March 26, 2021

The future of compliance and policy management

It's safe to say compliance is almost unrecognisable from what it used to be just over a decade ago.

Where, before 2008, it was often tacked on to other departments — typically legal — and treated as an afterthought, the fallout of the financial crisis has reshaped it into a critical business function.

Today, compliance is a discipline in its own right, with a seat at the senior management table.

But its evolution is far from complete.

Between US and UK regulators' push to embed compliance into regulated firms' DNA and the challenges brought about by major disruptive events like Brexit and the Covid-19 pandemic, it's looking like the 2020s will be a turbulent decade.

In our latest webinar, The future of compliance and policy management, Fenergo's global director of financial crime, Rachel Woolley, sat down with our founder and CEO, Evgeny Likhoded, and two other industry experts to discuss the biggest compliance challenges and opportunities that lie ahead.

Here's what we learned.

Compliance's quantum leap

"When US and UK regulators talk about making compliance part of a firm's DNA," says Roostify's senior director of regulatory compliance Doreen Ghusar, "it means proactively enacting and addressing changes as they take place...

"Firms must develop and maintain a sound compliance management system that is integrated into their overall risk management approach... So, ultimately compliance should be weaved into the daily routine..."

This is a radical departure from the way firms have traditionally approached compliance.

"In every institution," says Likhoded, "compliance is mostly enforced through technical or operational controls which are then tested... but what we're seeing from regulators is that compliance needs to be more dynamic..."

The US Department of Justice has explained this as an expectation that firms should be able to show their compliance programme is effective in practice. Similarly, the UK's Serious Fraud Office has stressed compliance programmes need to be demonstrably effective, and not simply a "paper exercise."

"I don't use this term lightly," concludes Volkov Law Group CEO Michael Volkov, "but this is far and away the biggest revolution in corporate governance that's ever occurred. Compliance can't be just a set of rules. It must be demonstrated in the activity of every individual, every day."

It's time to get proactive

Needless to say, meeting these expectations requires deep cultural change.

"It can no longer be about having yearly training which people go through and forget immediately the next day," says Likhoded. Rather, firms must strive to "...change the behaviour of people by nudging or asking them questions around compliance on a regular basis..."

More importantly, compliance teams can't keep firefighting. They must find a way to take the bull by the horns so they can monitor the bigger picture and plan ahead.

"We need to start looking at our compliance management system and how a firm or institution learns about its compliance responsibilities," says Ghusar.

"An effective compliance programme comprises three independent elements: oversight, management, and audit... it's only when all of these elements are strong and working together that an institution can successfully manage compliance."

RegTech as an enabler

The growing pressure on regulated firms to embed compliance into their day-to-day activities — and prove to regulators that this is actually happening — has been a boon for regtech.

In Fintech, Regtech and the Role of Compliance in 2021, Thomson Reuters reported record investment and confidence in technology. The top reasons respondents gave for turning to tech included:

  • Better compliance monitoring

  • Capturing regulatory change more efficiently

  • Developing metrics to measure culture and conduct risk

Volkov thinks this is extremely positive.

"I think technology is the key to a real change in mindset in the compliance profession... to proactive management. It allows you to identify potential problems much earlier than waiting for someone to speak up and then having to do an audit..."

More to the point, though, technology can ease compliance teams' increasingly heavy workload. With the right system in place, compliance teams are empowered and can use their resources more effectively. Plus, it's good for morale.

"I tell people: put in a third party risk management program. Put in a policy management program," says Volkov. "You'll be happier for it. Technology... helps you manage your risks better."

"I think people underestimate how much happier they are when they have to do less admin work," continues Likhoded. "And compliance is a lot about admin work."

"Compliance technology makes things much easier, because it can meet so many needs," concludes Ghusar. "You can stay up to date with standards and regulatory requirements, track changes as they come through and how to implement them, disseminate, run reports... That's really beneficial to our work because throwing bodies at it is sometimes very challenging."

Picking the right technology is more important than ever

If technology can already deliver huge benefits when it comes to staying compliant, those rewards can only become greater moving forward.

"I've been with companies where we have to make a presentation to the prosecutors or the regulators," says Volkov. "Trust me they're a pretty sophisticated audience and you can't pull one over on them. They're going to ask you very pressing questions."

Having the right technology in place means you are able to present cold, hard evidence regulators can't argue with.

More importantly, with more and more regulation and what Volkov predicts will be "an enforcement storm" on the horizon, technology is a sound investment in the future.

"I think people may underestimate how quickly technology can change the landscape of what is possible," says Likhoded.

"We're seeing regulators being very aggressive now digitising regulatory updates. There's technology that's already prepared for that.... so by implementing it now you're staying at the forefront before the regulators actually start using technology that will uncover your deficiencies..."

"It's almost an oxymoron," concludes Volkov, "but I think there are exciting times ahead for compliance.

"Compliance teams are going to play a bigger and bigger role in enterprise risk management moving forward. And technology, ultimately, is going to make compliance in general more efficient and better able to prioritise risks."

Want to learn more about what's in store for compliance in the coming decade and what should regulated firms do to get ready so they can seize new opportunities this changing landscape will bring?

Watch our webinar The future of compliance and policy management for the full picture