Anatomy of a modern compliance department

Increasing regulatory expectations make it vital for organizations to have a well-resourced, highly skilled compliance department. We take a deep dive into what it should look like and why.

The modern compliance department is an essential and integral feature of a successful financial services firm. Rapidly evolving regulatory expectations around the qualitative concepts of culture and conduct risk, over and above the black and white of the rulebook, have made having a well-resourced compliance function that is both influential and credible more important than ever. The risk profiles of firms and their senior managers continue to rise significantly as policymakers introduce accountability regimes to drive more risk-aware behaviors and expand the range of obligations to include concepts such as operational resilience. 

The modern compliance department has to contend with digital transformation, persistently high levels of regulatory change, regulatory relationship management, changing skills requirements, monitoring, and reporting internally and externally – all while seeking to ensure that customers enjoy the required good outcomes.

Equally critical is its role in supporting senior managers in maintaining compliant operations – the ramifications for getting compliance ‘wrong’ are becoming increasingly severe for both individuals and firms alike.   

“Compliance officers must now consider the future of those changes and assess directionally what should be maintained and which are due for revision post-pandemic. Part of this analysis is understanding the limitations of what can and cannot be changed.”

Susannah Hammond, senior regulatory intelligence expert,Thomson Reuters and co-author of the Cost of Compliance report

The role of compliance has developed into a firmly established profession. A global financial crisis, multiple mis-selling scandals, and exchange rate rigging are some of the significant events that have driven the demand for effective compliance practitioners to protect customers and the industry’s integrity. Whereas historically compliance officers may have been recruited directly from the business, bringing with them an understanding of products or sales processes, the changes brought by the financial crisis now often require them to have legal expertise or skills acquired in regulatory bodies. The demand for multi-faceted skills has continued to evolve and, increasingly, it is technology skills that are at the top of the list for recruiters.

What’s clear is that compliance professionals need a diverse set of skills. And the wide range of educational backgrounds, qualifications, and professional body memberships within the modern compliance department reinforces this. Fundamentally, it needs to see and understand all the business that the firm undertakes. Firms may have a ‘multiple lines of defense’ model in which the compliance function plays its part alongside the frontline business, other risk functions, and the internal audit department. While compliance is and should be seen as an integral part of the business, it also needs to fulfil its designated obligations within the firm’s governance arrangements. 

Early contact with compliance

As part of being integral to the business, the compliance department should be contacted early in the process for every new product or area of business. It should be seen as a trusted advisor to the business whose expertise can help shape the future. This strategic business partner and trusted advisor status is fostered by mature relationship management skills deployed internally with business lines and senior managers and externally with regulators. 

When it comes to their specific skill sets, compliance officers often hold a professional qualification, such as lawyer or accountant, but that is only a stepping stone to becoming an expert in the detail of the rulebook and developing the ability to interpret and implement the requirements, and demonstrate compliance.

Compliance functions now need to understand and be a role model for ethics and culture, conduct risk, and risk-aware, customer-focused approaches to business. Added to that, they also have significant interaction with teams fighting fraud, money laundering, and financial crime. Topics such as climate risk, the impact of extraterritorial regulation, geopolitical shifts, and cyber hygiene are also coming to the fore and may require compliance functions to deepen their skill sets even further.  

One area where it’s vital for compliance departments to undertake a detailed skills gap analysis is technology. Digital transformation is happening and happening fast – according to a McKinsey Global Survey (October 2020) of executives, the coronavirus pandemic has forced companies to accelerate the digitization of customer and supply-chain interactions and internal operations by three to four years. The share of digital or digitally-enabled products in their portfolios has accelerated by seven years.

It is essential that compliance has the in-house skills to keep pace with this transformation.   

Our dependence on technology is affecting every aspect of organizations within the financial services industry. Emerging innovations and new technologies, coupled with the vast volumes of data being produced, are creating new and heightened regulatory risks for firms. Modern compliance departments need the skills to not only understand and assess these digital developments but also to ensure that evolving requirements and rules from regulators can be met.    

Required skills of working

The widespread scope of transformation requires an equally extensive breadth of expertise and skills to provide effective oversight of areas as diverse as:

1. The growing use of Artificial Intelligence (AI) and machine learning (ML)

Ever-increasing volumes of transactions, interactions, and data are outstripping humans’ capacity to detect risks or extract insight. Regulators and auditors have made it clear that they expect firms to be able to explain how they are using AI and ML in their decision making and to demonstrate that they are doing so ethically. Compliance teams need to be comfortable with understanding and explaining how models work and decisions are made, and ensuring that human oversight is in place to identify anomalies.

2. New ways of working

The pandemic has accelerated the already-emerging shift to people working remotely. Tightly controlled lines of communications via company devices and internet connections, and in-person oversight of conduct in the office, have moved online, requiring different methods of supervision, monitoring, and record-keeping. Regulators have made it clear that they expect the same standards of compliance oversight and supervision wherever regulated activities occur, forcing compliance teams to rely on remote processes and digital supervisory capabilities.

3. Changing methods of communications and interaction with customers

Customers’ accelerated demand for online financial services and growing use of social media channels, chatbots, and video calls creates operational supervisory challenges and heightens compliance teams’ need to understand cyber resilience and be aware of data security.

4. Emerging and new products

Compliance teams need to be equipped with the technical skills to assess both the regulatory impact and customer outcomes of new products ranging from virtual assets to digital wallets, and offerings based on alternative data sources such as geographical data or telematics.

5. Technology as an enabler

Compliance must be able to assess the benefits and implications of new solutions, or ‘regtech,’ being developed to support regulatory compliance.  

Ideal compliance function

The ideal compliance function is agile, flexible, highly skilled, and in lockstep within the business. According to the Thomson Reuters Cost of Compliance report for 2021, it needs to be adequately resourced with human and financial capital, and more compliance activities should be automated. Other key criteria include integration throughout the business, with compliance acting as a strategic, technology-enabled business partner embedded within the company culture.

The ideal compliance function also needs to be visible, visibly supported, and valued by senior managers. It is a business enablement function, helping the firm to thrive compliantly into the medium term. That said, compliance functions do need to be appropriately resourced for their firms to reap the maximum benefits.

In line with the speed at which regulation is changing, the demand for compliance expertise is showing no sign of diminishing. The majority of firms, 68%, expect turnover to stay the same as the previous year, a third expect the team size to grow over the next 12 months, and 47% expect the cost of senior compliance staff to increase, which reflects the growing accountability of compliance professionals. Half of practitioners expect their personal liability to increase in 2021.

The multi-faceted skills that the modern compliance department needs reflect the wide variety of responsibilities. With no set criteria for qualifications and experience, practitioners are equipped with a range of technical, strategic, and risk skills complemented by educational backgrounds spanning legal, finance, and MBAs, plus a growing demand for technology expertise. With responsibilities ranging from surveillance to policy expertise, teams can accommodate diverse members. Skills are often in short supply, contributing to a third of firms (34%) outsourcing some or all of their compliance functionality.

Modern ways of compliance

New ways of working and digital solutions make the profession more attractive to those who need less traditional work patterns or want to work remotely, such as those with caring responsibilities. What is clear is that to be a strategic partner and effectively manage regulatory relationships, communication skills are as essential as technical skills.

“The underlying drivers for changes made within a firm during the pandemic are important,” said Susannah Hammond, a senior regulatory intelligence expert at Thomson Reuters and co-author of the Cost of Compliance report. “Compliance officers must now consider the future of those changes and assess directionally what should be maintained and which are due for revision post-pandemic. Part of this analysis is understanding the limitations of what can and cannot be changed.”

The modern compliance department is an essential component of a successful firm. The concept of compliance and the role of compliance functions has grown and changed over the years. Compliance as a profession is now an established concept seen as a core competency for every financial services firm.

Compliance functions are increasingly technology-enabled, using that technology alongside their deep and diverse subject matter expertise to support their firms and senior managers in the discharge of regulatory obligations.

Firms that value and resource their compliance functions will be well-equipped to weather any unexpected storm and thrive in the future.