Risk, Regulatory, and Compliance experts Chris Palumbo and Karan Gulati offer an insider’s perspective on the SIFMA C&L annual conference, focusing on the key trends and policies shaping the financial services industry.
Compliance Programs and Regulation
- Pressure to scale programs increases
- Risk and compliance programs should be comprehensive, proactive, and flexible with an organization’s growth, scope, complexity, and geography. Program shifts should be thoroughly documented, and any issues should be self-identified and reported.
- Remote environments remain under added scrutiny
- With more securities traders and advisers working in remote environments, privacy concerns are growing. FINRA recently adopted a rule that considers locations where a person conducts supervisory activities as non-branch locations. Organizations will need to ensure compliance for newly defined residential supervisory locations (RSLs) to pass supervisory inspections.
- Higher standards considered for preventing future bank failures
- Following recent bank failures, the OCC, Federal Reserve, and FDIC are strongly considering heightened standards for companies to avoid similar failures in the future. The regulators recently issued a joint supervisory statement with the following goals:
- Ensure risks are appropriately considered
- Highlight the complementary nature of existing supervisory processes
- Emphasize that the process is highly integrated with existing supervisory processes rather than creating new or separate ones.
- Following recent bank failures, the OCC, Federal Reserve, and FDIC are strongly considering heightened standards for companies to avoid similar failures in the future. The regulators recently issued a joint supervisory statement with the following goals:
Technology and Data
- AI exploration demands proper training and governance protocols
- Third-party risk management and the use of AI are top priorities for regulators. "Explainability" such as how and why it is being used, how it fits into overall strategy, and how it is being managed is a focus area for both.
- Firms are expected to properly train employees managing AI as use cases grow, and risk line of defense teams should be at the forefront of model testing and validation.
- As the race for AI skillsets ensues, firms will turn to third-party tools for efficiency and “pre-built solutions,” creating a greater need for third-party risk management platforms.
- Creating freedom within a safe framework
- Working in a digital environment, organizations must remain ultra-diligent in protecting IP assets as well as empowering employees to operate within a creative framework. This involves implementing the right safeguards and providing training on approved messaging systems and communication channels.
- Firms must continuously manage firm device protocols while also addressing off-channel communication. This entails striking a balance between effective surveillance and respecting privacy.
Fraud and Risk Management
- Fraudsters shift to impersonating close relationships
- Criminals are falsely working with advisors by impersonating known relationships such as clients, other traders or members of the brokerage, and family or friends via email, deep-fake technology, and AI voice to complete fraudulent transactions.
- Corporate culture plays a pivotal role in conduct risk
- Conduct Risk is hard to quantify, so strengthening corporate culture, managing behaviors, and keeping an ongoing dialogue about improvement will yield successful outcomes.
- Complex money laundering schemes on the rise
- The financial services industry is seeing a surge in complex money-laundering and fraud schemes intent on taking advantage of gaps in defense measures. It is critically important that organizations ensure their Anti-Money Laundering (AML) programs keep pace with these advances. Organizations are using AI to predict fraudulent transactions, but with the technology being tested in this and other areas of AML, regulators are grappling with how to monitor and regulate the use of it.
The Product Landscape
- Product development is getting more attention
- Guidance for new product launches is still evolving, but there are common criteria to satisfy both investors and regulators. Usually, there is a disconnect between those building a financial product, managing it, and overseeing policy and enforcement, making alignment challenging. Embedding a shared understanding of risk tolerance can help firms navigate the landscape and create greater buy in.
- With the regulatory landscape changing, new product development processes should undergo an enhanced review and approval cycle to ensure the proper use and documentation of data.
Ongoing regulations are shaking up the financial services industry. Feeling the pressure?
Chris Palumbo
Practice Lead, Risk, Regulatory, and Compliance Advisory Services
<p>Chris has 30 years of experience in the banking and Financial Services industry. Specific areas of expertise include risk management across all risk categories, consumer compliance, regulatory relations, as well as program and change management. During his career, Chris has worked for and with Financial Services organizations, helping to navigate the complexities of the constantly changing compliance, regulatory, and risk management environment. Chris's experience includes a broad array of hands-on industry experience, serving for 3 years as a Managing Director within the Regulatory and Risk Management Practice at KPMG, 7 years with the Federal Reserve Bank of Richmond as a Supervisory Officer, 19 years as a member of senior management for 2 of the 10 largest domestic US banks (and several start-ups), and 4 years as a Logistics Officer in the United States Marine Corps.</p>
Karan Gulati
Principal, Financial Services
<p>Karan is a Principal with the North Highland company. He has 14+ years of experience supporting Financial Services organizations driving large-scale Change and Transformation efforts within Payments, Risk and Compliance, and Wealth Management. </p>