It’s no secret that keeping abreast of compliance regulations is a full-time job.
After the 2008 financial crisis, compliance functions were put under a microscope. Significant focus and investment went into expanding the reach of compliance progammes, and the COVID-19 pandemic has made compliance an even bigger issue.
Despite all the attention, PwC’s 2020 Global Economic Crime and Fraud Survey showed that the average company experienced an average of six instances of fraud last year, with total reported losses exceeding £30 billion. More and more companies are seeing a rise in the extent and frequency of risks in anti-competitive conduct, sector-specific regulation, bribery and corruption, and cybercrime, to name just a few.
For 21st-century financial services firms, one directive is clear: firms must improve the effectiveness and efficiency of their compliance programmes to out-perform the competition and succeed over the long term.
At its most basic, a compliance programme is simply a set of controls and procedures developed to ensure compliance with jurisdictional regulations. But programmes designed solely to satisfy minimum requirements often fail, unless they’re part of a larger compliance strategy.
An effective compliance strategy does so much more than track compliance activities for regulators. It proactively protects firms against financial and reputational damage, promotes an organisational culture of compliance, creates a centralised source of guidance, increases operational efficiency, and reduces spend.
We see many firms struggle to create clarity around the role of compliance in their organisations and how it relates to their overall business.
Here are five reasons why a comprehensive compliance strategy is in your firm’s best interest.
#1: Minimise risk
In a recent Global Fraud Survey, EY found that across developed markets on all continents, the number of respondents who view corruption as widespread is on the rise. And as cybercrime becomes increasingly prominent, worldwide spending on information security and risk management technology is forecast to reach US $150 billion in 2021—growing at twice the rate it did in 2020, according to the latest forecast from Gartner.
More than ever, mitigating risk looks like fighting a war on all fronts . New sources of risk are constantly emerging, and constant vigilance is required to assess the nature and degree of risk.
A robust compliance framework is a minimum requirement to identify and respond to risk and meet changing regulatory expectations. The proper strategy will address both established and emerging risks, like sector-specific regulations, data protection, internal corruption, international sanctions, and cybersecurity.
Of course, you can’t eliminate risk altogether—but taking proactive, documented steps to minimise it wherever possible can have dramatic benefits. Even when fines are imposed for non-compliance, some jurisdictions will look at whether an effective compliance programme was in place and adjust their fines accordingly.
Add to this the fact that, for regulated businesses, risk drives capital requirements. The more risk you’re exposed to, the higher your capital requirements—formal ‘Pillar 2’ capital assessments are driven off the back of a risk exposure assessment.
So the benefits of minimising risk are twofold: less chance of penalty for a regulatory infraction, and lower capital requirements.
#2: Lower costs
The right compliance strategy can save you money across the board. According to PwC’s Global Forensics Leader, Kristin Rivera, ‘When it comes to preventing and tackling fraud, our research shows that a dollar invested now is worth twice as much when a fraud hits.’
Stricter regulatory enforcement and mounting social pressure have made a strong compliance culture more important than ever, with a direct monetary impact.
The 2020/21 annual FCA report on enforcement data shows ten financial penalties totalling nearly £190 million—an average of £19 million per instance. And a recent report from the Ponemon Institute estimates the cost of noncompliance at 2.7 times the cost of meeting compliance requirements.
The financial benefit of a comprehensive compliance strategy is clear and measurable in other ways, too, like ensuring that you have the proper level of regulatory permissions. We often work with clients who have unused permissions, putting them in a higher FCA fee block than necessary. Eliminating unused permissions can save thousands of pounds per year.
#3: Competitive advantage
Compliance programmes are more than an opportunity to minimise risk and avoid regulatory penalties. They can also provide a significant business advantage.
Investors are looking to place their money with firms that can easily demonstrate compliance. Organisations with solid compliance cultures create relationships of mutual trust with investors and other stakeholders, creating employee, customer, and supplier loyalty. A strong compliance culture also helps build positive relationships with regulators over time.
All of this attracts more long-term investors, both through word of mouth and documented proof of compliance protocols.
On the other hand, an inability to demonstrate full compliance will put off investors and could result in failing third-party audits.
Social considerations have always been a part of investment strategy, but we’re seeing more socially conscious investing now than ever before. In much the same way that ESG is driving more and more investment decisions, regulatory compliance has a significant impact on investor perception. No one will invest in a firm that misleads clients or uses questionable AML practices. These types of issues make for big headlines, and reputational damage can be irreversible.
#4: Navigate regulatory changes
Regulatory change is near-constant, particularly as approaches to cybercrime evolve with developing technology.
Because change is so consistent, firms must be proactive in their approach to implementing new regulatory requirements. Jurisdictional rules are varied and complex, and often require multi-year preparation plans. The UK’s Investment Firms Prudential Regime (IFPR), which is coming in January 2022, is one example. The upcoming regime was developed over several years and a number of consultation papers to give firms adequate opportunity to understand its implications.
Organisations must identify and manage these changes, implement responsive strategies by relevant deadlines, and educate internally on updated regulations and their impact on business procedures.
#5: Increased globalisation
The global reach of regulation has created new challenges. Focusing on a company’s headquarters and a few local hotspots is no longer a sufficient strategy. Instead, proper enforcement requires cross-jurisdictional vigilance.
Increasingly aggressive enforcement has seen regulators in different jurisdictions working together on enforcement—take HSBC’s global AML issues, for instance.
One side-effect of globalisation is that firms face potentially conflicting regulations as they operate in different countries. Compliance programmes must be flexible and responsive enough to adapt accordingly.
Conclusion
Every firm is different, and there’s no such thing as ‘one size fits all’ when it comes to compliance strategy. The best practices will vary by jurisdiction, firm size, investor preferences, and overall business strategy.
However, one rule applies to all organisations, regardless of size or business objectives: compliance should be a strategy to add value to the business, not a box-ticking activity. In the changing global marketplace, a comprehensive compliance strategy is a clear path to protecting your business over the long term and out-performing the competition.
Need help crafting your compliance strategy? IQ-EQ’s regulatory and compliance solutions team can put decades of experience to work for you. Click here to schedule an introductory call and learn more about how we can work together to drive value for your firm through compliance.