No escape for compliance teams as the future of work has arrived
The regulated industry has found itself forced into home-based working ahead of any plans to implement this approach. Often, even using the latest collaboration and communication tools remote working is a challenge for such enterprises. The idea of enabling colleagues to work from home in an unsupervised environment or simply using their own device is a risk too far for many regulated businesses.
Whilst collaboration tools are solving some of the challenges of remote working, there is no relaxation when it comes to the increasing requirements from a multitude of regulators when it comes to compliance; a critical function for all regulated businesses. Scrutiny and regulatory regimes from both internal audit teams and regulatory agencies, such as the Financial Conduct Agency (FCA) and HM Revenue and Customs (HMRC), are all still valid and a basic requirement.
Prior to the pandemic, compliance functions were office based with some teams even being segregated from other areas of the business due to security and confidentiality. System access was tightly controlled with several key systems restricted to on-premise access only. With the introduction of remote working there is new risk:-
- Compliance with specific regulatory requirements
- Protecting customer data
- Transference of data
- Exposure to new risk
- Remote client monitoring for Anti-Money Laundering Laundering (AML), fraud and PEPs and sanctions
Following the initial knee jerk reaction to the pandemic, those companies that were ill-prepared have had time to adjust. Many, have in fact, embraced the new normal of remote working, with studies revealing an increase in productivity due to remote working. In a recent Gartner survey (source) of legal and compliance functions, post-pandemic, 41% of employees are more likely to work remotely more often.
Despite lockdowns being lifted in many countries, we are unlikely to see a return to normal office life for compliance teams in the short or mid-term. Long-term predictions are more difficult, however, based on the current working climate, and more employees embracing the benefits of working from home, it is extremely unlikely that compliance teams will be expected to be exclusively office-bound.
No escape for compliance teams as the future of work has arrived
Before the pandemic, many companies outsourced an element of their AML and compliance processes to off-shore resources. However, since Covid-19, a recent Gartner survey shows that 52% of compliance leaders are concerned about third-party risk. For example, if a company outsourced an element of their enhanced client due diligence to an off-shore company in India, which is still under lockdown, and their 3rd party workforce has been forced to work from home, the risk of privacy, security and compliance breaches dramatically increases.
Businesses have had to review their third-party compliance activities, including third-party work from home policies, as well as privacy and security training plans. In the short term we are already seeing a gradual reduction of organisations using off-shore 3rd party suppliers for compliance functions. In the long-term, we are likely to see more firms outsource compliance to domestic suppliers to avoid future compliance headaches.
The new economy
With a predicted recession, declining company revenues and lack of resources, compliance teams will be tasked with achieving more with less. So far, predictions in the reduction of GDP and unemployment levels will likely surpass the 2008 financial crisis. This will result in many functions, including compliance having to adopt digital transformation far quicker than the existing roadmap. Operational savings will be key.
Digital transformation has more recently been driven by customer demand and expectation but will see a shift to operational efficiencies with the automation of AML and KYC functions delivering quick wins. Budget allocation will be switched from headcount to Reg Tech as automation becomes a key business driver.
A technology-led liveness detection, on the other hand, does not require active participation by the user, it essentially operates in the background, detecting features of a spoofing attack such as patterns, reflections and depth to determine liveness. Capturing multiple artefacts in a single frame enables a fast decision and can feel less intrusive than a motion-based solution. In addition, technology-led liveness delivers higher accuracy, improves pass rates, can easily detect fraudsters and enables a completely frictionless experience for users.
Increasing threat of money laundering & identity fraud
During any economic downturn, there is a usual trend of increasing fraud and money laundering activities. There is evidence of increased levels of cybercrime due to Covid-19-related fraud and scams targeting vulnerable people and companies, fake fundraising campaigns and of criminal networks selling rationed goods at higher prices.
International trade is another risk area. Firms processing payments linked to international trade transactions should take immediate measures to establish whether unexpected flows – particularly linked to customers or regions affected by Covid-19 – are of legitimate origin.
Although involvement in international trade is not, of itself, indicative of higher money laundering or terrorist financing risk. International trade is, however, likely to be affected as a result of both the current pandemic and restrictive measures put in place by governments to manage the spread of Covid-19.
The European Banking Authority (EBA) is urging financial firms to pay closer attention to transactions linked to international trade, as the effects of COVID-19 prompt criminal groups to seek new ways of moving illicit funds and goods across borders.
A leaner compliance team will likely have to manage increasing financial crime, money laundering and online fraud risk.
No relaxation of regulatory obligations
There has been no relaxing of financial crime regulations. Regulated organisations still need to adopt a risk-based approach and maintain adequate systems and controls to prevent financial crime. When the UK FCA released updated guidance in May 2020, they acknowledged the disruption to ‘business as normal’ in financial crime compliance but stated they still expect firms to maintain effective systems and controls to combat financial crime and terrorist financing. They also reiterated that firms should be aware of new or changing financial crime threats and take an appropriate risk-based approach to mitigate these threats.
The need for digital transformation
In the coming months, organisations will be challenged both from a regulatory, risk and resource perspective. Companies must remain acutely aware of the changes happening around them — both from a risk and regulatory standpoint — and be prepared to respond.
Technology will play an important role during this transitory time, as organisations will require better visibility, reporting, and predictive insights.
Digital transformation is no longer optional but critical for a company’s success to help improve the compliance processes, customer experience and operational efficiencies, whilst ensuring continued regulatory compliance within a challenging business environment.
Digitisation presents an unprecedented opportunity to elevate the role of risk, compliance and control by turning the vast growing streams of data into actionable insights. In order to take full advantage of digitalisation and to ensure risk compliance and control activities are not left behind, new operating models, systems and processes need to be deployed.
Those businesses who adopt digital transformation sooner rather than later can focus on keeping the customer experience at the highest quality, whilst being confident of remaining compliant and reducing resource costs and more importantly staying ahead of their competitors.