Over the last 12 months, compliance has continued to be a critical aspect of financial services leaders’ operational strategies. The 2019 Royal Commission report shone a spotlight on just how much the sector needed to improve in order to meet evolving regulation standards and since then, leaders have had to shift their thinking around compliance management.
In the latest release of TAS’ annual Compliance Index, we explore the current landscape and identify the remaining gaps in achieving obligations. The Index conducts a pulse check based on a cross-section of industry leaders to understand their perspectives on evolving standards and the barriers organisations were facing.
Despite the improvements, there is still a long road to comprehensive compliance management at the necessary standard. In our Insights series, we’ve seen that sufficient resources, strategic partnerships and the right tools and training have been major challenges for leaders in the past. A final area where compliance has fallen short is in the management of third parties.
Most organisations partner with external service providers in all areas of day-to-day operations, from ICT support to outsourced CX functions. However, there has been a lack of oversight and understanding on these partners’ compliance requirements and standards. It’s no longer enough to look at management within your own organisation; the risk profile of your providers has a significant impact on the risk to your own business. Choosing the right-fit partner is critical in mitigating potential concerns around keeping up with regulations, implementing effective cybersecurity protocols and dealing with digital disruption. These being some of the biggest business challenges as identified by leaders in the report.
Nearly a quarter of leaders are unaware of the obligations of third parties and have not ensured that the external service provider’s contract covers those requirements. Further, only 23 percent have contracts that require regular reporting from third parties. Nor do they actively monitor and review information available. With such a small focus on third parties, leaders are putting organisations at risk of breaches, despite their own internal efforts to meet obligations.
Here are three ways leaders can ensure comprehensive compliance management across their third-party partners:
Work requirements into contracts. Compliance is a critical part of every facet of the organisation which means it should be a standardised part of all contracts with third-party providers. As internal compliance culture means every member of the organisation taking responsibility at the individual level, these contracts must enforce a level of ownership from external providers. This should cover both the obligations and expectations around reporting to ensure complete oversight.
Have routine check-ups on standards. Compliance management is not a one-and-done box-ticking exercise. Though external providers may have strong measures in place at the time of the contract, leaders should not be complacent. Ensuring total coverage will mean conducting the initial and ongoing assessment with clear requirements outlined for active management. Back this up with mitigation protocols that can be executed quickly and with swift accuracy and with no room for ambiguity if there are gaps uncovered during assessments.
Get on the ground and be proactive. The dangers of poor compliance management are too dire to leave the process entirely up to third parties. To be sure of the efficacy of external providers’ evidence, leaders should regularly have their systems reviewed internally, working directly with the providers’ teams to assess both the reports and evidence. Leaders can also no longer afford just a top-level understanding of compliance – as outlined in the Index, over 25 percent of leaders have either a basic or no understanding of compliance obligations.
It’s essential to remember that the impact of work from third parties directly affects your customers and so, the onus is on leaders to review their entire supply chain for comprehensive management and to ensure an optimal customer experience. Set strict standards for external providers and manage this regularly for complete peace of mind.
Learn more in the fourth edition of the TAS Compliance Index here.