As with many compliance professionals within a dynamic working environment, I am often faced with the challenge of ‘wearing a number of different hats’, often at the same time. Acting as Group Compliance and Risk Officer, MLRO, and Data Protection Officer, each brings its own challenges and in combination they demand a constant balancing act. The question is, how can companies help their compliance teams not just stay on top of these competing demands, but also derive value from them?
Policies and procedures remain in a constant state of flux; today we are dealing with a never-ending conveyor belt of legislation and regulatory change. Like many of my colleagues I seem to be continually updating and advising the board on changes in anti-money laundering, data protection, risk management and FATCA/CRS. However increasingly it is the overlap between the continued waves of increased regulation, as highlighted by the EU GDPR and the need to provide ‘commercial risk based solutions’, that is creating the largest headache for the medium sized players in the market.
A company must consider whether an individual is wearing these ‘hats’ simply to meet a regulatory need or whether they are able to get real ‘added value’ from this role.
As medium sized businesses grow, they therefore face a dilemma. Do they separate out each of these responsibilities into separate roles in order to provide resourcing against the spiralling demands of compliance within the industry? Do they, alternately, try to manage costs and retain a single decision maker to keep a lid on overheads? In many cases resources require such responsibilities to remain with one individual, which is forcing the creation of a new generation of ‘compliance/risk/data/AML’ professionals who are required to create a culture in which the requirements of each of these areas of regulation can be balanced.
Where businesses take this route, they will have to see their Compliance staff as less ‘business approvers’, ‘CDD reviewers’, or ‘Internal Audit’ and more “Regulatory Analysts” who can highlight to the board the issues and opportunities that arise from these changes. This is entirely possible, but requires the rights attitudes and culture to get right.
By promoting this switch, the business can ensure that rather than being reactive in its response to regulatory changes and the cost/impact on its business that it can be seen to be proactive and can create operational and marketing opportunities as a result. Companies which are already embracing such change, I am extremely lucky to be in one, can ensure that their systems obtain and subsequently retain the personal data from their clients required to meet ongoing AML/Risk requirements in the most cost effective method possible. By being proactive, they can have a one-stop-shop for data entry which will provide their clients with a clear explanation of what is required and how that data will be processed and stored.
Clearly by embracing regulatory analysis and utilising it within the business growth model, it can also impact on the systems and interfaces that the company can introduce to meet these ongoing requirements which will further enhance the customer experience.
To bring us back to the question raised previously. In order for a company to achieve these benefits, it is important that they consider how and why they allocate the ‘responsibility hats’ and ensure that the incumbent has the appropriate time, resources and motivation to make a difference.
So next time you read of another raft of regulation appearing on the horizon and you wonder how you will cope and who should wear this ‘hat’ – think smart and be proactive and ensure that the person to whom you pass this responsibility can balance this with the other factors to ensure the impact for your company is positive.