Today’s regulatory environment is stricter than nearly any other time in recent history. Since the financial crisis at the end of the last decade, regulators have been pushing for stricter rule enforcement, which often may include the pursuit of individual liability for corporate wrongdoing.
At the same time, regulators have also sought further expansions of financial rules, compounding the regulatory burden of compliance officers. One of the most significant of these expansions is the Customer Due Diligence (CDD) Rule , published by the Financial Crimes Enforcement Network (FinCEN) in May of 2016. The CDD Rule, among other things, requires financial institutions to verify the identities of the beneficial owners of their legal entity customers.
The CDD Rule certainly isn’t the only new anti-money laundering (AML) regulation that compliance officers have to worry about; take FinCEN’s continually expanding real estate “Geographic Tracking Orders,” for example.
Nor is FinCEN the only enforcement agency stepping up its efforts. The industry self-regulatory corporation Financial Industry Regulatory Authority (FINRA) has made 2016 a record year in fines with the help of such enforcement actions against MetLife and Raymond James.
What’s more, there is little indication that this regulatory tide is ebbing anytime soon.
What can compliance officers do to minimize their organization’s level of regulatory risk and the personal regulatory burden they carry in the current atmosphere?
This inquiry is clearly a comprehensive and lengthy one, but compliance officers may be prudent to begin this examination by first asking themselves these five questions:
How strong is your organization’s culture of compliance?
Although minimizing regulatory risk across an organization is a complex tapestry of elements, perhaps no single factor is more vital than maintaining a strong culture of compliance within that organization.
Measuring the strength of a culture of compliance is not a simple matter, however. There is no universal method to it; rather, your organization’s culture of compliance depth is uniquely understood by those familiar with the operations of the organization itself.
Put in less nebulous terms, an organization with a strong culture of compliance will have integrated compliance into the everyday responsibilities and processes of employees across the organization.
For example, instead of implementing compliance awareness through separate training courses an employee may only need to complete on a quarterly or yearly basis, employees realize this awareness as they are learning their own respective job functions. In this way, compliance is not thought of by employees as being distinct from their everyday job functions; compliance is a fundamental ingredient of what they should be doing every day.
If regulatory compliance is normally on the forefront of an organization’s employees’ minds as they are going about their regular job duties, it’s highly likely that the organization’s culture of compliance is indeed strong.
As a consequence of this strong culture, employees are far less likely to engage in behavior that runs afoul of rules and regulations – thereby greatly reducing an organization’s level of regulatory risk.
How well do you know your third-party partners?
Today, the extent of a compliance officer’s responsibilities often reaches beyond the boundaries of the organization itself. Specifically, there are particular instances in which an organization may be liable for the acts of a third party with which it conducts business.
One of the most obvious examples of this is in regard to the Foreign Corrupt Practices Act (FCPA), which penalizes an organization for making a payment to a third party if it knew or should have known that a portion (or all) of that payment would go to a foreign official.
In a more general sense, the actions of a third party may bring liability to an organization if the third party is acting as an agent for the organization when engaging in wrongful conduct.
Even outside the context of either of these situations, an organization may face, at the very least, complications for dealing with a third party that the organization knew or should have known was out of compliance with applicable regulations.
For all these reasons and more, compliance officers should thoroughly investigate the third parties with which they conduct business.
What is your organization’s risk profile?
Each organization faces its own particular risks and threats based on a number of factors, including the organization’s clientele and the markets in which it operates. Without a comprehensive understanding of these risks and how they operate, it is nearly impossible to account for and minimize them. Failing to accomplish this carries with it many ill consequences for the organization – regulatory enforcement actions being only one of them.
Thus, the need to understand your organization’s risk is all too clear, and is usually accomplished through conducting risk assessments. Once an organization’s unique risks are understood, compliance officers can tailor compliance programs to specifically address those risks.
A full understanding of the risks faced by an organization is an absolute must for compliance officers seeking to minimize the regulatory risk confronted by the organization.
Are you procrastinating?
Procrastination is an ever-present aspect of human nature, so it’s not surprising that compliance officers may not always prioritize the immediate implementation of new regulations into their organization’s compliance programs. But a simple lack of motivation is often not the reason that new regulations don’t find their way into company compliance programs right away.
Compliance officers often have many responsibilities to juggle, and are frequently moving from one project to the next. This hectic routine may result in the pushing off of compliance program implementations until closer to their respective deadlines.
But as many compliance officers can attest, regulatory preparations aren’t often executed as smoothly as planned, which may lead to the need for additional time. Unfortunately, this “procrastination” typically translates into a shortage of time prior to the deadline, which, in turn, can lead to higher stress levels and more employee hours being consumed to successfully reach implementation on time.
The lesson here is to allow as much time as possible for your organization to comply with new regulations. Beyond simply being more proactive with implementation, compliance officers should strive to provide as much lead time as possible to incorporate new regulations.
Are you ready for the future?
As mentioned earlier, today’s high level of regulatory enforcement and expansion doesn’t appear to be diminishing. Compliance officers can expect their organization’s regulatory burden level to persist for the foreseeable future – if not increase.
Your organization must be agile enough to not only maintain the current level of compliance regulation into the future, but also to reasonably prepare for any new regulations that may emerge.
FinCEN’s Geographic Targeting Order (GTO) expansion illustrates why such regulatory preparation can be so beneficial. Although the GTOs currently only apply to a limited number of regions, FinCEN has announced its intention to continue the expansion of this program – likely resulting in its eventual implementation nationwide.
The benefit of actively preparing for new regulations is plain to see in this circumstance. Even though there are no imminent plans for further GTO expansions on the horizon, such expansions will come eventually. And it’s cheaper and less time-consuming for an organization to prepare for future expansions while also implementing existing ones than to update their compliance programs piecemeal as new expansions are announced.
With compliance departments already as strapped for time and funds as they are, it’s wise to find solutions that support both time and money savings whenever possible.