Are you future proof? How to keep on top of a rapidly changing risk and compliance landscape

Risk and compliance professionals are forced to grapple with hundreds of new and continually updated and overlapping laws and regulations on an ongoing basis, each containing multiple, cascading individual obligations.

The financial services sector is one of the most regulated sectors globally. Over the last four months in Australia, there have been over 330 new, amended or repealed obligations that impact financial services organisations. If your team isn’t across which ones were updated, whether the updates matter to your business, whether you can understand the legalise, and how to manage compliance, you’re not alone. We understand you face an ever-evolving regulatory and social landscape, where businesses are under more scrutiny than ever, from regulators, shareholders, employees, customers and the communities in which we live.

We are only a few months in and yet 2024 already promises to be even more active on the regulatory front, with government signalling reforms in several key areas, such as scams, Environmental, Social and Governance (ESG), privacy and cyber security, artificial intelligence, and the financial services framework. This is in addition to the steps businesses should already have taken to implement the reforms that commence this year, such as the new Financial Accountability Regime (aka FAR, for short). That's a lot of complex legislation that can be hard to understand, let alone implement.

Combined with emerging threats such as cyber attacks and advances in technology, disruptive global events and a volatile economic environment, businesses need to be more than simply aware of the risks. They need to look ahead of the changes and implement a realistic plan using adequate resources to manage these complex risks, as well as the regulatory landscape.

Against this, and somewhat incongruously, there is a growing trend of businesses downsizing their risk and compliance capabilities to meet broader margin pressures. This leaves many organisations scrambling to meet their increased regulatory compliance obligations with fewer resources available. Organisations are seeking to fill this gap through data and technology capability, but there is a relative immature understanding of big data, and while a lot of data is captured, businesses are not set up to interrogate and utilise that data to drive real insights, let alone for use in reliable generative AI.

It is no wonder that legal and regulatory compliance was the second-most-common issue (after cyber-crime and data security) keeping Australian directors awake at night, according to the Australian Institute for Corporate Directors' Sentiment Index Survey (2nd Half 2023). Also, concerningly, 72% of risk professionals say their risk-management capabilities have not kept up with the rapidly changing landscape, as found by consultants Accenture in their Risk Study 2024 Edition.

What are successful businesses doing to know they are complying?

Here are some insights that we have from working with our clients and others in the industry about what successful businesses are doing to stay on top of the changes to understand and manage their obligations, as well as to minimise commercial, legal and reputational risks.

• Large scale proactive readiness is cheaper than large-scale reactive remediation: To navigate compliance, you need to start by understanding it. Most regulators want to know what you have done proactively not reactively, and this expectation forms a large part of new accountability regimes. Teams can only be proactive if they understand complex regulations and how to implement the relevant ones into a reliable compliance management framework. They also need to keep on top of changes and review existing processes and systems to make sure they are effective in managing new regulations. A future-forward approach to risk and compliance is essential for avoiding costly remediation, and catastrophic brand and reputation damage.
• Enablement through compliance capability and technology: Identify the right mix of compliance capability and transformative technologies for your business – it is not a one size fits all – in-house, outsourced or co-sourced options coupled with the right technology platform offer opportunities to do more with less in your risk and compliance practices.
• Expert advice for peace of mind: Seek expert advice tailored to your businesses' unique circumstances about how to efficiently understand and implement relevant complex regulatory requirements. This provides peace of mind that you are at least keeping pace with industry innovation, and government, regulatory and public expectations. This can give the board, senior management, and compliance and risk teams confidence in their ability to meet their obligations, and reduce your risk profile.