Compliance refers to ensuring that a company’s practices are well in line with the current legal and financial regulations. These can include federal, state, and international law. Remaining compliant might also mean upgrading or updating old hardware and software to ensure efficiency.
Compliance has to be ensured with a company’s own rules and regulations for best practices. This ensures that investors are protected, markets are fair, and practices are legal and transparent. It also prevents instances of financial crime and overall risk, thereby reducing fines and legal penalties to the company.
There was a time when this role was resigned to a few employees working through Microsoft Excel. However, modern regulations are now much stricter than before. Financial crime and noncompliance can be detected much more easily than before. Hence, software has had to take over. Over time, the software has become more complex and automated several processes for efficiency. It’s safe to say the software will have a far-reaching impact on the financial sector.
What Is the Role of Compliance?
The compliance department of any organization focuses on five key areas: identification, prevention, monitoring and detection, resolution and advisory. These five areas ensure that up-to-date regulations are being followed by the organization and noncompliant action is avoided.
This involves implementing controls to protect the organization from the risks that it faces. Compliance departments also monitor and report the effectiveness of the controls put in place so they can be optimized. Any compliance issues that arise during certain processes and workflows are resolved based on the laws in the books.
A team of compliance officers have a duty to uphold the legal and financial regulations that have been imposed. These can be issued by the state, the government, any private regulatory body, or an organization itself. The compliance officers make sure that the employees and administration are aware of these compliance regulations. They also measure the risk that the organization faces if they don’t adhere to these regulations. Compliance officers can range from industry professionals to general counsels.
Key Concerns in Compliance Program Design
The major concerns in designing a compliance program can be divided into three groups.
To ensure that an organization never steps out of line, it needs to identify its compliance obligations. It should also identify the impact that noncompliance will have on its activities, products and services. These obligations should be taken by the organization for improving its compliance management.
Sources of Compliance Regulations
This is one area of concern that doesn’t have an easy answer. It’s hard to get all the regulations under one umbrella...it’s even harder to track sources if there isn’t a private or government body that’s specific to an industry. Examples of these sources can come from other large companies or companies of a similar size. They can also come through the extrapolation of laws in adjacent countries. Memberships of professional groups and relevant regulators can also help.
The Cost of Noncompliance
A study by Ponemon and Globalscape reveals that noncompliance can cost a company 2.7 times more than the cost of complying. It estimates that for compliance, the average software and hardware costs for an organization can rise to $5.47 million. However, the average cost of noncompliance can rise to $14.82 million. Yikes!
The study showed that the average cost of compliance has risen by 43% since 2011. However, it also showed that the cost of noncompliance has risen by 45%, and the range of fees for noncompliance could range from $2.2 million to $39.2 million.
How is Compliance Software Changing?
According to Jochen Leidner, Director of Research at Thomson Reuters, the future will bring a broader availability of conversation agents meaning there will be more of a possibility for human beings to deal with machines in compliance. He also predicts that computers will improve at assessing the credibility of content. This is particularly important when confronting fake news scandals, and on a personal level, phishing scams.
Other future developments will include advanced automatic risk detection and estimation of impact. Better end-user tools are also expected to improve speed and lower costs, which will free up business operations to focus on other areas of growth.
How Changes in Compliance Law Will Impact the Finance Industry
Thanks to major events over the last 15 years (including the Great Recession of 2008 and public manipulation during Brexit and the 2016 US presidential election), we’ve seen a greater need for increased regulation. And as a result, greater security measures, privacy measures, and financial regulations have been put in place. In fact, many regulations have been implemented to detect and prevent financial fraud, financial crime, and protect individual privacy fairly recently.
But with new regulations comes a need for regulatory change management software.
Payment Services Directive 2 (PSD2)
Under PSD2, banks in the European Union would have to comply with regulatory technical standards and strong customer authentication. The goal is to advance the cause of secure communication and banking within the European Union.
A new deadline of December 31, 2020, has been set to comply with these regulations. The compliance criteria include:
Strong Customer Authentication
Transaction Risk Analysis
Mobile App Security
Payment service providers have to adopt security measures to minimize the risk of mobile theft or compromised mobile devices. It also deems necessary the use of countermeasures for mobile app cloning (replication protection).
FINTRAC KYC Onboarding
Led by the Canadian government and the Digital Identity and Authentication Council of Canada, the Pan-Canadian Trust Framework prioritizes unique identification. The Financial Transactions and Reports Analysis Center (FINTRAC) published an update to the know your client (KYC) requirements for financial institutions.
This includes a person using a mobile device camera to take a selfie and authenticate their identity through facial recognition. The photo will be compared to the government issued ID. FINTRAC also supports live video interviews for banking.
Proceeds of Crime and Terrorist Financing Act
Amendments issued by FINTRAC in July 2019 will affect cryptocurrency exchanges, which are increasing in frequency every year. All crypto exchanges within Canada on June 1, 2020, and beyond have to be registered with FINTRAC. Crypto exchanges must be classified as money service businesses, according to FINTRAC.
The FTC is expected to announce changes to the Safeguards Rule and the Privacy Rule in 2020. This is to be done under the Gramm-Leach-Bliley Act. This requires financial institutions to explain their organization-sharing policies and practices to their customers. This will help to safeguard sensitive personal data and secure it.
California Consumer Privacy Act (CCPA)
Based on the GDPR, the CCPA introduces new privacy and secrecy rights for consumers. It will force companies conducting business within California to implement structural changes to their processes and practices. The law took effect on January 1, 2020. Any business holding information of more than 50,000 consumers, households, devices, and/or an annual gross revenue over $25 million has to comply.
The law also applies to companies that make more than 50% of their revenue through the sale of personal consumer information.
The rights allotted to consumers under the CCPA include the right to access, delete, and post personal information. They can do this twice within a 12-month period. Fines can range from $2,500 to $7,500 for violations. However, the real protection that the CCPA gives to consumers is the right to bring lawsuits. Each event can warrant a payment of $100 to $750. If the damages from the breach are greater than $750, the consumer can receive a larger amount.
FATF Guidance on Digital Identity
According to the Financial Action Task Force (FATF), by 2022, an estimated 60% of global GDP will come from digital transactions. As a result, the organization released its standards for end-to-end security of digital ID systems in March 2020. This includes identity proofing, enrollment and authentication. The effects of the guidance rules in place include:
- Better customer identification and verification during onboarding;
- Supporting ongoing scrutiny and due diligence of transactions through business relationships;
- Facilitation of customer due diligence measures;
- Aid transaction monitoring for the detection and reporting of suspicious transactions and other anti-fraud efforts.
How Regtech Will Transform the Banking Industry
The 3LOD governance system focuses on independent risk, compliance functions, internal audits, etc.
- The first LOD is the business, which is the revenue producer and risk taker.
- The second LOD is the independent risk and compliance functions within the financial institution. This includes the regulations that the organization has set for itself.
- The third LOD refers to the internal audit. However, it can also include credit review.
A survey conducted by the Operational Risk eXchange Association (ORX) in 2019 analyzed the top five risks according to respondents. These included digital disruption and disintermediation risk, information security, geopolitical and macroeconomic risk, compliance risk, and third-party risk.
Based on the survey, a few qualities emerged that need to be factored in when establishing operational resilience programs:
- An understanding of core mission-critical business services and processes;
- Development of impact categories and the establishment of realistic recovery metrics;
- The establishment of impact tolerances that were based on business strategies;
- The establishment of a framework for coordination and communication;
- Conducting scenario-based testing exercises.
Regtech’s Challenges Are Also Opportunities
While rapid tech advancements are a good thing in the long run, they also present challenges to banks and other financial organizations. Still, the opportunities these tech advancements create outweigh the temporary challenges—they’re a chance for big financial players to shift to better regtech capabilities.
The driving forces behind modernization come from three areas: emerging regtech, cost challenges from within, and continuous regulatory changes. And you can bet there will be ongoing changes!
Regtech will allow organizations to automate costly human functions and optimize routine functions. This will help to respond to changing regulatory demands more quickly and focus on high-order activities. As a result, companies will become more valuable to their customers.
The next three to five years are crucial for banks and financial businesses, as it’s an opportunity to adjust their focus to better analysis, automatic robotic processes, and better natural language processing. Artificial intelligence will also play a huge part in this endeavor and take over further operations within companies of all sizes and funding levels.
These sweeping changes within the finance industry will be brought as a result of the rapid advancement of technology. Both software and hardware, as well as new laws, will affect the industry as a whole.
Is your business ready to adapt to these changes? In addition to studying the advancements and understanding how to navigate them, a solid first step is to invest in technology that will make your operation more nimble and efficient while eliminating human errors. This will free up your staff to focus on creating more value and driving customer relationships that are built to last.
Automated bookkeeping can help in these efforts. Click below to get started with a custom demonstration on how Botkeeper can help your business.