The international compliance environment is ever changing and with the push for financial transparency, companies are facing a very complex landscape.
Global regulatory compliance and transparency initiatives – for example the Common Reporting Standard (CRS) – are interpreted differently from country to country, which brings challenges to legal and compliance departments that need to manage resulting obligations across multiple jurisdictions.
Staying on top of constantly changing regulations and making sure that your business compliance programs are up to date is not easy. Looking at the global status of compliance complexity through the ranking of 85 countries in the Compliance Complexity Report 2018, legal teams and business people need to change the way they think about international expansion. With so many challenges, it is very important to remain ahead and create a scalable framework.
How can your company prepare to meet these challenges?
For a large company, a dedicated internal global team may take the lead in understanding how the new regulations could affect the company. If a regulation impacts multiple regions or jurisdictions that the company operates in, then they can create outlines of suggested documents and actions for regional teams to use to stay compliant.
Making sure that all employees understand the regulatory compliance environment and resulting obligations, is something that all companies need to do. Understanding this complexity is the first step in keeping the company compliant. A program that is rolled out globally will allow for the education of employees about relevant regulations and the penalties that could be the consequence of non-compliance. Such a program can also help to make sure that the responsibility of compliance does not rest on just one person or department.
For some companies and regulations, it may be possible to standardise certain processes by applying a higher standard everywhere. The opportunities that standardisation brings are positive and can show that your company is proactive about being compliant. One example of such an approach is the General Data Protection Regulation (GDPR) where it was necessary to make sure that people were opted in for data security for countries in the European Union, but many companies used this regulation as a standard for all jurisdictions and had users opt in no matter where they were in the world.
A key component to every process is the input, which in the case of compliance, whether regulatory or otherwise, comes down to one thing, data. With a rapidly growing number of diverse requirements on local and global level, it is becoming clear that handling each requirement separately is no longer truly feasible. Combining the processes for similar requirements starts by evaluating the data sets and timelines involved. For example, the Foreign Account Tax Compliance Act (FATCA) and CRS regulations have a lot of overlap when it comes to the information and data that companies need to maintain and review as part of the ongoing process to ensure compliance. In turn, both FATCA and CRS data requirements also have a lot of overlap with Anti-Money Laundering (AML) regulations adopted across the globe. Therefore, it makes sense for companies to try and integrate or standardise their compliance processes for all three, which creates efficiency for the company as well as its relations.
Fully standardising the information that companies and organizations need to maintain to be compliant in each jurisdiction they operate in, does come with a few challenges. Taking the highest standard and applying that across the board is in principle a good concept, but there are jurisdictions that would discourage you to request information from clients and relations if such information is not required under local regulations. There is also the issue of exceptions and unique requirements. Certain jurisdictions may not issue a tax ID to residents for example, so making that a mandatory piece of data to collect for all jurisdictions would result in gaps. Other jurisdictions may issue unique identifiers not used elsewhere, and may require those identifiers to be part of certain annual compliance filing obligations. It would not make sense to include a request for such identifier across the board. Smart technology can be very useful in this process to allow for jurisdiction specific tailoring and automatic updates without the need for legal teams to manually maintain overviews of requirements.
Technology is an increasingly important support needed by companies trying to achieve efficiencies in compliance. Intelligent and (semi) automated systems help to track, review and plan as well as flag action items as soon as they become relevant, rather than after the fact during a periodic review. By keeping information and documentation up to date throughout the year, the various filing deadlines and requirements become less challenging. This eases the burden on operations since there is no need for a manual review prior to each deadline. Using technology also limits the risk of human error, which is an increasing concern with not just the new regulations being implemented, but also the constantly changing nuances and additions to existing regulations. In the EU for example, the 4th AML directive had not even been fully implemented yet when the 5th AML directive was adopted at the beginning of this year. This makes it extremely challenging to remain up to date on all relevant changes and obligations, with the risk of unknowingly being non-compliant.
Compliance can be overwhelming for any company, which is why is it important to find a trusted partner with global and local knowledge about compliance and regulatory requirements, obligations and changes. TMF Group's experts operate in over 83 jurisdictions to provide on-the-ground compliance and administration services. Learn more. Contact us today.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.