Compliance programs face challenges in balancing global requirements with local exceptions while incorporating the fast pace of regulatory change, addressing critical business needs and obtaining the necessary resources necessary to manage the program. Trends and thinking on the subject were center stage at the recent CSS London event “Looking at the Year Ahead – Global Compliance and Data Priorities.”
Innovative technology and support solutions are key to success, according to the panel comprised of John Walsh of Eversheds Sutherland LLP, and Keith Marks and Jackie Hallihan of CSS. The trio set the stage with context around the origin of the standards leading to the evolution of the compliance program and evolving role of the Chief Compliance officer.
The program emphasized the “Culture of Compliance,” and identified the many building blocks comprising the compliance program, including ownership participation, validation of functions, administration of the program, and quality of the execution.
Cited as keys of a compliance program were the following elements:
- Written policies and procedures (compliance manuals)
- Ongoing evaluation of a program through dynamic annual and periodic reviews
- Risk assessments
- Enterprise risk management
- Training employees and supervised persons
- Big data analysis
The panel agreed that solid compliance training, which is dynamic and evergreen, is fundamental to preventing violations of rules and regulations and critical to strengthening a compliance program. Throughout the day, several of the event panels touched on the critical need for investment management and financial services firms to conduct forensic data analytics of trading data.
In a discussion of the global vs. local regulatory challenges facing the industry, the panel stressed the need to articulate and apply consistent standards of conduct and compliance processes across all operations, and to implement local differences. John Walsh stressed the importance of maintaining a global framework, subject to local exceptions.
Additional challenges discussed included practical ways to foster a positive ethical tone at all levels of the organization, managing and mitigating third-party risk, and technology solutions for staying current with regulatory and enforcement trends around the globe.
To adequately and effectively design policies and procedures to detect and prevent violations of laws and regulations, panelists agreed on the importance of regular compliance and business reviews, as well as maintaining availability to employees, and to remain understandable to employees.
Other key topics included the evolution of due diligence in a compliance program, including background checks pursuant to local law, due diligence of critical third-party vendors, and privacy and cybersecurity assessments.
The important and sensitive role of surveillance was debated by the panel. Keith Marks remarked how analytics and predictive intelligence applies to conduct and culture, and John Walsh highlighted challenges and opportunities from emerging technologies. Hallihan, passionate about dynamic training tools and workflow technology, cites the need for firms to embrace emerging technology tools that ease the burden and facilitate a solution.
Data protection regulation and cybersecurity threats remain a high risk. The panel touched on the vast array of regulations as examples of the global challenge, with GDPR, the California Consumer Privacy Act, New York Department of Financial Services’ Cybersecurity Regulation, and federal Regulation S-P, for example.
Another impending challenge is the EU’s Securities Financing Transactions Regulation (SFTR), with T+1 reporting. Financing transactions (SFTs) reporting by investment fund managers is expected to commence Q1 2020. Central to industry concern is the managers ability to accurately report and obtain the data needed to report timely and accurately, a problem that CSS addresses through its SFTR solution.
Other trending regulatory examples to manage are Liquidity Management, Reporting Modernization, Trade and Transaction Reporting, Model Management; and Change Control Processes.
The challenges of global compliance continue to grow, but with innovative technology and support solutions, they can be managed.