The future of Compliance – computer says ‘no’?

Much has been written lately about the future of compliance, particularly in the light of the potential from Regtech and increased automation. But what does TCF see as the future based on what we see happening in the businesses around us?

Compliance has undoubtedly been a growth industry across sectors responding both to the increased focus of national and international regulatory bodies and the expectation of clients, customers and the public that firms have strong ethical and customer standards.

We have talked elsewhere about how we view the Compliance function as a tough job to have, click here. We certainly don’t think it is going to get any easier. But what is to come?

Firstly, there is no sign of the volume of requirements letting up. Despite talk of minimising red tape, there is little, based on past experience, to suggest that policy and law makers will take much of a machete to the current regulatory system unless they feel very brave and or very secure.

Secondly, the interconnectedness of business at every level is driving further regulatory changes designed to enable firms to do business with each other on a safe and level playing field – the General Data Protection Regulation (GDPR) is a classic example.

Then there is the development of technology to support and assist firms in their compliance. Could this replace the Compliance Function? Certainly tech can assist, especially in areas such as transaction monitoring or data analysis and the identification of suspicious transactions as machine learning develops. But this merely highlights that an increasing part of the Compliance role is to use judgment.

A large part of compliance rests on the interrelation of governance, collective thinking, Board strategy and the policy motives of regulators. Although national approaches differ in the level to which they codify requirements, compliance – particularly when considering strategic compliance – requires understanding the strategic direction of the business you work with and the intent of the requirements with which you need to comply. To be as effective as possible, and remembering the lead in times within which we must all work, means trying to get ahead of the curve and thereby trying to think ahead without necessarily having all the factual cards on the table. Judgment, joining the dots and understanding not just where people (internal and external) are coming from but also where they are going and what drives this is crucial.

Balancing interests is also key, especially in multifaceted businesses. These need not be large, multi product businesses. Start ups, challengers and growth businesses all have their own potentially divergent interests and drivers.

So we believe that the future of Compliance will continue to lie in the exercise of judgment and the balancing of interests. We believe that increasing complexity, interoperability and speed to market of business in the future will make this more not less important.

Traditionally, the Compliance function was the function that said ‘no’. In practice now, we believe that this has broken down considerably. Compliance functions are working with the business more and more, acting as change agents and counsel to management.

But the business will always push for clear answers and bright lines so Compliance, even when it tries to balance complexities and subtleties may still be pressed for ‘yes/no’ answers. We believe the Compliance function will probably face more of this pressure and will need to learn to hold its nerve. Particularly when this involves balancing different versions of what is considered right. This is more than just the commercial/compliance trade off.  This is also about what is perceived as public good and the right thing to do.

Let’s try some examples.

It’s wrong to do business with drug dealers and people who launder their money. But what if, as some states in the United States are and as some political groups in the UK advocate, marijuana is legalised – for example for medical purposes? Evaluate that. At what point and where is it right to provide banking services? Especially if you have some powerful international regulators who take a contrary view?

Regulators don’t want financial services provided to bad people. But on the other hand, they don’t want financial exclusion. This isn’t as clear cut as it sounds. Banks have already significantly derisked their portfolios by withdrawing from certain business lines, territories and sectors. This is having a significant negative impact on the SME market where finding services can be tough at a time when governments eulogise incubators, new business and entrepreneurship. So working out a risk based approach can be challenging internally and hard to justify to the business.

Lastly, long term savings and pensions. The traditional focus of the (UK) regulators has been on consumer protection with concerns about vulnerability, capacity of the ageing and a lowest common denominator in terms of capacity. Caveat emptor is dead. But governments face a challenge in their policy making where they need to continue to shift the burden of meeting the costs of care and of personal responsibility for long term saving. The drivers here point in different directions – protect the saver, but make sure that people pay and can fund their social care.  So to put another way,  the regulators have traditionally seen themselves as there to protect Aunt Agatha who probably has not borne much responsibility for her decisions. But the Government is now appearing to put Aunt Agatha in the front line of managing her own long term care costs and taking more responsibility. How much does that responsibility extend to the financial decisions she makes with her financial services providers? What should that mean for a firm’s risk appetite and customer focused compliance?

These are the kinds of questions with which Compliance Functions will have to grapple in the future. None is clear cut. Especially in a UK system which is ultimately based on principles and relative concepts such as fairness.

That is why judgment will become more and more important in compliance and where the Compliance Function will have a key role in helping businesses steer a way through.