What is the future of risk and regulation?

03 July 2018

It is always a dangerous activity to try and predict the future. And particularly so with technology changing our lives at such a fast pace. It is a necessity though for risk and compliance leaders. The products, delivery channels, decisions and controls that will cause the regulatory breaches and major remediation programmes of the future are likely being implemented now.

When I talk to those outside of risk and compliance, there is a belief that regulatory activity is reducing. This belief, together with a desire for efficiency, is putting risk and compliance functions under pressure. These functions have been protected from much of the cost cutting agenda to date, due to a fear of ‘getting it wrong’, but that is no longer the case.

Regulatory activity may be reducing in terms of new regulation but it is certainly not stopping and it is certainly not reducing in terms of regulatory expectations. There remain a raft of new regulations which will be coming in to force over the coming years - the replacement of LIBOR is one which is likely to be a major issue for organisations. In addition, the impact of new regulations is still not known - the realities of life under GDPR, for example, are not yet clear.

Alongside the new and embedding regulations, customer expectations and technological advances mean that the risk and compliance activities of the future could be very different to those of today. Most leaders that I speak to are concerned about having to run to keep up with the business. The business is developing new products, new delivery channels and new communication approaches, all of which help to deliver fair outcomes for customers which is a positive thing. But they sometimes do this without properly thinking through the risks. This isn’t a criticism - on the face of it, the risks don’t look like they are changing from the risks inherent in the more traditional customer approaches but they are being amplified by the use of new technology, probably in ways that we don’t yet understand. This needs risk and compliance specialists to be involved from the start and it needs challenge and diversity of thinking to be brought to the discussions.

So, risk and compliance functions are being asked to be more efficient, whilst also having to respond to a dynamic business environment. It isn’t an easy position to be in. You could say this has always been the case but somehow the pressure feels heightened at the moment. How should they respond? Perhaps by asking, and honestly answering, a few key questions.

Are you in the right discussions about business development? Too often, risk and compliance are brought in towards the end of the process when there is such enthusiasm for whatever has been decided that it is hard to clearly see the challenges. Instead, risk and compliance need to be there from the beginning.

Have you taken a step back to consider if your control environment is as efficient as it could be? Given the regulatory bow wave that we have been though, inevitably each regulation has often been thought about in isolation, without considering if a control implemented to help compliance with regulation A could also help compliance with regulation B. There hasn’t been time to step back and look at the overall control landscape. There might be now and this would certainly help with the efficiency challenge.

Have you thought about how to deliver your risk and compliance activities in the future? The traditional teams of today are unlikely to be the right model for the future. Once the control environment is efficient, you can think about how you deliver against it. You can, for example, consider where your teams are situated, what skills and Regtech you need and what mix of permanent and outsourced arrangements work best for you. Have you got the diversity within your team to challenge the business? With the business moving so quickly, and ideas being discussed which are so different to the ways of working today, diversity of thought is needed more than ever. To achieve this, you may need to reflect upon how you make your working environment appealing to the talented and diverse individuals that you want to attract to your team.

There will be other questions to answer but these make a good start. It’s an exciting time to be involved in the financial services industry and in risk and compliance. There are a lot of changes, which bring opportunities and challenges. Something that we all thrive on.

Sarah Isted

Sarah Isted | UK Financial Services Risk and Regulation leader
Profile | Email | +44 (0) 7834 251939



Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated and will not appear until the author has approved them.