Better practices for compliance management

The main compliance challenges

We know that businesses and government entities alike struggle to manage compliance requirements. Many have put up with challenges for so long—often with limited resources—that they no longer see how problematic the situation has become.

FIVE COMPLIANCE CHALLENGES YOU MIGHT BE DEALING WITH

01 COMPLIANCE SILOS
It’s not uncommon that, over time, separate activities, roles, and teams develop to address different compliance requirements. There’s often a lack of integration and communication among these teams or individuals. The result is duplicated efforts—and the creation of multiple clumsy and inefficient systems. This is then perpetuated as compliance processes change in response to regulations, mergers and acquisitions, or other internal business re-structuring.

02 NO SINGLE VIEW OF COMPLIANCE ASSURANCE
Siloed compliance systems also make it hard for senior management to get an overview of current compliance activities and perform timely risk assessments. If you can’t get a clear view of compliance risks, then chances are good that a damaging risk will slip under the radar, go unaddressed, or simply be ignored.

03 COBBLED TOGETHER, HOME-GROWN SYSTEMS
Using generalized software, like Excel spreadsheets and Word documents, in addition to shared folders and file systems, might have made sense at one point. But, as requirements become more complex, these systems become more frustrating, inefficient, and risky. Compiling hundreds or thousands of spreadsheets to support compliance management and regulatory reporting is a logistical nightmare (not to mention time-consuming). Spreadsheets are also prone to error and limited because they don’t provide audit trails or activity logs.

04 OLD SOFTWARE, NOT DESIGNED TO KEEP UP WITH FREQUENT CHANGES
You could be struggling with older compliance software products that aren’t designed to deal with constant change. These can be increasingly expensive to upgrade, not the most user-friendly, and difficult to maintain.

05 NOT USING AUTOMATED MONITORING
Many compliance teams are losing out by not using analytics and data automation. Instead, they rely heavily on sample testing to determine if compliance controls and processes are working, so huge amounts of activity data is never actually checked.

Transform your compliance management process

Good news! There’s some practical steps you can take to transform compliance processes and systems so that they become way more efficient and far less expensive and painful.

It’s all about optimizing the interactions of people, processes, and technology around regulatory compliance requirements across the entire organization.

It might not sound simple, but it’s what needs to be done. And, in our experience, it can be achieved without becoming massively time-consuming and expensive. Technology for regulatory compliance management has evolved to unite processes and roles across all aspects of compliance throughout your organization.

Look, for example, at how technology like Salesforce (a cloud-based system with big data analytics) has transformed sales, marketing, and customer service. Now, there’s similar technology which brings together different business units around regulatory compliance to improve processes and collaboration for the better.

Where to start?

Let’s look at what’s involved in establishing a technology-driven compliance management process. One that’s driven by data and fully integrated across your organization.

THE BEST PLACE TO START IS THE END

Step 1: Think about the desired end-state.

First, consider the objectives and the most important outcomes of your new process. How will it impact the different stakeholders? Take the time to clearly define the metrics you’ll use to measure your progress and success.

A few desired outcomes:

  • Accurately measure and manage the costs of regulatory and policy compliance.
  • Track how risks are trending over time, by regulation, and by region.
  • Understand, at any point in time, the effectiveness of compliance-related controls.
  • Standardize approaches and systems for managing compliance requirements and risks across the organization.
  • Efficiently integrate reporting on compliance activities with those of other risk management functions.
  • Create a quantified view of the risks faced due to regulatory compliance failures for executive management.
  • Increase confidence and response times around changing and new regulations.
  • Reduce duplication of efforts and maximize overall efficiency.

NOW, WHAT DO YOU NEED TO SUPPORT YOUR OBJECTIVES?

Step 2: Identify the activities and capabilities that will get you the desired outcomes.

Consider the different parts of the compliance management process below. Then identify the steps you’ll need to take or the changes you’ll need to make to your current activity that will help you achieve your objectives. We’ve put together a cheat sheet to help this along.

Galvanize

IDENTIFY & IMPLEMENT COMPLIANCE CONTROL PROCEDURES

  • 01 Maintain a central library of regulatory requirements and internal corporate policies, allocated to owners and managers.
  • 02 Define control processes and procedures that will ensure compliance with regulations and policies.
  • 03 Link control processes to the corresponding regulations and corporate policies.
  • 04 Assess the risk of control weaknesses and failure to comply with regulations and policies.

RUN TRANSACTIONAL MONITORING ANALYTICS

  • 05 Monitor the effectiveness of controls and compliance activities with data analytics.
  • 06 Get up-to-date confirmation of the effectiveness of controls and compliance from owners with automated questionnaires or certification of adherence statements.

MANAGE RESULTS & RESPOND

  • 07 Manage the entire process of exceptions generated from analytic monitoring and from the generation of questionnaires and certifications.

REPORT RESULTS & UPDATE ASSESSMENTS

  • 08 Use the results of monitoring and exception management to produce risk assessments and trends.
  • 09 Identify new and changing regulations as they occur and update repositories and control and compliance procedures.
  • 10 Report on the current status of compliance management activities from high- to low-detail levels.

IMPROVE THE PROCESS

  • 11 Identify duplicate processes and fix procedures to combine and improve controls and compliance tests.
  • 12 Integrate regulatory compliance risk management, monitoring, and reporting with overall risk management activities.

Eight compliance processes in desperate need of technology

01 Centralize regulations & compliance requirements
A major part of regulatory compliance management is staying on top of countless regulations and all their details. A solid content repository includes not only the regulations themselves, but also related data. By centralizing your regulations and compliance requirements, you’ll be able to start classifying them, so you can eventually search regulations and requirements by type, region of applicability, effective dates, and modification dates.

02 Map to risks, policies, & controls
Classifying regulatory requirements is no good on its own. They need to be connected to risk management, control and compliance processes, and system functionality. This is the most critical part of a compliance management system.

Typically, in order to do this mapping, you need:

  • An assessment of non-compliant risks for each requirement.
  • Defined processes for how each requirement is met.
  • Defined controls that make sure the compliance process is effective in reducing non-compliance risks.
  • Controls mapped to specific analytics monitoring tests that confirm the effectiveness on an ongoing basis.
  • Assigned owners for each mapped requirement. Specific processes and controls may be assigned to sub-owners.

03 Connect to data & use advanced analytics

Using different automated tests to access and analyze data is foundational to a data-driven compliance management approach.

The range of data sources and data types needed to perform compliance monitoring can be humongous. When it comes to areas like FCPA or other anti-bribery and corruption regulations, you might need to access entire populations of purchase and payment transactions, general ledger entries, payroll, and travel and entertainment expenses. And that’s just the internal sources. External sources could include things like the Politically Exposed Persons database or Sanctions Checks.

Extensive suites of tests and analyses can be run against the data to determine whether compliance controls are working effectively and if there are any indications of transactions or activities that fail to comply with regulations. The results of these analyses identify specific anomalies and control exceptions, as well as provide statistical data and trend reports that indicate changes in compliance risk levels.

Truly delivering on this step involves using the right technology since the requirements for accessing and analyzing data for compliance are demanding. Generalized analytic software is seldom able to provide more than basic capabilities, which are far removed from the functionality of specialized risk and control monitoring technologies.

04 Monitor incidents & manage issues

It’s important to quickly and efficiently manage instances once they’re flagged. But systems that create huge amounts of “false positives” or “false negatives” can end up wasting a lot of time and resources. On the other hand, a system that fails to detect high risk activities creates risk of major financial and reputational damage. The monitoring technology you choose should let you fine-tune analytics to flag actual risks and compliance failures and minimize false alarms.

The system should also allow for an issues resolution process that’s timely and maintains the integrity of responses. If the people responsible for resolving a flagged issue don’t do it adequately, an automated workflow should escalate the issues to the next level.

Older software can’t meet the huge range of incident monitoring and issues management requirements. Or it can require a lot of effort and expense to modify the procedures when needed.

05 Manage investigations

As exceptions and incidents are identified, some turn into issues that need in-depth investigation. Software helps this investigation process by allowing the user to document and log activities. It should also support easy collaboration of anyone involved in the investigation process.

Effective security must be in place around access to all aspects of a compliance management system. But it’s extra important to have a high level of security and privacy for the investigation management process.

06 Use surveys, questionnaires & certifications

Going beyond just transactional analysis and monitoring, it’s also important to understand what’s actually happening right now, by collecting the input of those working in the front-lines.

Software that has built-in automated surveys and questionnaires can gather large amounts of current information directly from these individuals in different compliance roles, then quickly interpret the responses.

For example, if you’re required to comply with the Sarbanes-Oxley Act (SOX), you can use automated questionnaires and certifications to collect individual sign-off on SOX control effectiveness questions. That information is consolidated and used to support the SOX certification process far more efficiently than using traditional ways of collecting sign-off.

07 Manage regulatory changes

Regulations change constantly, and to remain compliant, you need to know—quickly— when those changes happen. This is because changes can often mean modifications to your established procedures or controls, and that could impact your entire compliance management process.

A good compliance software system is built to withstand these revisions. It allows for easy updates to existing definitions of controls, processes, and monitoring activities.

Before software, any regulatory changes would involve huge amounts of manual activities, causing backlogs and delays. Now much (if not most) of the regulatory change process can be automated, freeing your time to manage your part of the overall compliance program.

08 Ensure regulatory examination & oversight

No one likes going through compliance reviews by regulatory bodies. It’s even worse if failures or weaknesses surface during the examination.

But if that happens to you, it’s good to know that many regulatory authorities have proven to be more accommodating and (dare we say) lenient when your compliance process is strategic, deliberate, and well designed.

There are huge benefits, in terms of efficiency and cost savings, by using a structured and well-managed regulatory compliance system. But the greatest economic benefit happens when you can avoid a potentially major financial penalty as a result of replacing an inherently unreliable and complicated legacy system with one that’s purpose-built and data-driven.

Click here to access Galvanize’s new White Paper

The Role of Trust in Narrowing Protection Gaps

The Geneva Association 2018 Customer Survey in 7 mature economies reveals that for half of the respondents, increased levels of trust in insurers and intermediaries would encourage additional insurance purchases, a consistent finding across all age groups. In emerging markets this share is expected to be even higher, given a widespread lack of experience with financial institutions, the relatively low presence of well-known and trusted insurer brands and a number of structural legal and regulatory shortcomings.

GA1

Against this backdrop, a comprehensive analysis of the role and nature of trust in insurance, with a focus on the retail segment, is set to offer additional important insights into how to narrow the protection gap—the difference between needed and available protection—through concerted multi-stakeholder efforts.

The analysis is based on economic definitions of trust, viewed as an ’institutional economiser’ that facilitates or even eliminates the need for various procedures of verification and proof, thereby cutting transaction costs.

In the more specific context of insurance, trust can be defined as a customer’s bet on an insurer’s future contingent actions, ranging

  • from paying claims
  • to protecting personal data
  • and ensuring the integrity of algorithms.

Trust is the lifeblood of insurance business, as its carriers sell contingent promises to pay, often at a distant and unspecified point in the future.

From that perspective, we can explore the implications of trust for both insurance demand and supply, i.e. its relevance to the size and nature of protection gaps. For example, trust influences behavioural biases such as customers’ propensity for excessive discounting, or in other words, an irrationally high preference for money today over money tomorrow that dampens demand for insurance. In addition, increased levels of trust lower customers’ sensitivity to the price of coverage.

GA2

Trust also has an important influence on the supply side of insurance. The cost loadings applied by insurers to account for fraud are significant and lead to higher premiums for honest customers. Enhanced insurer trust in their customers’ prospective honesty would enable

  • lower cost loadings,
  • less restrictive product specifications
  • and higher demand for insurance.

The potential for lower cost loadings is significant. In the U.S. alone, according to the Insurance Information Institute (2019), fraud in the property and casualty sector is estimated to cost the insurance industry more than USD 30 billion annually, about 10% of total incurred losses and loss adjustment expenses.

Another area where trust matters greatly to the supply of insurance coverage is asymmetric information. A related challenge is moral hazard, or the probability of a person exercising less care in the presence of insurance cover. In this context, however, digital technologies and modern analytics are emerging as potentially game-changing forces. Some pundits herald the end of the age of asymmetric information and argue that a proliferation of information will

  • counter adverse selection and moral hazard,
  • creating transparency (and trust) for both insurers and insureds
  • and aligning their respective interests.

Other experts caution that this ‘brave new world’ depends on the development of customers’ future privacy preferences.

One concrete example is the technology-enabled rise in peer-to-peer trust and the amplification of word-of-mouth. This general trend is now entering the world of insurance as affinity groups and other communities organise themselves through online platforms. In such business models, trust in incumbent insurance companies is replaced with trust in peer groups and the technology platforms that organise them. Another example is the blockchain. In insurance, some start-ups have pioneered the use of blockchain to improve efficiency, transparency and trust in unemployment, property and casualty, and travel insurance, for example. In more advanced markets, ecosystem partners can serve as another example of technology-enabled trust influencers.

These developments are set to usher in an era in which customer data will be a key source of competitive edge. Therefore, gaining and maintaining customers’ trust in how data is used and handled will be vitally important for insurers’ reputations. This also applies to the integrity and interpretability of artificial intelligence tools, given the potential for biases to be embedded in algorithms.

In spite of numerous trust deficits, insurers appear to be in a promising position to hold their own against technology platforms, which are under increasing scrutiny for dubious data handling practices. According to the Geneva Association 2018 Customer Survey, only 3% of all respondents (and 7% of the millennials) polled name technology platforms as their preferred conduits for buying insurance. Insurers’ future performance, in terms of responsible data handling and usage as well as algorithm building, will determine whether their current competitive edge is sustainable. It should not be taken for granted, as—especially in high-growth markets—the vast majority of insurance customers would at least be open to purchasing insurance from new entrants.

GA3

In order to substantiate a multi-stakeholder road map for narrowing protection gaps through fostering trust, we propose a triangle of determinants of trust in insurance.

  1. First, considering the performance of insurers, how an insurer services a policy and settles claims is core to building or destroying trust.
  2. Second, regarding the performance of intermediaries, it is intuitively plausible that those individuals and organisations at the frontline of the customer interface are critically important to the reputation and the level of trust placed in the insurance carrier.
  3. And third, taking into account sociodemographic factors, most recent research finds that trust in insurance is higher among females.

This research also suggests that trust in insurance decreases with age, and insurance literacy has a strong positive influence on the level of trust in insurance.

Based on this paper’s theoretical and empirical findings, we propose the following road map for ensuring that insurance markets are optimally lubricated with trust. This road map includes 3 stakeholder groups that need to act in concert: insurers (and their intermediaries), customers, and regulators/ lawmakers.

GA4

In order for insurers and their intermediaries to bolster customer trust—and enhance their contribution to society—we recommend they do the following:

  • Streamline claims settlement with processes that differentiate between honest and (potentially) dishonest customers. Delayed claims settlement, which may be attributable to procedures needed for potentially fraudulent customer behaviour, causes people to lose trust in insurers and is unfair to honest customers.
  • Increase product transparency and simplicity, with a focus on price and value. Such efforts could include aligning incentives through technology-enabled customer engagement and utilising data and analytics for simpler and clearer underwriting procedures. This may, however, entail delicate trade-offs between efficiency and privacy.
  • ‘Borrow’ trust: As a novel approach, insurers may partner with non-insurance companies or influencers to access new customers through the implied endorsement of a trusted brand or individual. Such partnerships are also essential to extending the business model of insurance beyond its traditional centre of gravity, which is the payment of claims.

Customers and their organisations are encouraged to undertake the following actions:

  • Support collective action against fraud. Insurance fraud hinders mutual trust and drives cost loadings, which are unfair to honest customers and lead to suboptimal levels of aggregate demand.
  • Engage with insurers who leverage personal data for the benefit of the customer. When insurers respond to adverse selection, they increase rates for everyone in order to cover their losses. This may cause low-risk customers to drop out of the company’s risk pool and forego coverage. ‘Real time’ underwriting methods and modern analytics are potential remedies to the undesirable effects of adverse selection.

Recommendations for policymakers and regulators are the following:

  • Protect customers. Effective customer protection is indispensable to lubricating insurance markets with trust. First, regulators should promote access to insurance through regulations that interfere with the market mechanism for rate determination or through more subtle means, such as restrictions on premium rating factors. Second, regulators should make sure that insurers have the ability to pay claims and remain solvent. This may involve timely prudential regulatory intervention.
  • Promote industry competition. There is a positive correlation between an insurance market’s competitiveness and levels of customer trust. In a competitive market, the cost to customers for switching from an underperforming insurance carrier to a more favourable competitor is relatively low. However, the cost of customer attrition for insurers is high. Therefore, in a competitive market, the onus is on insurers to perform well and satisfy customers.

Click here to access Geneva Association’s Research Debrief

 

Taking Digital Regulatory Reporting from Concept to Reality

In its Digital Regulatory Reporting (DRR) project, the U.K. Financial Conduct Authority (FCA), in conjunction with the Bank of England, has invited financial institutions to explore ways to work smarter on these activities by delegating much of the hard work to technology. Success in the endeavour, as the FCA put it, “opens up the possibility of a model driven and machine readable regulatory environment that could transform and fundamentally change how the financial services industry understands, interprets and then reports regulatory information.

Part of the project’s work program was a twoweek “TechSprint,” held in November 2017, that was intended to test the feasibility of fully automated regulatory reporting with straightthrough processing of regulatory submissions. Among the anticipated benefits, accruing to financial institutions and regulators alike, are

  • greater accuracy in data submissions
  • and reduced time, cost and overall effort in generating them.

The TechSprint demonstrated that DRR could be accomplished under such controlled testing conditions and provided a proof of concept. Since then the program has held an extended pilot, as well as industry-led roundtable discussions bringing industry experts together, to try to determine whether and how DRR could be scaled up and put into practice in the real world.

The chief aim of the roundtables is to go over issues – legal, technological and regulatory – that could facilitate or impede the introduction of DRR. Participants in the latest and final one, held in London in June and hosted by Wolters Kluwer, seemed intent on contemplating the limitations of the concept: attempting to identify what a system might be able to do by acknowledging what it most likely will not be able to do.

One thorny matter that was highlighted involves a potential conflict between DRR, which participants generally agreed would be most effective following hard and fast rules – ideally by using a standardized model encompassing many supervisory frameworks employed across multiple jurisdictions – and the principles-based supervisory architecture that has evolved since the global financial crisis. If a substantial portion of the reporting process is handed over to machines, will management judgment be forced to take a back seat in matters of risk management, compliance and overall governance? Put another way, how compatible would DRR be with postcrisis supervisory architecture if interpretation of regulations by bankers is deemed a feature of the latter and a bug of the former?

Diapositive1

Click here to access Wolters Kluwers detailed analysis

 

The Global Risks Report 2018

Last year’s Global Risks Report was published at a time of heightened global uncertainty and strengthening popular discontent with the existing political and economic order. The report called for “fundamental reforms to market capitalism” and a rebuilding of solidarity within and between countries.

One year on, a global economic recovery is under way, offering new opportunities for progress that should not be squandered: the urgency of facing up to systemic challenges has, if anything, intensified amid proliferating indications of uncertainty, instability and fragility. Humanity has become remarkably adept at understanding how to mitigate conventional risks that can be relatively easily isolated and managed with standard riskmanagement approaches. But we are much less competent when it comes to dealing with complex risks in the interconnected systems that underpin our world, such as organizations, economies, societies and the environment. There are signs of strain in many of these systems: our accelerating pace of change is testing the absorptive capacities of institutions, communities and individuals. When risk cascades through a complex system, the danger is not of incremental damage but of “runaway collapse” or an abrupt transition to a new, suboptimal status quo.

In our annual Global Risks Perception Survey, environmental risks have grown in prominence in recent years. This trend has continued this year, with all five risks in the environmental category being ranked higher than average for both likelihood and impact over a 10-year horizon. This follows a year characterized by high-impact hurricanes, extreme temperatures and the first rise in CO2 emissions for four years. We have been pushing our planet to the brink and the damage is becoming increasingly clear. Biodiversity is being lost at mass-extinction rates, agricultural systems are under strain and pollution of the air and sea has become an increasingly pressing threat to human health. A trend towards nation-state unilateralism may make it more difficult to sustain the long-term, multilateral responses that are required to counter global warming and the degradation of the global environment.

Cybersecurity risks are also growing, both in their prevalence and in their disruptive potential. Attacks against businesses have almost doubled in five years, and incidents that would once have been considered extraordinary are becoming more and more commonplace. The financial impact of cybersecurity breaches is rising, and some of the largest costs in 2017 related to ransomware attacks, which accounted for 64% of all malicious emails. Notable examples included the WannaCry attack—which affected 300,000 computers across 150 countries—and NotPetya, which caused quarterly losses of US$300 million for a number of affected businesses. Another growing trend is the use of cyberattacks to target critical infrastructure and strategic industrial sectors, raising fears that, in a worst-case scenario, attackers could trigger a breakdown in the systems that keep societies functioning.

Headline economic indicators suggest the world is finally getting back on track after the global crisis that erupted 10 years ago, but this upbeat picture masks continuing underlying concerns. The global economy faces a mix of long-standing vulnerabilities and newer threats that have emerged or evolved in the years since the crisis. The familiar risks include potentially unsustainable asset prices, with the world now eight years into a bull run; elevated indebtedness, particularly in China; and continuing strains in the global financial system. Among the newer challenges are limited policy firepower in the event of a new crisis; disruptions caused by intensifying patterns of automation and digitalization; and a build-up of mercantilist and protectionist pressures against a backdrop of rising nationalist and populist politics.

The world has moved into a new and unsettling geopolitical phase. Multilateral rules-based approaches have been fraying. Re-establishing the state as the primary locus of power and legitimacy has become an increasingly attractive strategy for many countries, but one that leaves many smaller states squeezed as the geopolitical sands shift. There is currently no sign that norms and institutions exist towards which the world’s major powers might converge. This creates new risks and uncertainties: rising military tensions, economic and commercial disruptions, and destabilizing feedback loops between changing global conditions and countries’ domestic political conditions. International relations now play out in increasingly diverse ways. Beyond conventional military buildups, these include new cyber sources of hard and soft power, reconfigured trade and investment links, proxy conflicts, changing alliance dynamics, and potential flashpoints related to the global commons. Assessing and mitigating risks across all these theatres of potential conflict will require careful horizon scanning and crisis anticipation by both state and nonstate actors.

This year’s Global Risks Report introduces three new series:

  1. Future Shocks,
  2. Hindsight,
  3. Risk Reassessment.

Our aim is to broaden the report’s analytical reach: each of these elements provides a new lens through which to view the increasingly complex world of global risks.

Future Shocks is a warning against complacency and a reminder that risks can crystallize with disorientating speed. In a world of complex and interconnected systems, feedback loops, threshold effects and cascading disruptions can lead to sudden and dramatic breakdowns. We present 10 such potential breakdowns—from democratic collapses to spiralling cyber conflicts—not as predictions, but as food for thought: what are the shocks that could fundamentally upend your world?

In Hindsight we look back at risks we have analysed in previous editions of the Global Risks Report, tracing the evolution of the risks themselves and the global responses to them. Revisiting our past reports in this way allows us to gauge risk-mitigation efforts and highlight lingering risks that might warrant increased attention. This year we focus on antimicrobial resistance, youth unemployment, and “digital wildfires”, which is how we referred in 2013 to phenomena that bear a close resemblance to what is now known as “fake news”.

In Risk Reassessment, selected risk experts share their insights about the implications for decisionmakers in businesses, governments and civil society of developments in our understanding of risk. In this year’s report, Roland Kupers writes about fostering resilience in complex systems, while Michele Wucker calls for organizations to pay more attention to cognitive bias in their risk management processes.

GRR2018 1

GRR2018 2

Click here to access WEF – Marsh’s detailed Global Risk Report 2018

Keeping up with shifting compliance goalposts in 2018 – Five focal areas for investment

Stakeholders across the organization are increasingly seeking greater compliance effectiveness, efficiency, cost cutting, and agility in compliance activities to further compete in the expanding digital and automated world.

Organizations are being reinforced this way to continuously improve their compliance activities, because in the future, integration and automation of compliance activities is an imperative. To prepare for tomorrow, organizations must invest today.

When positioning your organization for the future, keep in mind the following five areas for investment:

1. Operational integration

Regulators are increasingly spotlighting the need for operational integration within a compliance risk management program, meaning that compliance needs to be integrated in business processes and into people’s performance of their job duties on a day-to-day basis.

When approaching the governance of managing compliance efforts, a more centralized, or a hybrid approach, strengthens the organization’s overall compliance risk management control environment.

2. Automation of compliance activities

The effectiveness of compliance increases when there is integration across an enterprise and successful automation of processes. Compliance leaders are turning toward intelligent automation as an answer for slimming down compliance costs, and becoming more nimble and agile in an ever-increasingly competitive world. When intelligent automation is on the table to support possible compliance activities, some important considerations must be made:

  • Compliance program goals for the future
  • Implementation dependencies and interdependencies
  • Determining how automation will and can support the business
  • Enhancing competitiveness and agility in executing its compliance activities

Automating compliance activities can also help augment resource allocation and realize greater accuracy by implementing repetitive tasks into the automation.

3. Accountability

Regulators increasingly expect organization to implement performance management and compensation programs to encourage prudent risk-taking. In fact, identified by the KPMG CCO Survey, 55% of CCOs identified “enhancing accountability and compliance responsibilities” as a top 3 priority in 2017.

It is essential that disciplinary and incentive protocols be consistently applied to high-level employees. To do so sends a message that seniority and success do not exempt anyone from following the rules.

4. Formalized risk assessments

Regulatory guidelines and expectations released in 2017 set forth specific focal areas that compliance leaders should ensure are covered in their risk assessments.

  • Evaluating the data needs of the compliance program can help the organization migrate to a more data-driven metrics environment in a controlled way.
  • Availability, integrity, and accuracy of data is needed to understand and assess compliance risks enterprise-wide. The use of data quality assessments to evaluate the compliance impact can help address this challenge.
  • Implementing a data governance model to share data across the 3 lines of defense is a good way of reassuring data owners and stakeholders that the data will be used consistent with the agreed upon model.
  • Further integration and aggregation of data is needed to avoid unintentionally ‘underestimating” compliance risks because of continuous change in measurement of compliance programs and data & analytics.
  • To maximize the benefits of data & analytics, leading organizations are building analytics directly into their compliance processes in order to identify risk scenarios in real time and to enhance their risk coverage in a cost-effective way.

5. Continuous improvement

Compliance efforts by organizations need to continuously evolve to ensure the control environment remains firm while risk trends appear, risks emerge, and regulatory expectations shift.

Compliance and business leaders must continuously improve their compliance activities in pursuit of greater effectiveness, efficiency, agility, and resiliency. Because by continuously improving, organizations can methodically position their organizations for the future.

KPMG

Click here to access KPMG’s detailed White Paper

Insurance Global Trends in 2017

A brief summary of the key regional trends :

  • Analytics, Customer Centricity and Digital Innovation achieve similar scores across all our regions.
    • Customer-Centricity trails marginally in North America.
    • Noteworthy is the perfect score of 60 attained for Digital Innovation in Asia-Pacific, which indicates that this was the number-one priority here in all four measures underlying the priority score (money, time, staffing and training).
  • Underwriting and Risk Management both score considerably higher in North America than they do elsewhere – as we saw in the first priorities table, Underwriting is 3rd in the list of priorities in North America, despite not getting above 7th place in any other regions, and its Risk Management score is more than 80% higher than the runner-up’s (Europe).
  • There is a step-up in focus on Claims in Europe and North America compared to Asia-Pacific.
  • With Distribution Diversification, we have the exact inverse scenario, with Asia-Pacific leading the pack, possibly a reflection of the emerging markets within it necessitating high-scale low-cost distribution, which traditional models cannot provide.
  • Fraud is also a marginally higher priority in Asia-Pacific.
  • Europe and Asia-Pacific lead North America with their focus on Internet of Things.
  • Cybersecurity and Mobile achieve similar (lowish) scores for all regions; Product Development is relatively high across the board.
  • Regulation is the biggest deal in Europe, where respondents quoted in particular Solvency II and the Insurance Distribution Directive (IDD) as being causes for concern.

InsuranceNexus

Click here to access Insurance Nexus detailed survey analysis

The new dynamics of financial globalization

Since the global financial crisis began in 2007, gross cross-border capital flows have fallen by 65 percent in absolute terms and by four times relative to world GDP. Half of that decline has come from a sharp contraction in cross-border lending. But financial globalization is still very much alive—and could prove to be more stable and inclusive in the future.

  • Eurozone banks are at the epicenter of the retreat in cross-border lending, with total foreign loans and other claims down by $7.3 trillion, or by 45 percent, since 2007. Nearly half has occurred in intra-Eurozone borrowing, with interbank lending showing the largest decline. Swiss, UK, and some US banks also reduced their foreign business.
  • The retrenchment of global banks reflects several factors:
    • a reappraisal of country risk;
    • the recognition that foreign business was less profitable than domestic business for many banks;
    • national policies that promote domestic lending;
    • and new regulations on capital and liquidity that create disincentives for the added scale and complexity that foreign operations entail.
  • Some banks from developing and other advanced economies—notably China, Canada, and Japan—are expanding abroad, but it remains to be seen whether their new international business is profitable and sustained.
  • Central banks are also playing a larger role in banking and capital markets.
  • Financial globalization is not dead. The global stock of foreign investment relative to GDP has changed little since 2007, and more countries are participating. Our new Financial Connectedness Ranking shows that advanced economies and international financial centers are the most highly integrated into the global system, but China and other developing countries are becoming more connected. Notably, China’s connectedness is growing, with outward stock of bank lending and foreign direct investment (FDI) tripling since 2007.
  • The new era of financial globalization promises more stability. Less volatile FDI and equity flows now command a much higher share of gross capital flows than before the crisis. Imbalances of current, financial, and capital accounts have shrunk, from 2.5 percent of world GDP in 2007 to 1.7 percent in 2016. Developing countries have become net recipients of global capital again.
  • But potential risks remain. Capital flows—particularly foreign lending—remain volatile. Over 60 percent of countries experience a large decline, surge, or reversal in foreign lending each year, creating volatility in exchange rates and economies. Equity-market valuations have reached new heights. Financial contagion remains a risk. The rise of financial centers, particularly those that lack transparency, is worth watching.
  • Looking forward, new digital platforms, blockchain, and machine learning may create new channels for cross-border capital flows and further broaden participation.
    • Banks need to harness the power of digital and respond to financial technology companies or fintechs, adapt business models to new regulation, improve risk management, and review their global strategies.
    • Regulators will need to continue to monitor old risks and find new tools to cope with volatility, while creating a more resilient risk architecture and keeping pace with rapid technological change.

Financial Globalization

Click here to access McKinsey’s detailed study