Last year was shaped by regulatory reforms, including the Financial Crimes Enforcement Networks Customer Due Diligence Rule and the European Union’s General Data Protection Regulation (GDPR), as well as a push for self-reporting from both the U.S. Securities and Exchange Commission (SEC) and the U.S. Commodity Futures Trading Commission (CFTC).
As a finance and compliance professional, you face an overwhelming amount of risks to assess and manage, and determining how to best align resources to address the most urgent issues is a continual challenge. To help plan and prioritize in the year ahead, Thomson Reuters has identified five top compliance concerns:
1. Anti-money laundering (AML) Lapses in AML, know-your-customer (KYC), beneficial ownership and sanctions compliance have resulted in some of the largest penalties handed down by regulators, including a $100 million fine against Capital One Bank for AML weaknesses. Having an effective AML program starts with senior management and boards of directors being willing to provide the resources and technology capabilities necessary for managing this complex business risk. Compliance departments must have skilled professionals with in-depth knowledge and experience in dealing with the challenge of AML and sanctions, alongside the technology to manage the enormous and constantly growing data involved in AML and KYC, the associated massive infrastructures capable of detecting suspicious activities, and continuous monitoring capabilities for every customer and transaction.
2. Data protection and cyber security Some penalties handed down for cyber breaches have been steep, yet any fines assessed pale in comparison to the reputational damage businesses suffer after experiencing a cyberattack. Public awareness is high and political scrutiny is intensifying as reports of cyberattacks and businesses losing or misusing personal data are continually in the headlines. The focus on data privacy and cyber security may lead to new state and federal rules and regulations similar to the EU's GDPR. For example, last year’s passage of the California Consumer Privacy Act, slated to take effect in 2020, may result in more states enacting similar laws that ultimately converge in a federal privacy law.
3. Personal civil and criminal liability An increasing trend in recent years is the Department of Justice’s policy of holding individuals accountable for corporate wrongdoing. Regulators are emphasizing “naming names” when bringing civil and criminal actions. Consider the SEC charges against Tesla CEO Elon Musk for tweeting false and misleading statements about plans to take Tesla private; settling the charges involved significant fines and Musk relinquishing his chairman title. For compliance leaders charged with monitoring an entire firm, this remains a top concern as being held personally liable can be a career-ending event.
4. Cryptocurrency and digital assets Last year saw continued evolution in the crypto space, yet it remains to be seen whether bitcoin or other cryptocurrencies will evolve into mainstream investment products. The SEC has publicized its concern that many online trading platforms appear to investors as SEC-registered and regulated marketplaces when they are not, while the CFTC has sought public feedback to better inform the agency's understanding of the technology, mechanics and markets for virtual currencies beyond bitcoin. Both regulators have also brought numerous enforcement actions related to fraudulent initial coin offerings (ICOs) and other crypto-related scams.
5. Stay the course Though some changes are anticipated, such as the proposal already under way involving the SEC's Regulation Best Interest that SEC Chair Jay Clayton has indicated is a priority for the agency to finalize this year, 2019 is expected to be business as usual for compliance professionals. Revising regulations and proposing new rules is usually at least an 18-month process; massive rollbacks or changes won’t happen overnight. With this in mind, compliance professionals should stay the course and continue the focus on shoring up efficiencies in process to more quickly and accurately spot risky partners and keep ahead of potential regulatory action.