A 2022 Compliance Wish List

Written by Jon Prentice on Wednesday 19 January, 2022

Within the blink of an eye, 2021 has been and gone and 2022 is upon us. At the end of last year we wrote about three of the biggest talking points from 2021; now we shift our attention to the 12 months ahead.  

Predicting what is going to happen in the ever-changing world of compliance is always fraught with difficulty, and so this article will instead focus more on what we can perhaps hope to see in 2022. 

An increased focus on ESG

Environmental, social and governance (ESG) featured as one of the focuses in 2021 review, where we discussed how sound ESG practices were assuming ever greater importance to governments, firms, stakeholders and the public.  

Yet there remains a lot that can and needs to be done, particularly given the global challenges posed by the pandemic, and how these have amplified ESG issues for policymakers, boards and executives.  

[ESG] activities are increasing in importance to customers, investors and regulators.  Consequently, all organisations should ensure that they have a clear understanding of how the ESG agenda is evolving, and what impact this has with respect to both opportunities and risks for them. Issues such as diversity, equal pay, social exclusion, carbon emissions and modern slavery require genuine understanding and analysis, and a sustainable business model requires increasing levels of transparency if the full benefits of effective stakeholder management are to be obtained and sustained. 

 Jonathan Bowdler, Head of Regulatory Compliance, ICA  

One key objective is the alignment of ESG frameworks, policies and metrics. That is why over the next year, a much clearer idea of ESG requirements and reporting is imperative. As things stand, many jurisdictions, or firms within those jurisdictions, are working in silos given the lack of generally accepted international accounting or reporting standards. Common metrics are therefore required in order to be able to measure ESG performance and drive improvement.  

Things are already moving in the right direction. The UK is expected to implement new rules this year which:  

…will make ESG reporting mandatory for all private UK companies and limited liability partnerships with more than 500 employees and turnover greater than £500m, along with all publicly quoted UK companies…[1]

In the US it is expected that mandatory ESG disclosures to the Securities and Exchange Commission (SEC) will be a requirement in the near future. APAC countries have also made significant strides, with disclosure of ESG data increasing in all countries within APAC over the last 10 years. What’s more, most markets within the region already have some form of governance relating to ESG disclosures, with countries such as China making it mandatory. 

At a firm level, boards should be setting out a clear ESG strategy with measurable goals and metrics, as well as identifying who is responsible for governing the strategy. 

However, it is important that these metrics are realistic and effective measurable targets, not just ‘token gesture’ statistics enabling firms to conduct a tick-box exercise, as Abi Duff-Walker, Wilmington PLC’s Group Finance and Sustainability Director explains: 

The ESG reporting landscape is rapidly evolving in response to the need for more clarity around frameworks, standards and metrics. This clarity is crucial to achieving greater transparency and providing all stakeholders with real insight into the quality of a company's ESG activity. However, standards and metrics will only ever tell part of the story. Ultimately, ESG reporting will become truly valuable when it can reflect a genuine commitment to embedding sustainable thinking into decision making processes at all levels within a business. Without this commitment, the ESG movement cannot effectively drive the transition we need to a sustainable economic system that gives people, planet and profit an equitable seat at the table. 

If you're interested in learning more, then keep an eye out for our upcoming new course on ESG. 

Changes to social media onboarding procedures 

The customer onboarding process and customer due diligence (CDD) have been at the forefront of firms’ fight against illicit activity for some time.  

In simple terms, the customer onboarding process aims to keep bad actors from becoming customers through robust controls aimed at identifying and verifying who your customer is, and in ensuring that those individuals do not pose a risk.  

Ongoing due diligence, meanwhile, monitors existing customers’ activities for any concerning or suspicious activity, and seeks to ensure that the information held on a customer is present and correct.  

Whilst most industries have regulations in place regarding onboarding and CDD processes, one area that remains a relative free-for-all is that of social media. That is why the second item on our 2022 wish list is tighter regulations and procedures around social media onboarding and CDD. 

As of October 2021, there were approximately 4.55 billion people around the world using social media.[2] And whilst it is now an integral part of people’s daily lives, with the vast majority using social media platforms legitimately, there is still an enormous number of accounts across all platforms set up only to cause harm.

Abuse, cyber bullying, harassment and racism are just a few things you can expect to find on a daily basis across social media channels, with criminals and fraudsters also using platforms as a way to lure potential victims. Something we are seeing a lot more frequently is the use of social media to commit, recruit or scam individuals in relation to: 

• romance scams 
• investment scams (in particular relating to cryptocurrencies) 
• human and wildlife trafficking 
• drug trafficking, and 
• money mules. 

Under these schemes, criminals will set up pseudonymous accounts to target vulnerable individuals, continuing to do so until the account is closed. Once it is, they will create a new email address, open a new account and start the process all over again.  

It is that simple process of being able to reopen accounts that needs to be dealt with – something easier said than done.  

The most common resolution proposed is to require government-issued identification during the account opening procedure, similar to if you were opening a bank account. However, this suggestion comes with a number of drawbacks.  

Firstly it creates a major inclusivity issue. Not everyone has or can easily obtain government-issued identification, therefore a lot of individuals would immediately be excluded from access to social media platforms.  

Secondly, a lot of people like to remain anonymous on social media for various reasons. This could include government oppression in their country of residence making it unsafe to post under their legal name, the desire to remain anonymous when speaking as a member of a minority group, or fear of reprisal if their true identity is revealed.  

Finally, many individuals do not consider it safe to provide their identification documents to social media platforms given these platforms’ historic poor record on data security.[3]

So all of this leaves us in a position where more needs to be done; it seems the effective measures used in other industries are not yet viable. Hopefully, there will open up over the next 12 months new ways in which social media companies are able to effectively screen accounts and the people behind those accounts. For now, we will have to continue to remain vigilant and raise further awareness regarding how criminals are using social media to cause harm. 

If you are interested in learning more about CDD, we have a number of courses that which may be of interest, including: 

• ICA Essentials – KYC/CDD short course
• ICA Certificate in KYC and CDD
• ICA Advanced Certificate in Practical Customer Due Diligence

Transaction monitoring, surveillance and SAR efficiency 

The final item on our 2022 wish list is to see further developments in the use of technology to aid in transaction monitoring and surveillance processes, greater collaboration and a more efficient and effective suspicious activity reporting process. 

The past few years have seen a shift from the traditional manual-orientated processes relating to transaction monitoring and surveillance to a more technological approach utilising AI, machine learning and Big Data.  

These technologies have enabled firms to tackle financial crime both faster and more cheaply, resulting in a smarter approach where vast swathes of data can be screened at any one time. AI, for example, has the ability to identify patterns of transactions, behaviours and anomalies rapidly, allowing compliance professionals to better spend their time analysing the results, investigating root causes and collaborating their findings with other financial institutions or authorities.  

Collaboration – whether internally or externally with other organisations, law enforcement agencies, businesses and other stakeholders – enables greater knowledge sharing of money laundering and fraud trends, and plays a crucial role in preventing crimes such as human trafficking.  

So with technologies every day improving, it is equally important for compliance professionals to follow suit and continue to develop their analytical and collaborative skills over the coming year and more in order to keep up with developments. 

We also hope to see a more efficient and effective approach in relation to suspicious activity reporting (also known as suspicious transaction reporting).  

In some countries, for example the UK and the US, financial intelligence units (FIU) are often overwhelmed by the sheer volume of SARs/STRs received and simply do not have the capacity to investigate everything. This is in part due to financial institutions fearing being hit with a fine if they don’t submit a SAR, and FIUs rarely offering feedback on the SARs they do receive. 

In other countries, where controls aren’t as stringent, SARs are rarely submitted and suspicious activity that requires investigating goes left untouched. 

Finding a balance is crucial, and hopefully we will see over the coming months better efficiency in respect of suspicious activity reporting, aided by technological advancements, greater collaboration and further best practices. 

To learn more about SARs, why not take a look at the one of the following ICA short courses:  

• Managing SARs Investigations – Best Practice Guide
• SARs Investigations: Practice Like a Professional

[1] Stephen Emerson, ‘Why companies need to act now to get their ESG house in order’, The Scotsman, 28 October 2021: https://www.scotsman.com/business/why-companies-need-to-act-now-to-get-their-esg-house-in-order-3434324 – accessed January 2022

[2] Dave Chaffey, ‘Global social media statistics research summary 2022’, Smart Insights, 12 January 2022: https://www.smartinsights.com/social-media-marketing/social-media-strategy/new-global-social-media-research/ – accessed January 2022

[3] Aaron Holmes, ‘533 million Facebook users’ phone numbers and personal data have been leaked online’, Business Insider, 3 April 2021: https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4?r=US&IR=T – accessed January 2022