The primary driver of this complexity is the growing number of European regulations that have been put in place, some of which contain highly detailed provisions and technical requirements. These include PRIIPS KIDs, ESG, and MIFID II, among others. The technical guidelines prove arduous for compliance officers and others who have to implement them.
Sometimes the provisions contain complex mathematical formulae that require expert knowledge, and failure to comply, such as with PRIIPS KIDs for example, might result in ever-stiffer penalties because policymakers want to ensure that those in the industry adhere as closely as possible with the prospectuses. We can begin to appreciate the growing complexity by taking an example from the world of ESG. Under the Sustainable Finance Disclosure Regulation (SFDR), for instance, we find elaborate calculations that are highly technical and require a science background for example about calculation of greenhouse gas emissions.
Then vs. Now
Classic corporate compliance used to be mostly about organising a company’s three lines of defence covering areas such as governance, conduct of business rules and anti-money laundering. Once upon a time, compliance could be handled if one had a legal background because the regulations were usually text-based, but increasingly they are steeped in technical elements.
It used to be that you could handle regulations if you had a pure legal/regulatory background, but nowadays compliance involves following increasingly technical guidelines.
Nowadays, areas such as ESG and IT have risen in importance and cannot be glossed over as regulations in these areas have been put forth on the European level. For someone overseeing compliance, all of these new topics will certainly fall into their remit at some point. Being an expert on everything is difficult, so going in search of solutions, most likely smart sourcing or digital tools appears to be the best option.
Smart sourcing and the umbrella of delegation
Smart sourcing means you outsource to keep within the firm the core services and responsibility. For regulators, smart sourcing falls under the umbrella of delegation, which as a whole has become more strictly monitored in recent years. Since the publication of CSSF Circular 18/698, which came into force back in 2018, we have seen the rules around delegation reinforced. These cover preliminary steps, initial due diligence, ongoing due diligence, reporting, and KPIs. While some delegated services on the lower end are relatively easy to outsource and garner little scrutiny from regulators, others are more heavily watched.
The level of scrutiny is the same if you go for true outsourcing or if you delegate to someone from within your group or a sister company. You have to perform due diligence the same as with any other service provider. In Luxembourg, the topic is especially relevant as the country is home to numerous regulated firms that make use of these sorts of services, especially in the domain of IT, which makes the regulatory apparatuses that much more involved here.
Digital tools help to lighten the compliance burden
Digital tools also provide a way for compliance teams to make sure to stay on top of regulations, and we have seen a flourishing of such tools in recent years. Some of these allow you to closely monitor the delegation chain, which is vital as regulators increasingly scrutinise not only contractors but subcontractors as well.
These tools can be vertical and sectoral, or they can be wider in scope and aim to cover all types of activities that are delegated within a firm. These tools allow you to obtain and compile significant information about subcontractors, ensure that agreements are in place, and ascertain that KPIs have been set up.
Data governance is a huge topic for clients these days because regulations now require you to offer a clear view of how you own and distribute data.
As a conducting or compliance officer, such tools are invaluable for providing a global view as well as offering a close look at a number of elements and data points such as those relating to risk, distribution networks, and ICT. The latter of these has rapidly climbed in importance in recent years given the burgeoning need for data governance and a clear view of how one owns and distributes data.
Pay attention to details
You also need an in-depth approach, not just a broad one, and that is another area where technology is helping out. Dashboarding allows you to clearly monitor different processes. While some service providers might lean toward suggesting a one-size-fits-all solution, it is important to look for a basket of solutions that help you to best comply with internal rules and regulatory requirements.
Other tools offer support for compliance officers in building their compliance monitoring plan. Certainly, this includes a degree of dashboarding, but it also involves facilitating work and simplifying processes, which are fundamentally what people seek. Resources and skills in Luxembourg are rare, so being more efficient is essential. Efficiency is the goal of every tool, and the best ones have the capacity to add a wide and deep range of controls without hindering your operations.
For more information click