A landmark survey of more than 1500 compliance leaders around the world including 300 in the Middle East and North Africa (MENA) revealed major risks associated with digitalization, with 41% of those surveyed admitting their organization has already experienced enforcement investigations by regulators because of technology that was poorly on-boarded and/or implemented.
According to this new research ‘The Currency of Connection: Mobilizing Technology for Compliance Integration’, investigations are most likely to arise in relation to data privacy and cyber-security, as well as tax, transfer pricing, fraud, and antitrust.
Research reveals that compliance teams, who are often a key line of defense against such investigations, are largely shut out of decision making around new tech, including a third of businesses surveyed who believe their organization is employing new technology without any regard for potential compliance and regulatory risk at all.
COVID-19 has significantly accelerated the digital transformation of businesses around the world, which is, in turn, attracting much greater scrutiny from regulators, who are grappling with the implications of technology in relation to antitrust and market power.
To drive their own efficiencies, manage cost pressures (where 68% of compliance leaders in the MENA have seen their budgets cut due to COVID-19), and to keep up with the digitalization of their wider organizations, compliance teams themselves are therefore also increasingly turning to tech.
In the MENA, 32% of businesses surveyed are planning to invest between $3-$5 million on new compliance technology in the future, including machine learning, AI, predictive analytics, and bots for finding and delivering information as part of compliance training and data-backed systems designed to identify concerning patterns of behavior.
Regulators are also in some cases continuing to play catch up, with, 52% of compliance leaders in the MENA reporting that a lack of consistent guidance on compliance technology from regulators is a barrier to further tech adoption.
One area where is there is increasing concern and scrutiny is related to third-party compliance risk, and in particular where a company has a minority interest, a JV, or supplier relationships.
46% of compliance leaders in the MENA plan to deploy technology to monitor the actions and behaviors of these third parties.
Borys Dackiw, EMEA Co-Chair of Compliance & Investigations, and Middle East Head of Compliance, Baker McKenzie, said: “Joint ventures (JV) and other arrangements with key business partners pose significant compliance risks such as conflicts of interest issues, bribery, and corruption, in the absence of proper screening and compliance due diligence.”
Artificial intelligence (AI) is particularly useful in managing third-party risk. It can mine, collate and analyze public source information relating to investment partners to make connections that otherwise may not be made and highlight risks that may otherwise remain hidden.
Rapidly accelerating digitalization is also creating further risk. In MENA, 32% of compliance leaders report that their organization is employing technology without considering compliance risk, and 41% say their company has already experienced a related compliance investigation.
Dubai-based Kellie Blyth, Counsel and UAE Head of Data and Technology, Baker McKenzie, commented: “COVID-19 has undoubtedly accelerated digital transformation across all market sectors, albeit at differing speeds. As well as the transformative benefits, the pace of change is giving rise to novel risks for organizations as they innovate their business models and try to maintain compliance with an ever-shifting regulatory landscape and, in the absence of a comprehensive technology risk assessment, ‘hurried digitalization’ can come at a high cost. Regulators in the Middle East have zeroed in on data protection and cybersecurity as legislative priorities that must be addressed on their journey to become knowledge-based economies. We will continue to see regional regulators overhaul and fortify their national legislative frameworks to better govern the use of data and to manage risk associated with new technologies. As a reflection of the global trend, regional regulators will also increasingly look to impose stringent penalties on those companies with weak compliance frameworks in place.”
RegTech promises to disrupt the regulatory landscape by providing technologically advanced solutions to the ever-increasing demands of compliance within the financial industry and other sectors.
It is tedious for a fresh company to get on with regulatory compliance because it will have to check each and every law that might be applicable to the company. That’s just half of it. Once the company lists the regulations applicable to it, it has to implement them, which again is a time-consuming task.
Managing Regulatory Compliance
Regulatory compliance requires experienced people who understand the business process and governance pretty well. People across the company need to collaborate.
Also, regulations change and update frequently. One has to make sure to regularly check for updates and implement them and this gets very frustrating for people in the middle of building a project.
Finding the Right Resource When Required
Most companies outsource expertise to legal partners or consultants who handle different clients at the same time which can create bottlenecks in the regulatory compliance process.
What Is RegTech?
RegTech uses software as a service (SaaS) for cloud computing, big data, and artificial intelligence in order to manage regulatory compliance, and it reduces the stress on compliance teams by automating the process.
RegTech helps organizations reduce cyberattacks, security breaches, and money laundering threats.
Regulators are the federal regulatory bodies that define the rules. RegTech developers are the tech people or companies who build RegTech software.
RegTech developers have to meet regulatory standards and also understand the needs of the clients.
Clients must find a way to integrate the software into their compliance process.
The RegTech Process
The first requirement of any business or process is a target audience. There is no point in having RegTech if there’s nobody to use it. So the first step is signing up customers.
The signing up process involves validating and verifying your customers’ information and making sure it is legit.
The next step is monitoring. This is a continuous process of keeping an eye on all the customer’s activities. Once your customer is registered, they will have given you access to monitor transactions. The software will then look for suspicious activity.
RegTech generally uses cloud computing and big data to manage data flow.
While monitoring transactions and activities, it is important to have in-depth knowledge of how for example money laundering works and different ways money can be laundered. Only then you will be able to write detection logic.
Reporting to regulators happens when regulations aren’t followed.
Because RegTech uses technologies like cloud computing and machine learning, it can understand the process quickly. It can also adapt to changing regulations. That’s because machine learning is used to alter the process according to updated regulations.
RegTech also accelerates the regulatory compliance process. Almost every task is taken care of by the software, so it works faster than humans. Breach detection and reporting are faster, reducing risks.
Analytics helps RegTech represent information in an easy-to-understand manner. It can also help you filter data to show only what you are interested in.