The job of a compliance officer can be a difficult one. Organisations from large corporations down to small government agencies rely on their compliance officers to keep them within ethical and legal boundaries. They also rely on them to maintain monitoring and reporting requirements, and stay abreast of any changes in the compliance landscape. For professionals in this field, the bad news is that challenges will continue to increase in the near future (as we’ll explain in this article). The good news is that there are trained experts available to work hand-in-hand with organisations’ compliance officers to minimise risk and help them remain in compliance.
The stakes are high, as organisations in both the public and private sectors face new laws and regulations in jurisdictions around the world, along with increasingly strict enforcement and punishments. Investigations of violations can, and often do, lead to heavy fines. In some cases, criminal charges may result – and these can be levied against the organisation, or individuals, or both. Here are some of the biggest challenges facing compliance officers today:
1. Anti-money laundering (AML) regulations
The Panama Papers and other major scandals, including the illicit funding of certain terrorist actions, brought money laundering issues firmly into the spotlight. Many governments have been stirred to action to create stronger measures meant to prevent the illegal funding of criminal or terrorist enterprises. In the European Union, this resulted in the 5th Money Laundering Directive (5MLD), which takes effect in January 2020. 5MLD impacts organisations most directly in how they handle their know-your-customer (KYC) processes.
In the run-up to the 5MLD, there was increased attention on high-risk countries. Clients or transactions engaged in high-risk countries are now subject to enhanced due diligence when performing onboarding checks. Compliance teams need to ensure KYC is not a simple “tick box” exercise during the onboarding phase, and ongoing monitoring processes need to be implemented to manage changes throughout the customer lifecycle.
5MLD requires enhanced due diligence when dealing with high-risk countries. In addition to obtaining evidence of the source of funds and source of wealth, information on beneficial ownership and background to the intended transaction must also be recorded. The EU may also designate a ‘blacklist’ of high-risk countries for money laundering.
2. Conflicts of interest
Risks related to conflicts of interest are significant at every level of the company. Starting with the board of directors, an effective board must be transparent about potential conflict issues and address them on an ongoing basis. Board decisions that either suffer from actual conflicts can risk the board’s adherence to its duties and create real legal risks. Even the appearance of a conflict can raise real issues and transparency becomes even more important in these contexts.
This same level of risk can undermine the integrity of senior management. When senior executives fail to address real and significant conflicts, the integrity and overall leadership trust factor can deteriorate. A compliance executive must be willing to take on these issues, even when it is difficult to confront senior executives.
Within the private equity (PE) industry, conflicts and their adequate disclosure remain problematic. In recent years regulators have made examinations of PE firms and their complex structures top priorities. Most major organisations – and their compliance officers – see outside business activities as a risk.
3. Innovation driving new demands
New innovations are providing increased efficiency in compliance processes, which is a major plus for organisations. Always a double-edged sword, however, technology also creates more issues in data security, not to mention the training and expertise required to master it.
For many ‘non-tech’ professionals such as compliance officers, rapidly changing technology can be a concern, as the importance and integration of technology into the compliance suite continue to evolve. Compliance officers may not need to become technology experts, but they do need to ensure that tech-related risks are addressed within their firm’s framework. Compliance must be aware of rules and regulations from every jurisdiction with authority over the firm’s activities. This is another area where partnering with an outside firm that provides training and technology resources can be a major advantage.
4. Regulatory and political change
Recent years have seen a flurry of new regulations from various governmental bodies and jurisdictions, from the General Data Protection Regulation (GDPR) act to 5MLD. The GDPR, for example, has extraterritorial reach. It also serves as a model for future possible regulations in the critical area of data privacy and cybersecurity.
In Europe, Brexit creates real uncertainty for the UK’s regulators, and the industries that they regulate. But Brexit also impacts EU member states and any organisations doing business within or through the UK. The impact is far-reaching, and regulators face major challenges in responding to profound changes in policy, the legislative framework and the wider economic context.
Politics in the United States and other nations have also seen similar dramatic shifts in governmental control and resultant effects in policy, which can impact regulatory laws and how they are implemented and enforced worldwide. One thing is certain – investigations and legal actions based on violations of the Foreign Corrupt Practices Act (FCPA) continue to increase, and organisations must remain diligent in conducting risk assessments and implementing control measures to remain in compliance.
5. Personal liability
One area of concern sure to grab the attention of any compliance officer is the issue of personal liability. Recent news stories have reported criminal convictions, some leading to prison sentences, of executives, “middle men” and other individuals involved in various scandals. Compliance officers should take heed, as their responsibilities to their company can also extend to their own professional conduct being placed under a microscope. Many compliance professionals are aware of this, as a recent Thomson-Reuters survey found that 60% of them expect personal liability to increase.
New initiatives underline this reality, such as the Senior Managers and Certification Regime (SCMR) in Europe. It places a focus on firms’ senior managers and individual responsibility, and extends to all Financial Conduct Authority (FCA) solo-regulated financial services firms. The FCA itself has been increasing enforcement notices against individuals. We can expect an increase in these types of measures and they will apply to industries beyond those in the financial sector.
6. Ethics and integrity
Today’s business landscape brings an increased emphasis on the culture of an organisation, with an eye toward ethical practices and principles. With growing scrutiny from both regulators and stakeholders, the pressure is on for compliance professionals and their superiors to take broader responsibility for policies, procedures and controls to create a truly ethical business.
The Cambridge Analytica scandal is a notable example of how data misuse has serious brand and societal implications, on top of legal and compliance penalties. The public outrage was so intense that governments were forced to act, calling on Facebook and other involved parties to testify and explain themselves. The market’s reaction was also punishing, with more than $100 billion knocked off Facebook’s share price in days, while Cambridge Analytica went out of business.
In conclusion, AML regulations, conflicts of interest, innovation driving new demands, regulatory and political change, personal liability, and ethics and integrity issues are among the biggest challenges facing today’s compliance professional. This is the time to address solutions. There is expert help and a wealth of resources available, with no better time to leverage them than the present.
Who is CRI Group?
Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business Intelligence, Due Diligence, Compliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background-screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.
In 2016, CRI Group launched Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 19600:2014 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.