What compliance officers should do to prepare themselves for the new dispensation
The New Compliance Dispensation
In the new digital economy, companies are having to evolve and re-invent themselves in order to remain competitive. This has fundamental implications for a company’s products, underlying product delivery capability, and their organisational structure. This in turn has fundamental implications for the skill set of the future compliance officer.
The Future Compliance World
Emergent technology such as big data, machine learning and legimatics will enable compliance officers to embed their requirements and priorities across the entire organisation, traversing regions, functions, and product lines. Whether reporting systems, due diligence procedures, employee training, policy development or internal controls; all of these can be integrated and embedded into every aspect of the organisation, its processes, and products.
Whereas in the past, compliance programs were provided to business, and the role of the compliance officer was effectively limited to oversight on the embedment of the content (with sample testing of controls), today compliance officers are in a position where they no longer are reviewing embedment, but rather should be focusing on real-time testing for control relevance, control effectiveness and more critically, real time compliance risk quantification and mitigation.
Technology has created ways for compliance objectives to be embedded as part of real-time business processes, where the compliance function can monitor how compliance inputs are achieving their intended objectives. This enables business to better integrate compliance and compliance risk issues and the compliance officer to monitor business behaviour broader and deeper than ever before, and additionally impose increased accountability. This evolution enables a true risk-based approach to compliance by use of managed risk through integrated real time residual risk metrics using AI enabled metrics. This moves compliance as a function into the shared strategic and operational space with business, as it allows for real time (and indeed predictive/ proactive) compliance risk identification/ management, thereby helping the business to be more responsive and agile in a complex, high-risk regulatory environment, including identification of potential new opportunities.
How does this impact an individual compliance officer’s skill sets and focus?
The digital era compliance officer requires certain skills in addition to those currently deemed necessary for the role of a compliance officer: to be digitally fluent, have data analytics expertise, behavioural understanding, and understanding of both the current and evolving operational and strategic aspects of the businesses operations and markets they operate in. These elements are expanded upon as follows:
Compliance officers need sufficient understanding of issues such as data governance, risk taxonomies, compliance and control taxonomies, digital security, and related controls. This is not to say they are required to be experts in this arena, but instead, should have a sufficient understanding/ awareness to be able to identify potential risk issues relating to these aspects.
In addition, they should have a sound knowledge base for supporting development of compliance controls aligned to defined compliance control taxonomies and regulatory data structures.
Data Analytics expertise
Regulatory frameworks are becoming more global, more principle based, and less consistent across regions. Coupled with this is the growth of supranational and regional legislation overlaying local regulation. On top of this, compliance teams must increasingly grapple with emerging culture and ethics considerations in areas such as artificial intelligence, product innovation, cybersecurity and similar all the while maintaining a focus on employee culture and behaviour. All of this combined exceeds the ability of the compliance function to manage the complexity and volume of the integrated regulatory landscape to pro-actively identify potential regulatory failure for an organisation.
Technology provides the necessary data cues for compliance officers to identify potential risks and issues, however it is the compliance officers themselves who must move away from a purely re-active advisory role to actively identifying the critical risk data cues and partnering with business to develop these into an understanding of potential future risks and opportunities for the business. This can only be done if the compliance officer is provisioned with the necessary data feeds and then has the knowledge and ability to interrogate this data to derive meaningful outputs –this requires a fundamental understanding of the data generation and curation process and analysing / overlaying this onto the compliance officers organisational and regulatory understanding to derive compliance risk metrics that can be used to inform the business. Such expertise, can for example, fundamentally impact a new product evaluation process by reducing time to market, permitting extended product scope, improved quality / scope of risk assessment and monitoring of the early stages of the product release for possible emergent risks not originally identified.
Culture and behavioural understanding
Pro-active mitigation of compliance risk (and analysis of past failures) requires a fundamental understanding of the behavioural aspects of the extant organizational culture which includes employee drivers and its relation to the corporate culture, group dynamics and the behavioural drivers of both performance and misconduct. In a digital compliance environment, where controls and the measurement metrics are increasingly informed and
measured by AI, the ability of the compliance officer to provide insight into the design and execution of compliance programs and controls, becomes a critical adjunct to intelligent systems as this provides the base knowledge to inform and maintain the effectiveness of these systems.
Strategic perspective with pro-active mindset
Compliance officers will become more strategic partners within the organisation and be involved in the business planning process in a proactive role rather than a reactive one. They will play a key role in providing insight into important business decisions and provide the confidence that the business leadership team needs to take the necessary risks to grow the company. By being actively involved, compliance officers can identify and address compliance issues before they occur, and more importantly, can identify potential opportunities for the business. The current relationship between compliance officers and their business colleagues will thus move from being viewed as a form of an externally imposed audit, to a valued business partner.
While the foregoing may seem daunting to a compliance officer, it will mature naturally as a consequence of the systems and data that are increasingly being made available to the profession, however, it will take a conscious decision by individuals to apply themselves to being part of the development as it occurs in order to remain relevant and a leader in their field.