Growing regulatory demands and compliance burdens

09 November 2023 Myra Knoesen

As time progresses, regulatory and compliance requirements are continuously evolving. So, how well-prepared can the industry be when the benchmark is constantly changing?

FAnews spoke to Members of Law Firm, Fasken’s Insurance Team about the dominant regulatory and compliance themes, the challenges they anticipate in 2024 and more.

Dominant regulatory and compliance themes

When looking at the dominant regulatory and compliance themes, the Fasken team highlighted the following factors:

  • Cyber security and data privacy - Technology continues to evolve, and with it comes sophistication behind cyber-attacks and security breaches.[1] As technology becomes more sophisticated, so must cyber security protocols. Organisations are becoming increasingly responsible for the protection and storage of sensitive data due to the increased use of digital assets.[2] Appropriate regulation and compliance must be at the forefront of legislators and compliance officers’ focus who must constantly adapt to the potential threats of artificial intelligence, the internet of things, and blockchain.[3] Due to the rapid developments within the cyber security and data privacy world, organisations are required to continuously analyse the reasonableness and effectiveness of the organisational measures in place to protect against cyber security and data privacy breaches and to ensure continued compliance with the developing regulatory regime.   
  • Environmental, Social and Governance (ESG) - ESG is a global regulatory and compliance theme that is at the forefront of regulatory development. There has been increased regulation of the operational and environmental risks of organisations and the imposition of penalties for non-compliance, which in some instances, where there is non-compliance, may ultimately end in litigation. Organisations are not only feeling the pressure from regulators to comply with ESG requirements but also from customers, investors and various stakeholders who require organisations to be more mindful of how their business impacts the environment and surrounding communities. Furthermore, the social element of ESG compliance such as diversity, employee well-being, transparency and inclusivity has also been trending this year with organisations implementing deliberate diversity and inclusion strategies.[4]
  • Political sanctions - Organisations may be prevented from engaging in business with sanctioned third parties and there has been increased monitoring by the Financial Action Task Force on various countries (including South Africa) in so far as money laundering and terrorist financing is concerned.[5] The emergence of the Russia-Ukraine war, has led to Russia becoming one of the most sanctioned countries in the world. There are also a number of sanctions against organisations believed to be involved in ongoing conflicts. Many regulations have been put in place that restrict certain businesses, often at the demise of multinational organisations, and sets out the legal consequences for their violation. For example, this year a UK-based tobacco company was fined $508 million by the US Treasury’s Office of Foreign Assets Control for the violation of US sanctions against North Korea.[6] Therefore, organisations must be aware of any regulations that may affect their ability to do business with a sanctioned third party and the risks associated with providing products or services, even if inadvertently, to sanctioned individuals, organisations or states.[7]

How prepared can the industry be?

According to the Fasken team, the current geopolitical climate and environmental and economic concerns are burdening compliance officers with the challenge of keeping up with ever-changing, unique compliance concerns. Novel technologies and evolving sensibilities within the industry result in a constant change of focus by regulators.[8] 

“In order to remain prepared, the industry must be well equipped to keep up to date with changing and developing risks and risk mitigation measures to be able to identify the most relevant, emerging, and universal concerns that call for regulation and compliance.[9] For instance, ESG is, at present, a growing concern across the world and thus promises to require increased awareness and regulation.[10] Another example is data breaches and data security, which was not a focus of regulation and compliance a few years ago due to the fact that organisations collected and utilised limited data. However, today, data has infiltrated every aspect of commerce and has become an important commodity for conducting business,” they said. 

“Keeping abreast of constantly evolving regulatory compliance trends requires continuous monitoring and development, regular updates to security policies and procedures in place, and ongoing staff training.[11] In order to be prepared for shifting compliance requirements, the industry must remember that “what worked yesterday doesn’t always work today” and it is critical to invest in risk compliance management in order stay up to date with regulatory changes and trends to ensure compliance.[12] Therefore, it is important that the industry constantly conducts assessments in order to have a good understanding of the risks imposed on their organisations and the measures put in place against such risks to ensure their risk mitigation measures are sufficient.[13] As onerous as this is, risks are ever-evolving and the industry must constantly ensure that their risk mitigation measures are adequate and avoid lagging far behind to the detriment of the organisation,” added the team. 

The Fasken team believes that increased regulation is a natural result of this growing risk. However, the uncertainty that expanding and emerging risks and their consequential regulations bring to organisations, can be taxing on compliance officers. “In order to combat this fatigue, organisations must dedicate resources to staying up-to-date and informed on the latest regulatory changes. The costs of doing business must include the cost of regulatory compliance, which may include the establishment of a compliance division whose sole purpose is to ensure continuous regulatory compliance.[14] Moreover, organisations must ensure that regulations are interpreted correctly to reduce the risk of non-compliance, financial penalties, reputational damage and legal consequences.[15]

Challenges in 2024

According to the Fasken team, cybersecurity and data privacy were unanimously voted as the most pressing risk faced by compliance officers in a survey conducted by Legal 500’s GC magazine.[16] In addition, an intersection between  artificial intelligence (AI) and cybersecurity has raised additional concerns for compliance officers. The power, sophistication and efficiency of AI can be used as leverage to develop more invasive cyber threats that are more difficult to detect and mitigate which poses a further challenge to compliance officers.[17]

In their closing remarks, the Fasken team said, “One of the greatest assets in the insurance industry is adaptability. Regulatory changes are implemented constantly; therefore, it is important for insurers to implement any new changes required to address the difficulties that may arise from them dynamically. Likewise, brokers and financial advisers should exercise adaptability in the regulatory and compliance realm. The different functions within organisations should also collaborate in taking an integrated approach to compliance which assists in mitigating risks and helps organisations to strive towards better business outcomes.[18] It is important to view regulatory compliance as an enterprise-wide responsibility and to develop a “compliance culture” as opposed to merely focusing on relying on one single corporate group to ensure that regulatory requirements are met.[19] Brokers, financial advisers and the insurance industry at large should also be prepared for the adoption of new regulations. In particular, the promulgation of the Conduct of Financial Institutions Bill (COFI). Lastly, the insurance industry should look to comprehensive regulations that serve as a guide to stay ahead of the curve.[20]

Writer’s Thoughts

As mentioned above, to remain prepared, the industry must be well-equipped to keep up to date with changing and developing risks and risk mitigation measures to be able to identify the most relevant, emerging, and universal concerns that call for regulation and compliance. Like the Fasken team, do you believe that increased regulation is a natural result of growing risk? Please comment below, interact with us on Twitter at @fanews_online or email me -

[1] Ten Key Regulatory Challenges of 2023: Mid-year Look Forward 2023 by Amy Matsuo.

[2] “Playing by the Rules: The Crypto Compliance Landscape Today” 2023 by Binance.

[3] “Top 5 Risk and Compliance Trends for 2023” 2023 by Wesley Van Zyl.

[4],Officers%20Insurance%20Insights%202023%20report “Directors and Officers (D&O) Insurance Insights” 2023 by Allianz Global and Corporate & Specialty (AGCS).

[5],are%20South%20Africa%20and%20Nigeria. “High-risk and other monitored jurisdictions” 2023 by Financial Action Task Force (FATF).

[6] “Key Trends in Risk and Compliance in 2023” 2023 by LexisNexis.

[7] “Top 10 Compliance Challenges in 2023” 2023 by Vivek Dodd.

[8] “Moving the Goal Post” 2023 by the Legal 500 GC Magazine.

[9] Note 6 above. 

[10] “10 Global Compliance Concerns for 2023: ESG, Money-laundering, and regulatory concerns weigh on compliance officers” 2023 by Thomson Reuters.

[11] Note 1 above.

[12] Note 1 above; “How To Keep Up With Moving Goalposts” 2022 by Anand Inamdar.

[13]  “Risks facing directors & officers” 2022 by Financier WorldWide Magazine.

[14] Note 8 above.

[15] Note 1 above.

[16] Note 8 above.

[17] Note 1 above.

[18] Note 17 above.

[19] Note 17 above. 

[20] Note 9 above.


Added by Dr Jan Swanepoel, 09 Nov 2023
The finanicial services is over burdened with "compliance legislation"! As past ditector of the former IBC and Fia, I supported the regulation of the industry. (The FAiS Act ) and the progessionalisation of the industry. At the World Conference for Financial Advisers held at Sun City in 2009 some of the speakers voiced their opposition to over regulation.
That has beenhappening and continuing!
As an example: A person or company (NB: Not a licensed FSP! ) takes on loans under the guise of "Investments" and the clients lose their money.
Shortly thereafter a new regulation is passed which makes more demands on us, the registered FSP' which is unfair!
In the end such time is taken to comply, that we end up not spending the time we should, with clients and generating newbusiness. Consequently, there is a retiscence among Financial Services Providers(Brokers) especially SME's, to appoint more people and expand their business, due to time constraints caused by over(some times indiscriminate!) regulation!
This, in the end, results in increased unemployment!

Report Abuse
Added by John Johnston, 09 Nov 2023
With all this I am left astounded when a financial services provider sends me an email with more or less the following wording: "Here is a password for you:
You will need to use it to open a document we are going to send you in a separate email".

And a few minutes later the aforementioned email arrives. I just wonder how they can guess which email the hackers will read and which one they will ignore.
Report Abuse

Comment on this post

Email Address*
Security Check *
Quick Polls


The shocking crime and motor vehicle accident statistics shared during a recent SHA presentation suggests that group personal accident and personal accident cover are a no-brainer. Do you agree?


Not sure
fanews magazine
FAnews April 2024 Get the latest issue of FAnews

This month's headlines

FAIS Ombud lashes broker for multiple compliance blunders
TCF… a regulatory misfit initiative?
The impact of NHI on medical malpractice insurance
Fixed versus variable: can you have your cake and eat it too?
The future world of work
Subscribe now