11 min read

How Changing Compliance Software Will Impact Finance in the Future

May 15, 2020 1:30:00 PM

Compliance refers to ensuring that a company’s practices are well in line with the current legal and financial regulations. These can include federal, state, and international law. Remaining compliant might also mean upgrading or updating old hardware and software to ensure efficiency.

Compliance has to be ensured with a company’s own rules and regulations for best practices. This ensures that investors are protected, markets are fair, and practices are legal and transparent. It also prevents instances of financial crime and overall risk, thereby reducing fines and legal penalties to the company.

There was a time when this role was resigned to a few employees working through Microsoft Excel. However, modern regulations are now much stricter than before. Financial crime and noncompliance can be detected much more easily than before. Hence, software has had to take over. Over time, the software has become more complex and automated several processes for efficiency. It’s safe to say the software will have a far-reaching impact on the financial sector.


 

What Is the Role of Compliance?

The compliance department of any organization focuses on five key areas: identification, prevention, monitoring and detection, resolution and advisory. These five areas ensure that up-to-date regulations are being followed by the organization and noncompliant action is avoided.

The role of compliance is to prevent fraud and theft | Botkeeper

This involves implementing controls to protect the organization from the risks that it faces. Compliance departments also monitor and report the effectiveness of the controls put in place so they can be optimized. Any compliance issues that arise during certain processes and workflows are resolved based on the laws in the books.

A team of compliance officers have a duty to uphold the legal and financial regulations that have been imposed. These can be issued by the state, the government, any private regulatory body, or an organization itself. The compliance officers make sure that the employees and administration are aware of these compliance regulations. They also measure the risk that the organization faces if they don’t adhere to these regulations. Compliance officers can range from industry professionals to general counsels.

 

Key Concerns in Compliance Program Design

The major concerns in designing a compliance program can be divided into three groups.

Concerns within compliance design will include compiling regulations from all possible sources | Botkeeper

Benchmark Standards

The most commonly adopted standards in compliance include the ISO 19600:2014 Compliance Management Systems. ISO 19600 is an international standard that has been developed to improve alignment across international standards. This standard provides a framework to assist the implementation of any requirements related to compliance.
 

Ensuring Comprehensiveness

To ensure that an organization never steps out of line, it needs to identify its compliance obligations. It should also identify the impact that noncompliance will have on its activities, products and services. These obligations should be taken by the organization for improving its compliance management.

All of the obligations should be documented based on the organization’s size, structure, and complexity.
 

Sources of Compliance Regulations

This is one area of concern that doesn’t have an easy answer. It’s hard to get all the regulations under one umbrella...it’s even harder to track sources if there isn’t a private or government body that’s specific to an industry. Examples of these sources can come from other large companies or companies of a similar size. They can also come through the extrapolation of laws in adjacent countries. Memberships of professional groups and relevant regulators can also help.

 

The Cost of Noncompliance

Compliance will become an economic necessity for businesses | Botkeeper

A study by Ponemon and Globalscape reveals that noncompliance can cost a company 2.7 times more than the cost of complying. It estimates that for compliance, the average software and hardware costs for an organization can rise to $5.47 million. However, the average cost of noncompliance can rise to $14.82 million. Yikes!

The study showed that the average cost of compliance has risen by 43% since 2011. However, it also showed that the cost of noncompliance has risen by 45%, and the range of fees for noncompliance could range from $2.2 million to $39.2 million.

 

How is Compliance Software Changing?

Compliance software will greatly change how fast and efficient financial institutions are  | Botkeeper

According to Jochen Leidner, Director of Research at Thomson Reuters, the future will bring a broader availability of conversation agents meaning there will be more of a possibility for human beings to deal with machines in compliance. He also predicts that computers will improve at assessing the credibility of content. This is particularly important when confronting fake news scandals, and on a personal level, phishing scams.

Other future developments will include advanced automatic risk detection and estimation of impact. Better end-user tools are also expected to improve speed and lower costs, which will free up business operations to focus on other areas of growth.

 

How Changes in Compliance Law Will Impact the Finance Industry

Changes in compliance law are happening all over the world | Botkeeper

Thanks to major events over the last 15 years (including the Great Recession of 2008 and public manipulation during Brexit and the 2016 US presidential election), we’ve seen a greater need for increased regulation. And as a result, greater security measures, privacy measures, and financial regulations have been put in place. In fact, many regulations have been implemented to detect and prevent financial fraud, financial crime, and protect individual privacy fairly recently.

But with new regulations comes a need for regulatory change management software.

Here are some of the most significant compliance regulations that have been implemented over the last few years in the global financial industry.
 

Payment Services Directive 2 (PSD2)

Under PSD2, banks in the European Union would have to comply with regulatory technical standards and strong customer authentication. The goal is to advance the cause of secure communication and banking within the European Union.

A new deadline of December 31, 2020, has been set to comply with these regulations. The compliance criteria include:

Strong Customer Authentication

Two-factor authentication is required. This can include a combination of passwords, PINs, tokens, mobile devices, or biometric signatures.
 

Transaction Risk Analysis

PSD2 requires transaction risk analysis to help prevent fraudulent payments.
 

Dynamic Linking

Authentication codes have to be dynamically linked to the payee and the amount in the payment transactions.
 

Mobile App Security

Payment service providers have to adopt security measures to minimize the risk of mobile theft or compromised mobile devices. It also deems necessary the use of countermeasures for mobile app cloning (replication protection).


 

FINTRAC KYC Onboarding

Led by the Canadian government and the Digital Identity and Authentication Council of Canada, the Pan-Canadian Trust Framework prioritizes unique identification. The Financial Transactions and Reports Analysis Center (FINTRAC) published an update to the know your client (KYC) requirements for financial institutions.

This includes a person using a mobile device camera to take a selfie and authenticate their identity through facial recognition. The photo will be compared to the government issued ID. FINTRAC also supports live video interviews for banking.

Under FINTRAC’s KYC regulations, financial institutions will also be required to authenticate the name and image via the government ID.
 

Proceeds of Crime and Terrorist Financing Act

Amendments issued by FINTRAC in July 2019 will affect cryptocurrency exchanges, which are increasing in frequency every year. All crypto exchanges within Canada on June 1, 2020, and beyond have to be registered with FINTRAC. Crypto exchanges must be classified as money service businesses, according to FINTRAC.

Crypto exchanges will also be required to have a compliance officer and comply with KYC policies. This is to ensure that suspicious transactions are reported to FINTRAC and traced to their origin. (Crypto currencies have been the hub of illegal drug trafficking and money laundering in the past.)
 

Gramm-Leach-Bliley Act

The FTC is expected to announce changes to the Safeguards Rule and the Privacy Rule in 2020. This is to be done under the Gramm-Leach-Bliley Act. This requires financial institutions to explain their organization-sharing policies and practices to their customers. This will help to safeguard sensitive personal data and secure it.

This will apply to US banks and other financial institutions. Steps must also be taken to ensure that the affiliates and service providers will protect customer information.
 

California Consumer Privacy Act (CCPA)

Based on the GDPR, the CCPA introduces new privacy and secrecy rights for consumers. It will force companies conducting business within California to implement structural changes to their processes and practices. The law took effect on January 1, 2020. Any business holding information of more than 50,000 consumers, households, devices, and/or an annual gross revenue over $25 million has to comply.

The law also applies to companies that make more than 50% of their revenue through the sale of personal consumer information.

The rights allotted to consumers under the CCPA include the right to access, delete, and post personal information. They can do this twice within a 12-month period. Fines can range from $2,500 to $7,500 for violations. However, the real protection that the CCPA gives to consumers is the right to bring lawsuits. Each event can warrant a payment of $100 to $750. If the damages from the breach are greater than $750, the consumer can receive a larger amount.

 

FATF Guidance on Digital Identity

FATF is trying to improve the identification and authentication measures within FIs | Botkeeper

According to the Financial Action Task Force (FATF), by 2022, an estimated 60% of global GDP will come from digital transactions. As a result, the organization released its standards for end-to-end security of digital ID systems in March 2020. This includes identity proofing, enrollment and authentication. The effects of the guidance rules in place include:

  • Better customer identification and verification during onboarding;
  • Supporting ongoing scrutiny and due diligence of transactions through business relationships;
  • Facilitation of customer due diligence measures;
  • Aid transaction monitoring for the detection and reporting of suspicious transactions and other anti-fraud efforts.

 

How Regtech Will Transform the Banking Industry

Regtech will improve authentication within banking | Botkeeper

Regtech or regulatory technology will advance the improvement of compliance in the finance sector. As automation in tech advances throughout the world, compliance software will affect banks in a number of ways. This will give the banks a greater opportunity to examine their operating models and risk management responsibilities. The basis of this will be optimizing across the three lines of defense (3LOD).
 

3LOD

The 3LOD governance system focuses on independent risk, compliance functions, internal audits, etc.

  • The first LOD is the business, which is the revenue producer and risk taker.
  • The second LOD is the independent risk and compliance functions within the financial institution. This includes the regulations that the organization has set for itself.
  • The third LOD refers to the internal audit. However, it can also include credit review.
While the 3LOD system isn’t new, it can be enhanced. We suspect it will continue to change as new compliance issues and regulations arise.
 

Operational Resilience

A survey conducted by the Operational Risk eXchange Association (ORX) in 2019 analyzed the top five risks according to respondents. These included digital disruption and disintermediation risk, information security, geopolitical and macroeconomic risk, compliance risk, and third-party risk.

Based on the survey, a few qualities emerged that need to be factored in when establishing operational resilience programs:

  • An understanding of core mission-critical business services and processes;
  • Development of impact categories and the establishment of realistic recovery metrics;
  • The establishment of impact tolerances that were based on business strategies;
  • The establishment of a framework for coordination and communication;
  • Conducting scenario-based testing exercises.

 

Regtech’s Challenges Are Also Opportunities

While rapid tech advancements are a good thing in the long run, they also present challenges to banks and other financial organizations. Still, the opportunities these tech advancements create outweigh the temporary challenges—they’re a chance for big financial players to shift to better regtech capabilities.

The driving forces behind modernization come from three areas: emerging regtech, cost challenges from within, and continuous regulatory changes. And you can bet there will be ongoing changes!

Regtech will allow organizations to automate costly human functions and optimize routine functions. This will help to respond to changing regulatory demands more quickly and focus on high-order activities. As a result, companies will become more valuable to their customers.

The next three to five years are crucial for banks and financial businesses, as it’s an opportunity to adjust their focus to better analysis, automatic robotic processes, and better natural language processing. Artificial intelligence will also play a huge part in this endeavor and take over further operations within companies of all sizes and funding levels.

These sweeping changes within the finance industry will be brought as a result of the rapid advancement of technology. Both software and hardware, as well as new laws, will affect the industry as a whole.

Is your business ready to adapt to these changes? In addition to studying the advancements and understanding how to navigate them, a solid first step is to invest in technology that will make your operation more nimble and efficient while eliminating human errors. This will free up your staff to focus on creating more value and driving customer relationships that are built to last.

Automated bookkeeping can help in these efforts. Click below to get started with a custom demonstration on how Botkeeper can help your business.

 

GET STARTED NOW

 

Botkeeper

Written by Botkeeper

Featured