The role of the compliance function is increasingly crucial for financial institutions because, by ensuring regulatory compliance, it helps to preserve the integrity and transparency of financial activities, oversee the proper management of associated risks, and protect the interests of stakeholders.
In recent years, the Italian financial environment has been characterized by a series of important changes related both to digital transformation, aimed at satisfying a smart clientele with increasingly evolved needs and preferences, and to sustainable transformation, to address challenges related to climate change and environmental and social issues. At the same time, the regulatory dynamism seen in recent years is posing a major challenge. Indeed, the European regulator has authored a series of directives (AML, DORA and AI ACT) aimed at ensuring greater governance of the digital tools of advanced analytics models.
These changes further enhance the role of the compliance function in guiding institutions toward this digital and sustainable transformation process, in which regulatory and compliance requirements are increasingly complex and stringent.
The increased centrality of compliance, however, also requires a decisive organizational and cultural change in the function, without which it would be difficult to adequately address the risks associated with regulatory and, in particular, digital and sustainable developments. For example, the introduction of AI and advanced use of data, aimed at supporting traditional operations and sustainability projects, often require a step change in terms of internal culture and organization structure, as well as adequate resources and new skills for increasingly digital processes.
Therefore, the search for soft skills, combined with a new, more agile and collaborative way of working, becomes even more relevant. Sustainable transition itself is a complex change that requires new capabilities that are difficult to train and search for in the market.
In this regard, the creation of heterogeneous teams, with completely different professional figures from each other, aimed at overcoming any problems of mindset and countering change may prove to be a success factor. While considering the sectoral and organizational differences, as well as the associated transition costs, there is a need to create a more cooperative and interrelated relationship between the different organizational functions of financial institutions, in order to better manage change and new emerging risks. The research, conducted by Cetif, in collaboration with Avantage Reply, through the Digital Compliance Hub 2023, highlights some new risks related to sustainability issues, including ESG governance and greenwashing that are definitely the main ones to consider. These risks are mainly affected by the absence of well-defined regulations, although the latest regulatory updates attempt to outline specific governance frameworks and a well-defined taxonomy.
In fact, ESG rules and regulations are listed by financial compliance as the second most important regulatory package to watch out for, next only to the latest updates on AML and AML (Anti-Money Laundering). The implementation of two directives, such as CSDD (Corporate Sustainability Due Diligence Directive) and CSRD (Corporate Sustainability Reporting Directive) during the year will have a high impact on the financial market.
Despite this, the market is beginning to prepare for new ESG risks through the creation of steering committee in-house on sustainability, social and governance issues (85 percent of banks and 71 percent of insurance companies).
These bodies are also highly participated by the compliance function, which, on ESG projects, is mainly in charge of the interpretation and implementation phases of the standard, as well as the control and validation of products with ESG content, while second-level controls and reporting are, for the time being, entrusted to risk management.
Regarding greenwashing (which in a broad sense can be understood as a digital ESG risk), compliance and other control functions find it difficult to recognize and map misleading practices. In fact, to date, compliance seems to be better prepared in overseeing internal processes of ESG issues, such as POG (Product Oversight Governance), confirming its difficulties in managing risks related to external processes, such as greenwashing itself. This issue could find a proper resolution, especially through the increasing use of digital tools and advanced data analysis models. Therefore, it is necessary for the compliance function to start moving ahead, initiating strategic and structural projects, through the support of new technologies, and avoiding waiting for regulatory dictates. Emerging risks, such as climate risks, are already having major impacts on the business and, therefore, could have major legal and reputational consequences on the entire organization.
In summary, we can say that the process of digital transformation of the compliance function is fully underway.
Like other business functions, compliance also highlights numerous difficulties in data integration and collection, noting an additional data quality problem functional to the adoption of data technologies. Among the technological solutions that compliance intends to adopt, AI is the most interesting, both for its more traditional applications (e.g., Machine Learning and Advanced Analytics) and for its "generative" applications (e.g., ChatGPT). The latter technological solution, moreover, may be able to provide decisive support to Compliance's business and operations in its three different phases of interpretation, implementation and monitoring.
The digital transformation of the function and the latest regulatory updates, however, pose strong questions about the evolving role of compliance, whose traditional scope is increasingly being expanded.
Therefore, the compliance function will undoubtedly continue to play a crucial role in the coming years, but it will have to succeed in equipping itself with new cross-functional professionals capable of taking advantage of next-generation information systems in order to optimize and automate the function's processes.
The integration of these skills will enable the function to understand and adapt regulatory solutions more quickly, as well as become more flexible to meet the needs of a more evolved customer base and the business needs of other functions.