LEGAL
As corporations of all sizes expand internationally, their supply chains are becoming increasingly complex and geographically diverse. At the same time, the regulatory environment becomes more challenging. This combination of factors creates a major new set of risks that many corporations have only limited ability to monitor and manage. Organizations today are being held responsible not only for their own activities but also for the actions of customers, suppliers, vendors, and partners.
Compliance teams are now responsible for two sides to their compliance and monitoring requirements. Firstly, they need to help their banks to fulfill the bank’s own regulatory obligations, such as increasingly stringent know your customer (KYC) requirements. Secondly, corporations need to conduct appropriate levels of due diligence on their third-party relationships to help manage the risks these relationships present. It is essential to have expertise supporting compliance and third-party risk requirements from both these perspectives but without adding significantly to the administrative burden or interrupting business operations.
For companies working with a single bank in one country, supporting the bank’s KYC process is relatively straightforward. For multi-banked corporations operating internationally, however, the documentation and resource implications can be very significant. Not only do KYC regulations differ across countries, but banks adopt their own risk management procedures, which may also vary across jurisdictions. In addition, compliance challenges can go beyond banks’ regulatory requirements. With a raft of new and emerging regulations such as the Foreign Corrupt Practices Act, and Conflict Minerals Rule (Dodd-Frank Act, Section 1502) in the United States and the Bribery Act and Modern Slavery Act in the United Kingdom, the regulatory burden is becoming heavier for a large number of organizations – leading to higher compliance costs.
Companies with long, complex, and global supply chains face challenges associated with large numbers of diverse suppliers, distributors, and partners. Conducting due diligence on these third parties to satisfy anti-bribery and corruption (ABC) regulations, for example, can be lengthy and labor-intensive, particularly given the lack of transparency and inaccessibility of information in many jurisdictions. As officers and shareholders increasingly recognize the potential financial and reputational damage caused by environmental, financial, or ethical failure or malpractice by third parties in their supply chain, there is growing pressure to conduct sufficient due diligence.
As the compliance and third-party risk burden increases, financial and nonfinancial organizations alike require a systems infrastructure that streamlines compliance and due diligence processes to provide regulators, investors, and stakeholders with the information and transparency they need, without compromising business efficiency.
Looking at KYC, for example, many compliance teams have expressed their concerns that banks are asking for different information in different formats and at various frequencies throughout the year to comply with the same regulations. This is making a significant impact on workloads and looks to continue as regulations change and new ones are introduced. As a result, there is growing pressure to standardize the KYC process across banks and across markets wherever possible – to standardize the timing and nature of data requests – to reduce the administrative burden and avoid spiraling costs.
To support growing demands for standardization, banks are increasingly turning to financial utilities and shared service-processing platforms in noncompetitive areas such as compliance to cut their operational costs and improve customer service. Similar challenges and opportunities also exist for third-party risk management. A growing number of large organizations are looking to expand their current systems into a broader, more unified approach to third-party risk management as regulatory and risk drivers become more compelling. And just as with KYC processes, companies are looking to implement efficient due diligence processes that maximize transparency and stakeholder confidence, while minimizing the impact on efficient business practices. As a result, standardization, automation, and outsourcing of routine information sharing are becoming important priorities. This becomes more challenging given the wide spectrum of third parties with which a company typically engages, and the diversity of risks – both financial and reputational – that need to be addressed.
As the business and compliance risks of international expansion continue to grow, corporations need to be proactive in determining how they will identify and mitigate their exposure. Some senior finance professionals engaged in the compliance and due diligence process prefer to be ahead of the curve through earlier adoption of technology and by hiring people with specialist skills, while others take a more reactive approach to new regulatory requirements. That said, noncompliance is not an option, and 2016 is the year in which all should focus on their compliance obligations and third-party risk strategies. KYC, anti-money laundering (AML) and ABC requirements cannot be dismissed as the unique domain of banks, and with a constantly evolving regulatory environment, corporations need the tools and processes to support compliance without adding cost.
As regulators and the wider stakeholder community, including customers, increase their expectations and demand transparency over corporate behavior, businesses need to devise and implement robust, efficient, and transparent processes for meeting regulatory requirements to protect the reputational, compliance, and financial interests of the company.
Exchange Magazine provides a robust forum for dialogue where ideas, insights and information are shared across the global financial ecosystem. Experience Exchange for yourself and engage with us to drive and shape its future.