For 11 years the Thomson Reuters Regulatory Intelligence Cost of Compliance Report has given an unparalleled insight into the challenges facing risk and compliance officers in financial services firms around the world.
This year a tightening of risk and compliance budgets, regulatory and cultural change, and the possibility of increasing personal liability, all provided evidence of a cyclical turn from the post-financial crisis years. Although it may be too early to tell how the COVID-19 pandemic will influence that inflexion over the long term, but regulators have already jumped into action by issuing a flurry of revisions to rules, and firms are asking for the postponement of various regulatory initiatives so they can focus on managing events.
The report findings seek to help firms with planning and resourcing, while allowing them to benchmark their own approach. This year’s edition closed before the widespread impact of the COVID-19 pandemic had become apparent; thus, the report analyses both the survey responses and, in an additional dedicated section, looks in more detail at what better risk and compliance practice will look like in the face of continuing uncertainty. In addition, the report covers the following key topics: –
- Challenges in the coming year for boards and compliance functions
- Culture and conduct risk concerns
- Personal liability
- Technology and outsourcing
A recent webinar, accompanying the main report, discussing these issues, aired on May 13 and can be listened to here. Host Todd Ehret was joined by Susannah Hammond and Mike Cowan, Senior Regulatory Intelligence Experts for the discussion. Over the course of 60 minutes much ground was covered including taking audience questions. Unfortunately, as a result of time restraints, not every question was able to be answered. However, a few of the unanswered questions were worthy of additional attention. Therefore, below we attempt to address some of them for your leisurely post-event reading.
Thomson Reuters Cost of Compliance webinar – Your questions answered.
Q) Do you have any thoughts about what might change post pandemic with AML risk due to more potential for fraud and other risks?
Q) From a financial crime perspective, do you expect prosecutions to rise dramatically after covid-19?
It is true that fraudsters do not rest during crises. TRRI has reported on red flags associated with medical scams, superannuation fraud in Australia, Swedbank fined in Sweden over money laundering weaknesses, increased ID fraud and other examples where instances of financial crime have increased. All this leads to the conclusion that there may well be an up-tick in prosecutions after covid-19.
Regulators in the U.S. have issued several Risk Advisories warning of COVID-19 investment scams as well as increased market volatility risks. Furthermore, with heightened global political tensions, particularly between the U.S. and China, the risks related to AML and sanctions deserve a heightened awareness with compliance departments.
What we are seeing here at TRRI is that there has been some confusion over expectations around money laundering requirements. For example, we reported that In the United States, compliance officers expressed concern about a lack of guidance from bank regulators regarding how to cope with the pandemic and address the spike in fraud schemes as criminals seek to take advantage of the chaos. This sort of reaction has led FATF to ask for clarity from local regulators on how AML regulations will be applied during the pandemic.
A potential reason for this is as the risks to firms change then firms are having to re-focus their risk-based approach to accommodate a new way of working. This hasn’t come as a surprise to firms, but some have found it trickier than others. Undoubtedly, the risk-based approach will remain going forward, but firms and regulators will have to be more flexible when allocating resources and changing processes going forward.
Among the processes that may change, TRRI has reported on impacts to processes like KYC at customer onboarding, sanctions checking and transaction monitoring in the new environment.
Of course, changes made by a firm to their approach to financial crime will need to be developed within the firm’s governance framework. Are the changes within the firm’s risk appetite, approved at the appropriate level, signed off by compliance or risk functions etc. As part of this what is key to any approach firms take is that they must keep in touch with the regulator and keep them up to date with any changes being made.
Q) what is the trend of outsourcing compliance, was on last slide. Is it steady, growing or shrinking?
Q) what kind of quality guarantee we can receive when decide to outsource the compliance
Q) Due to the possible reduction in the compliance team as discussed earlier, do you foresee a surge in private compliance consultancy firms in order to take advantage of this? If so, what do you preserve to be the pros and cons to this?
In the Cost of Compliance report the chart below shows the trend for outsourcing since 2016. The trend shows that firms are using outsourcing more. In 2016 25% of respondents answered yes to the question “Do you outsource any or all of your compliance functionality?” and 70% answered no. In 2020 34% answered yes and 60% answered no.
Reasons for outsourcing include the need for additional assurance on compliance processes (54%), cost (43%) and lack of in-house compliance skills (34%).
All outsourcing contracts or agreements must be very detailed and specific as to exactly what tasks are being assigned and the timeline for completion. There should also be clauses included which allow for cancelation or renegotiation if certain standards or deadlines are missed. Under no circumstances should a firm settle for sub-standard or deficient services as regulatory liability remains with the registrant.
If there are any guarantees, they will come through any enforcement of contracts and this then becomes a legal question. However, outsourcing of compliance can be a tricky issue for Boards. There are several things to bear in mind: –
Accountability – Although the functions of a compliance unit could be outsourced the senior management of the firm is still liable for any breaches or instances of non-compliance within the firm. This is particularly the case in jurisdictions where senior manager regimes are operating.
Cost vs value – The firm should be quite detailed in its scoping of what compliance functions it wishes an outsourced firm to carry out and how that will work. It maybe that outsourcing is cheaper than employing in-house teams but if the service from the outsourced firm does not cover the ambit of compliance responsibilities, is not available when required, communication lines are restricted in some way or the quality of work does not meet the standard required then this may place senior management in greater risk of regulatory scrutiny.
Practical considerations – Communication with the outsourced firm may well be more remote and difficult. Building relationships with outsourced compliance officers could be more difficult and lead to internal tensions. Access to IT systems may have to be provided to external users posing an IT risk to the firm.
Governance – Compliance Function
Q) what are the pros and cons of having the general counsel act as the chief compliance officer for small companies w/less than 250 employees and $400M sales? What are your recommendations if GC is CCO? Q) What additional skills/expertise do you think will be required due to the mentioned changes?
Smaller firms vary greatly in their staffing needs depending on the business lines they engage in. Many smaller firms with less complex investment strategies may be able to consolidate the roles or even outsource some, or part of the functions.
For some other smaller firms, it may be that having chiefs of risk, compliance and internal audit is not practical. For many small firms a chief risk officer role is created and can cover risk and compliance matters and have extra responsibility for things like money laundering (MLRO) and perhaps data protection. Internal audit in small firms is generally outsourced to an accountancy firm.
Another alternative is to wrap the compliance function into the General Counsel role. There is no doubt that, if a chief compliance officer role, cannot be accommodated then the General Counsel will have the knowledge of the legal and regulatory matters that a firm needs and that the position is senior enough to be able to influence boards of directors and senior managers.
It could also be argued that the General Counsel is sufficiently independent to other business decisions to be able to maintain the independence that a chief compliance officer would want. That said placing legal and regulatory matters under one roof may present conflicts where the compliance issue takes a back seat to a legal matter.
Placing legal, compliance, and possibly risk under one senior manager does present a large role. This brings into question whether the senior manager will have enough time to attend all the relevant governance committees (for instance Audit, Risk, Nominations, Asset and Liabilities, Operational Risk, Credit Risk etc) and continue to operate their other responsibilities effectively. Also, the boards requirements need to be taken into consideration. Does the board want their provision of legal advice, at a time where personal liability is high on regulators agendas, diluted with compliance matters.
Finally, there is the experience and background in functional compliance matters. As well as providing legal and regulatory advice the General Counsel will be required to oversee compliance monitoring functions, financial crime units and compliance training activities that they may not be familiar.
Q) performing compliance monitoring activities from a remote location while connected with the business online will be the latest challenge for compliance. Any ideas
In many ways compliance monitoring functions are the most restricted of all the compliance functions during this pandemic. It is now not as easy to undertake testing and interviewing on site within an operational department. It is not as easy to call a meeting or go and discuss a contentious issue with an operational manager. It is not as easy to maintain good relationships. It is not as easy undertaking close out meetings or agreeing findings and actions for rectification. In fact, it is more difficult trying to operate a standard monitoring methodology than before.
Compliance monitoring functions must adapt. It is imperative that the profile of the compliance department and compliance monitoring function be maintained. Therefore, governance arrangements must be maintained and reporting into governance committees must be no less effective.
This begins with the compliance monitoring plan that needs to be risk focused and simple enough to provide the board with confidence that regulations are being complied with.
The compliance monitoring methodology needs to be reviewed. Areas like scoping and testing need to be amended to reflect the current situation. It may be that the monitoring of one area of the business, now becomes two or more reviews to accommodate geographical areas. It may be that in the less risk areas more reliance is placed on “walk through” process review rather than substantial transaction checking.
The sharing of results and opinions on a more frequent and regular basis may also make reporting easier. Of course, this would be made easier if some form of compliance monitoring IT system is in place whereby results and updates can be shared with business areas on an “on demand” basis rather than awaiting more formal reports or management information. If the relationship with the business area is strong enough and results had been shared on an ongoing basis, it is not inconceivable that close out meetings could be completed via email!
It is vital that Compliance departments make sure that their IT set up is right. From the packages they use to facilitate compliance responsibilities to the access to the relevant business information. Some form of IT “audit” or needs assessment should be undertaken to make sure that Compliance Monitoring functions have access to the systems, information and data they need.
Finally, a word on continuous professional development. During these times it is still important that Compliance Officers have access and undertake appropriate training and development to be able to meet training and competence requirements. There will be in-house training that they will need access to and external training material via web access or other. Undertaking study to attain professional qualifications, whether that be in compliance, audit or a business disciplines, should also continue to be encouraged.
From the Board and regulators perspective it is important that Compliance, and Compliance Monitoring in particular, are seen to be independent, appropriately resourced, sufficiently skilled and trusted so that they bring open and honest evidence-based findings on the compliant nature of the firm. In these times when the situation may hinder the process of compliance monitoring, any changes must be made in this context.
#rhoa #maatiedtomedicine #couplescourttv @couplescourttv #gregoryevans #dating #datingscams #onlinedating #romance #romancescams #sexoffenfer #fakeprofile #fakeprofiles #boyfriends #cheaters #cheatingwife #swingers #swingercouple #pof #fakeprofile #cheatinghusband #scams #love #lovescams #worsedates #sex #ncs #metoomovement #metoo #muterkelly #activist #metoo #donaltrump #sextrafficking