Risk and compliance: What’s on the horizon in 2020?

So 2020 is going to be a busy year in financial services regulation and compliance. There's quite a lot going on already but to come in particular, I would highlight financial crime, operational resilience and also the roll outs for the senior managers and the certification regime. The other thing to bear in mind is that as we move into the spring, regulators will also be publishing their annual business plans and they’ll give further insight into the direction of travel over the course of this year.

Financial crime is an ongoing area of focus. The changes in the regulatory landscape,  coupled with the growth in innovative technology, coupled with the increase in the number of sophisticated cyber threats means that financial crime will be a focus area and should not be understated.

It also means that MROs and AML/KYC teams all focus on a number of themes such as enhancing their technological innovation and using technology to be able to detect any illicit transactions and complex transactions which may give rise to suspicions of money laundering and it could also provider greater cost efficiencies. This means that firms will also need to take into account training requirements and human intervention reviews when implementing new technological systems.

Another theme in financial crime relates to the tightening on KYC processes, for example, national competent authorities are expecting firms to tighten their KYC processes in line with the fifth money laundering directive as implemented at national level. And another theme in financial crime relates to sanctions. Sanctions regimes are ever changing and are ever more complex. In order to have an effective sanctions compliance regime, firms must continue to enhance their screening processes so that they can take into consideration not only changes in the business and in the business strategies but also changes in the political landscape. So firms need to keep abreast of the changes in the sanctions regime as we expect these to be fairly divergent in the coming years.

I’ve just mentioned a few themes and these appear to be reoccurring themes, however firms must remain vigilant and continue to find ways in improving their anti-money laundering counter terrorists financing and sanctions programmes.

Operational resilience is also another focus area as indicated by the FCA and the PRA. It’s defined as the ability to prevent, to adapt, to recover from and to learn from operational disruptions and the FCA do expect through their new requirements and expectations that firms should be able to continue with the supply of products and businesses to people, to other businesses and to the financial services sector as a whole even in the event of a severe operational disruption. This means that firms will need to look at their business continuity plans, their disaster recovery and resolutions packs and also embed these changes at a board level within the business strategy.

So whilst firms have rightly been focused on the deadline of December last year for SMCR, the key now is to think about the post implementation landscape and making sure that in practice it runs as it should be, especially in the early days there are a couple of things I think you need to be aware of. So there’s a risk initially that roles and responsibilities could be unclear or there could be gaps between them. There’s also a risk that the programme plan may have inadvertently missed something or not actually been as calibrated well as it could have been. It’s also important for firms to be clear and be consistent on the level and depth of evidencing they do around SMCR, so to make sure that it’s enough but also that it’s appropriate to the business and the activities it undertakes.

One thing to bear in mind going forward and perhaps for firms to consider is conducting an actual post implementation review into how the roll-out has gone. So areas around that, that firms could consider, including looking at how the original programme and the plan around it has now been deployed. Interviewing different staff, whether it’s through focus groups or walkthroughs and staff at different levels to see how they are taking forward SMCR and importantly how it’s embedded throughout the business. And then also considering the governance, the management and the reporting around that and how learnings are factored into the business and the business grows going forward. So taking together, doing a review around those areas can provide important learnings for firms and also potential improvements for the future.