RiskTech Forum

ClusterSeven: Sweeping Winds of Change in Compliance Culture

Posted: 16 April 2019  |  Author: Henry Umney  |  Source: ClusterSeven


We woke up to the news today that Swiss investment bank, UBS, has been fined a record £27.6 million by the Financial Conduct Authority (FCA), for transaction reporting breaches. 136 million misreported transactions over almost a decade!

Clearly, regulators mean business and are leaving no stone unturned to curb intentional or inadvertent non-compliance. The high expectation of financial institutions to comply is evident in the value of the UBS fine, the highest yet. Also, regulators themselves aren’t being spared – the Financial Reporting Council, the accountancy watchdog, itself is being axed in favor of a new body due to its failure to prevent the collapse of high-profile companies, the most recent being Carillion.

We are seeing the winds of change spurring a sweeping transformation in financial institutions’ attitude and culture towards compliance.  There is already the Senior Managers and Certification Regime (SM & CR), of course, that is enforcing individual accountability. Bigger and wider still is the remit of the FCA’s Operational Resilience initiative, stipulating that resilience in designed into the operation of institutions.

Shadow IT is frequently the culprit of non-compliance. Users use Shadow IT (databases, spreadsheet-based applications, management information systems, etc.) at will. Visibility of these applications and processes and application of controls can be lacking as they fall outside the scope of enterprise IT.  In this changing regulatory and compliance environment, putting in measures and systems to cover Shadow IT is an obvious place to start, really.