The year has begun, and as a compliance officer, you are probably wondering how to face the challenges of 2020. To help compliance officers the new Thomson Reuters report “10 Things Compliance Officers Need to Do in 2020” was released last week in a webinar, when Susannah Hammond, Senior Regulatory Expert for TR explained the challenges and changes for organizations of all sizes.
The report highlights four compliance challenges that firms expected in 2019 and they aren’t much different from the challenges of 2020 and beyond.
- Volume and pace of regulatory change
- Increasing regulatory burden
- Financial crime, anti-money laundering and sanctions
- Culture and conduct risk
In 2019, the biggest challenge for the industry was the continuing regulatory change. We have seen many changes in the regulatory environment in the past years across the globe. The regulators are now focusing on the outcome intended from the changes applied, however, Susannah Hammond believes that new changes are due to come, and the regulators have not slowed down yet. Now we expect a continuing regulatory change and a higher request of information from firms to the regulators.
The survey asked respondents to predict some of the biggest changes that compliance will face in the next years. As per the list below compliance officers aren’t expecting many regulatory changes in the years to come, as a result, other challenges took the highlights.
- Automation of compliance activities
- Continuing regulatory change
- Enhanced role for compliance within the business
- Culture and conduct risk
- Technology risk
“Compliance officers will need to be front and centre to give their firms the best chance of a trouble-free 2020” - Susannah Hammond, during Thomson Reuters' webinar in January 2020.
With all these challenges in mind and this fast pace on regulatory change and the ability of regulators to monitor firms, we highlighted some aspects of Thomson Reuters report that we think will shape the industry in the coming years.
Personal account dealing
Personal account dealing concerns was raised by the UK Financial Conduct Authority in October last year. The FCA issued the Market Watch 62 sharing its concerns on the topic and requirements for firms to create a control framework to reduce the risk of conflicts of interest, insider dealing and market abuse.
Firms have the challenge and are on notice to design an effective policy and guidance with appropriate processes to employees. Train employees, so they understand their firm’s personal account dealing policy and know how to avoid conflicts. In addition, firms should provide real-time reporting on any suspicious activity and make sure client-confidential information is kept safe and managed adequately.
By this stage, all firms should be fully aware that reporting in regulated business are very important. This allows regulators to avoid fraud, anti-money laundering, market abuse, insider trading and/or market manipulation. Transaction reporting and monitoring is a challenge for compliance officers if not implemented well in the company, however, is has a very positive impact on the firm system and control. If the firm submits a complete, accurate and timely transaction report it will bring credibility and avoid fines.
The regulators are on the watch for mistakes and misreporting, future fines are likely to be more severe. Susannah Hammond explained “The FCA has already shown with the fines imposed on UBS and Goldman that it will not tolerate persistent errors in transaction reporting”. If you want to know more about the Goldman case and the challenges imposed by insider trading to firms, listen to our webinar with Thomson Reuters.
Conflict of interest and personal accountability
Conflict of interest and personal accountability are a live topic and still around in the financial services sector because of the new Senior Manager and Certification Regine (SMCR), the regime applies conduct requirements to every individual in a firm, making senior managers accountable and ensuring they are fully responsible when performing their role.
With all these changes regulators want firms to put customers’ interests in the first place, in the centre of the business. The regulatory expectations are that firms treat their customers’ interests fairly and seriously. The regulators believe that reducing conflict of interest, increasing personal accountability and improving conduct within the organizations benefiting business, clients and the industry.
The industry and compliance officers are filling the pressure, as the report suggests over 93% of respondents expect personal accountability to increase. Respondents also believe that personal liability will increase in the coming years for all compliance professionals.
“Compliance professionals are not only dealing with their own expected increase in personal liability but are also advising their firms how to handle the expected increase in the accountability of senior individuals.” Thomson Reuters, Jan 2020.
Personal accountability measures across the world in 2018/2019 show that regulators are focusing on minimizing misconduct:
- UK - Senior Manager and Certification Regime implemented in December
- Australia – New measures on the accountability regime (BEAR)
- Singapore - Proposed guidelines on individual accountability and conduct
- Malaysia – A map of senior individual responsibility was proposed
- Ireland – A regime like the SMCR in the UK was proposed
Technology risk comes to the highlight as it is expected to be the biggest change for professionals and industry in the coming years. All compliance professionals need to be prepared to automate their function and implement safely new technologies that come to help the industry.
In order to mitigate risks and maintain compliance, there are precautionary measures that firms should take. When talking about cyber risks, a fundamental part is monitoring and testing, it doesn’t mean the compliance function has to do all this. However, the compliance function needs to be sure these measures are effective, employees are adhering and all control and monitoring are actually working.
The report gives some examples on which policy and areas to focus when trying to avoid technology risk:
- Firms should develop a mobile working policy and provide training to staff to secure that they adhere to the policy accordingly.
- Create an educational programme to help on the journey to maintain users safe from cyber risks. This kind of educational programme should focus on the user security policy and cover the best practices to use the organization system.
- Another point discussed in the report is the need to manage user privileges, ensuring that removal of access is part of the process and all access and user activity are being monitored and audit logs are being controlled.
Customers and business operations are the focus here, to keep cyber-risk at a minimum and information safe organisations need to plan security measures and the compliance function needs to ensure cyber-risk is included in the range of risks considered by the firm.
If you want to know more, consider reading Thomson Reuters’ full report.
We understand the compliance function has faced many challenges in the past years and we believe that challenges and changes are need to move us forward. Contact MCO today and learn about our solutions.