Small businesses and financial firms have undergone seismic shifts over the last few years. The pandemic forced employers to rethink their positions on remote and hybrid working models, and employees have come to expect greater flexibility. PwC’s survey of over 18,000 workers across Asia-Pacific (APAC) reveals that 66% expect to perform their roles in a hybrid capacity 12 months from now. In contrast, 24% expect fully-remote and only 10% fully in-person.
The Challenges to Achieving Regulatory Compliance in 2023
As financial firms and their employees settle into the ‘new normal’ of workplace environments, new challenges emerge.
Compliance Complexities in Hybrid and Remote Work environments
Remote hiring has seen a significant growth spurt. Across the Asia-Pacific region, remote jobs increased by a massive 159 per cent from January to July 2022, according to Deel’s State of Global Hiring Report. However, with the significant growth of remote and hybrid workplace acceptance, compliance challenges are also rising.
Distributed workforces bring an even more critical need to maintain visibility and oversight from a regulatory compliance perspective. PwC again reports that 66% of respondents feel they lack support for ethical decision-making. These figures illustrate that better support of employees in understanding upholding compliance obligations should be a priority for financial firms in 2023.
What Is a Good Compliance Framework for Small and Growing Firms?
To understand what makes a robust compliance framework, it’s important to recognise two underlying business structures that support and drive regulatory compliance: GRC and ESG.
What is Governance, Risk, and Compliance (GRC)?
OCEG is a global nonprofit organisation and community that informs and helps advance the careers of its 120K+ members who work in governance, strategy, risk, compliance, security and audit. In 2003, OCEG created the concept of Governance, Risk, and Compliance (GRC). The purpose of GRC is to define the capabilities of a business to reliably achieve objectives, address uncertainty and act with integrity by integrating people, processes, technology, and data. In other words, how a company can better achieve its goals by conducting business and behaving in a proper way. Read more about GRC at OCEG.
What is Environmental, Social, and Governance (ESG)?
Environmental, Social, and Governance (ESG) is a much broader concept coined in 2005 in a landmark study entitled ‘Who Cares Wins’. Although ESG covers a broader spectrum of issues that are not traditionally part of financial analysis, its outcomes have proved to hold significant financial relevance. ESG examines:
- The impact of a company on the physical world around it (environmental).
- How relationships within and related to the business are managed, and the effect on communities in which the company operates (social).
- The processes, controls, compliance, and accountability that keep a business operating with ethics and integrity (governance).
How GRC and ESG Help Build a Robust Compliance Framework
A good compliance framework takes cues from GRC and ESG concepts, with the ultimate goal of ensuring your company operates within defined legislation and regulatory body guidelines. By integrating GRC and ESG governance and compliance concepts, executives and Compliance Officers can take a more holistic approach and build a stronger compliance framework.
The proper framework will set out the tracking, reporting, processes and systems (such as RegTech solutions) needed to maintain compliance while providing clarity on effectively managing any breaches or incidents.
What Is the Impact of Not Having the Right Regulatory Compliance Framework?
Small businesses and growing financial firms expose themselves to big problems without a well-considered compliance framework. Financial penalties, reputational damage, operational disruption, material loss, and even personal imprisonment are possible outcomes of failing to comply with regulations.
Notable actions against misconduct and breaches of compliance across the APAC region in 2022 include:
Australia 
The ASIC Enforcement and Regulatory Update July 2022 release shows in just 6 months (Jan 1 2022 - 30 June 2022), the following actions were taken:
- 27 individuals or companies were charged in criminal proceedings.
- $145.8m (AUD) in civil penalties were imposed by the courts.
- 139 criminal charges were laid.
- 31 individuals were removed or restricted from providing financial services or credit.
- 27 individuals were disqualified or removed from directing companies.
Additionally, a Melbourne-based cryptocurrency lending small business, Helio Lending Pty Ltd (Helio Lending), was charged with falsely claiming that it held an Australian credit licence when it did not. Civil action also froze the assets of company director Sasha Hopkins and two of his companies, The A Team Property Group Pty Ltd and Sash Investment Holdings Pty Ltd, which included freezing various crypto assets.
ASIC’s actions are a stark reminder of the personal impact to business leaders and reputational damages to financial firms of all sizes without suitable compliance measures in place.
Singapore
The Monetary Authority of Singapore (MAS) details in its 2022 release of its Enforcement Report several severe enforcement outcomes, including:
- 3 individuals being sentenced to imprisonment.
- $2.59 million in financial penalties and compositions.
- 157 warnings.
- 20 Prohibition Orders where unfit representatives have been banned from re-entering the financial industry.
MAS has placed a keen focus on market abuse, financial services misconduct, and anti-money laundering over the last enforcement reporting period.
Malaysia
The Securities Commission Malaysia has published its Q1 2022 Enforcement Outcomes Report, which includes:
- As at 31 March 2022, there were 11 ongoing criminal trials at the Sessions Court for various breaches of the securities laws.
- As at 31 March 2022, there were 9 ongoing civil cases at the High Court and Court of Appeal
Two high-profile cases also concluded this year. Former head of Goldman Sachs in Malaysia, Roger Ng, was convicted of conspiring to launder money and violating anti-corruption laws. The 1Malaysia Development Berhad (1MDB) scheme has been described as “one of the world’s greatest financial scandals” and brought a significant tightening of regulation and compliance in Malaysia.
Deputy Chairman of Patimas Computers Berhad (Patimas), Raymond Yap, was also found guilty of insider trading. The Judicial Commissioner ordered Yap to pay a sum of RM3.28 million, a civil penalty of RM1 million, and was barred from being a director of any publicly-listed company for five years, commencing 7 April 2022. Read more about these cases and the development of regulatory compliance in Malaysia in my article, Regulatory Compliance Rising Rapidly in Malaysia (New Guidance).
Hong Kong
In the Securities & Futures Commission of Hong Kong (SFC) 2021/2022 annualised period, SFC enforcements included:
- 37 criminal charges being laid.
- 5 individuals and corporations charged in criminal proceedings.
- 47 notices of proposed disciplinary action issued.
- 173 individuals or corporations made subject to ongoing civil proceedings.
Additionally, 46 individuals and 20 companies were fined a total of HK$72,165,000, averaging a massive HK$1,093,409 per fine, for the 2021 calendar year.
How Can Your Small Business Improve Regulatory Compliance and Reduce Risk?
Policies and procedures must be tailored to any growing business' specific needs. While Compliance Officers ensure that policies and operations remain compliant with laws and regulations, they also hold responsibility over the company’s ethical and internal process standards.
As workplaces adapt to hybrid and remote working environments on a more permanent basis, new challenges are arising. See my article, The Evolution of Regulatory Compliance and Risk Management, for more about this topic. Some of the difficulties that Compliance Officers are increasingly facing moving into 2023 include:
- Keeping policies and procedures up-to-date and effectively communicating them throughout your company.
- Identifying any red flags on a systematic basis and understanding the holistic context of these flags over time.
- Ensuring that employees and executives within a company are behaving in an ethical manner that does not create risk to the company (or to themselves) through conflicts of interest.
These, and many other emerging challenges, are highlighting the critical role of technology in helping Compliance Officers manage risk and compliance imperatives. Regulatory Technology (RegTech) solutions are equipping Compliance Officers with more effective ways of managing and checking policies against laws and regulations, while also bringing greater visibility of employee activity and reg flag exceptions - no matter where distributed teams are located.
The MyComplianceOffice (MCO) RegTech Solution
MCO provides compliance management software that enables companies around the world to reduce their risk of misconduct and effectively oversee regulatory obligations.
MCO’s suite of compliance solutions brings powerful dashboards to monitor and manage staff compliance. As one MCO client explains, "The cumulative nature of MCO's reporting and visibility is also incredibly helpful. We can see a profile of employees that includes all conduct, case, and gift-related data over time. Seeing this all on the one employee dashboard gives us a birds-eye view of overall activity."
Crucially, MCO’s RegTech solution helps financial services firms deal with a rapid pace of change by streamlining the management of regulatory compliance developments and updates. MCO’s Know Your Risk (KYR) module enables firms to set regulatory priorities, identify policy and procedure gaps, and deliver proof of adherence with metrics and documentation. The Regulatory Change Manager (RCM) adds a regulation news and horizon scanning tool that makes it incredibly efficient to understand what regulators are communicating and how that might apply to specific business operations.
MCO also automates and standardises insider trading list management. Our solution identifies people who present potential conflicts due to the nature of their roles. Those with temporary NMPI visibility due to specific deals, corporate events, or publication of financial statements and profit warnings are also included. Compliance professionals can build and manage insider lists quickly and efficiently with our Insider & MNPI Management module.
With further automation of compliance and risk management processes, small businesses and financial services firms using MCO are spending less time and resources on driving compliant workplaces - and more time growing the business with ethics, integrity, and complete confidence in their regulatory compliance.
"Without MCO, we just wouldn't be able to handle the sheer volume of manual work. The MCO platform has made my job - and my team's jobs - so much more efficient and effective."
- MCO Customer
Learn more about MCO Essentials - Compliance for Small Firms.
