In this interview with Help Net Security, Simon Winchester, VP Worldwide Advanced Technologies at Jumio, talks about the changing role of the Chief Compliance Officer (CCO) and how to ease some of his burdens in the highly regulated world of ‘today.
As new compliance regulations emerge, organizations need to make sure they are meeting the standards. How important is the CCO’s role in this process?
Organizations today are challenged to deal with a confluence of regulatory and business changes that impose new compliance requirements. The pace of regulatory change, global regulatory convergence and competition from new market entrants has created a complex environment for organizations across all industries as they attempt to protect consumers and themselves from fraud, money laundering and other financial crimes. As such, the role of the Chief Compliance Officer (CCO) – someone who can perform a thorough risk assessment on the business and its stakeholders – is more important than ever.
By appointing someone who is responsible for keeping abreast of all relevant regulations and who knows how to develop and enforce a structured compliance program, organizations can ensure they have peace of mind to comply at all government regulations.
What can be done to change the perception of the CCO as an organizational bottleneck?
Manual compliance work is both time-consuming and error-prone, which can lead to this perception of CCOs as an organizational bottleneck. However, automation puts an end to much of this workload, as it eliminates human error and improves efficiency and effectiveness. Manual processes are now simplified, relieving compliance officers. Additionally, automation reduces data complexity, allowing CCOs to not only process, but also better understand, larger amounts of data and reveal patterns of behavior that can better focus their efforts.
In turn, organizations can become more proactive, rapidly scale to scale, seize new market opportunities, and seamlessly engage with new investors and partners. Conversely, when a CCO has a vision and a strategy – which are then implemented and automated – then they are seen as the greatest champion of revenue enabling business activity rather than stifling it.
Additionally, automation leaves more time for CCOs to devote to compliance tasks that cannot be easily automated, such as judging complex business situations in highly regulated markets. With flexible AML tools, trusted and established vendors, and well-documented policies, CCOs are able to stay ahead of the curve and anticipate and manage potential risks while maintaining compliance.
What could be the impact for organizations if they fail to comply with compliance regulations?
The first, and perhaps most obvious, consequence is the possibility of the organization being fined for non-compliance. Fines for the most serious security breaches now routinely run into the hundreds of thousands of pounds – last year the UK’s Financial Conduct Authority imposed fines worth £568million sterling and this figure is expected to increase. In addition to the fines, there are of course the costs of justice and those of the prosecution too. In exceptional cases of non-compliance, employers and employees can face imprisonment for their wrongdoing, with penalties of up to 5 years.
In addition, any organization that does not comply with the legislation may face reputational damage which is accompanied by loss of customers as well as current or potential staff. Not only will this have a ripple effect on sales, but it can also affect an organization’s ability to recruit new talent and attract investors and business partners for years to come.
Are there any technological advances that could help CCOs optimize their workflow and reduce risk?
Know Your Customer (KYC) and Anti-Money Laundering (AML) processes are required in countries around the world. Together, they are essential in preventing fraud, money laundering and other financial crimes.
To meet these obligations, CCOs can turn to automated KYC solutions, real-time risk and fraud detection tools, and flexible analytics/reporting solutions. Especially in high-growth and digital markets, like fintech, neo-banking, and payments, this allows organizations to strike the right balance between customer experience, compliance, and security.
When a solution integrates and automates end-to-end compliance, covering all facets of that CCO’s risk-based approach, CCOs can monitor customer risk, investigate suspicious activity, and file regulatory reports. When a solution also leverages real-time technologies, it can help organizations make an accurate decision in seconds and block fraud and risk while enabling a simple and fast customer experience. This allows an organization to stay compliant while freeing up time for CCOs to focus on other priorities.
What best practices should CCOs implement to drive innovation and business continuity?
The best CCOs partner with the business to truly understand how to place barriers and controls that mitigate risk, while allowing the business to operate at peak efficiency. A particularly valuable area of business is IT, which can help CCOs maintain and provide systematic evidence of compliance with internal policies and external laws, guidelines, or regulations imposed on the business.
By having a dedicated IT resource, CCOs don’t have to wait for the next Program Increment (PI), sprint planning, or IT resource availability. Instead, they can be nimble and proactive when it comes to meeting company growth and revenue goals.
Technical resources can be used for project governance, systems review, data science, anti-money laundering and operational analysis, as well as to support auditing/reporting with parties internal/external stakeholders, investors, regulators, creditors and partners. Ultimately, this partnership between IT and CCOs will enable a business to make data-driven decisions that respect compliance as well as business growth mandates.
As such, it is also a good idea for CCOs to be aligned with the CEO and CFO on all news and updates related to compliance activities. Having an open line of communication with the CEO and CFO will allow CCOs to gain cultural support when it comes to providing advice, guidance and training to all departments regarding laws, rules, regulations and relevant compliance standards.