In today’s world, effective compliance requires a new level of transparency and authenticity. Standards have changed, and building a legal, compliance and risk practice for the modern business means creating a program that goes beyond “checking the boxes”. Compliance teams must be able to meet the dynamic and constantly evolving business environment. This is particularly true as we see ourselves move into an increasingly digital-led economy, accelerated by the Covid pandemic over the last two years.
For many businesses operating across multiple markets, global compliance policies are critical to minimise regulatory and security risk. However, the regulatory landscape is becoming increasingly complex. With jurisdictions passing legislation specific to their local markets, legal teams are having to balance effective global initiatives, while providing enough flexibility for local interpretation, adaptation and implementation.
Given the increasingly complex global regulatory landscape, empowering in-house legal teams with both a global viewpoint and local expertise should be at the top of every business agenda.
THE ROLE OF COMPLIANCE IN A BUSINESS IS NOW MORE IMPORTANT THAN EVER
With the regulatory spotlight firmly on the banking and finance sector, the compliance function has become essential for modern organisations, especially for those operating in the fintech (financial technology) space, where the importance of an effective and strong AML/CTF framework is crucial to success and credibility. Beyond the basic requirements - to properly verify and carry out due diligence on all customers, partners, clients and other third parties such as investors and other vendors - the role of compliance has become increasingly important when onboarding new business customers in a consistent and scalable manner that optimises user experience.
This is particularly true for fintechs that continue to globalise their businesses quickly, and are growing at pace amid the pandemic. More often than not, new customer onboarding has been done remotely, and the speed, accuracy and focus required to conduct the process in a safe and compliant manner means fintechs have had to mobilise the appropriate team to execute (with support from technology).
Securing business infrastructure and data is also critical, and many organisations are turning to technology to manage complex security and compliance challenges.
Looking at the broader landscape, and on the back of an unprecedented year in 2020, compliance teams - whether in-house or via law firms - also play a key role in helping businesses adapt and navigate to regulatory changes. For fintech players in Hong Kong (and across Asia) navigating local and regional compliance schemes continues to be a challenge as regulatory structures and regimes continue to shift.
That said, regulators continue to extend support for the development and growth of fintech. In Hong Kong for example, a Fintech Supervisory Sandbox (FSS) was established in 2016 to promote partnerships between banks and tech firms, encouraging innovation and new tech development. More recently, the Hong Kong Monetary Authority (HKMA) announced a two-year roadmap in November 2020 to promote Regtech adoption in the Hong Kong banking sector.
EMPHASISE LOCALISATION OVER REPLICATION
For the legal function, balancing a global mindset with local compliance expertise is now critical. Organisations often employ a global compliance framework to ensure consistency and strong governance across the business. While laws differ substantially in different countries and jurisdictions, there are also commonalities across the world.
When accepting payments and making payment transfers for example, there are a number of norms that apply across international borders, such as the recommendations of Financial Action Task Force (FATF) as well as the Payment Card Industry Data Security Standard (PCI DSS) - seen as the gold standard to ensure all companies that process, store or transmit credit card information maintain a secure environment.
For a global framework to be effective however, there must be room for local adaptation. Mandates and expectations from local regulators vary from region to region. Therefore, legal teams within an organisation must be flexible; able to adjust to meet local compliance standards to efficiently operate across multiple markets globally. Law firms must also provide this duality of counsel when advising a global organisation.
To enable a successful bridge between global compliance standards and local requirements in each jurisdiction, in-house legal teams must champion a dual-focused compliance framework that is tailored to the jurisdictions where it operates. Having local lawyers and compliance officers representing the business is important to ensure strong engagement within the local regulatory landscape. Compliance teams must have a relationship with governing bodies, and view them as partnerships. This means building an open and continuous dialogue with regulators.
Local expertise and research is also critical when entering a new market. For example, we conduct intensive due diligence on the local regulatory environment, including market specifics like foreign currency controls, tax implications and restrictions around specific industries before extending our network into a new region.
In addition, the compliance practices need to reflect local cultural preferences, as well as the culture the company has built. This means understanding how businesses are conducted in a country and how people work together within the organisation. In tech in particular, compliance isn’t just about lawfulness, but also related to the company’s cultural expectation - around innovation, quality or customer-centricity, for example.
Recognising these differences and adjusting your compliance practice accordingly, will therefore enable a more effective compliance practice overall. Ultimately, enabling a dual-structure will not only ensure the organisation you serve complies with local laws, but can also foster a wider, global culture of compliance.
ENABLE A GLOBAL CULTURE OF COMPLIANCE
Creating a culture of compliance has to start from the top. A key role of the Chief Legal Officer is to mobilise the management team to constantly reinforce the value of compliance and the important role it plays to sustain the business long-term and enable growth.
In practice, this means educating the wider organisation on the role of compliance and how it enables operations globally. Successful company-wide understanding hinges on the strength of employee training initiatives at all levels, starting with the onboarding process. The better the understanding, the more protected your organisation is from potential risk.
In-house compliance teams should focus on creating a two-way dialogue with the wider organisation. This could be through internal messaging, support channels or regular team updates and Q&As. It’s critical employees feel empowered to freely contact the compliance team - anonymously or otherwise - with any questions or concerns they may have.
Compliance plays an integral role to success in the modern business ecosystem. It ensures we abide by internal rules of conduct and external rules and regulations, but also that we operate in an ethical and responsible way. By creating policies that are comprehensive, relevant and use local expertise, you can ensure your compliance strategy is always relevant to the evolving needs of customers, regulators and broader stakeholders.