The Evolution Of Compliance And How To Future-proof It
Given the swift pace of regulatory change in the financial services sector and the scope of new legislation, the compliance function is expected to satisfy a growing list of demands. Traditionally, compliance officers have been mandated to ensure that all employees across the organization, as well as senior management and the governing body, are in compliance with company policies and codes of conduct, industry best practice, the rules of regulatory bodies
and other laws. Today, business compliance operates on two levels. First, it requires companies to be compliant with external rules imposed upon the organisation as a whole. Second, it means building internal systems of control necessary to achieve compliance with these external rules.
According to the International Compliance Association, in order to achieve these goals, compliance departments must identify the risks that an organisation faces and offer advice on how to overcome them. They must design and implement controls to protect an organisation from those risks. They must monitor and report on the effectiveness of those controls in the management of an organisation’s exposure to risks. They must resolve compliance difficulties as they occur. Finally, they must advise the business on rules and controls.
Now, as risk takes on a broader definition and regulatory pressures intensify, firms need compliance functions with more complex and specialized skill sets. The compliance professionals who will bring their organizations the most value will be those who
have ethical corporate governance expertise, a sound understanding of their firms’ business objectives, and the ability to make strategic decisions about the tools and technology that can take compliance to the next level.
With this in mind, let’s focus on technology, for it is this in particular that is raising questions around the world for its potential impact on jobs. Earlier in 2019, the Monetary Authority of Singapore (MAS) and Institute of Banking and Finance Singapore (IBF) commissioned a study on how both automation and data analytics are likely to transform or augment jobs in the financial sector in Singapore. Of the 121 jobs studied, they found that all would be affected in some way, with individuals having more responsibility for tasks involving judgment and creativity.
Associate Director of ICA David Robson recently chaired a panel at Compliance Week’s European conference on “The Compliance Officer of the Future,” and one of the discussions was the focus on technology – both as an opportunity and as a risk.
The potential for technology to change or even replace some roles within the workplace is a recurring topic of discussion. But artificial intelligence (AI) and robotics are just two developments that have the potential to change our future landscape; other technologies, such as blockchain and virtual currencies, have also been flagged as having the potential for disruption. Whilst it’s easy to focus on the disruptions, it’s worth remembering that there are abundant opportunities opening up too, as evidenced by the power of technology to help combat serious crime, such as human trafficking.
Technology and automation is playing an increasingly critical role within the compliance department as firms look to streamline processes, manage and analyze vast datasets, enhance accuracy and control costs. Today’s compliance officers should have a clear understanding of
these tools – including their potential and limitations – in order to participate more closely in their design, development, procurement and implementation. This involves driving decisions around how new technology solutions operate, which data they utilize, and what outcomes are required. It is advisable not to leave all these choices to the IT department alone, rather have the compliance function and IT to collaborate closely on a detailed risk-based analysis to map out the necessary processes under MiFID II and make IT decisions accordingly. For future reference, keep an audit trail for regulators to review.
While increasing regulation has had an impact on the development of the compliance function, recent high profile enforcement actions have also focused company minds. For example, in 2018, the Office of the Comptroller of the Currency issued a $12.5m fine against the Bank of China’s New York Branch. Additionally, the Financial Crimes Enforcement Network (FinCEN) issued a $7m fine against the Merchants Bank of California for wilful violations of the Bank Secrecy Act (BSA). The financial crisis was the harbinger of these enforcement actions. The Dodd-Frank Act, for example, was a watershed moment in the financial services industry, and since the crisis, the US Securities and Exchange Commission (SEC) has brought a record number of enforcement actions and imposed unprecedented monetary fines.
“The compliance function has seen massive investment over the past decade, thanks to a number of high profile enforcement actions as well as the depth of the financial crisis, and has matured significantly in some industries, particularly healthcare and financial services,” says Cynthia Dow, head of the global Legal, Regulatory & Compliance Officers practice at Russell Reynolds Associates. “Lately, we have seen a marked increase in compliance investment and interest among tech companies, in part as a reaction to the data privacy issues that have plagued the industry.”
Given the complexities of the role today, it is advisable that people with compliance responsibility should refresh their knowledge on a regular, scheduled basis – at least once a year, and given the rate of regulatory churn, even this is probably not often enough. It is also advisable to adopt a structured learning management system that provides a full audit trail to demonstrate training compliance to senior management and regulators. It’s no longer acceptable to provide regulators with training records and signed documents – a more strategic approach is expected. While more structured programs may require a significant investment, the cost of inadequate compliance skills can be far greater when the risk of financial penalties and sanctions for misconduct is taken into consideration. Ideally, training should focus on developing the capabilities of the compliance function as well as provide the individuals involved with opportunities for personal and professional growth. This is necessary if the firm wants to attract and retain sought-after talent from the industry or elsewhere in the organization
With changing regulatory obligations and shifting societal expectations, the future of compliance will be challenging. Internal and external scrutiny will add additional pressure to compliance teams who must act now to prepare for the obstacles ahead. In this Point of View, The Time to Future-Proof Compliance is Now, we suggest that Compliance reviews its current approach, responsibilities and people, and take the time now to consider a new directional path taking account of the important macro trends at work. It is time to run a strategic refresh, define the next generation target-state for Compliance, and develop a roadmap with key initiatives and operational enhancements.