The regtech space is in for a major shake-up, with the FCA‘s new Consumer Duty regulations coming into effect in two months. This presents an opportunity for financial institutions to adopt a new approach to compliance and regulation.
Naturally, as more technology is brought into the regulation space, more compliance challenges arise. Some companies have been able to adapt to these changes and successfully integrate the technology. Others… not so much. But what are some of the biggest challenges they face, and how can they be overcome? We reached out to the industry to find out.
FS firms must ensure they have a ‘360-degree view of the customer’
Nelson Wootton is CEO and co-founder of SaaScada, a cloud-native core banking engine. He explains that financial service (FS) providers still need to implement the technology that will provide the best customer insights.
“Compliance is a top priority for the board within any financial services organisation, but achieving and maintaining compliance is a constantly moving target. For instance, the FCA is expecting FS firms to comply with its new Consumer Duty regulation by July, but regulators are concerned that many banks will miss the deadline as they fail to address a shortfall in their technology capabilities.
“Many haven’t put the technology in place to gain the granular customer insights they need to assess customers’ financial health and stand up to scrutiny from the FCA. FS firms using legacy technology are often hampered by data silos that reduce visibility, where key information is spread across a web of systems – making reporting disjointed and convoluted.
“As compliance teams are navigating a complex set of demands, FS firms must ensure they have a single, 360-degree view of the customer, as well as business operations to ensure there are no blind spots. With this level of visibility, compliance teams can improve the accuracy and timeliness of reporting to avoid potential regulatory hurt.”
Compliance, AML and fraud prevention enabling responsible growth
Steve Lamb is the COO of Kyckr, a business register supporting KYC processes for AML regulations. Lamb explains that outdated views on compliance teams are setting firms back.
“One of the biggest challenges for compliance teams is that they are still seen primarily as a cost centre rather than a growth centre. This is a very binary, somewhat outdated view of the enterprise. Ideally, compliance, AML and fraud prevention should be considered as enabling responsible growth. Growth without this foundation is a clear business risk for regulated firms.
“One way of overcoming this unhelpful binary view could be a greater representation of compliance teams in the C-suite – and repositioning compliance as a value-add, not a mandated cost to the business. As an industry, we need to better demonstrate how investment in next-gen compliance solutions drives sound decision-making and responsible growth. Onboarding the wrong customers and suppliers can be a highly costly exercise – just look at some of the recent fines levied by regulators.”
‘There is no strategy for a fintech company other than investment in compliance’
Claire Huddleston, marketing director at payments solutions provider Clear Junction, explains the importance of transparency for firms.
“With all the uncertainty surrounding regulations and the very public SVB fallout, we are fielding many more questions than usual from clients who understandably need reassurance: how safe is my money? Where does our money go when we send it to you? And we must be prepped to respond.
“Transparency must be central to any FS financial service, and we’re conscious that despite the continuous changes in regulation, we need to be whiter than white on compliance. This transparency is a huge responsibility and one for the whole company. Communicating your compliance standpoint to the team is so important because you are developing a culture and business of compliance, and everyone is held accountable. We inevitably have to deal with risky markets, and we need to recast how we perceive compliance.
“Compliance doesn’t mean we’re restricted in our ability to grow and innovate; rather, the FCA expect us to show due diligence and demonstrate that we have taken steps to mitigate risk properly on an informed basis. This means compliance has to be built into our strategy.
“We talk compliance with consultants, auditors, bankers and pull data together, working to build connections and spot trends to mitigate and develop new directions to support our clients. This is a lesson we learnt from others in the industry, who didn’t have compliance built into the forefront of their operations – it really comes down to survival. There is no other way to be successful than to build impeccable controls around compliance and regulatory risk management. There is no strategy for a fintech company other than investment in compliance.”
‘Less tolerance for over-retention of customer records’
Rachael Greaves is the CEO and co-founder of Castlepoint Systems, an AI-driven cybersecurity and data governance platform. She discusses a change in attitude regarding changing approach to data retention.
“Governments and regulators around the world are changing their approach to data retention, specifically to protect consumers. The new Consumer Duty legislation provides a framework for understanding and managing potential harm to consumers, including the most vulnerable. It works in concert with data protection legislation such as the DPA and GDPR.
“Data retention used to be focused on preserving value, by making sure we retained records as long as they could be useful. But global standards are changing, and reversing the polarity, refocusing on risk.
“The Victorian government in Australia for example has just changed their records management regulations to enforce maximum retention, rather than minimum, as a response to major data breaches of financial institutions like Latitude and Medibank in that country.
“Both of these organisations had kept huge amounts of data about historical customers, who were then caught in a major spill. Consumers, and regulators, now have less tolerance for over-retention of their records once the relationship has ended.”
‘Compliance professionals need a clear pathway for progression’
Stephanie Jones, head of internal audit and risk at governance, risk, and compliance (GRC) solution provider Ideagen, explained the issue of simultaneously dealing with a range of regulatory jurisdictions across the world, as well as progression in compliance-related roles.
“Today’s globalised world provides fantastic opportunities for businesses to operate in multiple markets, but this in itself creates a challenge in that compliance teams are often managing multiple jurisdictional regulations or a matrix of regulatory requirements and standards. An example of this is environmental, social, and governance (ESG) regulations.
“If we take the UK as an example, the reporting requirements for ESG are contained in no fewer than seven individual pieces of legislation and differ depending on the type of entity. Navigating this is a challenge. For ESG and things like life science and medical device manufacture, we can see benefits in a level of international standardisation, but this isn’t appropriate for all compliance needs.
“The biggest challenge however is possibly pipeline. At Ideagen we work closely with risk, quality, and safety professionals every day. We know how crucial they are to the successful running of an organisation. Yet, recent research from McKinsey specifically on risk manager roles demonstrated huge levels of churn. The cause isn’t necessarily dissatisfaction with the role, but lack of progression and opportunity causing compliance professionals to take their highly transferable skills into other roles.
“Organisations need to ensure their compliance professionals have a clear pathway for progression and professional development, including lateral development and bring compliance out of what is often considered a ‘back room’ function into the heart of the business and the boardroom.”