As COVID-19 variants emerged, much of the last two years were occupied by the effects of the pandemic. But with the success of the vaccination rollout, there's been a return to more normality - and with it, the need for compliance again.
Biggest challenges faced by compliance in 2022
- Post-COVID workplace
- Climate Change
- Company culture
- Employee mental health & wellbeing
- Vulnerable customer management
- Loyalty penalties rules
- Compliance resilience
- Money laundering
1. Post-COVID workplace
As a result of the pandemic, many businesses have seen their operating models disrupted to the extent that they will never be the same again.
While a return to a full office working model may be feasible for smaller businesses, employee expectations have changed forever. Also, many employees will have enjoyed the extra time spent at home with families and not having to deal with costly and stressful commutes.
After the pandemic, technology companies like Apple, Twitter, and others have readily switched to a permanent remote working model. The outcome is more nuanced for others, with the hybrid working model - working only some of the time in the office - becoming the norm.
What does this mean for staff compliance? Firms need to look at their compliance risks again, this time on a longer-term basis. With employees at a physical and psychological distance from their paymasters, it's more important than ever to instil the right culture and manage conduct risk. Remote workers may take excessive risks or stray from agreed processes without adequate oversight or teams to provide ethical cues and moral anchors.
The issues are many and varied, including ensuring that documentation is properly maintained and disposed of, trades are carried out on time, colleagues don't collude inappropriately on WhatsApp, and inside information isn't shared with a partner working across the kitchen.
Remote oversight will likely form a more prevalent component of risk management through 2022.
That's not all. As the pandemic subsides, companies face the challenge of the so-called Great Resignation. Record numbers of people are leaving their jobs, and firms need to re-evaluate how to retain top talent.
What are post-COVID compliance considerations?
- Reinforce ethical principles - how can you keep organisational values top of mind, combat "out of sight, out of mind", and stop remote workers from taking risky decisions? Workers may cite extraordinary circumstances caused by the pandemic to justify bad behaviour. Consider what support mechanisms may be necessary to help them deal with moral dilemmas so decisions are anchored in best practice. Empower remote workers to speak out if they have concerns or witness wrongdoing by promoting psychological safety.
- Re-evaluate talent retention - hold one-to-ones with your team to make it easier to spot those at most risk of burnout or anyone who is disillusioned with their career post-pandemic. Remember, the risk of misconduct increases when motivation levels go down.
- Measuring productivity - how can productivity be measured effectively' when people work remotely? What adjustments are needed for performance reviews?
- COVID-19 safety - providing a safe and secure environment for those going back to the office.
- Hybrid working strategies - defining what hybrid working means and the extra measures needed to support those working remotely.
- Onboarding new staff - Creating a roadmap for recruits taken on during lockdown who may have missed out on traditional inductions and now have serious catching up to do.
2. Climate change
Following the Glasgow COP26 summit and renewed commitments by countries, financial institutions, and communities, climate change remains high on the agenda for 2022.
The UK introduced mandatory climate risk disclosures in April 2022 on 1,300 UK-listed companies and financial institutions, making it the first G20 country to enshrine these requirements in the law.
Climate change creates financial, operational, legal, and reputational risks from a regulatory and governance perspective. For instance, financial sector regulators expect regulated firms to manage the risks of climate change.
Firms need to provide clear, comprehensive and high-quality information to stakeholders and demonstrate that climate change is high on their agenda. Banks and insurers are required to nominate a senior manager to hold a Prescribed Responsibility for identifying and managing these risks.
What are key climate change compliance considerations?
- Assess climate change business impact using TCFD recommendations - it provides a uniform approach for all firms to capitalise on opportunities in the transition towards net-zero.
- Engage with internal and external specialists - to understand the financial impact and your overall exposure to climate-related risks.
- Define your climate change targets - set your sustainability credentials, emission reduction targets and a strategy to transition towards net-zero.
3. Company culture
Firms need to be aware of two other key culture and governance-related factors - diversity and inclusion.
While there are societal pressures for firms to be more transparent about tackling these subjects, there is greater regulatory pressure in these areas. The FCA has already made it clear that it wants firms to accelerate progress on diversity and inclusion and will include this in its supervisory work in the future.
Firms have a significant role to play here, from ensuring access to employment for BAME individuals to better visibility and representation of diverse workers at all levels. That includes the proportion of LGBTQ+, BAME, and women on boards and in senior roles.
Diversity and inclusion create more positive outcomes for firms regarding risk management, conduct, culture, and innovation.
What are company culture compliance considerations?
- Review existing diversity and inclusion policies - to ensure they are complete and up to date.
- Collect and analyse diversity and inclusion data - to measure diversity trends at all levels in your firm and report progress
- Track outcomes to monitor career progression and pathways - ensuring they are fit for purpose and support diversity/inclusionConduct exit interviews - to identify unhealthily or 'problem teams' early; avoid losing diverse talent
4. Employee mental health & wellbeing
It's been a bumpy time for many employees. Some of them struggle with the rising cost of living, uncertainty, overwork, and challenging situations at home, working remotely in shared accommodation or balancing work with home-schooling or caring responsibilities. More and more workers are reporting exhaustion and burnout.
Companies need to consider moving away from the traditional physical wellbeing model that emphasises injury and accident prevention to a more holistic approach that incorporates mental wellbeing and focuses on preventing stress, burnout, and conflict.
Another trending issue is psychological safety - developing a culture where people are not afraid to speak up when they make mistakes and, at the same time, are not blamed when things go wrong.
Creating a healthy culture builds trust, makes people feel more valued, reduces mistakes, and encourages employee engagement and retention.
What are mental health compliance considerations?
- Reconfigure your workplace - to promote greater well-being by helping people reconnect and rebuild rapport after lengthy absences. This may include reintegrating those continuing to work remotely and a delayed welcome for new starters.
- Make adjustments for those affected by COVID-19 - these may include different break-out areas, rest facilities for those with long COVID and shorter working days.
- Consider bereavement policies - create or update policies and practices for those coping with loss.
5. Vulnerable customer management
Soaring energy prices and inflation are increasing the cost of living. So we can expect that the treatment of vulnerable customers will take centre stage in the coming months.
Even before the pandemic, the FCA had this topic firmly in its sights - urging firms to ensure that vulnerable customers are treated fairly and consistently and insisting firms embed fair treatment in their culture, policies and processes. As the pandemic and rising prices continue to wreak havoc, this guidance is more vital than ever. Firms need to do more to recognise the scale of the problem.
- 21.4 m in the UK have living standards below a socially acceptable level - due to inflation, rising energy prices, and tax increases, according to forecasting by the New Economics Foundation.
- 4.2 million people have borrowed money - using credit cards, overdrafts and high-interest loans, according to the debt charity Step Change.
- Low-income groups are the worst hit, taking on approximately £10bn in debt.
With the economic outlook still looking downbeat for many going into 2022, firms must remain vigilant to signs of vulnerability and ensure their response, policies, and practices do not further detriment or harm vulnerable customers.
In addition, from July 2022, the FCA introduces a new Consumer Duty requiring firms to "deliver good outcomes for retail clients".
Firms must show that their communications are clear, evidence consumer outcomes, focus on creating better value, and take remedial action to rectify deficiencies.
While COVID-19 has been a threat to ordinary people, it's a major opportunity for professional criminals, especially regarding fraud.
According to the National Audit Office, the Government's £47bn emergency lending scheme for businesses has seen widespread abuse with no proper credit or identity checks. It is estimated that around 11% of loans are fraudulent, with over a third unlikely ever to be repaid.
What are the two key fraud risks?
- Pandemic-related fraud - Criminals continue to exploit vulnerabilities as the pandemic continues and use them as levers to carry out social engineering attacks. Examples include fake Covid passports, false promises of testing and PPE. Firms must ensure that their controls remain robust and that staff remain vigilant to identify and report such activity as it arises.
- Remote working fraud risks - Further attempts to exploit remote working models where real-time monitoring for fraud activity is much more difficult. Individuals that work remotely may be more vulnerable to exploitation or unsure of the right procedures.
But the key to preventing fraud remains the same – ensuring people are adequately trained on fraud risks and apply this knowledge and understanding in their day-to-day work.
7. Loyalty penalties rules
It is common practice in many sectors for companies to offer exceptionally low charges to attract new customers and then increase prices for existing customers each year at renewal - this is known as price walking.
It means that consumers have to shop around and switch every year to avoid paying higher prices for being loyal. This distorts market competition and penalises the least savvy customers, e.g. older or vulnerable individuals.
In the financial services sector, the FCA has implemented a package of remedies to remove such penalties on loyal customers by requiring home and motor insurance firms to offer renewal quotes to existing consumers that are not more expensive than those offered to new customers. The FCA estimates that UK consumers will save £4.2bn over ten years due to these changes.
What are key loyalty penalties compliance considerations?
- Communications - be transparent with consumers when communicating renewals information.
- Renewals - ensure that you give consumers easy ways to cancel the automatic renewal of their policies.
8. Compliance resilience
The issue of compliance resilience is related to hybrid working, lockdowns, and staff quarantine. Certainly, the pandemic has tested firms' resilience to a great extent. But firms need to go further still as the FCA, and the PRA have their eyes on the longer-term resilience of businesses. They have already laid down some firm markers regarding how they expect firms to demonstrate their resilience.
Firms need to identify critical services they operate. Then, demonstrate how these remain operational in challenging situations. Firms have been asked to identify impact tolerances, showing when the point arises of greatest tolerable stress. Resilience in the face of climate change and technological advancements is crucial to preventing system outages or failures.
Firms will be expected to produce and implement communication plans to accompany disrupted services (both internal and external) and demonstrate how these plans will operate in practice.
9. Money laundering
In a "Dear CEO" letter last year, the FCA alerted firms to weaknesses in governance and oversight, risk assessments, due diligence, transaction monitoring and suspicious activity reporting (SARs).
Consequently, in 2022, regulated firms are witnessing a more intrusive approach to their AML systems and controls. They could be exposed to fines and criminal proceedings for money laundering regulations, even if it is not apparent that these have facilitated financial crime.
Following the implementation of the 6th Money Laundering Directive, the EU unveiled a new anti-money laundering (AML) package, consisting of four legislative proposals - a directive and three regulations.
The EU AML proposals aim to change four key areas:
- Introducing a single AML rulebook
- New AMLA supervisory authority
- FIU coordination & support mechanism
- New requirements for crypto transfers
The proposals improve the current regime by introducing new rules, updating and refining existing requirements, and introducing a new supervisory approach. And significantly, they will end EU member states independent approaches to supervision and different expectations regarding directive implementation and control execution.
As negotiations continue over the EU-UK relationship following the UK's departure from the EU, some of the worst fears regarding custom delays and other administrative headaches have subsided. Firms in the manufacturing sector are preoccupied with spiralling costs and shortages in their supply chains, especially computer chips.
The Brexit deal does not provide clarity on equivalence in financial services. And yet, the City of London seems to have taken this in its stride. According to EY's Financial Services Brexit Tracker, the movement of assets and staff to the EU financial capitals has slowed.
But it leaves a huge risk if the EU withdraws equivalence rights for UK financial firms - it can do so with only 30 days' notice, and the UK has no right to contest.
On a positive note, the EU has given the UK's data protection regime "adequacy" status (i.e. equivalent to the EU). This status means personal data can flow freely between the EU and the UK, benefiting from equivalent protections guaranteed under EU law.
Looking for more compliance insights?
We have created a series of comprehensive roadmaps to help you plan and execute compliance in your organisation.
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
If you'd like to stay up to date with compliance learning best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.
Last but not least, you can interact in person with thought leaders and your peers at one of our popular live webinars and face-to-face events.
If you've any questions or concerns about compliance or e-learning, please get in touch.
We're happy to help!