A new vision for Compliance

In our previous blog, we discussed that Compliance faced a new digitisation dilemma based on key four drivers:

• the digitisation of the business,
• increasing cost pressures,
• emergence of new ways of working, and
• the increased use of supervisory technology.

The dilemma faced by Compliance today is whether to continue with the human-intensive and process-centric status quo, or to transition to a new technology-intensive and data centric (“digitally transformed”) operating model. Digital transformation, however, goes much beyond introducing innovative technology, particularly if the technology only supports old ways of thinking about Compliance.

To digitally transform, it is necessary to recognise that Compliance is part of the digital ecosystem of financial services, which includes common infrastructure, systems, legal entities, staff, competitors, regulations, regulators, software, algorithms, and collaboration, amongst other factors. Furthermore, the digital ecosystem of financial services is not independent of other digital ecosystems (e.g., retail, home, phone, etc.). Therefore, the vision for the future of Compliance will need to be aligned with the vision of future of financial services, regulation, and risk management. A future that it is likely to be characterised by data processing, automation, decentralised infrastructure and much less intermediation.

Given that visions evolve with time as culture and technology change, it is necessary to think about the digitisation of Compliance in a scenario-based approach that is flexible enough for continuing change. This should not be siloed to Compliance, but rather be part of the digital transformation strategy of the whole firm. To help build a successful digitisation strategy, we consider the following key enablers as part of the digital transformation journey for Compliance.

• Compliance as a Service: Compliance should be viewed as a service to the firm and to the market, and not only as a cost centre. This will allow examination of the value chain of Compliance within the firm, and within the industry. This step is necessary to understand what the key “customer outcomes” are in each Compliance process, how these outcomes could be achieved in other more efficient ways, and where the innovation zones are that technology could be applied.
• Compliance by Design: The risk management approach to Compliance should change from predominantly ex-post assessments and detective controls, to real-time assessments and preventative controls which are embedded by design.
• Innovation as a Key Competency: The profile and role of the Compliance Officer should change to incorporate innovation as a key competency. Compliance staff will be required to have an increased awareness of technology and data analytics skills and their application to business, risk management, and regulatory processes. Compliance officers will also need to expand their expertise in emerging risk types, for example, cybersecurity, operational resilience, conduct risk and ESG.
• Real-time Collaboration and Risk-Visualisation Tools: Compliance should be equipped with technology solutions that allow firms to visualize the relationship between regulation, policies, and controls (e.g., policy lifecycle management, regulatory mapping and horizon scanning tools) and enhance data visualisation and collaborations.
• Data of Things: Data should be placed at the heart of Compliance risk management. Compliance should be equipped to process and analyse massive data sets in real-time and integrate them in Compliance risk decision-making flows.

We will explore each of these enablers in more detail in the upcoming blogs.