Compliance is a complex topic that requires sharp minds to stay on top of the ever-changing due diligence requirements. Those demands multiply when it comes to global compliance; different jurisdictions have varying approaches to regulatory standards, there are costs and scaling considerations, and risk assessments range dramatically depending on where or who you do business with.
How then can you create a global compliance program that ensures compliance, mitigates risk, controls costs and enables your business to continue to grow? As Leila Szwarc, Global Head of Compliance and Strategic Regulatory Services at TMF Group states “There’s no one size fits all solution. However, there are universally approved principles that when applied, will ensure the global compliance function would be able to handle all demands thrown at it.”
Often, as both businesses expand operations and regulators increase regulatory demands, compliance focuses on setting up specific systems to solve the issue at hand. In such an environment, there’s no overall plan, each unit is in a silo working on their own agenda. When putting out fires, it’s difficult to implement a fire prevention program. Of course, with a program in place there’d be less fires.
The first step then is to look at the big picture, step back and consider the resources, requirements and systems, and model how best to move forward. While a review does require a considerable amount of time and resources upfront, it pays off long-term by creating a systematic approach that speeds up integrating new jurisdictions and adapting to new regulations.
Current processes will require documenting to map out necessary steps. Harmonization of data sources, storage and reporting will require careful strategizing to determine a system that fulfills all needs. Determining goals, standards, frameworks and operational needs will require interdepartmental and cross-border input and alignment.
One outcome of the review is to create an implementation roadmap; a practical guide on how the organization can achieve best practices in all its compliance endeavors.
How to structure and divide compliance responsibilities across the organization requires determination. A clear set of responsibilities and reporting parameters will ensure that tasks flow across the organization effectively. How much consistency across the organization is necessary or appropriate? While consolidation at the top is desirable in terms of having unified control, localized compliance teams need to buy in to the process. Having too much centralization is often counter-productive, as local teams balk might balk at unnecessary bureaucratic oversight.
One factor that definitely requires leadership from the top is ethical policies. What are your companies’ ethical principles and values and how do you propagate those throughout the organization? Although there might be regional and local differences, a clear attitude from the top permeates through processes and decisions to help ensure there’s compliance alignment throughout the company.
Keep in mind, the even the best of plans are not written in stone; plans need review and adjustments to deal with changes, misalignment and other unforeseen scenarios. The initial plan is a starting point, not a final and unchanging document.
Effective implementation of compliance processes requires staff to understand and internalize the plan. This starts at onboarding new employees; every employee needs to understand the value that compliance adds, the specific steps they need to follow, how they communicate any compliance matter and how they stay up-to-date.
Training is not just for new employees or compliance staff. While many staff members might not touch personally identifiable information (PII) or deal with any compliance issues, they are still potential points of compliance failure, such as through phishing or hacking. However, if properly trained, they are an extra set of eyes that can spot and report issues.
Beyond training, there are numerous other communication policies and implementations to consider. What channels will be used? Who gets what information? What reports are created and how are they distributed? How often are meetings and who attends? Again, there’s not one solution, but processes need determination, clarification and monitoring to maintain effectiveness.
Trying to keep on top of all the requirements without using innovations in regulation technology (RegTech) is next to impossible; after all, the last ten years has seen a 500 percent increase in regulatory changes in the developed markets and banks are spending $270 billion per year on compliance and regulatory obligations. Especially when it comes to global compliance, without a proper technology stack in place, the amount of paperwork and the cost of compliance operations is unsustainable.
RegTech offers other advantages. The speed of information flow increases dramatically, leading to a better customer onboarding experience. The number of clerical errors decreases, as entry is only entered once and, often, even that is not manually entered. Automating functions allows staff to focus more time on compliance, rather than data management. Providing better tools for control, oversight and reporting improves throughput, adds intelligence and ensures effective information distribution.
One critical consideration is to have tools or vendors that can easily adapt to various global markets. If a RegTech solution has limited market coverage that will require adopting multiple tools or vendors to attain compliance, adding complexity and cost. On the other hand, by using a technology that is easily adaptable to different markets allows one implementation and one solution to serve all global compliance needs.
Global compliance is difficult as it is; implementing effective technology solutions makes it easier and reduces compliance fatigue. Tools that allows teams to focus on the big picture improves morale, performance and effectiveness and prioritizing their implementation is smart strategy for any global compliance program.