Buzzwords such as “FinTech” and “RegTech” are routinely bandied around today’s financial services industry, but to many their exact meaning is unclear. Is the industry changing so radically that the human component is to be extinguished by technology? What is the future of the compliance function, and in particular the Chief Compliance Officer (CCO)?
In the face of such rapid change, trying to predict what the compliance function in banks will look like in five years’ time requires an even larger than normal crystal ball, but we can see some trends, and make some predictions.
- Compliance teams will be no less important
It is generally now understood that the obligation of ensuring employees maintain good conduct, behave ethically, and comply with law and regulation rests foremost with the business (the so-called “first line of defence”). Where there is a breach of regulation, regulators look first to the business leader for an explanation. In the UK, and in some other common law jurisdictions, this concept of senior management responsibility is enshrined in law.
However, the business relies heavily on the compliance function to interpret regulation, to advise the business on implementing it, and to manage relationships with regulators. That’s not going to change, in fact the function is likely to be increasingly important, for the reasons given below.
- Compliance headcounts will decrease, but they certainly won’t disappear
In recent years, with the spate of anti-money laundering (AML) sanctions and market abuse enforcement actions, and the FX and LIBOR scandals, compliance teams have seen a significant increase in staffing. Adding to the staffing pressure, some banks have increased “know your customer” (KYC) staff tenfold in recent years. But many of these routine monitoring and surveillance roles are now either being moved out of compliance or replaced by technology. However, importantly, technology cannot completely replace judgement and expertise – particularly as compliance becomes increasingly global.
Harmonisation of conduct regulation across the EU is patchy, and globally minimal, despite the best efforts of IOSCO. KYC obligations are different everywhere. Compliance managers therefore require expertise not only in the jurisdiction in which they work, but in the jurisdictions where the businesses that they monitor function. Utilities and algorithms can analyse a new client’s litigation and regulatory past, the CVs of the Politically Exposed Persons (PEPs) who are on its board, and the sources of funds of its shareholders. But the judgment call of whether it is safe to take that client on cannot be automated.
- The role of technology in compliance will increase
In the future, technology will be a critical component of the compliance function. The days of young compliance officers manually analysing gigabytes of chat messages and email traffic are in the past. Although the technology does not yet exist for quick and effective analysis of phone calls for conversations that might indicate market abuse, it will come. Behaviour engines will provide real-time employee surveillance, using organisational psychology and baseline behavioural profiles to try to spot potential fraudsters and market abusers before they create a problem.
Technology will also help business to address legacy issues, reducing inefficiencies. For example, many banks have separate compliance systems for market abuse and AML monitoring, because systems were put in place at different times, inherited following a merger, or implemented in haste in response to regulatory pressure. Technology can help ensure banks have a properly integrated system to deal with data.
- Wider roles will be assigned to the compliance function
Technology’s increased role in the business will actually necessitate the redistribution of human roles to the compliance function from other areas of the business, such as front office, operations, IT and legal. These roles include those with responsibilities for data protection/data privacy, compliance with competition law, and for monitoring algorithms. In some banks compliance already manages these functions, and others will almost certainly follow. The skill set of the compliance team therefore will be wider
- Potential personal liability of compliance officers will be much higher
As the role of the compliance department becomes increasingly important, CEOs will rely ever more on advice from the CCO, in the same way they rely on the general counsel for legal advice. Adding to the importance of the role are the regulatory obligations placed on the compliance function. In the US and the UK – though not, yet, in the EU 27 – personal liability can quite easily be attached to the CCO. The trend towards monitoring will mean the CCO will have much higher potential personal liability in the future. Will their compensation be commensurately higher?
This article was originally published by Financial News on 18 September 2017