- Managing director’s note
- Editorial note
- Interviews
- Finance and Financial Services
- Events Coverage
Navigating uncertainty – responding to volatile challenges in compliance
International Compliance Association | Jun 26, 2024, 12:49
No business takes place in a vacuum. We are subject to, or influenced by a wide range of external forces, drivers, constraints, opportunities, and demands. This challenges our ability to plan for the medium to long term, putting at risk even the best and most carefully considered plans.
How do these external factors change the context of our compliance and regulatory obligations? Let’s start by identifying four areas of focus through which we consider them. The final part captures discussion at the ICA Financial Crime Summit that took place in May 2024 in which senior compliance professionals were invited to consider how we prepare for an uncertain future.
The four dimensions that have an impact on compliance that will be considered here are:
- Geopolitics
- Legal & Regulatory
- Technology
- Crime
Many of us will be familiar with the acronym ‘VUCA’, first used in the early 1990s to describe the challenges the world faced as it emerged from decades of Cold War. It’s a useful reference and, perhaps more relevant and urgent now than ever before. The acronym represents volatile, uncertain, complex and ambiguous. It can be applied to each of the four areas.
Geopolitics
2024 has been described as the election year with 49% of the people of the world going to the polls, including the US, EU, India, and the UK. The outcomes of the elections have consequence to regulatory and compliance professionals and the businesses they serve. Consider President Biden or Trump in the Whitehouse, and the impact on sanctions policy that is already ambiguous and uncertain; or the potential fiscal policies of a Labour or Conservative government in the UK.
The EU continues the march towards harmonisation of many legal and regulatory requirements, but a parallel rise in nationalism threatens this hegemony. The UK has already opted out and such an option is increasingly popular in countries including Hungary, Austria, Denmark, France and Belgium. The impact of any change in relationship to the EU is of course considerable in trade and regulatory contexts.
The US continues to hold a disproportionate influence on regulatory and compliance requirements outside of its own borders, a measure of its economic and political strength. This power balance is changing however. It isn’t clear how, for instance, China who is challenging the established order, may choose to leverage on this.
The presence of conflict in Ukraine and Russia and the threat of it in Taiwan; the challenge of terrorism; climate change and energy crisis – these all generate uncertainty and complexity that directly and indirectly impact on compliance.
Legal & Regulatory
The considerable current and planned regulatory changes affecting the EU – including Poland – have been described as a tsunami. They include supply chain reporting & due diligence; digital resilience; ESG rating; artificial intelligence controls; crypto asset regulation; open finance; AML development; payment regulations.
Governments have, incrementally outsourced response to all forms of financial crime to the private sector, and now hold businesses and relevant individuals to account for any perceived failure. At the same time, technology has enabled deeply intrusive enquiries to be automated, challenging enshrined rights to privacy, freedom and fair trial. The uncertainty this creates about the future of AML at global and national levels challenges our ability to plan for the long term.
Regulators continue to move away from rules, even risk-based approaches towards ones that are based on outcomes. This is arguably overdue but introduces uncertainty and complexity around, for instance, how this will be measured.
Technology
Arthur C Clarke famously observed: “Any sufficiently advanced technology is indistinguishable from magic”. He wrote this in 1973, long before the advent of AI, blockchain, biometrics, Wi-Fi, quantum computing, and so on. The 50 years that have elapsed since then are but a moment in the context of our shared history, but over this time, technology development has been rapid and unrelenting.
The technology in 1973 may have been primitive by today’s standards, but the quote holds true. As we, working in compliance are required to use increasingly advanced and complex technologies this can seem like a form of magic. We are inured to the impact; it has little ability to surprise or shock, but this masks little understanding of what’s going on within the digital world that serves us.
This presents an immediate challenge and risk as we grow more dependent on technology that to some extent remains a mystery – whether in screening, due diligence, data management, case handling, verification, identification. We can go further. The impact of quantum computing, generative AI or blockchain is to large extent latent, and it is unclear how IT will impact on our work in compliance, regulatory expectations, the jobs market and the required skills of a compliance professional working 10 or 15 years from now.
Crime
Organised and local criminals will always find something, or someone to exploit. This may change according to the era in which we live, but the presence of crime is a constant. The last ten years has seen a rapid growth in cybercrime, human trafficking and fraud. In the context of money laundering, relatively new methodologies include mirror trading, virtual assets, sham litigation and micro-laundering.
Looking ahead, it’s difficult to anticipate exactly how crime will metastasise, but some alarming trends include:
- AI can simulate an individual’s online presence, face, voice and mannerisms. Inevitably, bad actors are using this to further their own plans
- The power of quantum computing has increasing potential to compromise online security and access arrangements
- Money-laundering methodologies display an ability to morph at speed to take advantage of new products and services
- State-sponsored or -supported criminal activity is increasingly common presenting unique challenges in preventing and responding to the threat
As the methods of organised (and disorganised) crime mutate we must adjust, recalibrate our response, and very often at speed.
Response
Volatile, uncertain, complex and ambiguous are terms that can be used to describe the challenges we face in compliance in 2024. This raises the question – how should we respond?
This challenge was raised at a masterclass held during the ICA Financial Crime Summit in London, in May 2024. Senior compliance professionals were asked to “develop actions to prepare for the next five to ten years”. Here is an overview of the rich and nuanced discussion that followed.
Pay Attention
Horizon scanning is about much more than looking ahead to the next regulatory changes. Investing time, resource and energy to understand and where possible, engage with the many areas that can impact our activity is vital. This will include working with and through trade associations, regulators, peer groups, think tanks and specialist advisors such as cybercrime experts.
This is unrelenting and vital, but very often not urgent. The danger of course, is that urgent is continuously prioritised over the important – so that this type of horizon scanning may never move to the top of our ‘to do’ lists. Some kind of system, planning or programme may be necessary to ensure this receives attention. Other options may involve including horizon scanning as a performance measure in smaller organisations, and establishing dedicated capability in the larger.
Recruit & Train the Right People
At least one global bank now identifies agility as a key competence, and tests this during recruitment processes. The ability to flex, adjust our approach, and move between job roles is of greater importance now than before. This may come a little more easily to Millennials and Gen Z who appear to be more comfortable and adept at navigating through changing environments than more experienced professionals.
As compliances challenges evolve, we will need then, to change with them. More than this though, the compliance profession needs capable, informed, resilient, trustworthy and courageous individuals to navigate through the uncertainty. The first two of these qualities – capability and insight demand continuous development and, at times, formal training. The International Compliance Association has been meeting this need for compliance professionals across the world for decades – from front line staff who carry so much of the compliance burden, to managers and senior leaders.
Know Your Business
Complexity is a natural side effect of growth in business. We also see a trend to fragment activity to multiple specialist teams that focus on just one element within the operating model. This is true in compliance as it is for other areas but can mean that we fail to nurture individuals that truly understand the (whole) business.
This lack of understanding makes it more difficult to recognise the impact the many variables set out above can have. Consider any changes within the supply chain for instance – that can cross national borders, involve multiple commodities and organisations – generating sanctions, AB&C, fraud and money laundering vulnerabilities.
Responding to this challenge demands care, imagination and a culture of transparency and trust. Options may include:
- Moving staff between areas of compliance activity
- Establishing the advisory and similar functions as a two-way communication able to give direction, but also to listen and understand the heartbeat of the business
- Encouraging matrix style briefing and oversight
- Where possible, reducing complexity
- Communicating continuously
- Ensuring compliance professionals engage with, and work towards the organisation mission
Board engagement
Geopolitics, legal & regulatory, technology, and crime all demand potentially significant levels of investment now, and the ability to respond at speed to crises in the future. This needs senior management and board appreciation, guidance and support. How this is achieved will vary across organisations but is likely to include:
- A board member with particular responsibility for compliance – a champion or ambassador
- Use of standing agenda updates but also including a compliance element to all significant developments and planning
- Formal and informal briefing, reporting
- Building trust and a ‘no surprises’ approach
Relationships
Wider relationships needing attention include internal stakeholders, the business and the regulator.
Stakeholders
Internal stakeholders include leaders and managers across the first line; and in HR, marketing, finance, legal, audit, procurement etc. How these relationships are managed will vary according to the size, complexity and of course the operating model for the organisation. They need to be founded in trust, transparency and effective communication.
The business
Compliance is a shared responsibility. Everyone has a role to play whether they manage customer relationships or the board. How we communicate within the business will vary according to the organisation. This needs imagination, perseverance and an ability to listen as well as direct/inform.
The regulator
Some senior positions, for instance the money-laundering reporting officer (MLRO), have a formal as well as informal relationship with relevant regulators. The interaction should be based on transparency, proactivity, discernment and research. Managed well (on both sides), the regulator can become a critical friend to a well-run business. Managed badly, this relationship becomes adversarial and potentially damaging.
The compliance function faces many interrelated, complex and volatile challenges. These have the potential to compromise our work and damage the businesses we serve. Or they can offer the opportunity to demonstrate how integral compliance is to the success of the business. How we navigate through the uncertainty will determine which of these two positions best reflects our experience. Our reputation and for some, our jobs will depend on getting this right.