office litigation, and the private right of action of the Privacy Commissioner will be recognized as a regulator rather than an ombudsman, with the power to recommend fines for up to $25 million or 5 per cent of a 5. New data governance and policies. firm’s gross revenue to a new Personal Information and Data Protection Tribunal.

At present, there is no definitive implementation date planned for this legislation, but the government has said it will hold off implementing the legislation until 18 months after it is passed.

Best Practice Guidance

In our North American regulatory outlook webinar, 21% of attendees said data protection and governance was their organization’s No. 1 regulatory challenge.

When focusing on data privacy, financial institutions should consider the following four actions:

Start with good data governance by resourcing dedicated teams and ensuring you have good data management • systems in place.

Understand data lifecycles regardless of the law. Understand what data you hold, the legal basis, the source • of the data, the assets on which it is held or where it is hosted and what transfers you have in effect, as well as the safeguards in place to protect these transfers.

Implement data protection impact assessments. These will help you identify risks early in the case of new data • processing and mitigate those risks.

Evaluate your third-party service providers and contractors and understand the processing they undertake on • your behalf.

of FIs say data protection is 21% their No.1 regulatory challenge

With data privacy bills put forward in about 26 states, the US is like a pot that has been simmering, and someone’s just suddenly turned it up to the boil. By the end “ “ of 2021, we could see major developments at a state level, potentially at federal level, and be looking at a very different landscape.

James Dooley, Privacy & Risk Analyst

Sustainable Finance Outlook: Addressing Climate-Related Risk

Edel Brophy,

Global Director of Tax & Regulatory Compliance

Around the globe, a third of all professionally managed the implementation of the Sustainable Responsible assets, roughly $30 trillion, are now subject to ESG Disclosures Regulation (SFDR) and the EU Taxonomy. criteria, which represents an increase of more than 30% since 2016. In the UK, the Financial Conduct Authority (FCA) has introduced ‘a new rule and guidance which requires The number of financial institutions voluntarily signing commercial companies with a UK premium listing to up to the Principles for Responsible Investment has include a compliance statement in their annual financial grown exponentially over the last 12 months, with 792 report, stating whether they have made disclosures US Asset Owners, Service Providers and Investment consistent with the recommendations of the Taskforce Managers signing up to the Principles. In doing so, they on Climate-related Financial Disclosures (TCFD) or are committing in their capacity as institutional investors providing an explanation if they have not done so’. that they have a ‘fiduciary responsibility’ with regards to incorporating ESG issues into investment analysis and Meanwhile in China, the China Securities Regulatory decision making. Commission (CSRC), in collaboration with China’s Ministry of Environmental Protection, introduced new In addition to voluntarily signing up to the Principles requirements that mandate all listed companies to for Responsible Investment, many jurisdictions have disclose ESG risks associated with their operations by made significant strides in terms of financial services the end of 2020. regulation within this area - including the EU with

1 Why US Regulators and Financial Institutions are Going Green At present, there is legislation on the horizon in the US, into their governance frameworks, risk management which has yet to be implemented. However, ESG and processes, and business strategies. ESG issues are sustainable finance is proving to be hugely topical amongst also now becoming a front and center area of focus for US regulators and supervisors. the biggest banks in the US. In April 2021, JP Morgan, Wells Fargo, Bank of America and Fifth Third unveiled In March 2021, John Coates, Acting Director, Division measures to enhance their commitment to ESG of Corporation Finance, published a statement that ‘the themes. This included the creation of a specialized Securities Exchange Commission (SEC) should help lead ‘Green Economy’ industry team within JP Morgan, the creation of an effective ESG disclosure system so who have pivoted on serving companies that produce companies can provide investors with information they need enviromentally friendly goods or services or focus on in a cost-effective manner. An effective ESG disclosure environmental conservation. These actions reflect a system does not imply a rigid and soon-to-be outdated set of renewed focus by regulators on climate risk-related limited disclosures.’ regulations and supervisory guidance, as well as rising expectations from clients, investors, and In December 2020, the Federal Reserve Board (FRB) other stakeholders. announced that it had formally joined the Network of Central Banks and Supervisors for Greening the Financial System In fact, sustainable investing has exploded in recent (NGFS), a global research and coordinative body. Together, years in the US. According to a recent biennial these recent actions represent a potentially major shift survey of sustainable investing in the US, the total towards global alignment on climate-related risk supervision. US-domiciled assets under management using sustainable-investing strategies grew 42 percent from Earlier, in September and October 2020, the New York $12 trillion at the start of 2018 to $17.1 trillion at the Department of Financial Services (NYDFS) set forth climate- start of 2020. With the Biden administration re-signing related expectations, addressing the topic in its Climate up to the Paris agreement, this demonstrates a Risk Industry Guidance letters. These letters outlined the massive step forward for the US in joining the ‘green

agency’s expectations for New York–regulated financial global alignment’ on addressing climate change.

institutions about integrating climate-related financial risks According to a recent biennial survey of sustainable investing in the US, the total US-domiciled “ assets under management using sustainable-investing strategies grew 42 percent from $12 “ trillion at the start of 2018 to $17.1 trillion at the start of 2020.

2 International and Regional Developments & Drivers

In terms of international drivers, the cornerstone is the The Institute of International Finance recommendations 2016 Paris Agreement. for international regulators and policymakers to enable a transition to a sustainable low carbon economy is another As of March 2021, 197 states have ratified or acceded key publication. Legislators and financial institutions should to the Agreement. This is the overarching blueprint look to this publication in terms of key principles, such within the UN Framework Convention on Climate as alignment and harmonization in terms of strategy and Change (UNFCCC). consistency, impact and target setting and stakeholder engagement. In addition, the OECD recently issued a In addition, the UN established the United Nations report on developing sustainable finance definitions and Environmental Program (UNEP) Finance Initiative taxonomy to bring a common ruleset and language around (UNEP FI), which is a partnership between the this space. UNEP and the global financial services industry. It was formed in advance of the Earth Summit in Rio The EU is leading the charge regarding the ESG de Janeiro. Its purpose is to ‘mobilize private sector regulatory agenda with the EU Commission adopting a finance for sustainable development’. It has over new sustainable finance strategy, the Sustainable Finance 300 members and over 100 supporting institutions. Action Plan (SFAP), whose main purpose is to incorporate It works to ‘help create a financial sector that serves ESG considerations within its financial policy framework people and planet while delivering positive impacts… launched in March 2018. The overarching objective is to [with the] aim to inspire, inform and enable financial mandate and mobilize finance and the financial services institutions to improve people’s quality of life without industry to support sustainable growth with several key compromising that of future generations. By leveraging initiatives and climate-related objectives. This regional-wide the UN’s role, UNEP FI accelerates sustainable framework places ESG considerations at the heart of the finance.’ financial ecosystem and aims to support the transformation of the European economy into a green, more resilient system. 3 Canada

Canada’s Minister of Environment and Climate Change, project with the Office of the Superintendent of Financial and Minister of Finance jointly appointed the Expert Institutions (OFSI) with a handful of Canadian financial Panel on Sustainable Finance in 2018. The aim of this institutions. The aim is to explore the potential risk was to explore sustainable finance, with the imperative exposure of each participant’s balance sheets based to make recommendations to scale up and align on a set of climate-change scenarios developed by sustainable finance within Canada. the Bank and OFSI. A report will be published at the end of 2021, sharing details on the specific scenarios, The Panel subsequently made a series of methodology, assumptions, and key sensitivities. recommendations in 2019, including the creation of a Sustainable Finance Action Council. In its 2020 In early 2021, six Canadian banks added ESG fall economic statement, the Canadian government components to their CEO’s renumeration and allocated CA$7.3 million dollars for the next three compensation frameworks to drive accountability. It is years to the Sustainable Finance Action Council. The likely that legislation is set to permeate within the federal goal of this council will be to develop a well-functioning and provincial landscape going forward. sustainable finance market and to attract sustainable finance into Canada to enhance climate disclosures and As the government moves towards the goal of net ensure access to sustainability data and climate risks. zero emissions by 2050, it will be important for In addition, the Bank of Canada is heavily investing in Canadian banks and businesses to stay on top of these its work on climate change in 2021. It has launched a developments to remain competitive.

ESG Best Practice Guidance

When focusing on climate risk, financial institutions should consider the following five actions:

Enhance governance to make ESG factors part of the governance structure (e.g., create chief sustainability • officers and incorporate into board-level decision making). • Embed ESG into the enterprise risk management framework globally. • Incorporate ESG impacts when creating new products for customers (e.g., green loans and mortgages). Accelerate disclosure and reporting adoption of the FSB’s Task Force on Climate-related Financial Disclosures • (TCFD) principles, as these principles may become mandatory in the short-to-medium term.

Focus on data, technology, and architecture to address data challenges and enable the internal transformation

• required to support these activities and meet measurement, stress testing and other supervisory expectations. With the Biden administration signing back up to the Paris agreement, this “ demonstrates a massive step forward for the US in joining the ‘green global “ alignment’ on addressing climate change.

Edel Brophy, Global Director of Tax & Regulatory Compliance

The Road Ahead

As we move into the second half of 2021 and look ahead to 2024, it is clear that financial institutions are operating in an uncertain and volatile environment with significant regulatory change on the horizon. In fact, nearly one in five FIs (19%) say compliance remains the biggest risk to their business.

The next three years will usher in significant AML reform across many regions and will include an increasing focus on data privacy regulation and greater global alignment on climate risk.

It is critical for firms to stay abreast of these developments and lay the groundwork for effective regulatory change management with the right combination of skills, quality data and innovative technology. Ensuring compliance with upcoming regulatory requirements “ Nearly one in five FIs (19%) say will certainly be challenging but an acceleration of technology transformation can help firms comply with regulations compliance remains the biggest risk efficiently by automating low-value tasks and to the business. cutting costs. “

At Fenergo, we are committed to developing technology solutions that enable FIs to automate compliance processes and navigate regulatory change management, while ensuring compliance across multiple jurisdictions.

Our dedicated team of regulatory analysts keep a constant eye on the ever-changing regulatory environment, translating these changes into software solutions that keep our clients ahead of the regulatory curve.

Discover more at www.fenergo.com

References

1. Association of Anti-Financial Crime Specialists, ‘Regional Report: Canada has done amazing things to fight crime through public-private partnerships, but still hampered by stringent privacy rules, lack of AML safe harbors’: https://www.acfcs.org/page/5/?orderby

2. Lexology, ‘Canada’s Privacy Overhaul: Deep Dive into the Key Topics of Data Subject Rights, Consent, De-identification, the Tribunal / Litigation and Data Governance’: https://www.lexology.com/library/detail.aspx?g=462ea69c-364b-4e59-b218-663c738de058

3. Deloitte 2021 Banking Regulatory Outlook: https://www2.deloitte.com/us/en/pages/regulatory/articles/banking-regulatory-outlook.html

4. Harvard Business Review, ‘ESG Impact is Hard to Measure – But it’s not Impossible’: https://hbr.org/2021/01/esg-impact-is-hard-to-measure-but-its-not-impossible

5. UN Principles for Responsible Investment, ‘What are the Principles for Responsible Investment?’: https://www.unpri.org/pri/what-are-the-principles-for-responsible-investment

6. Financial Conduct Authority UK, ‘PS20/17: Proposals to enhance climate-related disclosures by listed issuers and clarification of existing disclosure obligations’: https://www.fca.org.uk/publications/policy-statements/ps20-17-proposals-enhance-climate-related-disclosures- listed-issuers-and-clarification-existing

7. US Securities and Exchange Commission, ‘ESG Disclosure – Keeping Pace with Developments Affecting Investors, Public Companies and the Capital Markets’: https://www.sec.gov/news/public-statement/coates-esg-disclosure-keeping-pace-031121

8. Federal Reserve Board, ‘Federal Reserve Board announces it has formally joined the Network of Central Banks and Supervisors for Greening the Financial System, or NGFS, as a member’: https://www.federalreserve.gov/newsevents/pressreleases/bcreg20201215a.htm

9. New York State Department of Financial Services, Industry Guidance – Climate Change: https://www.dfs.ny.gov/industry_guidance/climate_change

10. Banking Exchange, ‘How US Banks are Stepping up their ESG Activities’: https://www.bankingexchange.com/recent-articles/item/8653-how-us-banks-are-stepping-up-their-esg-activities

11. US SIF: The Forum for Sustainable and Responsible Investment, US SIF Trends Report: https://www.ussif.org/trends

12. UN Environment Programme Finance Initiative, ‘From 1992 to 2021: The Evolution of Sustainable Finance: https://www.unepfi.org/news/25th-anniversary/timeline/

13. Dentons, ‘Sustainable Finance in Canada’: https://www.dentons.com/en/insights/articles/2021/april/20/sustainable-finance-in-canada

14. Newswire, ‘Insurance Bureau of Canada Statement following Federal Government’s Creation of the Sustainable Finance Action Council’: https://www.newswire.ca/news-releases/insurance-bureau-of-canada-statement-following-federal-government-s- creation-of-the-sustainable-finance-action-council-810919654.html

15. Duff and Phelps, Global Regulatory Outlook 2021: https://www.duffandphelps.com/insights/publications/compliance-and-regulatory-consulting/global-regulatory- outlook-2021

Report Contributors

Edel Brophy, Global Director of Tax & Regulatory Compliance

Edel joined Fenergo in 2019 to lead its global regulatory team with a specific focus on tax, data protection, OTC reform and investor protection. With over 20 years’ financial services industry experience, Edel has worked within retail and commercial, business banking, wealth management and corporate and investment banking across regulatory, governance, risk, compliance, operations and transformation functions. Edel has specialized in both prudential and conduct risk and has led large regulatory transformation programs. Edel holds an MBA, P.G. Diploma in European Studies, G.Dip Risk Management in Financial Institutions, G.Dip in Ethics and Governance and is a qualified project management (Prince 2) practitioner.

Ned Kulakowski, Senior Financial Crime Consultant

Ned joined the Financial Crime team at Fenergo in 2020 and is based in New York. He has worked in the compliance departments at a number of US financial institutions, specifically in the areas ofAnti-Money Laundering (AML), Counter Terrorist Financing (CTF) and legal and regulatory compliance. He works closely with the Bank Secrecy Act (BSA) and its relation to financial institutions and is adept at performing investigations in the financial crime arena. Specifically, Ned has experience in correspondent banking, retail banking, Customer Due Diligence, Know Your Customer and Know Your Customer’s Customer. He is a qualified attorney and certified Anti-Money Laundering specialist (CAMS). Ned holds a Juris Doctor from Syracuse University.

James Dooley, Privacy & Risk Analyst

James works as part of the Privacy & Risk team at Fenergo and is based out of Dublin. He is an experienced Data Protection Specialist with a demonstrated history of working in the Regtech industry. James is a member of the International Association of Privacy Professionals (IAPP) and currently holds three ANSI-accredited designations; Certified Information Privacy Manager (CIPM), Information Privacy Professional/Europe (CIPP/E) and Information Privacy Professional/Asia (CIPP/A). James holds an LLM in International Business Law, an LLB from Nottingham Trent University and is certified in Data Protection Practice with the Law Society of Ireland. He is also Licentiate of theAssociation of Compliance Officers in Ireland (LCOI) designated with the Association of Compliance Officers Ireland (ACOI)

Glossary

AML - Anti Money Laundering NGFS - Network for Greening the Financial System

BSA - Bank Secrecy Act NYDFS - New York Department of Financial Services

CCPA - California Consumer Privacy Act OECD - Organization for Economic Co-Operation and Development CPPA - Consumer Privacy Protection Act OFSI - Office of the Superintendent of Financial CDD - Client Due Diligence Institutions (Canada)

CEO - Chief Executive Officer PCMLTFA - Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Canada) CPA - Colorado Privacy Act PIPEDA - Personal Information Protection and Electronic CPRA - California Privacy Rights Act Documents Act (Canada)

CSRC - China Securities Regulatory Commission PIPDT - Personal Information and Data Protection Tribunal (Canada) CTA - Corporate Transparency Act SFAP - Sustainable Finance Action Plan (EU) CTF - Counter-Terrorism Financing SFDR - Sustainable Finance Disclosure ESG - Environmental, Social, Corporate Governance Regulation (EU)

STR – Suspicious Transaction Report - Financial Action Task Force FATF

SAR – Suspicious Activity Report - Financial Institutions FIs

TCFD - Taskforce on Climate-Related Financial Disclosures - Financial Crime Enforcement Network FinCEN

UNFCCC - UN Framework Convention on Climate Change - Financial Transactions and Reports Analysis FINTRAC Centre of Canada UNEP - United Nations Environmental Program

FRB - Federal Reserve Board UNEP FI - United Nations Environmental Program

Finance Initiative - General Data Protection Regulation GDPR VCDPA - Virginia Consumer Data Protection Act MER - Mutual Evaluation Report

Fenergo is the leading provider of digital transformation, customer journey and client lifecycle management (CLM) solutions for financial institutions. Its software digitally transforms and streamlines end-to-end CLM processes - from regulatory onboarding, data integration, client and counterparty data management, client lifecycle reviews and remediation, all the way to client offboarding.

Fenergo is recognized for its in-depth financial services and regulatory expertise (from a team of over 30 global regulatory specialists), community-based approach to product development and out-of-the-box rules engine which ensures financial institutions are future-proofed against evolving Know Your Customer (KYC), Anti-Money-Laundering (AML), tax and OTC derivatives-based regulations across 100 jurisdictions. Fenergo recently expanded into new markets including asset and wealth management, private, retail, business and commercial banking and has over 100 global clients.

For more information, email [email protected] or visit www.fenergo.com