by Robert Houghton
Remaining compliant in today’s financial landscape is no easy feat. Every call, message, communication and snippet of information shared between employees, customers and trading partners must be captured, stored and monitored to prove compliance. To regulators, every financial institution is potentially guilty of wrongdoing, until proven innocent. On top of that, we’ve seen the emergence of regulations like the Digital Operational Resilience Act (DORA) showing that regulators’ demands are increasing and growing stricter1. This leaves many financial institutions wondering if their compliance status has changed. So, how can they ensure they are remaining compliant when the goalposts keep moving?
Identifying and tracking risk before it’s too late
The answer lies in constantly keeping tabs.
In doing so, a risk assessment is vital. It’s not just a box to tick; it’s the bedrock of safeguarding business reputation, financial stability, customer trust and meeting any legal reporting requirements the company may fall under. Essentially, a risk assessment is a business health check that identifies ailments and confirms whether enough precautions are in place to prevent harm.
The reality of ignoring these assessments was brought into sharp focus by the FCA fining Guaranty Trust Bank (GTB) £7.6 million for failings in its anti-money laundering (AML) systems and controls, despite internal and external reports. The bank did not monitor business relationships and customer transactions to meet FCA standards. It also neglected to assess or document the risks posed by its customers2.
While technology and automation can help, risk assessments are a management challenge that require significant attention to detail. As it stands, most financial institutions are attempting to remain observant, by checking the validity of their risk assessments through quarterly reviews. But, within the tumultuous financial landscape this is not enough.
Building blocks: three steps to ensure compliance is evaluated accurately
Financial institutions must reconfirm that their risk assessments are fit for purpose by revisiting three key steps: These include:
- Understanding compliance is a team sport
First of all, financial institutions need to ensure everyone involved in the risk analysis process, which often includes many stakeholders, really understands it. IT, compliance teams and the wider business often speak different languages so institutions should use this assessment as an opportunity to bridge that gap. In doing so, it can be altered to ensure it’s tackling the risks that genuinely concern the entire organisation.
In this stage, some organisations may also use AI to identify and understand business risks, especially as they start to integrate their data sources. However, this type of adoption, especially within highly regulated industries is set to remain limited. In fact, only 17% of surveyed UK financial institutions currently use AI in their audit and compliance processes3.
This is because organisations must supply evidence to support decision making, which stands the test of auditing. Therefore, organisations looking to use AI in compliance checkpoints, need to ensure they choose systems that can clearly explain why they do what they do.
- Studying the playbook
Once the risks have been raised, institutions need to know that all employees, irrespective of role or rank are abiding by the playbook that’s been designed. This is a clear, unanimous mitigation plan. It’s a bit like ensuring all your players know their position on the field and subsequent responsibilities in the game.
During these quarterly reviews, it’s important to remember it’s not all about technology. Instead, financial institutions should steer clear of the allure of ‘shiny things’. The strategy should be as unique as the institution it’s protecting, focused on the basics and tailored to its specific risks.
- Regularly reviewing gameplay
Lastly, regular scans of the regulatory landscape must be added into these review checkpoints. This ensures an institutions’ awareness of compliance mirrors its evolving nature. After all, it’s near impossible to win a game if you don’t notice a rule has changed.
In this stage, AI can support with researching the regulations an organisation falls under and sharing advice on how to comply. For example, several large banks are using AI to understand the regulations that correspond to the different jurisdictions they operate in.
Winning the compliance cup
Unsurprisingly, the regulatory goalposts aren’t going to stop moving. Therefore, instead of fretting, financial institutions must act, by implementing monthly compliance reviews that test the validity of existing risk assessments.
These reviews enable institutions to hold their assessments up to the light and check for holes. In doing so, they can continually identify the risks concerning each member of the organisation, which can then be allocated remediation space in the plan.
Finally, incorporating a scan of the regulatory landscape into these checkpoints supports institutions in tailoring risk assessments to match the compliance changes looming on the horizon.
Fundamentally, remaining compliant in today’s continually evolving financial landscape is not for the faint hearted. Yet these three steps offer an antidote to the compliance conundrum. They ensure financial institutions can constantly spot and mitigate risks before regulators come knocking.
The author, Robert Houghton, is the founder and CTO at Insightful Technology.
