Business imperatives of change and efficiency will both drive and transform legal and compliance operations. The speed of change within financial services necessitates that companies anticipate and adapt to emerging risks and ongoing transformation across multiple fronts, including technology advances, process improvements, regulatory developments, new market entrants, and shifting consumer preferences.
Regulatory focus on the technology sector will directly impact business strategy given attention to anti-trust, sanctions, and operational resilience risks; it will also spotlight customer protection risks, including bias, accessibility, and privacy especially with regard to machine learning, AI, and cloud services. Regulators will expect companies to understand and explain outcomes of new technology applications/enhancements as well as the roles and responsibilities third-party service providers.
Compliance challenges will remain in core areas of conduct/ethics, financial crimes, customer protection, and evolving geopolitical risks.
- The use of fintech incubators and partnerships, and ongoing adoption of AI and cloud services (in business, middle and back office) requires enhanced due diligence, compliance risk management, and monitoring and testing processes
- Evolving technologies, including data analytics and natural language processing, enable firms to evaluate pools of structured and unstructured data to proactively identify potential compliance risks
- Agile legal and compliance integration will facilitate ongoing adoption of technology advances; regulators will expect companies to understand and be able to explain outcomes resulting from applications of new or enhanced technologies.
- Integrated KYC/AML and compliance controls will enhance risk-based assessments and streamline processes from due diligence through monitoring, escalation and off-boarding
- Applications of innovative technologies, such as ML/AI and cloud computing, may increase certain customer protection risks including bias, accessibility, and data privacy though these applications are not yet fully covered by specific regulation
- Key areas of compliance for customer protections will include data privacy, UDAP/UDAAP, Best Interest, and CRA
- As new payment channels and products are deployed, compliance concerns continue to focus on regulatory requirements in financial crimes and investor/customer protection, including data privacy, UDAP/UDAAP, fees and disclosures, funds availability, third party risk management
- Regulatory focus on crypto assets, non-bank and online processing, real-time payments, and crowdfunding is evolving, in some cases prompting a rethinking/reordering of certain compliance processes (such a “prevalidation”) to facilitate faster technologies and transactions
- The compliance program should include comprehensive due diligence of acquisition targets and prospective third parties, as well as ongoing tracking of identified red flags; M&A activity will drive continued legal and compliance operational integration
- Heightened regulatory attention on the technology sector will impact business strategy and may increase legal and compliance risks in the areas of anti-trust, sanctions, and conduct
- Compliance and ethics risk professionals must have the requisite skill set to understand, embrace, and execute evolving technologies and customer demands
- Customer demand is driving the development of new product and service offerings and new delivery channels that can expand compliance expectations such as the ADA’s guidelines for web content and mobile applications
- Companies are leveraging regtech solutions to reduce compliance costs and improve overall efficiencies in time and effort in areas such as KYC/AML, transaction monitoring and testing, regulatory reporting, misconduct; automation and AI applications can shift monitoring from reactive to proactive
- To optimize investments in automation and AI, organizations should first reassess their core processes and controls, assess data quality, and streamline governance in order to address potential reputation, brand, and ethics/conduct risks
- Operational integration of legal and compliance will increase cost savings through reductions in complexity and duplication and enhanced ability to respond to regulatory change
- Co-sourcing/outsourcing strategies in areas like contract management, client onboarding, investigations, and compliance monitoring and testing requires monitoring third parties for compliance and reputation risks as well as geopolitical risks, including tariffs, sanctions, and financial crimes