5 steps compliance departments must take


By Samantha White

Keeping track of new regulation, rapidly changing business activities as fintech develops, and greater expectations from other areas of the business are among the challenges facing financial services compliance teams today.

Despite the growing demands, departments are unlikely to be allocated additional resources to meet the challenges. And fewer officers are gaining a seat at the executive table than they were two years ago, according to a study by Accenture.

The 2016 Compliance Risk Study, which gathered the views of 150 compliance officers at banking, capital markets, and insurance institutions across the Americas, Europe, and Asia-Pacific, found that just 31% of respondents now report to the CEO, compared with 40% in 2014.

Key challenges

The three most challenging risks facing compliance functions in the next 12 months include issues related to financial crime, such as fraud, money laundering, bribery, and sanctions, which were cited by 50% of respondents. Cyber-risk was also flagged by 50% of respondents, with areas of concern including information security, resilience, and privacy. Business risks such as changes to business strategy that may open up unknown compliance risks were a prime concern for 46%. These three categories also dominate the medium-term view.

Business risk was seen as the biggest concern over the medium term, with 52% of the respondents identifying it as the most challenging risk over the next three years. This was followed by financial crime and cyber-risk (both 46%).

How the role is changing

The survey also asked respondents how the role of the compliance function in their organisation was likely to change over the next three years to meet these challenges, to reveal the following trends:

  • Senior data officers will emerge as a critical organisational link for compliance, to help rationalise data and drive informed decision-making. Eighty-seven per cent agreed or strongly agreed with this statement.
  • Compliance organisations will optimise operations to manage a more complex set of risks under tighter resourcing conditions (80%).
  • Industry shared services will facilitate the work of compliance as industry data protection improves (80%).
  • Compliance will seek to redistribute responsibility for execution to other functions (75%).
  • Process automation, including increased use of robotics, will enable compliance to make better use of resources (73%).
  • Public agencies will facilitate industry collaboration to establish utilities for compliance processing (65%).

5 steps compliance leaders must take

To confront the challenges it faces in the near future, the compliance function should focus on these strategic imperatives:

  1. Reassert and clarify the mandate. The survey highlights the challenge compliance departments face to articulate risk in a way the business can act upon without compromising its objective control function.
  2. Improve the use of resources. Further innovation is required, both in terms of use of technology and the operating model, to improve productivity and promote sustainable investment. The authors of the study recommend considering options including centres of excellence, emerging industry utilities, or outsourcing business processes for greater standardisation in areas such as client onboarding and employee compliance.
  3. Develop high-quality data and technology architecture. Data and technology are the cornerstones of the compliance risk management framework, so it is essential that the tools that help provide a comprehensive overview be of the highest quality.
  4. Develop and incentivise compliance talent. To ensure the future relevance of the function, organisations must invest in building the skills of existing employees. Rotation, mobility, and enhanced training programmes are some of the options put forward by the authors to develop and create compelling career propositions for compliance talent.
  5. Communicate progress made to stakeholders. Compliance transformation is a long-term process, so it is advisable to keep stakeholders up to date on progress. Regular communications should be tailored to the needs of each group of stakeholders, such as senior management, shareholders, the press, and regulators.

Samantha White (swhite@aicpa.org) is a CGMA Magazine senior editor.