Internal operational failures at senior management level present one of the greatest threats to compliance systems: wholesale reputational damage.
The session, entitled ‘Strategies to ensure compliance systems and controls that withstand regulatory scrutiny,’ was moderated by Napier’s Head of APAC, Robin Lee.
Why a culture of compliance is crucial
Unless effective risk management procedures are lived and breathed at a board level, even the most stringent compliance systems will fail to protect organisations from criminality.
“The tone from the top is more important than ever,” claimed Niall Coburn, Thomson Reuters’ Regulatory Intelligence Expert for Asia Pacific. “Businesses must ensure that new hires have integrity, and senior management teams don’t fall into the trap of putting profit before everything else by circumventing the systems in place. Leaving compliance out of the business equation is a cultural failure which can lead to seismic organisational failure.”
The major challenges of financial crime compliance
Kalyani outlined three of the major challenges faced by compliance teams:
- Keeping up with the pace of change in regulatory regimes including that of cross border regulations
- Integrating legacy systems with new technology effectively
- Ensuring that senior managers have clear line of sight on risk
In a poll of the attendees, expertise in financial crime typologies and stakeholder management were identified as almost equally important skills for risk and compliance officers to have and, in another poll, over ninety percent of attendees agreed that compliance failures will be on the increase.
Ongoing staff training is essential to keep teams abreast of the changing regulatory and technical environments, with blended learning delivering the optimum mix, according to Jee Meng.
Addressing financial crime risk using technology
Greg gave some tips on meshing existing and new technology systems to deliver meaningful data, noting a tendency towards spot-level procurement of technology. “This type of technology sits on top of what’s already there, but fails to integrate existing data in a holistic way.
Introducing a dynamic risk scorecard within a framework model, and sitting this on top of existing assets is a practical way of dealing with the resulting gaps in the systems, and can be practically implemented within six to twelve months,” he said. “Having a framework that gives you data on material changes in real time will enable compliance teams to identify risk more efficiently and direct their efforts more meaningfully.”
“Failure to integrate systems, thereby missing out on end-to-end data is the goal, and while we won’t get there in one giant leap, we all need to be taking baby steps towards it,” added Kalyani.
The danger of a tick-box approach to compliance
While over half of those at the seminar claimed to be implementing a technology-based solution to address the challenges of financial crime. The panel cautioned that addressing compliance challenges in a compartmentalised manner may mean that institutions risk missing out on seeing the bigger picture.
“IT systems can and do play a major part in identifying risk, because they give compliance professionals more time to do their job, but we must always be mindful of being too focused on box-ticking,” said Niall.
“Going through the motions is dangerous,” agreed Kalyani. “Meeting regulatory requirements is only the first part of the puzzle - good compliance departments should be asking questions about why they’re doing something. It’s critical that good practice flows all the way through an organisation, and that’s there’s accountability at every level.”
When it comes to introducing new technology, working in close partnership with your provider is key. “People and purpose vary, so an out-of-the-box solution isn’t the answer,” Kalyani added. “Technical solutions must be tailored to the organisation, and you need to understand at the outset how you’ll measure their efficacy on an ongoing basis.”
“Ultimately, effective compliance is about consistency,” concluded Greg. “Organisations that get it right 85 percent of the time are much better protected from risks than those that hit 100 percent but only maintain that level for three days.”
Discover next-generation financial crime compliance technology