compliance in financial services: risk professional headaches and how to solve them
compliance in financial services: risk professional headaches and how to solve them
With an industry in flux and new legislation requirements being released at breakneck speed, it is no wonder that compliance professionals servicing the financial services industry are more concerned than ever about the changing nature of their role.
Indeed, in a recent survey commissioned by encompass, we found that 83% of risk and compliance professionals were more concerned than ever by the changing nature of AML/CTF legislation. These changes, such as the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 which will be released this summer are just one aspect of the stresses that are currently being applied to financial services firms.
As well as changes in requirements to the law, compliance teams are also seeing changes in their job role. Technology and IT are increasingly impacting the role specifications. Lack of available high quality data is another issue. Meanwhile, additional burdens have been added in the form of manual input of complex KYC policy checks to determine factors such as Ultimate Beneficial Ownership.
In short, this a highly stressful time to be involved in the compliance industry. This has been highlighted in several reports, which show that there is a dearth of talent coming through the ranks owing to the ever changing nature of the role and the industry’s reputation as being boring and slow.
What then, are the main pain points within the role, how do they adapt to the ever changing requirements of the profession, and what can be done to alleviate some of these stresses?
Who do they work for?
A complaint that is often heard from those working in compliance is that they are unclear on who they work for. While their paychecks will most certainly come from their employer, the feeling amongst the industry is that they are there to satisfy the demands of the regulator. Particularly within the financial services industry where stringent regulations have been in place for longer than other sectors, the prevailing feeling is that compliance checks are being executed by banks in order to serve regulators, rather than regulators rooting out money launderers and potential terrorists.
Undoubtedly one of the biggest challenges for risk professionals is in the changing nature of the role.
The changing face of risk and compliance has come a long way since the introduction of AML3 and AML4. The UK Government has in recent weeks, published its response to AML4 in the shape of the 2017 Money Laundering Regulations. Included in this are greater requirements around PEPs, adverse media, Ultimate Beneficial Ownership and a movement towards a Risk Based Approach. The onus on compliance teams is to keep up with these changing requirements – and within very short timescales.
As well as the possibility of being fined personally, we have seen increasingly rising fines and penalties for financial services firms. Moving forward, Brexit or no, it is unlikely that the focus on reducing the risk of money laundering and counter terrorism financing will let up. Having been identified as a key issue for the EU, US and worldwide players, there will be a continued focus on the identification and criminalisation of money laundering worldwide.
Due to the broad scope of their role, compliance professionals are increasingly having to make decisions on areas that would traditionally be out with their remit.
They are now being asked to make decisions on IT in collaboration with colleagues from the C-Suite and IT. The challenge here is for those in compliance to fully understand complex issues around IT. Should it be, for example, the compliance manager’s role to understand cyber-security and the preventative measures that should be taken?
That said, for those that have grasped the potential opened up to them through technological advances, there are massive benefits to be gained. One example of this is in the growing RegTech sector of companies who are assisting professional and financial services firms in their KYC and CDD policies.
Thomson Reuters noted in their Global Cost of Compliance 2016 Survey noted:
“Growing use of tailored technological solutions… will enable compliance functions to do more with less and free-up skilled resources to tackle greater value-added compliance activities.”
Lack of quality data
In order to execute their roles it is imperative that risk professionals have access to relevant, timely and up to date data and information. Not having access to the right data leaves them susceptible to making decisions based on incomplete information which can have far reaching impacts.
With the rise of web analytics and big data there is now more information available to dissect than at any point in history. The key for those working in compliance is knowing which information is pertinent and helpful in the decision making process, and which isn’t. In this regard, technology, through features such as AI and automation, can provide assistance.
Changing nature of the role
As a direct result of the above factors, it is natural that the specific job function of compliance professionals is changing considerably. The rise of tech, allied to the more complex nature of compliance regulations and the need for data to not only be collected but analysed and interpreted, means that the skill-set required for the role has altered.
In addition to these facets, we now understand culture plays an invaluable role in ensuring that compliance is completed to standard, quickly and efficiently. A “Culture of Compliance” is critical in ensuring that individuals involved in the compliance function are well trained, motivated and engaged with their roles. Without being so, there is ample opportunity for human error to come into play, potentially leading to non-compliance and the repercussions that this brings.
This has been explained in detail by banking expert Chris Skinner:
With the increased focus on corporate culture and behaviours, standards of corporate governance and the role of leadership, compliance professionals will need to be even more integrated and work even more closely with areas beyond just operations, such as internal audit, risk, HR, and strategy and operating effectiveness.
As Chris notes above, the importance of compliance now also means that professionals must be involved in the decision making process at all levels, up to Executive level, as the role is too important to be siloed.
Burden of time and manual input
For those undertaking the KYC process, the burden of evidence as required by MLR 2017, combined with changes in the way that UBOs, PEPs, adverse media must be compiled has led to an increase in the volume of time and manual input that compliance professionals must undertake for every policy search.
While doing “more with less” is a common mantra throughout many industries, for compliance professionals undertaking KYC policy checks in light of MLR 2017, the amount of work required if done manually will have increased substantially.
Difficulty in isolating ultimate beneficial owner
A key particular in MLR 2017 is the need to isolate and define who the Ultimate Beneficial Owner (UBO) is of a client or company. The new regulations require that all KYC checks establish a UBO. This can at times be difficult to verify due to complex ownership structures; legal entities established in high secrecy jurisdictions; false account holder declarations; and limited information available if a company is established offshore.
While the new list of central registries will make this easier, once a UBO has been established, compliance teams will still need to establish what risks are posed. This will continue to add to the burden of work required of those working in the field.
Towards a new future
The climate for compliance professionals continues to heat up as new regulations bite, the burden of KYC checks grows, data quality stagnates, technology continues to advance, and the role shapeshifts to a multi-jurisdictional position that serves many masters. Freeing up time and resource of compliance professionals to focus their skills on complex cases while limiting their interactions on routine policy checks is the most efficient way of countering the demands of an increasingly demanding and complex job position.
This can be achieved by automating policy checks for new clients and the remediation of existing clients. With advancements in technology, policy automation can be accomplished through software offered by RegTech firms that specialise in KYC policy checking. Software can further ensure that data supplied is relevant by utilising multiple information providers, offering verification and peace of mind. Through the same information providers, UBOs can be quickly and easily determined throughout jurisdictions, ensuring compliance requirements are met.