Organisations’ compliance programs now need to undergo fresh risk assessments due to the rapid changes in an already complex regulatory environment.
FAnews spoke to Rianné Potgieter, CEO of the Compliance Institute Southern Africa about the new risks impacting compliance, conduct and culture, and how technology could be used to mitigate conduct risk.
The new risks
According to Potgieter, we find ourselves in a period of various megatrends developing across the world, which give rise to risks such as climate, cyber, health, financial crime, cryptocurrencies, and artificial intelligence (AI) (ChatGPT anyone?) to name a few. Society’s response, she says, will ultimately include formal regulation as we grapple with mitigating these risks.
“Regulatory responses are evident in guidance notes, proposed regulations, bills and acts such as our own ESG JSE guidelines, Treating Customers Fairly (TCF), Conduct of Financial Institutions (COFI), and the amended Financial Intelligence Centre Act (FICA). Other countries have seen the enhancement or introduction of regimes such as the Senior Managers and Certification Regime (UK), the individual Accountability Framework (Ireland) and various codes of conduct,” she added.
In the EU, Potgieter said the Artificial Intelligence Act is at an advanced stage of development, while in the UK, the government has launched an AI white paper to guide the use of artificial intelligence in the UK, to drive responsible innovation and to maintain public trust in this revolutionary technology. These might very well have extraterritorial reach, she said.
“Organisations may also face the increasing use by regulators of principles-based regulation to achieve the desired outcomes. The benefits of this approach include the fact that it enables laws to be future-proof, i.e., to respond to new issues as they arise without having to create new rules. The onus is on the organisation to define its response to compliance risk mitigation within the bounds of its own risk appetite. It frees up organisations to find the most efficient and innovative ways of achieving the desired outcomes,” continued Potgieter.
However, she said it may also lead to uncertainty and possible conflicting interpretations between the organisation and its regulator.
Overcoming challenges in meeting the requirements
As can be seen from many examples over the years, Potgieter stated that regulations, policies and procedures on their own will not ensure compliance. Culture and conduct do.
“As responsible corporate citizens we should determine and guide our own behaviours ahead of regulations. We should decide as an organisation, and individually, what our values are and how we want to support these through the culture that we create in our respective environments. The so-called ‘tone at the top’ may be a clichéd term, but it is as relevant and important today as ever. The leadership in an organisation has an undeniable influence on its culture,” she said.
Equally important, Potgieter said, is the ‘mood in the middle’. “The middle layer refers to the managers and employees who are responsible for implementing policies and who have the most direct control and impact on an organisation’s conduct. This is where the organisation’s culture is embedded and comes alive through the everyday actions of all employees. As we say in our Generally Accepted Compliance Practice framework (GACP) – it is all about ‘people, processes and systems’,” she emphasised.
When it comes to technology, Potgieter said we should expect to hear terms like regtech, suptech, fintech, insurtech and other ‘…techs’ that are still coming. “This is the world we live in today. Everyone in business should be comfortable with the terminology to know how it can be employed in the organisation. Technology can no longer be left to ‘the IT guys’. It has become imperative to have a working knowledge of technology, its benefits, shortcomings and risks.”
Arm yourself with facts, skills and resilience
“On a final note, Potgieter said, we can view this new world as a scary place - there is more than enough reason to be panicky. Or we could arm ourselves with facts, new skills and resilience, see the benefits of regulation from a business perspective, understand that something like principles-based regulation has far less rules, and that it acknowledges that the knowledge and the know-how to mitigate risks are within organisations themselves. At the heart of all these developments lies innovation. This is the time to embrace it,” she concluded.
Writer’s Thoughts
As mentioned above, it is the responsibility of the organisation to delineate its approach to mitigating compliance risk. Merely having regulations, policies, and procedures in place is insufficient to guarantee compliance. The crucial factors in ensuring compliance are the prevailing culture and conduct within the organisation. The leadership within an organisation undeniably shapes its culture. Do you agree? Please comment below, interact with us on Twitter at @fanews_online or email me your thoughts myra@fanews.co.za
Comment on this post