It will be no surprise to anyone reading this that compliance is becoming increasingly complex. Research conducted by The Risk Advisory Group in late 2015 reveals just how complex, and the impact this is having on compliance professionals. Of those we spoke to, 78% agreed that the sheer complexity of compliance represented a risk in itself. Worryingly, 69 % of respondents said that, as a result, they felt their business was more exposed to risk than it was two years ago.
Part of this risk stems from the way regulatory compliance has evolved. With the appointment of Hui Chen as Compliance Counsel Expert by the Department of Justice late last year, corporates are under even greater pressure to demonstrate in ever-more granular detail that they are meeting their obligations. This requires huge amounts of data collection, organising that data efficiently, and the ability to access it instantly.
One solution is to take advantage of the technology that exists to remove the burden from the compliance teams. A good compliance management tool should alleviate the pressure of day-to-day, routine tasks to give compliance professionals time to think more strategically, and protect their organisation’s reputation more effectively.
The state of compliance
In recent years, the US Government, amongst others, has come to the realisation that it has neither the competence nor the resource to regulate financial markets effectively, nor to impose adequate penalties on entities or individuals that break the rules. As a result, governments have largely transferred this obligation to corporations themselves. Anti-money laundering and terrorist financing legislation, anti-bribery and corruption controls, prohibitions on the transfer of technology and the Modern Slavery Act are all examples of attempts to make companies more self-regulating. All impose obligations on organisations to understand at a fundamental level who they are doing business with, and to ensure that those entities are not breaking the law.
To satisfy these regulatory requirements, and in order to assess the credibility of business partners, companies need to gather substantial amounts of information. This activity is exactly the type of menial and time-consuming task that is in danger of distracting compliance managers. It tends to involve large volumes of third party data coming from across the world. Properly managing this data, and being able to record accurately the steps taken in approving or rejecting certain business partners, adds another layer of complexity, and presents a growing challenge for organisations that are keen to focus on their core business.
The role of technology
Compliance professionals have a lot to gain from using technology products. By automating many of the routine, day-to-day tasks needed to collect data on third parties, technology frees up compliance professionals to take a more strategic view of risks on the horizon. This means businesses can spend more time assessing emerging issues that threaten their reputations, managing them, and staying risk-free in the long term.
Technology can also make quick and effective reporting a much more straightforward process. This, in turn, makes it easier for companies to analyse and reflect on their compliance processes, and to assess whether they can be optimised or improved, which can ultimately make for a safer and more prepared organisation. The most effective compliance tools have flexible reporting functions, adaptable enough to meet current needs as well as cope with future requirements. They offer compliance professionals the ability to run reports on all the different data points and to export the data so it can be manipulated further or used as the basis for external reports.
Technology can also provide enormous benefits for compliance teams trying to respond quickly to external events that pose a risk to the business. The fallout from the recent Panama Papers scandal is an excellent example. Following the leak, on 7 April the Financial Conduct Authority (FCA) asked 20 UK banks and financial institutions to reveal by 15 April if they had links to Mossack Fonseca, the law firm at the centre of the scandal. It would be interesting to know how many companies would have been able to respond to the FCA’s demand in that timeframe as, arguably, only those that had centralised their compliance process using an effective system would have been able to identify immediately whether or not they had any links with the firm, such as through a subsidiary or partner, and plan accordingly. The best technology solutions also provide a fully auditable trail, making it easy for compliance teams to demonstrate what information they had, and when they obtained it.
There are, however, some tough decisions to make when deciding what tool to adopt. For example, compliance professionals are often keen to benefit from existing functionality and workflows that come as standard in many solutions. This off-the-shelf functionality is ostensibly a strength, but the product also needs to be flexible and open enough so that it can be adapted to fit a hugely varied range of company structures with ease and simplicity.
Of the respondents to our 2015 survey, 37 % flagged big data and data privacy as a key challenge to compliance. This is predictable given current fears around IT and cyber-security, and recent changes to the framework governing data sharing between the European Union and the United States. Predictable or not, however, businesses need to be conscious about where their data is hosted and assess whether it is adequately secured, but not at the expense of providing a practical system for compliance teams that are increasingly working from different offices.
Making a difference
In the words of Hui Chen, “strong compliance must be data driven”, which is why forward-thinking compliance professionals should entrust their compliance processes to technological solutions. They make the job faster and more efficient, and make it easier for compliance officers to produce an auditable trail that proves they are doing everything they can to meet their obligations and deflect as much risk as possible.
The Risk Advisory Group has developed LUMA, a single point of control that allows businesses to centralise counterparty compliance by creating a single database for all counterparties; enhance compliance processes with complete on-platform workflow, generating searchable records, communication logs and risk ratings; and generate management reporting information with tailored dashboards and reports.