Skip to content
Regulatory intelligence

Technology’s mixed blessing for compliance: Separating reward from risk

Cryptocurrencies, FinTech and RegTech are shaping up to be a lot for United States compliance professionals to handle. Here's what a compliance department can do to get ahead of these challenges.

Technology could make the life of a United State compliance professional a lot easier – or a lot more difficult. Because it moves so quickly, technology evolves faster than regulation and legislation. That creates gaps between regulations and reality.

In the 10 remaining months of 2018, U.S. compliance professionals should anticipate issues arising from:

Cryptocurrencies and other high-risk products

Cryptocurrencies took everyone aback. No one thought they’d be as popular as they are, and “no one” includes regulatory agencies. Senior Regulatory Intelligence Expert Todd Ehret said those regulatory bodies seem to be recovering from their initial reaction.

“I think regulators were, at first, a little surprised. I think they’ve now sent their messages that firms need to be careful in these areas,” he said. “As a compliance department, I think there needs to be a strategy and overall policy with regard to everything cryptocurrency-related.”

Robo-advisors and retail protection

For several years, the financial world has been talking about robo-advisors with a mixture of fear and admiration. Algorithms show promise at tracking investments and divining outcomes from mountains of data, but they can’t make the somewhat subjective judgments a human investment professionals can when he or she is trying to determine what’s a good fit for a client.

“Firms are kind of cautiously wading into this area,” said Regulatory Intelligence Expert Julie DiMauro. “Best practices here would be to make sure there’s adequate disclosure – fine print no one reads is not enough – and that you include some human interaction, at least early on, so clients (especially new ones) are not selecting investments totally unsuitable for them.”

Evolution of FinTech and RegTech

When it comes to technology solutions in finance and compliance – FinTech and RegTech, respectively – “ignoring or avoiding the subject is no longer an option,” Ehret said.

FinTech and RegTech are, in some ways, remedies, but they can raise problems of their own. That’s particularly true if they aren’t deployed correctly or are a bad fit for a firm’s in-place systems. The new emphasis coming from firms and regulators indicates a near-universal need to upgrade legacy systems, while also implementing and embedding regulatory rulebook changes.

On that note, there seems to be a special need for resources. When attendees of the webinar were asked “What are the greatest financial technology challenges you expect to face in the next 12 months?,” the top answers included “Upgrading legacy systems,” “strengthening cyber-resilience” and “implementing regulatory change” – all initiatives that require a significant investment.

Customer data protection, technology, and cybersecurity

The threat of a data breach, data loss, or theft of sensitive customer data has grown to a top concern. The cost of a breach, its remediation, and reputational risk can threaten a firm’s future.

Effective management of a firm’s IT infrastructure is the heart of every compliance program. The protection and storage of data ranging from trading records to correspondence and compliance recordkeeping is critical. Secure off-site archiving and storage, business continuity, and disaster recovery plans all require significant planning and resources. The security of this data, especially sensitive customer data, is one of the most important responsibilities of the compliance and IT departments.

Regulators are taking cyber security seriously. The EU’s General Data Protection Regulation, (GDPR) applies to all companies processing the personal information of EU residents regardless of where those firms are located, including the U.S. It was adopted in April 2016, and is set to go into effect May 25, 2018.

The Securities and Exchange Commission (SEC) issued a cybersecurity Risk Alert and continues to regularly remind the financial industry of the threat. States are also stepping up with regulations. The New York Department of Financial Services (NYDFS), with jurisdiction over firms doing business in the state, now requires firms to have cybersecurity programs designed to protect consumers and ensure industry safety. Other states have also implemented cyber or data protection regulations as well, thus creating a complex patchwork of regulations which are an enormous challenge for compliance and IT departments at financial services firms.

Compliance officers may not need to become technology experts, but they do need to ensure that cyber risks are addressed within their firm’s corporate governance framework. Compliance must be aware of rules and regulations from every jurisdiction with authority over the firm’s activities.

Learn more

Explore Thomson Reuters Risk Management Solutions and find out how to cut through complexity to find clarity.

More answers