Acing Compliance Audits

Derek-SchwartzDerek Schwartz, Senior Vice President Financial Services, SEEBURGER

Compliance is a major concern for any business in any sector, but the financial services industry must take particular notice. It has seen the number of compliance related fines skyrocketing in recent years, with increasingly high profile fines appearing in the press, as stringent regulations are being imposed.

As a broadly defined term, ‘compliance’ encapsulates managing the risk of legal or regulatory sanctions, financial loss and reputation damage. At its core this entails the governing and securing of sensitive data, both at rest and in transit, as well as providing transparency and audit trails both internally and to regulatory bodies such as the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA), both newly introduced on April 1, 2013.

These governing bodies, successors to what was previously the Financial Services Authority (FSA), work in tandem to create a ‘twin peaks’ regulatory structure in the UK and shows how much importance is being placed on regulation and compliance. They have been created to protect and enhance the integrity of the UK financial system and ensure institutions continue to provide the critical financial services necessary for a healthy economy.
These regulatory bodies have the power to discipline financial institutions found to be in breach of the rules by withdrawing authorisation, issuing fines, seeking injunctions and enforcing compensation for affected customers. Financial products falling under the remit of the FCA and PRA include, amongst others, investment trusts, ISAs, debentures and deposit taking.

This relationship with regulators is one of the most important aspects of a compliance officer’s role and this means regularly exchanging data in an open and cooperative manner. This process is greatly assisted by the use of business integration technology. The right platform will be able to provide a full ‘audit trail’ which logs and tracks the flow of data, clearly showing its movement between parties.

The use of an effective Business Integration Suite, as the basis of a Secure Data Transmission Platform, is therefore of the utmost importance. This specialised software manages the flow of data, files and transactions and allows the interrogation of the data. This is a critical component of compliance as, all too often, financial and banking institutions are unaware of the data transmissions that are taking place within the organisation. This lack of transparency can mean illegal transactions are taking place, that sensitive data is being exchanged with the wrong parties, or that data is not reaching its intended destination.

Compliance is also not just an issue of legality and meeting the requirements of regulators; it is central to preserving reputation and remaining competitive in a fiercely contested industry. The perception damage of poor compliance can have long-lasting ramifications on business and customer relationships.

There needs to be a culture of compliance in place at financial institutions and this means having a robust, specialised compliance function in place within financial institutions also helps nurture this ‘culture of compliance’ within the organisation. This combination of specialist staff and specialist business integration tools creates a multi-pronged approach to reinforcing compliance.

As financial institutions have grown in size through mergers and acquisitions, legacy technologies are often in use side by side but have not been integrated onto a unified platform. A lack of integration can lead to disparate silos of information and inefficient avenues of communication.

An efficient Business Integration Suite will provide additional value to all lines of business within a financial institution’s totality, allowing it to do more with data, coupled with the ability for the office of the CCO to understand the movement of data at a more granular level. Through the ability to look at and monitor particular transactions, it is possible to identify unusual patterns as they emerge, such as the type of transaction, geographical location or business type, and act accordingly.

Rather than putting in place the right technology and solutions to mitigate the risks associated with breaking compliance regulations, many financial institutions have taken a ‘wait and see’ approach. They have failed to address the importance of compliance until after a catastrophic event has forced them to reassess and take action, such as suffering the loss of sensitive data. The right solution means policies can be put in place to manage data loss prevention from a central platform that owns and governs all data traffic for the institution.

Unfortunately, when it comes to compliance, there is no ‘silver bullet’ solution. To ace compliance audits, it is a matter of cultivating a ‘compliant culture’ within an institution by taking small but substantial steps. The right data management and business integration tool plays a critical role in achieving this, by allowing easier and more efficient monitoring of data transmissions as well as providing a protocol for reporting with regulators, thereby reducing the headaches and risks.