The regulatory landscape, as any compliance professional can tell you, is an ever-changing, fast-growing arena; an environment that can be said to pose a similar challenge as that of the mythical Hydra – in that as soon as one regulation is cut off (i.e., complied with), one or two more quickly spring up to take its place.
Certainly, in whatever sector or industry they may operate, for those responsible for compliance it may often seem like a Herculean effort just to keep abreast of the range of regulations that exist, never mind ensuring their firm complies with them. Furthermore, the escalating and ever-changing demands of today’s regulatory environment are unlikely to subside anytime soon. This, coupled with the residual effects of the global financial crisis, make it a challenging time for compliance practitioners.
Another event which has had a considerable impact on compliance matters is the UK vote for Brexit – a far-reaching and controversial decision that Phil Ryan, chief executive officer of the International Compliance Association (ICA), has said will have significant regulation and enforcement repercussions for compliance professionals the world over for years to come.
A change in government can also have significant implications for the compliance landscape. For example, following the formation (in 2010) of the coalition government in the UK, a single regulator, the Financial Services Authority, was abolished and replaced by the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA). In addition, the UK’s Financial Policy Committee (FPC) was established to oversee the financial stability of the UK as a whole. The changes wrought by the new government were a radical overhaul of the regulatory environment in the UK. They had a major impact on the compliance arena, with firms – financial services players in particular – taking good care to re-examine their extant compliance policies and procedures.
Across the pond, the Obama administration introduced a number of initiatives, chief among these being the implementation of the Dodd-Frank Act – a piece of legislation primarily designed to decrease risk within the financial system. Needless to say, once signed into federal law, Dodd-Frank had firms retuning their compliance outlook to the new obligations.
Of course, the recent ascension of Teresa May to the position of UK prime minister and the outcome of the US presidential race are scenarios that are likely to once again result in a shake up the status quo and the ushering in of a new era for regulatory compliance.
Such issues, and the many others that commonly pervade the compliance space, were explored in a recent report by Thomson Reuters, entitled ‘Cost of Compliance 2016’, which sought to uncover “the cost of compliance and the challenges firms expect to face in the years ahead”.
The report provides data that allows the firms involved to benchmark the changing challenges against a backdrop of increasing personal liability. This uptick, alongside mooted reductions in the resources available to meet compliance challenges is, says Thomson Reuters, forcing compliance professionals to spread themselves “increasingly thinly” as they look to adapt to a range of fresh legislative developments, with 69 percent of firms surveyed expecting to see more regulations in the coming year.
How compliance professionals cope with these never-ending changes while retaining an awareness of potential regulatory fatigue, is clearly a momentous task. If performed inadequately, it can have a detrimental impact on the organisation’s credibility and the viability of its regulatory compliance relationships.
Challenges and resources
“The main challenges facing compliance professionals in today’s world are based on the pace of change and level of uncertainty we are experiencing,” says Tracey Groves, head of ethics and compliance in PwC’s UK forensics practice. “The increasing use of technology, and the emphasis being placed on the ‘why’ and ‘how’ a business is being conducted, beyond just the ‘what’, are also pressure points. With the increased focus on corporate culture and behaviours, standards of corporate governance and the role of leadership, compliance professionals will need to be even more integrated and work even more closely with areas beyond just operations, such as internal audit, risk, HR, and strategy and operating effectiveness.”
Ms Groves stresses the need for connectivity and coherence across business operations so that a common purpose and corporate goals can be delivered. Furthermore, she believes that compliance professionals will need to be a fundamental part of this approach and not become siloed or positioned outside the strategic decision-making processes.
According to Viri Chauhan, the global head of governance, risk and compliance at International Compliance Training: “The primary challenge is to really understand what legislation and regulation applies to your firm and how that should be interpreted. Regulation is only likely to continue to increase and get more complex and burdensome.”
One example of this ever-increasing complexity is the fallout from the Panama Papers, where compliance officers need to keep a close eye on developments which arose from the increasing pressure from regional and international bodies toward the creation of registers of beneficial ownership.
The impact of MAR and other regulations
Another area of focus is the new Market Abuse Regulation (MAR), which took effect across the EU on 3 July 2016. MAR is, according to the European Commission, a new framework designed to “strengthen the fight against market abuse across commodity and related derivative markets, explicitly ban the manipulation of benchmarks, such as LIBOR, and reinforce the investigative and sanctioning powers of regulators”.
Recognising the challenge facing companies of ensuring that their business is fully compliant with MAR as quickly as possible, Rukshan Permal, financial services, risk and regulation partner at PwC, has warned that the rules now in force across Europe, alongside the uncertainty over Brexit, may well result in increased pressure on firms to comply with the new regulation. “Financial institutions in the UK will be expected to assess and enhance their policy, control and surveillance capabilities in line with the new requirements set by the EU, despite the vote by the UK to leave the European Union and the ensuing uncertainty. This adds to the complexity facing market participants,” he says. “From our initial assessments, firms need to manage the key risk of market abuse going unnoticed and unreported. That position is untenable in the environment we are operating in, and could subject firms to regulatory fines and censure, and damage to their reputation and overall market position.”
SMCR and 4MLD
Further regulatory legislation introduced over the past year or so includes the Senior Managers and Certification Regime (SMCR) and, at the European level, the Fourth Money Laundering Directive (4MLD). The former – applicable to all Financial Services and Markets Act (FSMA) authorised firms – ensures that senior managers can be held accountable for any misconduct that falls within their areas of expertise, while the latter seeks to crack down on money laundering, tax evasion and terrorist financing.
“The increase in regulatory scrutiny is due to the pressure governments and regulators face as a result of events that undermine confidence in the financial system as a whole,” attests Mr Chauhan. “This is the reality: balancing regulatory requirements while pragmatically protecting the business from inadvertent regulatory breaches, and helping shape the culture and conduct of a firm, while at the same time protecting the company from financial crime, internally and externally.”
According to Ms Groves, it is the ability of compliance professionals to adapt to the numerous changes taking place across the regulatory landscape that will be a key determinant going forward. One of these changes is the uptick in the use of technology. “The response to how technology can be more effectively deployed to support compliance reporting and monitoring, how best to integrate corporate values and desired behaviours into the compliance framework, and how to build trusted relationships across the business, will determine whether compliance is positioned as a key asset to the business and enabler of growth rather than a blocker,” she says.
Social media and compliance
Continuing the technology theme, another aspect of the compliance landscape which is gaining more attention is the extent to which communications channels, such as social media and text messaging, affect how compliance professionals carry out their role. Social media is something of a minefield for highly regulated sectors such as finance, a sensitive environment in which an ill-advised tweet can result in state and federal regulators knocking on the door.
“The heightened risk to data security through the use of social media is a key compliance risk and has resulted in many compliance professionals working closely with data officers and technology functions to understand the diverse nature of this risk and the controls required to prevent, detect and monitor it,” says Ms Groves. “My observation is that this is being addressed strategically as part of the emerging higher risk profile of data protection and related data risks, such as data protection, with other factors such as new legislation also driving a need for a refresh of how this risk is being managed across the business.”
Looking ahead, there are concerns about how the ‘talent gap’ may impact the implementation of future compliance strategies. In a nutshell, as far as the availability of compliance professionals who can successfully navigate an increasingly demanding regulatory environment is concerned, the question is this: is demand currently outstripping supply and, if so, what can the compliance world do about it?
“For compliance officers at all levels, one of the biggest challenges is operating across international markets and trying to maintain a corporate, global standard of business practice that complies with the range of international requirements that they have to be aware of,” says Mr Chauhan. “It is no longer just about being aware of the regulatory requirements that need to be applied to protect the firm from either a breach by its own staff or an attack from criminals. The role has become bigger and wider. Compliance officers now need to be influencers in the business, often advising the board of the inherent risks that a new product may bring.”
For Ms Groves, the compliance outlook represents a huge opportunity: “Working with leadership to understand how and why compliance is able to support business operations to deliver long-term sustainable growth will be critical. This will impact on the types of skills, expertise and competences required by the compliance professional, arguably elevating the role of compliance to a more strategic place from its current position,” she suggests.
The relentless march of regulation
Given the range and complexity of the current regulatory environment, the task of not breaching regulations or compliance requirements is formidable for most, if not all, companies. Therefore, to ensure compliance with whatever regulations come to pass, companies need to have recourse to a robust compliance programme that will not only address the regulatory requirement imposed, but will also allow them to keep abreast of expectations as and when they change, not to mention evolving industry practices.
Ultimately though, despite the implementation of any number of programmes, plans, policies, practices and procedures, the true cost of compliance remains difficult to determine.
© Financier Worldwide