Saturday, December 14, 2019
Corporate Compliance Insights
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

The Evolution of Compliance

How New Technologies are Impacting the Profession

by Mark Peter Taylor
December 3, 2019
in Compliance, Featured
woman's hand touching beam of light on digital blue screen

Are you grappling with the practical implications of new technologies? What does it all mean from a regulatory and organizational perspective, and what does the future look like for compliance pros? ICA’s Mark Taylor weighs in.

Do you remember the sound of the dial-up modem? An alien ting-a-ling sound interrupted by peculiar beeping noises and a droning burr?

The Early Days

If you wish to hear the old low-speed connection, type “dial-up internet” on a search engine and be transported back to the early 1990s. I find the sound strangely evocative: It reminds me of a time when the internet was new, fresh and exciting, notwithstanding that the access speeds were slow; a typical web page would take 15 to 30 seconds to download and often longer.

On the work front, things were also changing; I remember a colleague from our legal team introducing me to the idea of a separate, independent compliance team: “They will do a bit of regulatory reporting, the nonfinancial stuff and some monitoring.” Those were the days when report preparation was largely a manual exercise involving hard-copy submissions. Monitoring was often done in person or by listening to telephone recordings. We had yet to see some of the enormous fines and penalties for improper conduct. Those came later.

Back to the Future

So, we are now fast approaching the year 2020, with superfast and ultrafast connection speeds ranging from between 24 and 100 megabits per second. If you consider that a megabit (Mb) represents a million bits, you begin to understand the enormity of the changes that have taken place. In the early 1990s, access speeds were around 56,000 bits per second.

So, what do these changes mean on a practical level to compliance and risk practitioners? Well, the exponential growth in data processing capability is a game-changer. All firms are grappling with demands from regulators for rapid reporting against a backdrop of ever-increasing volumes of data. We are moving to real-time reporting and advanced analytics with regulators prepared to levy substantial fines for firms that fail to identify reporting errors or notify them promptly.

The Regulatory Response

Regulators are starting to require more in-depth, timely and transparent reporting. Three examples are set out below:

  1. Markets in Financial Instruments Regulation (MiFID II) has increased the number of data fields for transaction reporting. Although a great deal of cost has been incurred by the sector in MiFID implementation, reporting errors have occurred and attracted some significant fines. Earlier this year, UBS and Goldman Sachs were fined £27.6 million and £34.3 million respectively for reporting failings.
  2. Common Reporting Standards (CRS) – Although CRS was broadly based on FATCA reporting requirements, CRS is wider in scope, includes more jurisdictions and has no minimum reporting thresholds. In the U.K., the CRS reporting requirement applies to all financial institutions with a reporting obligation to HMRC and “reportable accounts” (i.e., account holders with an equity or debt interest in a trust). FIs are required to report a great deal of information for each trust – including the settlor, trustees, beneficiaries and individuals who have “control” over the trust.
  3. General Data Protection Regulation (GDPR) requires certain types of personal data breach to be reported without delay, but no later than 72 hours of the organization becoming aware. As we all know, the penalties for data-related breaches increased substantially on May 25, 2018, when GDPR was introduced. However, it is not only the size of the potential penalties that is sobering, it is the knowledge that the regulators can carry out online checks on their own initiative or in response to complaints. In the Google case (which resulted in a record fine of €50 million), the regulators made online checks to test compliance of Google’s processing operations with the GDPR.

The overall regulatory response adds up. In short, increased volumes and velocity of data must be matched by good levels of transparency; regulators can only protect markets and consumers by requiring more in-depth and timely reporting and pushing for consumers to have increased control over their data. For some organizations, this will be a significant cultural change with their transactions, processes and stakeholder engagement under a more intense spotlight.

The Challenge for Organizations

A key challenge is the level of regulatory reporting. There is a steady cascade of different regulations requiring different and often similar or overlapping information. To comply with the reporting requirements, organizations need to look at their data through different regulatory lenses. In an ideal world, we would have a uniform reporting requirement across the globe; however, this is not feasible given the varying ways individual countries implement regulations.

Given the increased volumes and velocity of data and the demand from regulators for enhanced reporting, many organizations are responding by introducing real-time applications, such as analytics, artificial intelligence and robotics.

The Implications for Compliance Functions

Given the broad backdrop from a technology, regulatory and organizational perspective, what are the implications for the compliance function? Well, the growth in data processing capability is propelling change; an increasing number of companies are implementing a range of new automated solutions for high-volume/rule-based compliance related tasks, such as surveillance, testing and reporting.

As a compliance professional, how do you respond to the new environment? The first step is to recognize that poor data quality is becoming the single biggest driver of compliance inefficiency. If you are working within a patchwork of unconnected processes and systems, it will be difficult (if not impossible) to produce meaningful and timely information for regulatory and risk management reporting purposes.

ICA recently hosted a series of roundtable events that gave some senior compliance professionals an opportunity to discuss the future and the impact of technology. It was felt that introducing digital elements to an existing framework in isolation for data management purposes was not the answer. Several participants had seen the downside of regulatory projects being managed in silos. It was agreed that a collaborative style of working was required, with key stakeholders working toward collective outcomes that reduce risk and improve efficiency.

If we are to adopt new ways of working and feel comfortable working in multidisciplinary teams, we need to look at our own technical and business-related skills. We will no longer spend as much time on routine and administrative tasks, but look at the outputs from automation. Perhaps job adverts in the future will be along the following lines:


Risk and Compliance Director

Sets the risk and oversight strategy for bots that perform a range of automated tasks, including product updates, policy communications and financial coaching services.


At the beginning of this article, I touched on the early 1990s. In many ways, the desired outcome for compliance teams has not changed: They need a robust framework for breach detection, monitoring and reporting. The key change is the introduction of automated solutions on digital platforms, which will enable considerable amounts of data to be processed at speed.

As compliance functions evolve and begin to use analytics, they will uncover new patterns and insights not previously achievable. Our focus will turn to higher order/more complex tasks. The key questions: Do we have the right mix of skills for the future? Do we have the most effective communication strategies? Do we have the skills to solve complex problems through logic? Do we have investigation skills?

Continuous development has never been so important. Before you decide on any training, you need to decide what competencies are a priority. As a colleague said to me recently, “the secret is to decide what muscles to flex and how.”


Tags: GDPRMiFID II
Previous Post

The Curious Case of Bias in Risk Assessments

Next Post

DiCianni’s Idea: How It All Got Started

Mark Peter Taylor

Mark Peter Taylor is a Compliance Consultant at International Compliance Association. Mark is an accomplished compliance professional with extensive experience of developing training solutions within the financial services sector. Having led and supported compliance teams across different jurisdictions, he now prepares and presents training programs to boards, senior management teams and governance forums. His aim is to provide thought-provoking programmes which contain an international perspective.

Before working for ICA, Mark held various senior management positions with HSBC, Standard Bank and Lloyds Banking Group. He understands the challenges faced when managing regulatory risks and is keen to help you develop practical solutions in response to risk and remediation priorities.

Related Posts

change is coming text on city background at sunset

Future-Proofing the Compliance Professional

December 13, 2019
futuristic technology projecting 2020 in white text

The Future of Data Privacy Regulation

December 12, 2019
illustration of businessmen shaking hands through smartphone screens

FINRA Reveals Top Areas of Interest: Supervision and Digital Communications Compliance Programs

December 12, 2019
new york city skyline at sunset

The Early Days: The Birth of the Independent Monitoring Concept

December 11, 2019
Next Post
closeup of magnifying glass on gray background

DiCianni’s Idea: How It All Got Started

Free Downloads

OFAC whitepaper cover
Compliance Job Interview Q&A
Reputation Risk Management Research

RSS SEC Litigation News

  • John Special, Defendant, and Michael Murphy, Relief Defendant, John Kenneth Davidson December 12, 2019
    SEC Obtains $3 Million Settlement in Insider Trading Action
  • Palm Beach Atlantic Financial Group, LLC and William A. Smith December 11, 2019
    SEC Charges Florida Resident and His Corporate Entity for Fraudulent Securities Offerings
  • Nanotech Engineering, Inc., Michael James Sweaney (also known as Michael Hatton), David Sweaney, and Jeffery Gange December 11, 2019
    SEC Obtains Asset Freeze to Halt Alleged Offering Fraud

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks Big Data blockchain board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management corporate culture corporate governance culture of ethics cyber risk data analytics data breach data governance decision-making Dodd-Frank DOJ due diligence fcpa enforcement actions GDPR GRC HIPAA information security internal audit internet of things (IoT) KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • Audit
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • HR Compliance
  • Leadership and Career
  • News
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights