Here, we assess the role of compliance in overseeing business partners, monitoring risk, and tracking regulatory change. The global regulatory landscape is undergoing a fundamental change.
In the years since the 2007/08 financial crisis, regulators across the globe have focused on a program of more robust supervision of financial services firms. Meanwhile, a raft of initiatives have been introduced to bolster the regulatory framework.
Regulators have committed to a more intensive and intrusive supervisory approach to monitor the risk that certain transactions, processes and people create, with the twin aim of improving transparency in markets and products.
What is the goal?
The goal is to provide greater investor and consumer protection, while convincing businesses that this commitment is central to their continued performance.
The ideal is likely correct since people support businesses that side with them and keep pace with change.
But substantial new regulation and updates to existing rules are bearing down on the industry and creating a need for firms to juggle ever-changing international regulatory reforms, which is both expensive and resource-draining.
The compliance officer’s typical week
Over a third of a compliance officer’s time is spent tracking and analyzing regulatory developments, reporting to the board, amending policies and procedures and liaising with the other control functions.
But that has been the truth for a number of years.
What has changed is the time spent performing myriad other tasks (61%of their time, respondents said).
This includes interacting with regulators, maintaining and renewing licenses and registrations, dealing with regulatory inspections and examinations, and compliance training for employees.
Compliance officers feel a greater need to advise the business on regulatory changes and requirements, and in helping other departments oversee the risks posed to customers in areas like the firm’s data protection resiliency.
Keeping up with change
The increasing weight of new regulatory legislation from regulators, coupled with the increasingly diverse risks to which firms are exposed, means that firms need to ensure that no risks fall between the cracks.
The Thomson Reuters Regulatory Intelligence service calculates that an average of 200 international regulatory changes and announcements were captured daily in 2015 and again (thus far) in 2016.
Undertaking exercises such as an annual Risk Assessment would provide comfort to both the board and regulators that the business has identified all of the risks to which it is uniquely exposed and is mapping those risks to where (and how) the business is managing and monitoring them.
Firms with effective compliance programs are able to demonstrate to regulators evidence of such risk mapping and how they regularly amend policies and procedures to keep pace with changes both to the regulatory environment and the firm’s own business.
The resource challenge may be one of the main reasons behind the level of compliance outsourcing that led the 2016 Thomson Reuters Cost of Compliance survey respondents to report using.
For some firms, the reliance on business partners can be an interim solution to deal with the regulatory onslaught, and for others, it reflects a new reality of harnessing a wide range of skill sets needed to meet regulatory obligations.
In this year’s survey, 25% of respondents said they outsource all or some of their compliance function.
The main drivers of such outsourcing, the respondents noted, were the need for added assurance on compliance processes and a lack of in-house compliance skills.
As noted above, though, this could be simply a reflection of the ever-widening range of skills needed to perform the compliance role in most firms today.
Regulators are supportive of this use of outside business partners. However, they have continually stressed in their enforcement actions and speeches that sufficient in-house compliance knowledge needs to exist to make sure these outsourcing arrangements are effectively crafted and monitored.
The report’s authors would like to thank Julie DiMauro (Twitter, Julie_DiMauro), a writer for the Thomson Reuters Regulatory Intelligence subscription service, for authoring this blog post.