Reviewing compliance risk, technology and resiliency

Reviewing compliance risk, technology and resiliency

By Liv Watson, Sr. Director of Strategic Customer Initiatives, Workiva

Can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?

Compliance Risk Expert:​ Liv Watson wakes up every day excited about understanding the impact on our clients globally for compliance and risk. I am actively involved in the global community discussion about the topics and speak frequently at global events.

What, for you, are the benefits of attending a conference like Risk EMEA 2019 and what can attendees expect to learn from your session?

Compliance Risk:​ Today companies submit data to multiple regulated digital submission platforms mandating multiple forms and data formats. Following the global financial crisis that emerged in 2008, the political, regulatory, and supervisory responses have had major implications for financial service firms. Many banks have relied on the use of tactical solutions and workarounds to achieve compliance. The unrelenting pressure of existing regulations, as well as the uncertainty caused by a pipeline of emerging domestic and international rules, is creating significant compliance risk for the whole industry. For many companies, compliance initiatives were reactive to regulatory developments and occur at the ​business unit level ​with little coordination resulting in​ uncoordinated regulatory patches across the company​ that duplicate efforts and increase the risk of missing critical compliance-related issues. Many regulations require not only data but also some ​proof that the data is correct.​ Historically this process required people to review those documents and manually input information into data fields. Where data fragmentation allied to manual processing interventions will struggle or fail to support the demands of the digital age. With so much at stake, it’s vital that all companies direct their RegTech investments wisely to keep long-term costs down while ensuring risk mitigation.

Technology and innovation is a rapidly evolving space within the financial landscape, what advice could you give professionals trying to keep up with industry trends?

I will talk about How to Instal A Holistic View of Compliance Risk by Using Advanced Technology and Lesson Learned from over 3000 clients.

A bank’s board of directors is responsible for overseeing the management of the bank’s compliance risk. The board generally approve the bank’s compliance policy, including a formal document establishing a permanent and effective compliance function. At least once a year, the board or a committee of the board should assess the extent to which the bank is managing its compliance risk effectively.

“Holistic View of Compliance ”​ is a term ​we use​ for compliance risk data management to emphasize the importance of understanding the interrelationships among individual compliance data and the coordinated approach that an organization’s operating units and functions undertake to manage compliance risk. A holistic approach to compliance risks, by definition, is one that is not fragmented into functions and departments, but rather is organized with the intention of optimizing compliance performance. In short, corporate compliance should be part of the culture of the organization; it is not just the responsibility of specialist compliance staff. We assume a governance structure is composed of a board of directors and senior executive management.

The term​ “Compliance Risk”​ ​we define​ as the risk of legal or regulatory sanctions, material financial loss, or loss to reputation a bank may suffer as a result of its failure to ​comply with laws, regulations, rules, related self-regulatory organization standards, and codes of conduct applicable to its banking activities (together, “compliance laws, rules and standards”). ​A bank may want to organize its compliance function and set priorities for the management of its compliance risk in a way that is consistent with its own risk management strategy and structures. For instance, some banks may wish to organize their corporate compliance function within their operational risk function, as there is a close relationship between compliance risk and aspects of operational risk. Others may prefer to have separate risk functions but establish mechanisms requiring close cooperation between all functions on compliance matters.

Compliance laws, rules, ​and​ standards ​generally cover matters such as observing proper standards of market conduct, managing conflicts of interest, treating customers fairly, and ensuring the suitability of customer advice. They typically include specific areas such as the prevention of money laundering and terrorist financing and may extend to tax laws that are relevant to the structuring of banking products or customer advice. Compliance laws, rules, and standards have various sources, including primary legislation, rules, and standards issued by legislators and supervisors, market conventions, codes of practice promoted by industry associations, and internal codes of conduct applicable to the staff members of the bank. For the reasons mentioned above, these are likely to go beyond what is legally binding and embrace broader standards of integrity and ethical conduct. It is important to notice, that the legislative and regulatory frameworks differ across countries and types of entities as regards the functions of the board of directors and senior management.

What are the key considerations that need to be made implementing new technology into the business?

Choosing and acquiring technology can be a major undertaking for any organization. New technology investment is unlikely to be a reaction to changes in the short-term economic environment as it is often the case with capital investment. Automation investment in compliance risk is one case of new technologies being implemented and used in a way that is distinctly different from capital investment. I will draw on over 3,000 clients experience in automating their compliance risk in the cloud with a single source of truth connected to multiple truths for both internal and external regulatory reporting requirements by reducing compliance risk.

In your opinion, how can firms effectively manage their operational resilience?

By developing a holistic view of compliance and reducing the risk. It is simple, good data governance around all reporting processes.

What technologies do you think will have the most impact on the financial industry over the next five years?
  • Blockchain
  • Distributed ledger
  • Cloud
  • Internet of Things
  • Identity Trust Frameworks
  • Structured data such as XBRL
risk emea series