The job of a compliance officer can be a difficult one. Organisations from large corporations to small government agencies rely on their compliance officers to keep them within ethical and legal boundaries. They also rely on them to maintain monitoring and reporting requirements and stay abreast of any changes in the compliance landscape. For professionals in this field, the bad news is that challenges will continue to increase in the near future (as we’ll explain in this article). The good news is that there are trained experts available to work hand-in-hand with organisations’ compliance officers to minimise risk and help them remain in compliance.
The stakes are high, as organisations in both the public and private sectors face new laws and regulations in jurisdictions worldwide, along with increasingly strict enforcement and punishments. Investigations of violations can, and often do, lead to heavy fines. In some cases, criminal charges may result – and these can be levied against the organisation, individuals, or both. Here are some of the biggest challenges facing compliance officers today:
1. Anti-money laundering (AML) regulations
Panama Papers and other major scandals, including the illicit funding of certain terrorist actions, brought money laundering issues firmly into the spotlight. Many governments have been stirred to action to create stronger measures meant to prevent the illegal funding of criminal or terrorist enterprises. This resulted in the 5th Money Laundering Directive (5MLD) in the European Union, which took effect in January 2020. 5MLD impacts organisations most directly in how they handle their know-your-customer (KYC) processes.
In the run-up to the 5MLD, there was increased attention on high-risk countries. Clients or transactions engaged in high-risk countries are now subject to enhanced due diligence when performing onboarding checks. Compliance teams need to ensure KYC is not a simple “tick box” exercise during the onboarding phase, and ongoing monitoring processes need to be implemented to manage changes throughout the customer lifecycle.
5MLD requires enhanced due diligence when dealing with high-risk countries. In addition to obtaining evidence of the source of funds and wealth, information on beneficial ownership and background to the intended transaction must also be recorded. The EU may also designate a ‘blacklist’ of high-risk countries for money laundering.
2. Conflicts of interest
Risks related to conflicts of interest are significant at every company level. Starting with the board of directors, an effective board must be transparent about potential conflict issues and address them ongoing. Board decisions that suffer from actual conflicts can risk the board’s adherence to its duties and create real legal risks. Even the appearance of a conflict can raise real issues, and transparency becomes even more important in these contexts.
Most major organisations – and their compliance officers – see outside business activities as a risk. This same level of risk can undermine the integrity of senior management. When senior executives fail to address real and significant conflicts, the integrity and overall leadership trust factor can deteriorate. A compliance executive must be willing to take on these issues, even when it is difficult to confront senior executives. Conflicts and adequate disclosure remain problematic within the private equity (PE) industry. In recent years regulators have made examinations of PE firms and their complex structures top priorities.
3. Innovation driving new demands
New innovations provide increased efficiency in compliance processes, which is a major plus for organisations. Always a double-edged sword, however, technology also creates more issues in data security, not to mention the training and expertise required to master it.
For many ‘non-tech’ professionals such as compliance officers, rapidly changing technology can be a concern, as the importance and integration of technology into the compliance suite continue to evolve. Compliance officers may not need to become technology experts, but they do need to ensure that tech-related risks are addressed within their firm’s framework. Compliance must be aware of rules and regulations from every jurisdiction with authority over the firm’s activities. This is another area where partnering with an outside firm that provides training and technology resources can be a major advantage.
4. Regulatory and political change
Recent years have seen a flurry of new governmental bodies and jurisdictions regulations, from the General Data Protection Regulation (GDPR) act to the 5MLD. The GDPR, for example, has extraterritorial reach. It also serves as a model for possible future regulations in the critical area of data privacy and cybersecurity.
In Europe, Brexit creates real uncertainty for the UK’s regulators and the industries that they regulate. But Brexit also impacts EU member states and any organisations doing business within or through the UK. The impact is far-reaching, and regulators face major challenges in responding to profound changes in policy, the legislative framework and the wider economic context.
Politics in the United States and other nations have also seen similar dramatic shifts in governmental control and resultant effects in policy, which can impact regulatory laws and how they are implemented and enforced worldwide. One thing is certain – investigations and legal actions based on violations of the Foreign Corrupt Practices Act (FCPA) continue to increase, and organisations must remain diligent in conducting risk assessments and implementing control measures to remain in compliance.
5. Personal liability
One area of concern sure to grab the attention of any compliance officer is the issue of personal liability. Many compliance professionals are aware of this, as a recent Thomson-Reuters survey found that 60% of them expect personal liability to increase. Recent news stories have reported criminal convictions, some leading to prison sentences, of executives, “middlemen”, and other individuals involved in various scandals. Compliance officers should take heed, as their responsibilities to their company can also extend to their own professional conduct being placed under a microscope.
New initiatives underline this reality, such as the Senior Managers and Certification Regime (SCMR) in Europe. It focuses on firms’ senior managers and individual responsibility and extends to all Financial Conduct Authority (FCA) solo-regulated financial services firms. The FCA itself has been increasing enforcement notices against individuals. We can expect an increase in these types of measures, and they will apply to industries beyond those in the financial sector.
6. Ethics and integrity
Today’s business landscape brings an increased emphasis on the culture of an organisation, with an eye toward ethical practices and principles. With growing scrutiny from both regulators and stakeholders, the pressure is on compliance professionals and their superiors to take broader responsibility for policies, procedures and controls to create a truly ethical business.
The Cambridge Analytica scandal is a notable example of how data misuse has a serious brand and societal implications, on top of legal and compliance penalties. The public outrage was so intense that governments were forced to act, calling on Facebook and other involved parties to testify and explain themselves. The market’s reaction was also punishing, with more than $100 billion knocked off Facebook’s share price in days while Cambridge Analytica went out of business.
In conclusion, AML regulations, conflicts of interest, innovation driving new demands, regulatory and political change, personal liability, and ethics and integrity issues are among the biggest challenges facing today’s compliance professionals. This is the time to address solutions. There is expert help and a wealth of resources available, with no better time to leverage them than the present.
Let us know if you would like to learn more.
If you have any further questions or interest in implementing compliance solutions, please contact us.
