Regulations, frameworks, policies and controls define the day-to-day of the Chief Compliance Officer (CCO) and their teams. It’s fair to say that it is an important yet often troublesome undertaking to make sense of what can often be described as monitoring spaghetti. At the same time, the teams also need to ensure they are keeping senior execs and the Front Office engaged and compliant.
So how can the CCO set regulatory priorities, identify policy and procedure gaps and understand compliance obligations?
In this three part blog series, we will set out a clear three stage approach to a pragmatic Know Your Risk (KYR) strategy.
The first stage is all about deconstructing your compliance obligations and the best way to solve this complex problem is to make it visual.
Humans are visual beings and by mapping obligations to set out and understand the linkages and relationships, we get a much clearer library of the ‘business as usual’ obligation. By visualising the regulatory spaghetti, we are also helping to identify patterns of data and logic. Taking the time and resource to create this regulatory compliance map at the outset underlines the thinking that this data mapping is an investment for the firm rather than being considered as a regulatory cost or burden.
Of course not all compliance risks are created equal and compliance risk exposure changes over time, so the once typical annual compliance review isn’t always enough to keep on top of a rapidly evolving regulatory risk landscape. This means that a lot of firms are likely underestimating the level of severity or adverse impact of a potential compliance risk which could lead to reputational damage and damage to the firm’s bottom line. By mapping the current state of compliance obligations we are putting in place building blocks to understanding the policies and procedures in place to uphold them. This will then enable us to find the gaps in compliance programmes so appropriate action can be taken to mitigate risk. It also means we can map changing commitments as they happen.
As for the data mapping of the compliance risks, any firm already collects vast amounts of data, but the question is whether it is the right data, collected at the right time and from the right source. By taking a data-led approach to unravelling the complex network of obligations within compliance risk, we are taking a smart first step in the answering these questions.
We even see a data-led approach being adopted by the regulators themselves.
The SEC's Enforcement Division’s Market Abuse Unit’s (MAU) Analysis and Detection Center was created back in 2011 to further the agency's goal of detecting suspicious trading patterns and uncovering and investigating misconduct by harnessing the vast array of financial and marketplace data available using sophisticated data analysis tools. The MAU has been behind several recent enforcement actions for insider trading.
In Singapore, the MAS 2022 Enforcement Report states that the agency will reach their goal of proactively detecting financial advisory misconduct by combining and analyzing large data sets to identify potential misconduct cases using data analytics. The report also covers how the agency will be using Augmented Intelligence to detect market manipulation and leveraging data analytics to enhance supervisory effectiveness.
The FCA’s Data Strategy Update 2022 talks at length about making better use of data to spot and stop harm faster and how it is investing in its people, technology and innovation services to deliver this. It also talks about becoming a digital and intelligence-led regulator and improving the management of its data by creating a series of data intelligence building blocks to improve the management of its data to enable it to work quickly and efficiently with large, complex datasets and spot trends or areas for investigation. And in this first step of our best practice approach to a pragmatic KYR strategy we are mirroring this mindset.
As we’ve talked about already, the complexity of the regulatory landscape for firms is creating a regulatory spaghetti. It's complicated, messy and always involves a lot of data. The good news is we aren’t talking about creating a data lake – far from it - but rather about being smart in what new data is needed to be grabbed and what can be repurposed from elsewhere in the organisation. It’s not as big a lift as it first seems – they key is being smart with what data you capture, using data you already have and understanding the interconnectedness of those datasets. This significantly simplifies the scope.
Simplification is a good word to describe this first step in this three-stage approach to a pragmatic Know-Your-Risk strategy. It is all about taking out the duplication, the complexity and really shining a spotlight onto what sits where, with who and how much your business needs to care about it. All packaged up in visual map that can be easily integrated and updated as compliance needs change across the organisation.
MCO's Know Your Risk solution provides firms with that simplification and visualisation, enabling them to efficiently set regulatory priorities, identify policy and procedure gaps, and deliver proof of adherence with data mapping, metrics and documentation. Learn more about KYR's modular solution:
- Regulatory Change Manager
- Compliance Library Manager
- Compliance Assessment Manager
- Assurance Data Manager
- Attestations and Role Manager
Ready for a conversation around how MCO can help your firm develop a complete view of compliance risk and assurance over time? Set up a demo right here.
And watch the on-demand webinar Taking the Broad View: Better Risk and Compliance through Holistic Oversight featuring Mitch Avnet from Compliance Risk Concepts and Richard Pike from MCO for practical guidance around develop a clear and holistic view of compliance risk that helps compliance set regulatory priorities, identify gaps in policies and procedures and streamline operations.