New Trends in Financial Compliance: How Technology Supports Adoption
After a period of relative calm, the world of financial services compliance is gearing up for more change; some regulatory, some economic, some operational.
The issue of Operational Resilience has now fully matured, with SS1/21 (Operational Resilience) and SS2/21 (Third Party Resilience) becoming effective from March 2022. Companies will be expected to understand, document, and demonstrate how their technology and third-party processes map onto their core business processes, and how they meet defined recovery times following a disruption.
‘UK SOX’ – the UK equivalent of the US Sarbanes Oxley corporate reporting regime – is in the final phase of seeking industry feedback, before going before Parliament. The government is looking for feedback on a set of proposals that, amongst other things will, will likely formalize the accountability that senior managers – CEOs and CFOs – have for the accuracy for their quarterly and annual results.
Likely linked to penalties, the need for senior managers to attest for the quality of these results will add an additional layer of financial compliance reporting. It will also challenge management and auditors to ensure the transparency of results and the reporting processes, so that when they ‘sign on the line’, top managers can be confident that the results are a fair and accurate picture of the condition of their business.
Data protection compliance on the rise
Data protection compliance regimes also continue to grow in significance. GDPR is already well established, and in the US, the California Consumer Protection Act (CCPA) is being joined by other similar Acts in other states. While well understood in broad terms, the challenge of all these financial compliance regimes is applying them to operational business processes that change regularly. As businesses merge and demerge, and new business partnerships are formed or dissolved, how their data (and therefore the regulations) is managed is both crucial and easy to overlook.
A further financial compliance complexity is that while locally focused, these regulations can have global implications that need to be captured. Regulators continue to support organizations looking to enhance their data management processes and are penalizing some expensively if they fall significantly short. Fewer excuses are being tolerated when organizations fail to meet the standards expected, whether caused by business changes, or developments in their supply chain.
Environment, Social, and Governance issues
Environment, Social, and Governance (ESG) issues are also growing in significance for businesses, too. Initiatives surrounding sustainability, net-zero emissions, green technology, and green investments for example exert their influence through shareholders, investors, and consumer behavior. Organizations are adopting these ESG initiatives, both as part of normal business development and partly to adapt their profile in a changing world. These initiatives need to align with their wider GRC initiatives, to avoid conflict between the two,
Another variable in financial compliance is the use of hybrid working from late 2021 onward. With the lessons learned from 2020, staff and management recognize the benefits for both in having more flexible working arrangements. Companies are well versed in their preparations for introducing hybrid working, with a key requirement being eliminating manual processes, and certainly paper-based processes. Systems and processes need to evolve to meet changing work patterns, to assure compliance, transparency, and security.
Financial compliance regulation will continue to increase
Against this backdrop, the stance of regulators across the globe continues to evolve. The UK’s regulatory profile has more scope for change following Brexit, which will force many institutions to adapt their systems and processes to accommodate both UK and EU requirements. A new administration in the US may foster a new regulatory climate for financial services.
However these situations change, financial compliance regulators will continue to clamp down where management standards fall short. In the US, the OCC levied hundreds of millions of dollars’ worth of fines in 2020 to force banks to address shortcomings in their operational systems and controls. The implications of recent high-profile failures in Europe, such as Wirecard, and others, have yet to fully play through. Regulators will continue to scrutinise banks, to ensure small issues do not develop into wider systemic challenges.
Financial compliance and the role of technology
The challenge for institutions is to master these changing dynamics, while delivering comprehensive compliance efficiently and effectively, and still support the needs of the business. Technology clearly plays a role in addressing these issues, with institutions further extending automation into areas like data consolidation, policy management, compliance management, third-party risk management, and the management of informal applications that are often a hidden, but significant, part in service provision.
To help businesses understand how technology can address these issues, Mitratech hosted a panel discussion, titled ‘How Technology Helps Build an Effective Compliance Program’ featuring industry analyst, Michael Rasmussen from analysts GRC2020, as part of its Interact EMEA online event. You can access a recording of it and other sessions here.