Compliance is a complex topic that requires sharp minds to stay on top of the ever-changing due diligence requirements. Those demands multiply when it comes to global compliance; different jurisdictions have varying approaches to regulatory standards, there are costs and scaling considerations, and risk assessments range dramatically depending on where or who you do business with.
How then can you create a global compliance program that ensures compliance, mitigates risk, controls costs and enables your business to continue to grow? As Leila Szwarc, global head of compliance and strategic regulatory services at TMF Group states, “There’s no one size fits all solution. However, there are universally approved principles that when applied, will ensure the global compliance function would be able to handle all demands thrown at it.”
Often, as both businesses expand operations and regulators increase regulatory demands, compliance focuses on setting up specific systems to solve the issue at hand. In such an environment, there’s no overall plan; each unit is in a silo working on their own agenda. When putting out fires, it’s difficult to implement a fire prevention program. Of course, with a program in place there’d be fewer fires.
The first step then is to look at the big picture, step back and consider the resources, requirements and systems, and model how best to move forward. While a review does require a considerable amount of time and resources upfront, it pays off long-term by creating a systematic approach that speeds up integrating new jurisdictions and adapting to new regulations.
Current processes will require documenting to map out necessary steps. Harmonization of data sources, storage and reporting will require careful strategizing to determine a system that fulfills all needs. Determining goals, standards, frameworks and operational needs will require interdepartmental and cross-border input and alignment.
One outcome of the review is to create an implementation roadmap — a practical guide on how the organization can achieve best practices in all its compliance endeavors.
How to structure and divide compliance responsibilities across the organization requires determination. A clear set of responsibilities and reporting parameters will ensure that tasks flow across the organization effectively. How much consistency across the organization is necessary or appropriate? While consolidation at the top is desirable in terms of having unified control, localized compliance teams need to buy in to the process. Having too much centralization is often counter-productive, as local teams might balk at unnecessary bureaucratic oversight.
One factor that definitely requires leadership from the top is ethical policies. What are your companies’ ethical principles and values, and how do you propagate those throughout the organization? Although there might be regional and local differences, a clear attitude from the top permeates through processes and decisions to help ensure there’s compliance alignment throughout the company.
Keep in mind, even the best of plans are not written in stone; plans need review and adjustments to deal with changes, misalignment and other unforeseen scenarios. The initial plan is a starting point, not a final and unchanging document.
Effective implementation of compliance processes requires staff to understand and internalize the plan. This starts at onboarding new employees; every employee needs to understand the value that compliance adds, the specific steps they need to follow, how they communicate any compliance matter and how they stay up-to-date.
Training is not just for new employees or compliance staff. While many staff members might not touch personally identifiable information (PII) or deal with any compliance issues, they are still potential points of compliance failure, such as through phishing or hacking. However, if properly trained, they are an extra set of eyes that can spot and report issues.
Beyond training, there are numerous other communication policies and implementations to consider. What channels will be used? Who gets what information? What reports are created and how are they distributed? How often are meetings held and who attends? Again, there’s not one solution, but processes need determination, clarification and monitoring to maintain effectiveness.
Whatever the status of your compliance program, there are undoubtably new regulations and requirements that demand consideration. Moreover, many of these changes are unforeseeable, as the COVID-19 pandemic has demonstrated.
Being aware of societal and organizational trends will help compliance teams identify and better react to rapidly changing conditions. After all, compliance requirements are a reaction to societal needs, and having insight into the drivers of change will help evolve anticipatory holistic systems, rather than a reactionary siloed approach. Some trends to consider:
The widespread and instant access to information is making any attempt to hide or obfuscate important details that much more obvious. Consider the Panama or Paradise Papers, and how their release has propelled the disclosure of beneficial ownership information. Or how disinformation in political campaigns has led to stricter disclosure laws in regards to political advertising.
On the other hand, regulations to protect individual privacy in many jurisdictions are becoming stricter. The GDPR seems to be a template for privacy advocates around the world, who see the vast data collection of internet giants as a significant concern.
Environmental, social, and corporate governance (ESG)
With so many deep and troubling global issues, many people expect that corporations go beyond simply making money. Complying with the law might not be enough, if investors and consumers reject an organization based on its reputation.
Having an ESG mindset and implementing those considerations into a global compliance program will help focus the organization on the bigger picture.
Trying to keep on top of all the requirements without using innovations in regulation technology (RegTech) is next to impossible; after all, the last 10 years have seen a 500% increase in regulatory changes in the developed markets, and banks are spending $270 billion per year on compliance and regulatory obligations. Especially when it comes to global compliance, without a proper technology stack in place, the amount of paperwork and the cost of compliance operations is unsustainable.
RegTech offers other advantages. The speed of information flow increases dramatically, leading to a better customer onboarding experience. The number of clerical errors decreases, as data is only entered once and, often, even that is not manually entered. Automating functions allows staff to focus more time on compliance, rather than data management. Providing better tools for control, oversight and reporting improves throughput, adds intelligence and ensures effective information distribution.
One critical consideration is to have tools or vendors that can easily adapt to various global markets. If a RegTech solution has limited market coverage that will require adopting multiple tools or vendors to attain compliance, that adds complexity and cost. On the other hand, using a technology that is easily adaptable to different markets allows one implementation and one solution to serve all global compliance needs.
Global compliance is difficult as it is; implementing effective technology solutions makes it easier and reduces compliance fatigue. Tools that allow teams to focus on the big picture improve morale, performance and effectiveness, and prioritizing their implementation is smart strategy for any global compliance program.
How a digital identity network can help your global business solve today’s biggest identity challenges and build trust online.
This post was originally published on Aug. 22, 2018 and updated to reflect the latest industry news, trends and insights.