In the financial landscape, recent years have seen an increasingly extensive list of compliance requirements as imposed by both local and international regulators. This calls for the need for a well-rounded compliance system and strategies within a company. As such, a stable foundation for an entity’s compliance program is critical to achieving long-term sustainability.  

What should market participants in the financial services industry consider and prepare for in terms of compliance this 2024? Our experts weigh in.  

ESG, culture and regulations: What to consider for your 2024 compliance strategies

When drafting or assessing an organisation’s compliance strategy, its key compliance officers must take into account the following, as noted by Bolder Group’s Interim Global Head of Compliance, Adrian Cliffe Mubangizi:

• Sustainability and ESG integration. While some aspects of ESG remain voluntary and best practice, there is a rising trend towards ESG regulation and obligation for organisations. 
• Regulatory changes and updates. Awareness of the regulatory developments in the local and global landscape is essential. Organisations should understand how new regulations will impact operations and have a system in place to anticipate changes, address reporting, investor relations and risk management. Moreover, organisations that operate globally must be aware of all relevant regulatory requirements that may involve complex arrangements of overlapping and, in some cases, conflicting regulations. 
• Third-Party and Vendor Management. An organisation must ensure that any third parties or vendors it engages with comply with relevant regulations and standards. A compliance strategy must state clear contractual expectations and regular compliance reviews. 
• Conflict of Interest Policies. A clearly defined governance policy addressing conflict of interests is essential in maintaining investor trust and making decisions that reflect the best interests of an organisation. 
• Training and Culture. Organisations must also include regular training to embed the culture of compliance, and clear communication must be included in the compliance strategy to ensure staff at all levels are aware of the compliance expectations and how such expectations apply to their roles.   
• Liquidity Risk Management. Effective liquidity risk management is critical in maintaining investor confidence and regulatory compliance. 
• Data Security and Privacy. Ensuring the security and privacy of data (both internal and external data) should also be considered in creating an effective compliance strategy, especially with the increasing reliance on technology in business operations. 
• Business Continuity. A compliance strategy should also include regularly tested business continuity plans and recovery strategies to ensure that the organisation can continue operating during external disruptions. 
• Performance and Fee Transparency. Disclosure of fee structures and accurate reporting of performance and metrics are sought-out information for investors and regulators. 

Environmental, Social and Governance (“ESG”) factors 

New regulations and policies concerning sustainability and ESG show that governments, investors and consumers demand sustainability efforts from businesses. For Bolder Group’s ESG Specialist, Ana Prada, companies must prepare for “regulations, regulations and more regulations” and companies are obligated to “understand the law requirements on ESG matters” especially with authorities introducing such laws and controls. 

Prada also emphasised the investors’ calls for transparency. She noted that “[i]nvestors require ESG reports because they know their importance, so [companies] must implement risk prevention measures,” while always being cautious of greenwashing. 

Furthermore, organisations are compelled to integrate ESG principles not only into their internal systems but also into their entire supply chain. Prada advises organisations to be vigilant in their transactions with third-party providers by ensuring their partners are ESG-compliant and not involved in harmful practices. 

Read more about the key ESG trends expected for 2024 in our previous article.  

Governance frameworks

For the sake of transparency, organisations are also compelled to foster executive accountability, responsibility and effective risk management by highlighting oversight, robust internal control mechanisms, official documentation and reporting processes and escalation procedures, to name a few, in their governance frameworks.  

The board and management of organisations across industries must expect increasing expectations to commit to ethical practices and governance requirements to ensure compliance. Bolder Group’s Global Head of Governance, David Payne, stated that the key to having a robust oversight mechanism are:  

• Keeping professionals up to date with regulatory developments; and   
• Establishing internal self-assessments to ensure adequate knowledge of executives, professionals and staff. 

“By delineating roles, we segregate duties and responsibilities amongst different professionals, allowing at least a four-eyes principle revision process, which can help to identify any potential mistakes and/or wrongdoings such as fraud, money laundering, terrorist financing, etc. 

The segregation of duties also allows a professional to focus on potential matters or issues that require additional attention, that the professional can identify thanks to their specific experience and knowledge.” 

David Payne
Bolder Group Global Head of Governance

Payne underscored the importance of communication among executives and compliance professionals, so they are well-informed of any regulatory requirements or developments. Additionally, this promotes transparency and helps companies develop effective reporting and decision-making processes. 

As mentioned by Mubangizi, it is also essential to take note of the significance of communicating the organisation’s compliance strategies with staff at all levels. 

To learn where your organisation stands in terms of your governance practices and strategies, answer Bolder’s ESG self-assessment survey. Our governance experts can guide you in navigating your governance and compliance needs.  

Financial Resiliency

Financial resilience is an indicator of an organisation’s sustainability. External interplaying factors, including social, political, legal and economic factors, make it necessary for companies to have a well-established financial risk management and resilience strategy. 

BGA Law Partner Stefanie Suckoo said, “it is crucial for any company to assess their liquidity risk.” She also mentioned that having sufficient liquid assets or access to liquid capital markets to cover short-term liabilities (e.g., operational expenses, debt payments or contractual obligations) is key to ensuring a company’s survival. 

“Adequate liquidity buffers provide a cushion during periods of unexpected liquidity needs, which can be key to the survival of the entity and to maintain [the] confidence of its stakeholders, suppliers, creditors and investors. Entities want to avoid legal action, loss of suppliers, reputational damage and bankruptcy. [They] would not want to miss out on potential strategic opportunities [like] investments, mergers, acquisitions [and] expansion due to not having the flexibility to take advantage of those opportunities.”

Stefanie Suckoo
BGA Law Partner

Suckoo listed some integral aspects and processes that comprise an effective and robust liquidity risk management framework, as follows: 

• liquidity contingency funding plans, which should be properly documented, include strategies for the entity to address liquidity challenges in several stress environments, clearly state lines of responsibility (e.g., communication plans internally and with any regulatory authority) and have regular robustness testing;  
• diversification and review of sources and types of funding; 
• establishment and maintenance of sound relationships with liability holders; 
• regular assessment of the entity’s ability to sell assets; 
• effective cash flow management to monitor inflows and outflows; and 
• development, implementation and regular assessment of contingency funding plans, among others. 

Data Security

The costs associated with risk exposures and data breaches have significantly increased. According to IBM’s “Cost of a Data Breach Report 2023,” the global cost of a data breach in 2023 averaged USD 4.45 million, measuring a 15 per cent increase over three years. As such, concerns regarding data security and governance continue to 2024 and beyond. This is especially the case with the growing role of technology in today’s business operations and the expanding complexity and volume of compliance functions to address new regulatory requirements. 

To mitigate such breaches and security threats, establishing data risk detection, management and monitoring systems is a must. Bolder Group – Netherlands’ Compliance Lead and Data Protection Officer, Sjaco Kroon, indicated that solid data security procedures, staff training (to create awareness and enable them to recognise possible data leaks) and IT security are key aspects of such systems. Regulators are also attempting to address data security concerns by developing and rolling out new data regulations and policies – some examples are in a separate section below. 

Read Bolder Group’s Data Protection Protocol here. 

Combating Illicit Activities

The unfavourable risks and impacts of financial crimes remain a pressing issue for global markets. While numerous legislations and guidelines have been adopted to establish safeguards against money laundering and terrorist financing, much must be done, especially at the organisational level. 

An integral part of an organisation’s overall compliance strategy is an effective anti-money laundering and combating the financing of terrorism and proliferation financing (“AML/CFT/PF”) systems. According to Mubangizi, organisations should include the following interplaying aspects in their AML/CFT systems: 

• Comprehensive Risk Identification. Organisations should thoroughly identify all traditional and emerging risks (e.g., new technologies) related to money laundering and terrorist financing. Some risk aspects to consider are the offered products and services, customer base, geographic location(s) and transaction channels, to name a few. 
• Risk Assessment Methodology. A robust risk assessment methodology that aligns with the organisation’s risk appetite statement should be established, documented and frequently updated to evaluate identified risks effectively.  
• Customer Due Diligence (“CDD”) and Enhanced Due Diligence (“EDD”). CDD measures are key components of an AML/CFT system to know your customer (“KYC”) and to understand their associated risk profiles. In addition, defined EDD measures are essential for higher-risk customers or transactions to obtain more in-depth information.  
• Continuous Monitoring and Reporting. The activities mentioned above require constant monitoring and updating, especially in a fast-paced environment with frequent changes in the market, bringing about new risks. It is also essential that an organisation has the appropriate procedures for reporting suspicious activities to relevant authorities. 
• Training and Awareness. Staff training and awareness also ensure the effectiveness of the systems and measures set in place. All employees must undergo regular training and awareness to embed the culture of compliance in the organisation, enabling them to understand the importance of the frameworks and how to address arising risks. 

Mubangizi also outlined some of the best practices to integrate into KYC procedures as (i) having a tailored and risk-based approach to ensure proportionality of risk present and actions to be taken, (ii) regular reviews and updates of customer records to ensure accuracy and relevance of information, (iii) comprehensive documentation and record-keeping of KYC processes and decisions to demonstrate due diligence, (iv) leverage technology to enhance efficiency and minimise errors in the KYC processes and (v) training staff of the importance of KYC compliance and procedures.  

While integrating the abovementioned aspects into an organisation’s AML/CFT/PF systems is essential, collaboration with law enforcement agencies is equally vital in combating financial crimes. 

“Such collaboration enables effective information sharing, ensuring that both preventive measures and investigative actions are well-informed and targeted. It also fosters a coordinated response across jurisdictions, crucial for tackling cross-border crimes. … In essence, partnership with law enforcement is not just beneficial but vital for a comprehensive and robust approach to preventing, detecting, and prosecuting financial crimes.” 

Adrian Mubangizi
Bolder Group Interim Global Head of Compliance

Mubangizi emphasised that collaboration between an organisation and authorities is essential, especially with the complex, sophisticated and transnational nature of financial crimes. He noted that the combined expertise and resources of an organisation and law enforcement can “create an all-encompassing defense against illicit activities.” 

Bolder Group has a free resource on an effective KYC program. Download the guide here. 

Relevant regulations to look out for

Corporate Sustainability Due Diligence Directive (“CSDDD”)  

The EU Commission proposed the CSRDDD on 23 February 2022. If adopted, EU and non-EU companies will be subject to requirements to conduct due diligence in their business operations, subsidiaries and other parties in their value chain. The key elements of the due diligence duty of the subjected parties are identifying, ending, preventing, mitigating and accounting for negative human rights and environmental impacts. 

In its latest development, the European Parliament, the Council and the Commission concluded the trialogue negotiations on the CSDDD on 14 December 2023.  

Corporate Sustainability Reporting Directive (“CSRD”) 

The CSRD strengthens the rules imposed on various sizes of companies, including SMEs, regarding social and environmental information they are required to report. Such information will aid investors, consumers and other stakeholders to assess the sustainability risks, opportunities and performance of companies. 

The CSRD has been in effect since January 2023, and its implementation will gradually be phased in over the next few years. 

For further reading on the CSRD, read this article. 

Digital Operational Resilience Act (“DORA”) 

DORA is the EU’s framework for overseeing the risks associated with the financial sector’s reliance on information and communication technology (“ICT”) third-party service providers. Organisations must expect heightened supervision and stricter controls from the European Supervisory Authorities (“ESAs”). 

The DORA entered into force in January 2023 and will apply from January 2025. Companies are encouraged to take a proactive approach and start preparing as early as possible for the operational and financial implications of the DORA framework. 

Corporate Transparency Act (“CTA”) 

The United States’ CTA was enacted into federal law in January 2021. It is primarily aimed at reinforcing the country’s anti-money laundering efforts by preventing the use of anonymous shell companies to facilitate illegal activities such as money laundering, financing terrorism and tax fraud, to name a few. 

Existing and new companies on 1 January 2024 will be required to register with the Financial Crimes Enforcement Network (“FinCEN”) and adhere to beneficial ownership information (“BOI”) reporting requirements.  

EU Directive on Whistleblowing 

The main objective of the Directive is to ensure that every employee has a tool at his or her disposal to facilitate the disclosure of possible breaches or irregularities that may occur in the company. The Whistleblowing Directive also clearly states that the confidentiality of the informant or whistleblower must be guaranteed. 

Most EU countries have adopted the Directive and require companies to set up a whistleblowing channel where the identity of the whistleblower is protected, and a company representative or department is required to manage the claims and keep communications with employees. 

EU General Data Protection Regulation (“GDPR”) 

The European Parliament adopted the GDPR in April 2016, replacing an outdated data protection directive from 1995. It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside the EU. It is the strictest privacy and security law in the world. GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros. 

Depending on the place of operation, sector, company size and many other factors, the regulations applicable to your organisation and the associated requirements to ensure compliance vary from one company to another. 

Contact our compliance experts to be informed of the regulations and requirements relevant to your organisation.  

Bolder’s Compliance Solutions

We understand the need for compliance systems and procedures unique to your needs. With varying factors in the complex markets, developing your compliance strategies should not be a one-size-fits-all strategy. 

Bolder Group can assist in devising your compliance framework so you can stay ahead of the regulatory requirements and focus on driving your organisation’s goals. Ensure your business’s sustainability amid changing regulations with Bolder Group’s comprehensive suite of governance solutions. 

Feature image from Freepik.