Challenges Compliance Officers Foresee In 2020

Thomson Reuters Regulatory Intelligence and Compliance Learning

This year’s survey was completed prior to the COVID-19 outbreak. The challenges for 2020 raised in the survey may now have been superseded by the challenges that arise from the pandemic, but they remain underlying issues. The specific implications of COVID-19 and related challenges compliance teams will have to face are covered later in this report. It is worth reporting the results of the survey reflect industry opinion during a business-as-usual environment.

The top challenges in 2020 were:

1. Keeping up with regulatory change.

2. Budget and resource allocation.

3. Data protection (privacy, internal governance, GDPR).

4. Embedding regulatory change.

5. Instilling a culture of compliance.

The greatest compliance challenge(s) I expect to face in 2020 is/are…

Source: Thomson Reuters Regulatory Intelligence – Cost of Compliance: New decade, new challenges, by Susannah Hammond and Mike Cowan

As in 2019, regulatory change features heavily as a challenge for 2020. The survey reflects the continued changes in the regulatory landscape. Although many initiatives have been introduced since the 2008 financial crisis, the focus in 2019 was one of monitoring and refinement which has generated its own regulatory output. The survey covers a range of challenges in this area from the increasing complexity to increasing volume to the changing international landscape to trying to embed regulatory change in financial services firms.

Embedding regulatory change is a challenge for firm cultures. The task is a subset of instilling a culture of compliance, which also featured as a challenge for 2020 and remains a constant problem for compliance teams. The question for firms is how to embed a compliance culture. The board and senior managers should lead this, backed with clear policies and procedures, training and development and monitoring processes. It must also be reinforced by suitable award, recognition and disciplinary procedures, and wrapped up with an adequate risk management framework and three-lines-of-defense model. These measures will help with the most difficult aspect of cultural change: changing management mindsets. Replacing individual opinions with processes based on corporate values leads to true cultural change.

The survey also identified a concern that budgets and resources may be unavailable to meet these needs in terms of both employing and retaining appropriately skilled staff to deal with the volume of regulatory change.

This year’s survey identifies data protection as a vital challenge. In Europe, the deadline for the introduction of the General Data Protection Regulation (GDPR) was 2018 but the survey suggests many firms may be having difficulty with the continuing requirements. GDPR has been the blueprint for other regulatory reforms, and in particular the 2020 introduction of the the California Consumer Privacy Act (CCPA), which has been described as the most comprehensive consumer protection law in the United States. The CCPA is extra-territorial in impact and applies to all qualifying organizations doing business in California that collect and sell the personal information of consumers or disclose personal data for a business purpose.

Among other things, the CCPA enables consumers in California to demand certain privacy rights from qualifying businesses. This includes the right to opt out of a sale of their personal information to a third party, the right to have their personal information deleted and, most notably, the right to request specific pieces of personal information that have been collected, sold or disclosed by a company.

The perceived compliance challenge may also reflect the greater number of firms dealing with customers online and the need for firms to keep pace with fast-moving technology for information security. Firms are on notice from regulators to fulfil their responsibilities, and fines will be issued for lost data and system downtime that has adversely affected customers. In addition, for some of the larger firms, data retention rules, especially when it comes to reviewing historic data, may cause operational difficulties.

The greatest compliance challenge(s) I expect to face in 2020 is/are…

Compliance culture at all staff levels – training alone is not an effective approach. Coping with increased, new regulatory requirements.

[Asia, G-SIFI bank]

The greatest compliance challenge(s) the board expect to face in 2020 is/are…

Source: Thomson Reuters Regulatory Intelligence – Cost of Compliance: New decade, new challenges, by Susannah Hammond and Mike Cowan.

Top challenges for the board were:

1. Balancing budgets and increasing compliance costs.

2. Volume of regulatory change.

3. Driving demonstrable cultural change.

4. Increasing personal accountability.

5. Implementation and embedding of regulatory change.

The greatest compliance challenges faced by boards were balancing budgets and increasing compliance

costs, respondents said. This suggests boards acknowledge the importance of providing compliance teams with the necessary resources but want to ensure they get the level of resource correct. Boards will be loath to overpay for compliance, especially if costs increase year on year, but equally will want to manage the firm’s the regulatory risk.

The “champion vs challenger” conflict — whereby the head of compliance asks for more budget to deal with new regulation or specific projects, e.g., data protection, and boards question the value of increased spending — is a frustrating but healthy position.

Boards need to get this balance right because it may affect a director’s personal liability. New accountability regimes have further convinced respondents of the increased personal liability of board members.

This places an extra burden on board members to comply with the rules and to demonstrate compliance. At a time when good corporate governance suggests boards should be more diverse, serving on the board of a financial services firm may hold little appeal given these extra responsibilities and regulatory scrutiny, making it harder to recruit directors.

Boards also anticipate challenges in terms of regulatory and cultural change. Boards should set the appropriate culture and management should put in place procedures to support that culture; failure to do so could lead to fines or censure of the firm, and of senior managers.

Board members are expected to have reporting structures in place to keep them informed of the risks run by all parts of the firm. This is difficult for large firms, and boards will be nervous that they are not receiving the information they need to be assured of regulatory change and cultural compliance.

Written by:

Thomson Reuters Regulatory Intelligence and Compliance Learning

Thomson Reuters Regulatory Intelligence and Compliance Learning on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.