2019 risks for compliance officers

KYB

While much of 4MLD was about to know your customer (KYC), a big part of 5MLD is about to know your business (KYB)

In the run-up to the 5MLD, we will see increased attention on high-risk countries. Clients or transactions engaged in high-risk countries will be subject to enhanced due diligence when performing onboarding checks.

Compliance teams will need to ensure KYC is not a simple “tick box” exercise during the onboarding phase, and ongoing monitoring processes will need to be implemented to manage changes throughout the customer lifecycle.

5MLD will require enhanced due diligence when dealing with high-risk countries. As well as obtaining evidence of the source of funds and source of wealth, information on beneficial ownership and background to the intended transaction must also be recorded. The EU may also designate a ‘blacklist’ of high-risk countries for money laundering.

Members States must implement 5MLD by 10 January 2020.  For the UK, any post-Brexit transitional arrangement which would see the UK stay in the Single Market would mean that the UK would have to continue to apply EU law for the duration of the transitional arrangement period as if it were still an EU Member State.

 

Conflicts of interest

Conflict of interest issues are significant at every level of the company. Starting with the board of directors, an effective board must be transparent about potential conflict issues and address them on an ongoing basis. Board decisions that either suffer from actual conflicts can risk the board’s adherence to its duties and create real legal risks. Even the appearance of a conflict can raise real issues and transparency becomes even more important in these contexts.

This same level of risk can undermine the integrity of senior management. When senior executives fail to address real and significant conflicts, the integrity and overall leadership trust factor can deteriorate. A compliance executive must be willing to take on these issues, even when it is difficult to confront senior executives.

Within the private equity (PE) industry, conflicts and their adequate disclosure remain problematic. In recent years regulators have made examinations of PE firms and their complex structures top priorities.

In 2017 regulators warned over outside business activities by brokers and advisers, including private investments and investment opportunities. Although the number of cases has slowed, most major, or well-known firms still see outside business activities as a risk.

 

Innovation driving new demands

Technology for many ‘non-tech’ professionals such as compliance officers remains a concern, as the importance and integration of technology into the compliance suite continue to evolve. Compliance officers may not need to become technology experts, but they do need to ensure that tech related risks are addressed within their firm’s framework. Compliance must be aware of rules and regulations from every jurisdiction with authority over the firm’s activities.

It also could finally be the year many businesses will likely begin exploring blockchain technology, which provides an incorruptible and encrypted method of recordkeeping that is easily verifiable. As people and devices are increasingly connected, identity/privacy protection is a prime concern. Both blockchain and biometrics can help to secure and manage user identities, and technology companies may even combine them to make their offerings more secure.

 

Regulatory and political change

Brexit creates real uncertainty for the UK’s regulators, and the industries that they regulate. The impact will be far-reaching, and regulators will face major challenges in responding to profound changes in policy, the legislative framework and the wider economic context.

The election of Donald Trump as president brought widespread anticipation of a regulatory rollback. Two years later, as compliance and legal departments have grasped subtle regulatory changes, the political winds have once again shifted with the Democrats taking control of the House of Representatives in last November’s mid-term elections.

International regulatory and political events should also not be ignored as, for example, the EU’s General Data Protection Regulation, (GDPR), which took effect last year, has extraterritorial reach. It also serves as a model for future possible regulations in the critical area of data privacy and cybersecurity.

 

Ethics and integrity

“Compliance and Ethics” is expected to become the typical remit for the compliance function, as increased emphasis is placed on culture within the business and providing direction on ethical business practices and principles. With growing scrutiny from both regulators and stakeholders, the pressure is on for the compliance function to take a broader responsibility for policies, procedures and controls to create a truly ethical business.

The Cambridge Analytica scandal is a notable example of how data misuse has serious brand and societal implications, on top of legal and compliance penalties. The public outrage was so intense that governments were forced to act, calling on Facebook and other involved parties to testify and explain themselves. The market’s reaction was also punishing, with more than $100 billion knocked off Facebook’s share price in days, while Cambridge Analytica went out of business.

Ethics and integrity concerns are also being driven in a different way by the #MeToo movement, which focuses on sexual harassment and assault in the workplace. Longstanding cultural issues in organisations are more likely than ever to become public in ways that seriously damage corporate reputation and branding, lower workforce engagement, affect an organisation’s ability to hire top talent, and therefore impact the bottom line.

 

Let us know if you would like to find out more

If you have any further questions or interest in implementing compliance solutions, please do get in contact.

 

Nick Beaton
Head of Business Development
T: +44 020 7868 1575
M: +44 07540 814943
E:nick.beaton@CRIGroup.com