Looking Forward Going Beyond Simple Compliance to Include Risk

Posted November 28, 2016 by Nick Nichols

This is the first in a series addressing the complexity of regulatory compliance and risk management.

A question I hear frequently from compliance executives is, “How am I supposed to know what to look for in order to prevent something that hasn’t happened yet, particularly when our infrastructure and resources struggle to keep up with the rapidly expanding regulatory compliance environment?”

These are both fair points, backed up over and over again by data like the 2015 Dow Jones Anti-Money Laundering Survey, which revealed that some of the top concerns facing compliance professionals are:

  • Increased regulatory expectations
  • Shortages of trained AML staff
  • Outdated/insufficient technology

Simply maintaining compliance with existing regulations may be difficult for many firms, never mind trying to identify and prevent future risks.

But try telling that to investors whose retirement savings are stolen by an act of fraud that your firm wasn’t able to prevent because you didn’t have resources dedicated to attempting to predict and identify future risks.

Regulations that govern financial institutions are often passed in response to a crisis, like the collapse of a global bank, or the discovery of a money laundering operation that is funneling wealth in support of terrorism. The regulations that govern financial institutions typically have the best intention of trying to prevent such a crisis from happening again.

Consider one of the latest rounds of regulatory proposals, introduced by FINRA in 2015, which aims to prevent the financial exploitation of senior citizens and other vulnerable adults (see FINRA Regulatory Notice 15-37).

As described by FINRA in its release, if passed as proposed, this regulation would require financial firms to make a reasonable effort to get information for a “trusted contact” on accounts where the investor is deemed to be elderly or vulnerable. The contact would be unable to transact business, but would be alerted in many circumstances where abusive activity on the account is suspected. However, the proposed regulation would not prohibit opening the account it the customer fails to identify a trusted contact. This appears to require the collection, maintenance, and monitoring of more customer data as an important step in protecting senior and vulnerable investors from financial exploitation.

On September 12, 2016, the North American Securities Administrators Association (NASAA) issued guidance similar to FINRA’s proposal entitled, "Guide to Practices and Procedures for Protection Senior Investors and Vulnerable Adults from Financial Exploitation."

Regulatory improvements could help address financial scams and theft to senior and vulnerable investors. The Consumer Financial Protection Board notes annual losses resulting from financial scams and theft range from $2.9 billion to as much as $36.5 billion – a large but significant range.

In our view, one of the biggest questions facing financial institutions today is, “How do we develop and implement a strategy for efficiently protecting customers by staying in compliance with existing laws and regulations, while also keeping our eyes on those risks that aren’t yet being managed through legislation?”

To help answer this question, consider the following:

  • How does my firm articulate and measure its goals of maintaining regulatory compliance and identifying and managing future risk? What is the relationship between these capabilities, or are they separate?
  • Is our allocation of resources (such as time, staff, or technology) for regulatory compliance, and identifying and managing future risk, sufficient to reach our stated goals?  Where is there intersection in the allocation of resources (like when new risks are identified, and how are they integrated into our monitoring program)?
  • What opportunities exist to strengthen the relationship between regulatory compliance, and risk management?  

At 2017 DST Advance we will discuss ways we can help your firm begin to lay out a strategy for maintaining regulatory compliance while looking ahead to potential new forms of risk.

The next article in this series will address how firms can more efficiently analyze the future risk landscape across business lines using behavioral analytics.

Featured Insights
  • Getting Ahead of the Curve: Re-Imagining Fraud Detection in 2017
    Learn More

Subscribe for more info
Want to stay up to date? Subscribe to our communications to access the latest content.


For More Information