LONDON/NEW YORK(Thomson Reuters Regulatory Intelligence) - Thomson Reuters has carried out its annual survey on the cost of compliance and the challenges financial services firms expect to face in the year ahead.
The survey is now in its ninth year and generated responses from more than 800 senior compliance practitioners worldwide, representing global systemically important financial institutions (G-SIFIs), banks, insurers, broker-dealers and asset managers. As with all previous years, the report builds on annual surveys of similar respondents and, where relevant, highlights year-on-year and regional trends.
Compliance practitioners were asked to explain what they thought would be their greatest challenge in the year ahead. The top five identified for 2018 were:
- Continuing regulatory change.
- Data privacy and the General Data Protection Regulation (GDPR).
- Enhanced monitoring and reporting requirements.
- Greater regulatory scrutiny.
- Implementation of regulatory change.
There is a fair degree of consistency with the challenges identified in 2017, with the notable exception of the inclusion of data privacy and GDPR for 2018.
The sheer breadth of challenges compliance officers expect to encounter in the coming year illustrates, once again, the need for senior compliance staff to be polymaths. The theme of “coping” is something many respondents highlighted. Coping with regulatory change, coping with data privacy and GDPR and coping with enhanced monitoring and reporting requirements, all while also coping with potentially limited skilled sources, is likely to make 2018 another very busy year for compliance practitioners.
Specific areas of regulation which pose the greatest challenge for the coming year were highlighted as:
- Fourth Money Laundering Directive (4MLD).
- Countering America’s Adversaries Through Sanctions Act (CAATSA).
- Common Reporting Standard (CRS).
- U.S. Fiduciary Rule.
- EU General Data Protection Regulation (GDPR).
- U.S. Home Mortgage Disclosure Act (HMDA).
- EU Insurance Distribution Directive (IDD).
- International Financial Reporting Standard 9 (IFRS 9).
- EU Markets in Financial Instruments Directive II (MiFID II).
- EU Packaged Retail and Insurance-Based Investment Products (PRIIPs) Regulation.
- Revised EU Payment Services Directive (PSD2).
- Sapin II (France).
- U.S. Sarbanes-Oxley Act.
- UK Senior Managers and Certification Regime (SMR).
- Suspicious transaction and order reports (under the EU Market Abuse Regulation (MAR)).
Compliance practitioners were also asked to explain the board’s greatest challenges in the year ahead. The top five for 2018 were identified as:
- Continuing regulatory change.
- Enhanced supervisory scrutiny.
- Data privacy and GDPR.
- Cyber security.
- Balancing compliance and commercial demands.
In line with the compliance challenges identified, there is a fair degree of consistency with the challenges highlighted in 2017, with the notable exception, here too, of the 2018 inclusion of data privacy and GDPR. If compliance challenges were characterised by the need to “cope”, the challenges for the board were dominated by the need to “understand” the risk and compliance implications of the regulatory year ahead.
The worldwide focus on the need to eradicate misconduct in financial services is behind much of the current regulatory approach. The Financial Stability Board (FSB)’s toolkit on misconduct is a landmark document and sets the international regulatory agenda on the suggested approach to, and sanctions for, misconduct in financial services firms. This will keep the spotlight on the need to manage all regulatory risks and has been the underlying reason for jurisdictions implementing, or planning to implement, accountability regimes for senior managers.
Compliance officers have recognised that personal liability is, and will remain, high. The underlying thread of compliance officers needing to “cope” with the challenges expected in the year ahead is set against that backdrop. Compliance may well take the lead in determining how best to manage the increasing personal accountability.
There are several benefits for compliance officers thinking through how to best manage their own personal regulatory risk. Most obvious is that they themselves stay out of regulatory trouble. Other benefits include being able to advise other senior managers on the likely best practices associated with managing personal regulatory risk, and once their own risk is appropriately managed they will be able to devote more attention back to the day job of firm compliance.
Compliance officers expressed their potential concern about the board’s overarching “understanding” of compliance challenges. Board members are not expected to be experts in everything, but they do need sufficient knowledge and an appropriate range of skills to understand the issues, be able to set an appropriate risk appetite, drive a strong compliant culture and understand and challenge all risk and compliance reports, as well as engage appropriately with regulators.
One way firms could tackle any potential lack of individual or collective understanding is through training. For boards, a strong and effective suite of training needs to be tailored to the audience. Given the seniority and diversity of experience at board level, bespoke training tends to be used with regular, often face-to-face, bite-sized updates to accommodate busy schedules. It is critical that all training is captured and recorded, with any absences from training course(s) followed up and completed in a timely manner. Specifically, individuals (senior or otherwise) must use training as a way to manage personal regulatory risks.
To download the full report click (here).
(Stacey English is head of regulatory intelligence and Susannah Hammond is senior intelligence expert at Thomson Reuters Regulatory Intelligence.)
This article was produced by Thomson Reuters Regulatory Intelligence and initially posted on July 4. Regulatory Intelligence provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Regulatory Intelligence compliance news on Twitter: @thomsonreuters