EXECUTIVE SUMMARY
It is vital that CCOs and compliance teams are aware of what may be coming down the road. Your firm’s success depends on how quickly you’re able to spot risk and handle uncertainty. Compliance leaders must keep an eye on emerging regulations and pay close attention to how the compliance landscape is changing.
In a time of increased uncertainty, it is more important than ever for CCOs to be proactive and innovative with their compliance strategies.
This 2021 edition of ComplySci’s CCO Playbook is intended to help CCOs and other compliance leaders better understand the current regulatory environment. In this year’s report, we review the events and changes that shaped and impacted the industry over the past year, one of the most complex in recent memory.
This playbook looks at the regulatory activity that took place in 2020, as well as the most pressing challenges of 2021, and the strategies you can use to overcome them.
At ComplySci, we are proud to work closely with thousands of organisations across the globe. We are committed to providing solutions designed to make CCOs’ jobs more manageable, and to help firms get – and remain – in compliance with a complex web of rules.
Thanks for downloading the 2021 CCO Playbook. We hope the insights and information it contains is useful for your firm.
REGULATORY ACTIVITY IN 2020
Charles Randell, Chair of the FCA and PSR, stated in a speech delivered to the Finance and Leasing Association in 2021 April: “The pandemic exposed some stark truths: that we have too much debt, that we don’t save enough, and that when people do save, they are too often persuaded to buy unsuitable investments…The financial conduct regulator we need for the recovery is one that fundamentally changes this picture.”
The FCA alone regulates over 59,000 firms and nearly 150,000 approved persons in the UK. As the FCA continues to grow and adapts to the new financial landscape in the wake of the COVID-19, it is important to look back at significant developments in regulatory compliance over the past year. These events can help us anticipate future changes to regulatory activity and legislation.
In 2020, the FCA levied fines of over £192m against UK Financial Services firms. This is a drop from 2019, where £390m worth of fines were handed out. However, compared to 2018, where only £60m worth of fines were levied, the FCA was still actively pursuing and fining firms and individuals for infringements throughout 2020.
Financial service organisations should respond to the current approach of regulators with tangible and purposeful action. Namely, firms should seek to improve their culture of compliance and continue to find robust methods of recording data.
In addition to focusing on the post-Brexit and post-pandemic transition, every financial services firm should consider the FCA’s cross-sector priorities:
- Operational resilience.
- Financial crime.
- Demographic change.
- Organisational culture.
- Fair treatment of customers.
- Innovation and data management.
High on the agenda for both UK and European Regulators are the cultural elements of compliance. As a result, adhering to ethical principles and having a disciplined approach to the cultural aspects of compliance should continue to be a priority for all financial services sectors, including General Insurance, Retail Banking, and Wholesale Markets.
Some of the most high profile fines given out by the FCA in 2020 concerned the unfair treatment of customers and a failure to be open and co-operative. UK and European firms can prevent such action taking place by implementing modern and considerate compliance practices.
In every division of each firm, there should be a willingness and an ability to engage with the functions of compliance. This will enable the protection of data, assets, and customers, and allow firms to avoid fines for breaches of Business Principles, Supervision, and Money Laundering Regulations.
In addition to adhering to the Principles for Business, firms also need to ensure they have taken steps to address the unique compliance circumstances that have emerged as a result of the pandemic.
We encourage you to check the FCA’s main website for a comprehensive overview of regulatory activities.
CCO’S CONTINUE TO FACE NEW CHALLENGES AS ROLE RESPONSIBILITIES EXPAND
What kind of challenges await CCOs and their teams in 2021? Whatever your priorities or the size of your compliance department, you are bound to experience disruption.
In our work with CCOs and their teams, we have found that they’re able to show resilience and adaptability when they know the kind of regulatory challenges they will be facing.
KPMG’S TOP TEN REGULATORY CHALLENGES FOR 2021
As in years past, audit, tax, and advisory services provider KPMG has created a list of what it considers the top ten regulatory issues for compliance professionals.
In this CCO Playbook, we provide an overview of the Ten Key Regulatory Challenges of 2021, but we encourage CCOs to delve into KPMG’s full analysis.
CHANGE MANAGEMENT
Volatility experienced throughout 2020 is likely to continue well into 2021, forcing financial services companies to demonstrate agility in their change management processes. Changes in response to COVID-19 will be short-lived, but financial services companies will need to show steps towards effectively identifying and mitigating risks associated with transitions brought about by the pandemic.
CREDIT RISK AND LIBOR CHANGE
The pandemic has continued to be a major topic in credit risk discussions. The consequent uncertainty will keep a sharp focus on credit risk management processes throughout 2021. And with the expected phased discontinuation of LIBOR between end of 2021 to mid-June 2023, focus will also increase for institutions with significant LIBOR exposure or less-developed processes.
CLIMATE AND ESG
Regulators are in the early stages of understanding, monitoring, and measuring ESG risks, but the momentum to account for ESG issues is significant. For 2021, regulatory focus is centered on climate change. Individual companies have begun to publicly announce their commitment to ESG policies across their investment strategies, due diligence, and risk processes, while actively encouraging others to follow suit.
CORE RISK MANAGEMENT
The role of core risk management continues to evolve and is coming under increasing regulatory focus. Common challenges include moving to data-driven assessments. In 2021, there should also be a move to establish risk frameworks that are resilient, adaptable, and address areas of emerging regulatory focus.
OPERATIONAL RESILIENCY AND CYBERSECURITY
As in years past, operational resiliency is once again on KPMG’s top ten list. Last year demonstrated the need to understand and plan for the possibility of multiple converging events and their potential impacts on operational resiliency.
In the current environment, there will be challenges around establishing accountability for resilience, increased regulatory interest, and the return to work. Further hurdles to overcome include the calibration of impact tolerances, service management and execution, and tooling and data requirements.
COMPLIANCE RISK
The disruptions from 2020 resulted in an almost untenable pace of change to operations and risk within compliance departments, which will continue well into 2021.
So far, the most significant challenges include redeployment of resources, reprioritisation of compliance activities, rapid roll-out of complex government stimulus programs, and providing new or additional communications and training. There will also be an emphasis on monitoring/data analysis sufficient to maintain compliance amid new expectations.
FRAUD AND FINANCIAL CRIMES
Financial institutions face challenges to enhance financial crimes prevention and detection capabilities while meeting their obligations to provide information to regulators. Among others, there will be regulatory pressures around exposure to COVID-19 related frauds, adapting to Cryptoassets, and the deployment of advanced technology.
CONSUMER/INVESTOR PROTECTIONS
Similar to the immediate aftermath of the 2008 financial crisis, firms should expect intense scrutiny from regulators regarding their treatment of customers throughout 2020 and 2021. Regulatory pressures will create challenges in areas of investor protections, anti-bias and fairness, and data privacy.
PAYMENTS
Financial institutions face challenges in the payments industry due to increasing competition and shifting partnerships of FinTechs, non-banks, and some of the country’s largest retailers. Regulatory pressures in 2021 will focus on inclusion and access, resilience during COVID-19, and speed of compliance.
EXPANDED REGULATORY AUTHORITY
In 2021, financial services companies may face increased challenges as a result of federal and state regulatory divergence. Firms will also have to adapt to the expansion of regulatory authority to new areas such as artificial intelligence and ESG issues.
INDUSTRY LEADERS SHARE STRATEGIES TO HELP YOU ADDRESS CHALLENGES HEAD-ON
Compliance leaders face challenges every day. While risks like insider trading and conflicts of interest are nothing new, changing technologies mean you need to be vigilant and adapt your policies and procedures to prevent, detect, and correct both new problems and familiar risks coming from unexpected sources.
Compounding those challenges is the fact that you face uncertainty from every direction. Knowing what the regulators expect from you and your firm isn’t always easy to discern, and those expectations can change over time. You are also faced with internal uncertainties related to budgets and staffing.
We spoke to a number of compliance leaders about their take on the state of the industry today, and what best practices you should follow to ensure you address today’s challenges head-on.
DAN RIDLER, MANAGING DIRECTOR, BCS CONSULTING ON BUILDING AN SM&CR OPERATING MODEL
As a consultant, Dan Ridler knows all too well the mistakes teams make when it comes to SM&CR compliance. Based on his extensive experience of supporting firms with SM&CR across all sectors, he has observed a clear correlation between those that are best prepared for all aspects of SM&CR and the time and effort they allocated to designing and mobilising an effective BAU operating model to support the completion of the final implementation activities.
This enables firms to manage unforeseen changes to in-scope populations, allows time for processes and tools to be refined and embedded, and gives BAU teams time to develop hands-on experience of their new responsibilities, thereby increasing the likelihood of ongoing compliance with the rules. Unfortunately, Dan sees that many firms have overlooked this.
As Dan explains, “The volume of operating model change, including processes, systems, controls, and management information, must not be underestimated. Instead, it must be prioritised and urgently progressed, learning lessons from the banks that have already implemented the required changes wherever possible. Allocating Senior Manager roles and accountabilities is just the tip of the SM&CR iceberg.”
KELLY PETTIT, CHIEF COMPLIANCE OFFICER, GENERAL ATLANTIC ON SOCIAL MEDIA MONITORING
Over the past few months, the media has been fascinated with GameStop’s miraculous rise driven by r/WallStreetBets, and the story has raised questions around regulatory, compliance, and ethical issues related to employee outside activities.
One of the most prominent voices in the Reddit Rally, Keith Gill aka Roaring Kitty, was a licensed securities broker registered with FINRA. Mr. Gill’s Roaring Kitty former employer, MassMutual, has told securities regulators in Massachusetts that it was unaware that Mr. Gill had spent more than a year posting about GameStop on YouTube, Reddit, and other online forums.
As a Compliance Officer, how do you balance your firm’s regulatory obligations with employee personal privacy boundaries? How do you manage the constantly evolving landscape of social media and communication platforms?
This is a question that keeps Pettit up at night. She acknowledges that the line between personal and business is blurred, and while “business is done through apps that are technically impossible or difficult to monitor,” Pettit recommends to still create an acceptable-use policy. “We have to continuously train, monitor, test, remind and train. We are not blind to the fact that it might happen, but we try to minimise business usage and ensure we still retain the records that we are required to retain,” Pettit says.
DAVID BECKER, CHIEF TECHNOLOGY OFFICER, CFI PARTNERS ON AUTOMATION
Building a compliance program has never been a simple task. However, there is now an unprecedented opportunity to leverage technology to succeed.
Becker believes that RegTech solutions can help leverage a team’s resources, especially those with compliance leaders managing multiple responsibilities. To put it plainly, if you’re not taking advantage of RegTech, you’re not setting your compliance program up for success.
Becker explains, “Implementing tech has made our process more efficient. Rather than spend a lot of time on the necessary administrative tasks we need to show regulators we’re completing, I can build workflows within solutions such as ComplySci, to automate many tasks and instead focus on other initiatives to help our small firm grow.”
However, a big mistake compliance officers often make is implementing tech once and forgetting about it. Becker stresses that success is contingent upon compliance teams continually adopting tech and taking advantage of product updates, enhancements, and new features from vendors to ensure processes don’t become stale or outdated.
“If you want to grow and scale up your business, there’s no question: You have to use technology,” Becker says.
DAVID COWLAND, FORMER HEAD OF COMPLIANCE OPERATIONS, FIDELITY INTERNATIONAL ON CHANGE LEADERSHIP
Today’s compliance teams are experiencing rapid change. Not only are we living in a time of fast-moving technological innovation and evolving legislation, but the global COVID-19 pandemic has resulted in a dramatic shift in daily life for many professionals. We have all been pushed outside of our comfort zones. Now more than ever, financial firms need to adjust their compliance risk management practices to adequately respond to changes that include a more competitive and expanding marketplace, added regulatory requirements, and an increasingly remote workforce.
Cowland suggests reframing the role of compliance. He explains, “Compliance needs to be multi-disciplinary. Teams must be more well-rounded with individuals that have specific operational, technological, and analytical skills and an experienced CCO on top, overseeing the team and building insight based on the data collected.”
Cowland acknowledges the cultural norms in place that make change difficult. For many firms, the hardest part about change is the human aspect. “Onboarding new technology is not that complicated, but the biggest challenge is shifting the cultural mindset of an organisation. Every company needs change leaders to pave the way.”
Whether changes are temporary or permanent, Cowland believes that compliance officers will succeed when they embed change within the workplace culture from the inside out.
MURRAY MARKOWITZ, CHIEF COMPLIANCE OFFICER, KROLL BOND RATING AGENCY ON DATA MANAGEMENT
Technological advances have meant that organisations find themselves able to gather more data about their operations than ever before. In turn, regulators are acknowledging the integral role of accurate and meaningful data in operating an adequate compliance program.
As firms improve their use of data analysis to monitor the adequacy of compliance risk management programs, regulators all over the world are trying to keep pace by updating guidance and supervisory strategies.
Markowitz states, “Firms need to make sure not only that the information they get is complete, but that it is used in a meaningful way. In other words, brute force data analysis on its own is not enough; good compliance risk management requires subject matter expertise coupled with good judgment to distinguish the signal from the noise in all those data.”
Some suggestions, according to Markowitz, are ensuring that compliance has access to all information relevant to effectively manage compliance risk, providing compliance with relevant information technology/data analytics skills, utilising data analytics in monitoring/auditing, creating automated dashboards/reports for monitoring compliance, leveraging technology to provide for the delivery of effective compliance and ethics training and utilising technology to facilitate risk assessment process.
Today’s CCOs need to understand data, or at the very least, hire people with data management skills. “Comprehensive recordkeeping of compliance monitoring and verification procedures are essential to provide regulators and investigators a clear indication that a strong culture of compliance has been established within the organisation,” Markowitz says.
A Control Room function empowers associates within a firm to participate in building a culture of compliance by proactively informing compliance teams of potential conflicts. By streamlining this process with automated workflows, more people at the firm are likely to come on board, knowing that the process is both efficient and secure.
NICK TASSELL, HEAD OF COMPLIANCE, MONTAGU PRIVATE EQUITY ON TAKING CONTROL OF CONFLICTS
Managing the flow of sensitive information is a crucial step in preventing potential instances of market abuse, insider trading, and other conflicts of interest. To do this, however, requires the analysis of an ever-growing amount of data, which can be challenging without the right tools, processes, and procedures in place.
Tassell, Head of Compliance at Montagu Private Equity, explains that firms of all sizes should implement conflict management procedures to proactively identify risks and ensure compliance. “While the largest banks may have separate dedicated teams called Control Room, whose main role is to focus on information barriers, conflict management, and market abuse,” he says, “many of these same considerations are going to be relevant to firms of all types and sizes.”
CONCLUSIONS
Across all industries, 2020 was a disruptive year. Firms have had to adapt in creative ways, and regulators, too, have had to think of new ways to operate and new areas to investigate.
In the future, CCOs must ensure that they are paying attention to every significant change. By staying informed, you can revise your methodologies, policies, procedures, and controls at short notice, based on the needs of the moment.
With the increased uncertainty, it is vital that you get the fundamentals right. By leveraging the power of compliance technology, you can turn challenges into moments of growth and enable your compliance team to progress successfully into the future.
Use this CCO Playbook as a resource. It will help to keep you informed and give you access to key resources. As a result, you should be able to simplify the complex movements within the industry and direct your maximum focus on improving your firm’s compliance efforts.
In a time of increased uncertainty, it is more important than ever for CCOs to be proactive and innovative with their compliance strategies.
Read this Guide to learn:
- Key takeaways from regulatory activity in 2020
- Regulatory challenges for 2021
- Strategies to help you succeed, as told by industry experts from world-renowned organisations like Fidelity International, General Atlantic, and KBRA
- The right technology tools to help mitigate risks and increase the compliance department’s effectiveness