2025 Top Compliance Priorities - podcast episode cover

2025 Top Compliance Priorities

Feb 11, 202536 minSeason 8Ep. 1
--:--
--:--
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Kimberley Cole hosts Risky Women Radio with guests Carol Beaumier and Bernadine Reese to discuss the top compliance issues in 2025. They reflect on 2024, highlighting the impact of US Supreme Court decisions on regulatory authority and a UK court ruling on discretionary commissions. They discuss the importance of AI in compliance, the need for dynamic risk assessments, and the challenges of global alignment on regulations. Key priorities for 2025 include AI, financial crime, operational resilience, and third-party risk management. They emphasize the importance of leveraging technology, ongoing training, and focusing on outcomes to improve compliance effectiveness.

SHOW NOTES

04:42 Review of 2024 Compliance Developments
11:17 2025 Compliance Priorities and Regional Views
17:12 Unique Considerations for Compliance Organizations
24:21 Regional Challenges and Horizon Scanning
29:20 Final Recommendations for Compliance Departments

Transcript

Intro / Opening

This is Risky Women Radio, a show that connects, celebrates and champions women in risk regulation and compliance. We’re here to share the insights on the biggest issues in our industry and hear inspiring journeys from our global members. Sign up to our newsletter at riskywomen.org. I’m Kimberley Cole, your Chief Risky Woman. Welcome to Risky Women Radio. Today's risky women are Carol Beaumier, the Senior Managing Director of Protiviti, and Bernadine Reese, Managing Director, back to discuss our

annual, now, podcast on the top of mind compliance issues. And this is our fourth year, so I'm super excited. Before I say hi and get them to and welcome them, I'll just give you a quick introduction. So Bernadine is the Managing Director in Protiviti's Risk and Compliance practice. She is based in London, and she joined Protiviti in 2007 from KPMG, regulatory

service practice. She's got more than 30 years experience working with a variety of financial services clients to enhance their business performance by successfully implementing risk compliance and governance change and optimizing their risk and compliance arrangements, and she's a frequent speaker on regulatory and risk issues, and we're thrilled to have her join us again today. Carol Beaumieris the Senior Managing Director in Protiviti's Risk and Compliance practice, and she also leads the

firm's global thought leadership program. Prior to joining productivity, Carol, was a partner with Arthur Andersen, where she led the global regulatory practice. She was a founding member of the Secura group and a leader of the firm's risk management practice and a regulator with the Office of the Comptroller of the Currency, which was a Bureau of the US Treasury Department, where she served as Chief of Staff to the

comptroller. She's an experienced consultant. She's got more than 35 years of experience and extensive knowledge of financial crime, risk and regulatory issues. She writes and speaks regularly on these issues and has worked globally, across America's Europe and the Asia Pacific region. So fabulous to have Carol on board. And I would also like to say she was one of our esteemed judging panel for our

first Risky Women Write competition this year. And the Risky Women Write competition was really a great highlight for me and Risky Women in 2024! And so as I welcome you, maybe you can both say hi and also give me a little highlight of what was yours for 2024. So welcome Carol, welcome Bernadine. It's great to be back again with you, Kimberley, and I have to say the writing contest was really the highlight of of the

year for me as well. You mentioned in the intro that one of my responsibilities is leading our global thought leadership program. And I think I probably mentioned to you in the past that if you asked me when I was in college, what I

wanted to do, I wanted to be a writer. So anything to do with writing top of my list, and I think it would, it was so much fun to see all of the Risky Women who contributed articles and just the range of topics and how invested they were in compliance as a profession, in kind of serving greater market needs. It just was a lot of fun to participate. I hope I'll get asked back in the future!

Yeah, I agree. It was amazing. Like we we really were overwhelmed by the the range and the quality and just the number of people that contributed. So can't wait to see what happens this year. And Bernadine, what about you? How was 2024 for you? Really good thank you. And lovely to be back Kimberley and to be to join you again. So yes, 2024 was a was a busy year. My highlight is probably a personal highlight. So I hosted a family gathering back in the UK. So my family is quite disparate across

the across the globe. So we get together very few years. This year was, last year was with us in the UK, and was fantastic to get together and and reconnect. And yeah, it was a highlight for

Review of 2024 Compliance Developments

Brilliant, brilliant. Well, we're going to just have another me. quick little look back at 2024 before we move on to obviously our look forward in 2025 at the financial service industries, compliance. Priorities, and what was it in 2024 from a compliance related developments perspective, that surprised you, or perhaps caught you off guard a bit? So if I can take that first, what caught me off guard a bit were three supreme, US Supreme Court decisions that came toward

the end of the last term of the Supreme Court. These decisions, in my mind, really have upended the regulatory process in the US. So two of the decisions related to responsibility and authority of the regulatory agencies versus the court. Effectively, they transferred to the court authorities that

historically had belonged with with the regulators. The biggest case, or the case that's gotten the most attention, is typically referred to as the Chevron Reversal, and what it did was to reverse a 40 year old Supreme Court decision which said that, and this is the English language interpretation of the law, which said that where a law is vague or unclear, deference is given

to the regulatory agencies to interpret intent. In reversing this decision, the court said interpreting law is the court's jurisdiction, not the regulatory agencies. As a consequence, we are already seeing other regulations being challenged based on this Supreme Court decision, and I expect it's something that we're going to see a lot more of in the future. You know, it sounds US centric, but obviously it would affect any financial institution doing business in the US. So it has

broader implications. And I think from an industry standpoint, it potentially really slows down and adds a degree of uncertainty to the rulemaking process? Yeah, I think, yeah, that's going to be very interesting. And I'm curious to see how those kind of developments are going to shape the views for 2025 so really keen to get into the current priorities? Do you want to add something?

Yeah, I was, I was also going to choose a court ruling example from from the UK, this time, particularly looking at consumer protection issues, which we'll come to in a minute. But very hot topic here. And so the big surprise for me was the UK Court of Appeal stating that it's a quite a specific point, but big implication, so a broker can't lawfully receive a discretionary commission from the lender without obtaining the customer's

fully informed consent to that payment. So this was made in respect of a Motor Finance Commission's ruling, but the way the Court has interpreted it means that it covers a whole variety of commission arrangements, potentially past business review. So we are waiting the supreme court appeal hearing in April with interest because that could have far reaching implications for the UK.

Wow, yeah, really interesting again. And then last year, we looked at the developments and changes over 10 years, because it was our 10th birthday, and we did lots of good celebrations around that. And I think it's always good, and I think we did last year as well, to look at how your predictions went. So give us your thoughts on how did they actually play out. So I think on balance, and I think we covered that. I know we covered this in our paper this year, they played out pretty

well. I think we were on target. I think one of the issues that we've been a little bit hit and miss on through no fault of our own, is kind of how, how the framework for crypto has developed around the globe. There have been kind of fits and starts. You know, we're projecting more activity in this

year. I think also you asked us last year to kind of think forward and think about what the compliance world would look like in 10 years, and going back and looking at last year's discussion, my prediction was that I hoped, within 10 years, that compliance departments would have aI assistance that would do things like gather information for risk assessments and help with horizon scanning and help with compliance monitoring, and I think that's still a pretty good prediction.

With the I'd shorten the timeline, because I think the advances in AI are just so dramatic. Okay that for the most part, we can do all of this already. Not everyone is there, but the capabilities exist. So I'm encouraged that in the future, a lot of the routine tasks will be done by AI and that CCOs and compliance professionals can focus on strategy and being the expert advisors that their institutions need. Excellent. Anything to add Bernadine?

Yeah, so it was interesting to look back at my prediction. I think mine is falling behind rather than speeding up. So I my prediction was that there might be more well, I'd hope for more global alignment on regulations and greater sources of reliable data to enable that kind of technology, rich data, data

enabled approach, as we progress on some of these issues. Doesn't feel like global alignment is is is improving from a regulatory perspective, but the demand for data is certainly there and increasing, and I think I'm going to double down on my on my prediction, because I think, out of necessity, we're going to get there in 10 years time. So...

2025 Compliance Priorities and Regional Views

Excellent. Well, I look forward to now jumping ahead and looking at our 2025 priorities. So this year we love sharing Protiviti's annual update. And I think this year you've titled it The

Compliance Playbook

Navigating the Financial Services Industry's Compliance Priorities in 2025 so we'll put that link in the show notes and make sure that it's clear to everyone who wants to take a look. But it'd be great to have you walk us through some of the predictions and the priorities that you see. And you've kind of changed your approach a bit, I think this year, identifying and grouping around regional views. So you know what, what, why was that that you decided to move that way?

I think that's a great follow up to the comments that Bernadine just made on global alignment. I think we were curious, and curiosity is a good thing for compliance professionals. We were very curious about the extent to which disruption across the globe, whether that's disruption through innovation, through changing political views, changing populist views, we wanted to understand the extent to which that may have

maybe impacting priorities in different parts of the world. So we decided to come at this had a little bit using a little bit different lens than we had in the past. And I'm sure later we'll, we'll talk about what we learned from that. Mm, yeah. And what struck you most about the kind of responses, because I think you went to your colleagues, is that was the sort of approach around the different geographies. And, yeah, what, what struck you about the responses from them?

Yeah, indeed. I mean, I we did go out to colleagues within regions, and perhaps not surprising that there was a high degree of overlap in in the issues across across the

regions. Artificial Intelligence topped most of the lists, financial crime, operational resilience, third party risk management, were up there too for, I think, all of the regions, just reflecting those international regulatory priorities and the need to address the impact of technology on financial services and so on. But there were some unique

issues by region as well. So we'll no doubt come to the heightened uncertainty being a big priority from a US perspective, in North America, in Europe, ESG and virtual asset regulation featured highly. And then APAC, there was a strong focus on conduct and culture as well as fintech. So there were those regional discrepancies and variations as well.

Yeah, it's interesting, isn't it? I mean, AI, I'd say is the top of the list for, you know, pick an industry, pick a spot, but it's very interesting to think about it in the context of compliance and risk. So, yeah, very, very interesting. So Bernadine, you noted AI. It's a common one as well across the

globe, and as I said, I think across multiple industries. So what do you see then, specifically as the sort of key compliance priorities related to AI, and what's the sort of Chief Compliance Office should be doing to address them? Yeah, I mean the the speed of change with the launch, I guess really, for a lot of people, the launch of ChatGPT and those kind of Gen AI models has has meant that we've had this kind of

widespread development globally on adoption of AI. I think fair to say, regulators are still playing catch up in this area, but compliance teams are having to navigate AI adoption in the business, most people are pressing ahead with with some

sort of AI adoption. So what we're seeing is compliance priorities focusing on areas like fairness, privacy, safety, transparency, competition, accountability, there's there's a long list of compliance issues to think through, and globally, regulators are looking to align around international standards and principles. I think we see organizations like the OECD looking at respect for human rights, sustainability, risk management, but a rule set is still, I guess, some way to go

in relation to AI. So chief compliance officers are going to be trying to navigate this emerging local and global regulations as they assess the compliance risks from AI being developed by their own businesses, or indeed, within the compliance teams that they're running is a challenge.

I think it's interesting because it sort of relates, again to some of the conversations we've had previously around scope and how the role continues to gain more and more scope when you're saying now all of those areas that you named, but it's also the AI impacts around those so it just once again, shows the sort of breadth as well as the depth of the role.

This episode is brought to you by Protiviti. Protiviti is a global consulting firm with deep expertise in transformation, risk management and compliance, partner with Protiviti.

Unique Considerations for Compliance Organizations

So maybe Carol, obviously, there was a lot of other common priorities, as Bernadine just said, from financial crime, security, privacy, operational resilience, your third party, risk management. I mean, a lot of them come up regularly every year. But are there any kind of unique considerations for compliance organizations to think about this year? I think there are a few things to keep in mind as it relates to

fincrime. So just recently, the EU ministers appointed a veteran Italian central banker to lead the new anti money laundering authority for the EU. So I think it will be important to watch how her agenda evolves. Obviously will have significance not only for EU financial institutions, but other

institutions that do business in the EU. In in the US, and this kind of gets back to the role of the courts, many people are likely aware that our beneficial owner corporate registry, which was supposed to go into effect in January, has been caught up in the courts, kind of on again, off again, as we record this morning, it's on, but we'll see. So definitely something to keep an eye out on for those who do business in the US. I think another important issue in the fin crime space is around

sanctions. I would expand export controls. I would expect next, this year to be another very active year. I think what the industry really needs to keep an eye on is and we've come through this period where we've had tremendous coordination and collaboration among the US, the UK and EU in particular, in the new US administration, I think there may be a tendency to act unilaterally, and then maybe try to get other countries to go

along. The consequence to the industry is that I think we could end up with more kind of mismatches in the way we're approaching sanctions, who, what parties are involved. And obviously that creates much bigger challenges for those institutions that operate multinationally. And I would say another thing primarily to keep an eye on is fraud. I mean fraud, to me, is really interesting, because I think it's the one area where everyone, the regulators, the

institutions, consumers, agree that more needs to be done. So we're seeing just tremendous activity around the space, and I would say payments in particular seem to be a huge area of focus of that. Definitely things to watch there and then. When I look at security and privacy, ops, resilience, third party risk management, to me, they're all very intertwined to some

extent. If we think about cyber risk, it's inevitable. And I think the innovation that we're seeing on the AI and quantum side, you know, while they have definite benefits, they're also exacerbating the risk in this space. So I would expect these to be, you know, on the list for the foreseeable future. Yeah, yeah, yeah. So much going on there. Really interesting. I meant to ask, when you said before Bernadine that the regulators sort of playing catch up on AI who, who's leading, do you think?

That's a that's a really difficult one. I think we've, we've seen the EU AI act come out, we've seen the full text of that. And the approach, I suspect, that's seen as a bit of a lead in in the markets. They adopting a very much a risk based, risk driven, approach to AI regulation, but, but at the moment, we're seeing lots of different governments picking up

different aspects of AI regulation. It's also an area that's regulated not only by financial services, but actually primarily by other regulators, with financial services having to fit in as well. So it's going to be an area that develops for quite a while, I'm sure. Yeah, interesting. And then one of the other areas would be interesting for you to comment on Bernadine is around resourcing, which I know you highlight in the report. How can the industry make progress on the resourcing issue?

Yeah, very, very topical at the moment with clients so they find that recruiting and retaining compliance talent is is a real challenge, and in the current market, we've seen firms making progress by making better use of technology and outsourcing or co-sourcing some tasks that are more people intensive to allow the experience compliance team to to really focus on strategy and decision making and business partnering and and those types

of things. And I think compliance teams have also had success bringing in talent from non traditional backgrounds, people who have an interest in compliance, and see that as a career that they're really interested in following.

Interesting, Yeah, I thought it was also you were talking about resourcing in the report, and you and you were talking about optimization, and through sort of four lenses that you said that should be looking, looking at effectiveness, efficiency, sustainability, and creating a competitive edge and that, you know, sometimes there's cuts in resourcing that really create quite a big

impact. Yeah, so I really liked the that approach, and especially, obviously the competitive edge piece, because I think that gets lost a lot on the compliance side. Yeah, absolutely does those, those short time, short term changes sometimes as budgetary constraints can have a really, a really long term impact on compliance and affect the business as well. So so definitely want to to consider.

Yeah, absolutely and good to think about it across those different viewpoints, when you when companies are thinking about their resourcing and what that really means. So let's, let's transition and talk about some of the unique regional challenges that you identified. Because as much as we've talked about all the similarities, there were some differences. And Bernardine ESG was identified as a priority in Europe, but not in other regions, which is very curious. So can you elaborate on that?

Regional Challenges and Horizon Scanning

Yes, it was a bit of a surprise, I guess. I think from a European perspective, ESG was very high on the priority list, partly because of the package of legislative changes being brought in by the European Union relating to the development of the Sustainable finance market and far reaching pieces around disclosures and reporting and so on. That's all very active and front of mind for our clients at the moment. So we. We really see

that focus in Europe, in the UK as well. We're seeing growing momentum behind the implementation of some of those initiatives now, again, in order to encourage the growth of a sustainable finance market within financial services. Well, it's it's good that it's on, on high on the agenda

somewhere. I think so. Carol, you talked about the US Supreme Court decisions as surprising developments in 2024 are they the root of the heightened uncertainty that you've identified for North America, or are there other things that are part of that story? They're definitely part of it. There's another part of that story, and that is, as everyone knows, we have a new administration, and new administrations always bring

with them change. I think it's fair to say that the financial services industry is actually quite optimistic that there'll be some regulatory relief, that there'll be a lighter touch on enforcement, that we will finally have a crypto framework

in the US. So they're looking forward to a lot of the change, but I think we have the inevitable reality that change doesn't happen overnight, and even if everything is seemingly moving in the right direction, change itself brings challenges to institutions, and it will take some time for all of this to be put into place. So I think for us in the US, and anybody that does business in the US, that definitely adds to the uncertainty in this year.

I think that the crypto framework is going to be an interesting one for us to keep an eye on, and maybe that'll be a good one to check back in on our next update. And then you close out the paper by highlighting the importance of horizon scanning, which I thought was really interesting.

You've addressed it previously, but you referenced a speech by former member of the board of the European Central Bank and the New York State Department of Financial Services superintendent, Elizabeth McCall, and she talks about horizon scanning using an analogy to vision. Can you explain that analogy? And you know, I thought it was a very interesting approach. Yeah, Carol I both really like this analogy, and it seems very fitting for that horizon scanning process that most

compliance officers are doing on a very frequent basis. So so her her analogy is that when identifying risks, if you think of firstly, central vision, so what's right in front of us right now the risks of which we are all aware, that's that's the core of it. And most of those compliance priorities that we mentioned to the report and that we have on our list are examples

of those central vision. Secondly, there's fringe vision, which are those issues which are just outside the central vision, changes that we we see developing and beginning to have an impact, but not quite there yet in terms of a real focus. And then finally, peripheral vision, which is that much wider risk landscape, and that includes structural trends, for example, that could have a profound impact on business

models and the financial services industry. And normally, we would say peripheral vision, things that are in peripheral vision might take quite a few years to come through to central vision. But the speed of some of those changes now we see AI, for example, two or three years ago, would have been really on peripheral vision and has now rapidly moved into central vision. So these things do change and change really quickly as well.

Final Recommendations for Compliance Departments

Yeah, yeah, very interesting. So quite a good model or structure for for your customers and people to sort of use when they're thinking through their their plans. So we covered a lot there, and I think there's still more in the report that people could dig into. And so just a reminder to everyone that the full report is available online, and we will give the the link to everybody, but it's worth, worth having a read to get into a bit

more of the the detail on on the. Areas. So maybe, I think we covered nearly I think we've covered the key points anyway, but everyone can take a look and see if there was other things that you know stand out for them. But maybe, as a final question, if I can get from both of you, if the compliance departments could do just three things in 2025 to improve their effectiveness, what would you suggest they do? So, Carol, do you want to kick us off?

Sure. So expecting that you might ask a question like this, I actually asked this question of our proprietary AI chat bot! Oh, fantastic! ThenI tweaked the answers, because we still need a human in the loop, but our chat bot suggested that the three most impactful things that compliance compartments, departments could do would be to continue leveraging technology including AI and advanced analytics. So was selling itself!

Well, I think you made it number one, yes! The second point was just ongoing training and awareness, just in recognition that we have so much going on that, you know, keeping not only the compliance department itself up to speed, but the organization at large is is a full time commitment. And the

last was around risk assessment. And I think this is a topic we've talked about in the past too, just the continual need to kind of move to more dynamic risk assessment, not look back, but dynamic and really provide data driven insights that can inform decision making. So I thought the chat bot did a pretty decent job. Yeah. Not too bad. And Bernadine, what was your, What was your personal view? Or did you also go to a different a different LLM and see if you got a different result?

No, these are personal reflections. So I wish I'd thought of using more of an AI model. There you go. So I would say, focus on outcomes rather than processes. We often see compliance teams become very caught up in a process view of the world. But actually, sometimes it's the outcomes that

matter the most. Thinking about resourcing that point about outsourcing the low value activities and focusing on real areas of compliance value add, I think, is important, and then building an organizational culture so that compliance has a valued seat at the table, perhaps the hardest to do, but would certainly be the one that could make a biggest impact and difference for compliance teams. Okay, well, that's still a lot for those compliance teams to do

between those six things. So really good recommendations, but obviously very big, chunky activities in their own right. So thank you both, though, for sharing all of that. I think that's a brilliant you know, kick off to our 2025 you year ahead and some very interesting thoughts, predictions and things

for people to actually put into process, I think so. Thank you both, and I'm super excited that we're going to be back in the middle of the year, given the rate of change that we're seeing, given the, as you said, the uncertainty and several of the other things that we do see on the horizon. I think it'll be really good to have a media check in and yeah, so everyone

should watch out for that, and it'll be really good. We also we're continuing just updates from Risky Women, we're continuing our Women to Watch series in 2025 so we'll have a big list coming out for International Women's Day in March this year. So everyone should watch out of that. Watch out for that. And we continue to add new activities to the

repertoire all the time. We have Rev-up sessions, which we hold one per month for members, they're part of your membership and all of the Rev-up sessions, but anyone can join, and the Rev-up sessions are aimed at what I say, building on our already incredible superpowers. So lots of good things that are

coming up there. So watch out for those. And. Go to our Risky Women website, riskywomen.org and sign up for the ROAR newsletter so that all of the listeners don't miss a thing and they can hear about all the events, the most recent podcast and everything else that's going on in the network. And take a moment to subscribe to this podcast on whichever channel is your preferred and give us a five star rating and a comment

too that would be absolutely brilliant. But thank you Carol and thank you Bernadine, it's been another fabulous discussion. Thank you. Great fun to be back with you again. Thank you for having us Absolutely thank you. And see you mid year. Thank you. Thank you for listening to this episode of Risky Women Radio, be part of the ongoing conversation and learn more about our events and other programs at riskywomen.org

Transcript source: Provided by creator in RSS feed: download file
For the best experience, listen in Metacast app for iOS or Android