Keeping up with today’s rapidly changing regulatory landscape is a task of some magnitude. Nobody wants to drop the ball, and that puts the onus firmly on compliance teams to ensure their companies don’t fall foul of punishing fines or suffer significant reputational damage.
It’s a task made more complex by the sheer breadth of activity in the regulatory space. For instance, the recent proliferation of data privacy laws globally has created large volumes of work for compliance teams. At the same time, they have had to navigate a tighter sanctions regime due to the Ukraine war, while also responding to the rise of sustainability-related regulations. This is on top of monitoring a stream of other regulations specific to the countries where they operate, as well as to their individual industries and sectors.
Why are compliance teams feeling the squeeze?
But while the remit of compliance teams continues to expand, their budgets and resources are not keeping pace. A survey by Thomson Reuters Regulatory Intelligence of more than 350 compliance leaders in financial services identified their greatest challenges in 2023 as the volume and implementation of regulatory change, followed by the pressure to balance budgets and resources, and retaining skilled personnel.
Nearly three-quarters (73%) of respondents to the survey expected an increase in regulatory activity over the next year. Yet 62% of respondents expected the size of their compliance team to stay the same over the coming 12 months, and 5% believed it would reduce. What’s more, nearly half (45%) expected their budget to remain the same as today or to shrink.
“The constraints are tight for every company,” acknowledges Tom Cowles, chief compliance officer for US-based cloud storage company Box. “In today’s economy, we have to optimise our business spend and manage higher interest rates and labour costs. Fundamentally, we have to do more with less.”
How to get agile with compliance
What this requires in practice, according to Cowles, is ruthless prioritisation of what seems important. “We ask, where can we make the most impact from our investments? For us, it’s spending time on our riskiest areas.”
Kate Armitage, EMEA and APAC compliance director at OneStream Software, agrees that prioritisation is fundamental to the effective functioning of a robust compliance function. “There’s always a lofty ambition to do everything straight away,” she says. “But we don’t want to boil the ocean. So, we plan, we delegate and we use our team to the best of their abilities.”
Armitage stresses the need for compliance functions to be “ever prepared for change”. Her team does this by watching webinars, signing up for data feeds and reports, and attending events. She says: “You learn to keep your eyes and ears to the ground and be aware of what’s going on.”
Why compliance professionals need to be on top of their game
If they are to operate effectively with lean resources, it is critical that compliance functions are staffed by the right people, who have the right skills and the right mindsets. “Compliance is often viewed as a cost centre, the voice of ‘no’, and the stopper to everything the business wants to do,” says Hilary Wandall, chief ethics and compliance officer at business data provider Dun & Bradstreet. “But if it is perceived that way, people will try to avoid it as much as possible and it will not be able to attract talented professionals who like to drive change.”
She argues that the compliance function must support the business to grow sustainably. “I talk about compliance as a function that builds trust, if it’s done well,” she says.
The Thomson Reuters research highlights that communication, critical thinking and internal influence are among the most important skills required by today’s compliance professionals, alongside attention to detail, integrity and subject-matter expertise.
Compliance functions should also aim to attract staff with a commercial focus who can see the bigger picture, argues Linda Gibson, head of regulatory change for EMEA at BNY Mellon Pershing, which provides clearing, custody, settlement and dealing services to wealth management clients and institutional broker dealers. She adds that compliance professionals must also be prepared to embrace the “thoughtful” approach needed to implement ‘principles-based’ regulations, such as the Financial Conduct Authority’s Consumer Duty.
Ways to find efficiencies via people and AI
Another way in which compliance teams are overcoming their budgetary and skills constraints is by collaborating more effectively with their colleagues in risk and governance. If, for instance, a compliance monitoring team plans to test an area of the business, they could inform their colleagues in risk and governance with a view to sharing the scope.
“Instead of three teams looking at the same area within a year, there would be a coordinated effort,” says Gibson. “That makes for better efficiency for the risk functions and for the affected area of the business, which is not potentially interrupted three times.”
Of course, the goalposts for compliance frequently move. This year has brought an explosion of interest in generative AI technologies, combined with growing concerns that these technologies represent an existential threat to society. With policymakers now taking a keen interest in AI, companies should expect to have to comply with some significant AI regulation in future. This will inevitably affect the skills their compliance teams will need.
For low-risk use cases, where the consequence of failure is low, can we use AI to do 100% of that work? Probably
“Compliance experts need to know how regulation affects the business,” says Wandall. “So, compliance professionals will need to understand AI, generative AI and how prompt engineering works, and what the risks are if it all goes wrong.”
To boost their efficiency, then, compliance professionals will also need to make better and wiser use of AI, the cloud and other technologies in their own work. This includes automating processes as far as they can.
According to research by IT consultancy Accenture, 93% of compliance professionals believe that new technologies will make compliance easier by automating human tasks, removing human errors and improving the effectiveness and efficiency of the process.
Cowles reveals that Box is looking at how it can use its own AI tool to summarise the system and organisation control reports of its third-party vendors. Nevertheless, he’s conscious that there’s a “spectrum of risk” associated with AI, which is why the business is still trying to establish the extent to which it’s appropriate to use the technology.
“For our highest-risk use cases, we can use AI to do the work a lot quicker,” he says, “but we still need to double-check. But for low-risk use cases, where the consequence of failure is low, can we use AI to do 100% of that work? Probably. But we’re still trying to find the line in the sand.”
How is the compliance function changing?
What, then, does the compliance team of the future look like? In terms of size, it’s unlikely to be much larger than it is today given the expectation that it will exploit new technological tools. The cost constraints on companies mean that it’s unlikely to benefit from a much bigger budget either – at least in the short term. Nevertheless, it will demand even deeper levels of subject-matter expertise, which will suit ambitious compliance professionals looking to upskill and enhance their standing internally.
“The expertise of the individuals in the compliance department will need to be better,” says Martin Hartley, group chief commercial officer at consultancy Emagine, “because they will be the ones focused on the strategy and the decision-making. The personal touch will still be there, but the legwork can be done by machine learning and AI.”
“Compliance functions will continue to be lean, but they will be more integrated with the business,” concludes Gibson. “It’s good news for people who are looking to join the compliance industry. Ultimately, they will have a more varied and satisfying job.”
Keeping up with today’s rapidly changing regulatory landscape is a task of some magnitude. Nobody wants to drop the ball, and that puts the onus firmly on compliance teams to ensure their companies don’t fall foul of punishing fines or suffer significant reputational damage.
It’s a task made more complex by the sheer breadth of activity in the regulatory space. For instance, the recent proliferation of data privacy laws globally has created large volumes of work for compliance teams. At the same time, they have had to navigate a tighter sanctions regime due to the Ukraine war, while also responding to the rise of sustainability-related regulations. This is on top of monitoring a stream of other regulations specific to the countries where they operate, as well as to their individual industries and sectors.
