Regulatory fatigue wears on MENA compliance teams
2016 study finds addressing financial crime needs “Tone from the Top.”
How prepared are companies in the MENA region to deal with financial crime? How seriously do they take the issue and the ongoing evolution of regulation?
With the second survey on financial crime in the Middle East and North Africa (MENA), a joint initiative between Thomson Reuters and Deloitte, a stronger picture of the compliance landscape in the MENA region is starting to emerge.
The survey results are reflective of the region, with more than two-thirds of the respondents actively involved in setting financial crime policy and/or leading a team that works on financial crime policy for their organizations – providing a first-ever synopsis of current thinking and evolving action on the issue.
Looking at the big picture, it’s not surprising to learn that the speed and volume of regulatory change is causing anxiety amongst respondents. In 2008, there were 8,704 regulatory alerts – in 2015, that figure jumped dramatically to over 51,000 alerts, or one every 12 minutes. That fact was not lost on respondents, who noted that their most pressing concern has shifted from maintaining training and awareness, followed by securing support from management and the increasing costs to coping with regulatory updates. Regulatory fatigue, resulting in paralysis, is becoming a very real concern in the MENA region. But while a “deer in the headlights” response may be understandable, it is not an acceptable defense.
Let’s take a step back and look at the key themes revealed by the survey and how those themes interact in real time. Here’s what we heard:
- Tone at the top – there’s a lot of hype, but little action
- There’s increasing investment in sophisticated technology solutions
- There’s a focus on reorganization of processes
- There’s a decrease in already low confidence levels in compliance programs
- Compliance policies are stalled
As expected, spending on compliance resources has increased and is expected to continue to increase over the next two years. The focus of investment appears to be a realignment of business processes and increasingly sophisticated technological solutions, while training and skills development lag dangerously behind. The issue here is that the best technology in the world is meaningless without a skilled practitioner with the ability to understand and apply the knowledge that the solution provides.
Tone from the top
Last year, the survey revealed that compliance officers needed to do more with less in 2015. While that continues to be true, compliance executives need to take it to the next level in 2016, negotiating at all levels of the company to ensure that all, from the top down, understand their compliance obligations. It couldn’t be more serious – and implemented solutions can’t just be window dressing. They must be substantive.
The highest priority for the next two years, according to the survey, is to increase communication between management and staff in order to raise awareness of compliance issues and practices. It is also clear that the increased focus on personal liability for senior officers has created a likely shift in the emphasis of good governance and executive accountability.
Over the next two years, what do you believe will be your biggest challenges to the effective management of a financial crime and compliance program?
Another aspect of this trend to look out for is the increasing emphasis on the “message from the middle” that we see in the more developed markets, which refers to the role of middle management in effectively communicating the compliance agenda throughout the organization. While employees interact with senior executives on an intermittent basis only in most companies, engagement with middle management is often daily, so their role can be critical in this regard.
Technology is only as good as the people who use it
Improved technology can often seem like the most impressive solution to increased regulatory pressure and threats of enforcement activity. The challenge, however, is that training and skills development does not appear to be a top priority for organizations – and a quarter of the respondents displayed limited confidence that the company’s technological financial crime solution is fully optimized. It is significant that when asked what the main disadvantage of a sophisticated technological solution is, the majority of respondents chose “over-reliance,” which may underline the popular adage: Technology is only as good as the people who use it.
Keeping up with volume
Asked about their top concerns, the number one choice is the increase in regulatory requirements. In last year’s survey, reputation was the number one concern for respondents, and while this still remains high on the list of concerns, this year failing to comply with local and international regulation tops the list.
What, in your opinion, poses the most risk to your organization?
While the majority of respondents had an Anti-Money Laundering (AML) policy in place (88 percent), close to 30 percent did not have a fraud policy, 40 percent did not have a sanctions policy and almost 40 percent did not have Anti-Bribery and Corruption (ABC) or Combating the Financing of Terrorism (CFT) policies in place. It was also notable that over 60 percent of respondents had no cybercrime policy in place, despite the sensitivities involved when managing KYC data.
While it is encouraging to see MENA organizations moving forward in an attempt to align themselves with international best practice, from the responses it appears that respondents don’t yet have a full understanding of the value and requirements of “tone from the top” and more needs to be done to translate this concept into practice. It requires careful management of relationships with those in senior executive positions, as well as good communication throughout the organization. With the overwhelming amount of regulatory updates and the stepping up of global enforcement activity, gaining the support at every level of the organizational hierarchy will become crucially important for compliance success.
How confident are you that your financial crimes prevention program is compliant with all your international regulatory requirements and expectations?
As well as improving their personnel skills, compliance executives will need to become chief cheerleaders for their compliance programs. To improve confidence levels in their policies, the successes need to be publicized, which will also help to sustain a healthy compliance culture. But more than this, compliance executives should conduct a skills audit on a regular basis to understand the skills gap, and then seek to address it.
Ensuring a high skills capacity will help to avoid an overreliance on technology. Trusting that a sophisticated technological solution will meet all obligations is misguided and exposes senior executives and the organization to substantial risk. A good balance of skills and technology is the answer.
Five steps that can be taken to improve on confidence levels include:
- Communicate with regulators and understand what is expected
- Present a compelling case for senior executive commitment and support
- Train from the top down
- Regular monitoring and audits of compliance programs
- Create frequent and regular communication between management and employees
It is critical to note that a good compliance policy and the reduction of risk is very difficult to attain without a robust corporate governance framework. The importance of tone from the top cannot be overemphasized. It is necessary for creating a solid foundation on which a best practice compliance policy can be constructed. Without this level of support, it is possible that enforcement agencies will easily identify flaws and structural weaknesses in a policy that probably looks good on paper but fails to adequately address vital issues.
Addressing the skills shortage may also help to ensure a better spread of financial crime policies. Organizations who invest the bulk of time and resources into anti-money-laundering policies at the expense of regulatory demands leave themselves open to risk.
There is no sign that the high rate of regulatory updates will abate in the short or medium term. Coping with regulatory overload and keeping regulatory fatigue at bay will be a feature of the compliance department for some time to come. Experienced and skilled compliance staff are becoming a sought-after commodity and it is estimated that the cost of compliance skills will rise significantly in 2016. Future-proofing your organization by increasing staff capacity where possible will help to alleviate some of the regulatory pressure.
Download the full survey results and analysis.