Going into the still somewhat uncertain 2022, there are a number of things that risk & compliance officers will need to keep in mind, a new report shows
Heading into 2022, the pandemic should have been in the rear-view mirror, but instead the world is dealing with the impact of another variant of the COVID-19 virus as the pandemic slogs onward. Those financial services firms that had scheduled post-pandemic reviews have morphed those into a rolling review of the efficacy of hybrid working arrangements.
It’s no surprise then that risk and compliance officers will continue to play a central role in preparing their firms for all eventualities. The following is a list of 10 things compliance officers need to consider in 2022.
1. Shifting individual accountability
The concept of personal liability for senior managers is not new. What is new is the changing perception of the potential sources of liability and how regulators are interpreting accountability.
Firms are wary of the potential for reputational and other damage, and this has implications for individuals — even those at the most senior levels. Examples of non-financial misconduct have included everything from stealing sandwiches to failing to pay for train tickets to manipulating college admissions. In one high-profile case, Jes Staley, the chief executive of Barclays, stepped down due — at least in part — to concerns about his connection to sexual offender Jeffrey Epstein.
2. Vulnerable customers
Compliance officers have long been aware of the need to ensure consistently good customer outcomes. Many financial services firms have leveraged digital transformation and deployed enabling technologies in response to the pandemic, but vulnerable customers risk being left behind by technological change, particularly when that change has happened at speed.
A full version of 10 things compliance officers need to consider in 2022 can be found here.
3. Personal account dealing
Hybrid or non-office working environments have prompted a regulatory focus on the potential for market abuse and manipulation. That focus needs to extend to personal account dealing.
The issues occurred pre-pandemic, but the impact and implications of a fine imposed by the Central Bank of Ireland (CBI) should be taken as a warning to all. In March 2021, the CBI reprimanded J&E Davy , fining it €4.13 million for regulatory breaches arising from personal account dealing.
The fallout has been profound. Davy’s chief executive stepped down, the firm lost its role as a primary dealer in Irish government debt, and now has been sold.
4. Cyber resilience
Information and cybersecurity risks have increased during the pandemic, with the financial sector reported to have been hit more often by cyber-attacks than most other sectors since the pandemic started.
Christine Lagarde, chair of the European Central Bank said in that the potential of cyber-attacks is the greatest economic threat we currently face. This was echoed by Wayne Byres, chair of the Australian Prudential Regulation Authority, in a speech in which he said: “Of the three areas I’ve covered, cyber presents arguably the most difficult prudential threat: unlike GCRA [governance, culture, remuneration, and accountability] or climate risk, it’s driven by malicious and adaptive adversaries who are intent on causing damage. Cyclones and bush fires can be devastating, but they’re not doing it on purpose.”
Risk and compliance functions need to ensure that information security and cyber-risks are included in the range of risks being considered, and that the board can discuss the potential actions the company has in place to ensure that all reasonable steps have been taken to embed cyber resilience throughout the firm.
Diversity has climbed up the regulatory agenda as it has come under the umbrella of environmental, social, and corporate governance (ESG) concerns.
For more on this subject, you can see author Susannah Hammond’s interview here.
Compliance officers need to assess whether their firm has a comprehensive approach to diversity and whether it is able to embed the new risks within the existing enterprise risk frameworks. They also need to delineate the specific roles and responsibilities for the compliance, human resources, and risk management functions, assessing whether those functions have the right talent with the required skill sets.
6. Hybrid working
Hybrid working is here to stay. Compliance functions have adapted to hybrid, or at least flexible, working arrangements, but compliance officers may need deal with further changes as the pandemic continues.
In a nutshell, “It’s important any form of remote or hybrid working adopted should not risk or compromise the firm’s ability to follow all rules, regulatory standards and obligations, or lead to a failure to meet them,” according to the U.K. Financial Conduct Authority.
7. Climate risk reporting
Climate risk is unlike other financial risks. Its uniqueness, complexity, and the long-term nature of the risks make quantifying the threat one of the biggest hurdles regulators must overcome in developing new rules and regulations.
The International Sustainability Standards Board disclosure standards, while still technically in “draft” form, will become the international reporting benchmark on sustainability matters.
Firms will have to be able to regularly collect, collate, manage, and reproducibly report millions of data points. Post-COP26, firms simply cannot allow a widespread failure in delivery of their new reporting obligations. Fines and remedial actions likely will be severe, and there is also the worry of greater personal liability and reputational damage if a firm is seen not to have taken its climate risk obligations seriously.
8. Digital transformation & cryptocurrencies
Digital transformation will continue to be a fundamental enabler for financial services firms. The opportunities and benefits arising from the implementation of technological solutions cannot be underestimated; however, taking best advantage of those opportunities is not without its challenges.
The challenge of cryptocurrencies too will have a profound impact on financial services firms.
9. Financial crime
Financial crime remains a perennial concern. Some factors are pandemic-related, with concerns about the rise of cyber-enabled financial crime.
A few of the more immediate concerns are the approach to Afghanistan following the Taliban takeover, the emerging use of sanctions against a crypto-exchange deemed to be a conduit for illicit funds, and the implications of the Chinese counter-foreign sanctions law.
The increasingly wide range of challenges coming under the compliance umbrella all demand appropriate resources and skills — and attention from compliance officers. On one level, compliance functions need up-to-date skills, but it is part of the challenge to identify the particular skills, knowledge, and experience required for dealing with emerging new risks such as climate, diversity, operational resilience, and digital transformation.
You can listen to the Compliance Clarified podcast series here. (Episode 1 of series 4 features a discussion with author Susannah Hammond about this report.)