Business Insight

Are you future proof? How to keep on top of a rapidly changing risk and compliance landscape

By Morgan Spain, Chris Baker, Samantha Carroll and Marianne Hong

05 April 2024

Risk and compliance professionals are forced to grapple with hundreds of new and continually updated and overlapping laws and regulations on an ongoing basis, each containing multiple, cascading individual obligations.

The financial services sector is one of the most regulated sectors globally. Over the last four months in Australia, there have been over 330 new, amended or repealed obligations that impact financial services organisations. If your team isn’t across which ones were updated, whether the updates matter to your business, whether you can understand the legalise, and how to manage compliance, you’re not alone. We understand you face an ever-evolving regulatory and social landscape, where businesses are under more scrutiny than ever, from regulators, shareholders, employees, customers and the communities in which we live.

We are only a few months in and yet 2024 already promises to be even more active on the regulatory front, with government signalling reforms in several key areas, such as scams, Environmental, Social and Governance (ESG), privacy and cyber security, artificial intelligence, and the financial services framework. This is in addition to the steps businesses should already have taken to implement the reforms that commence this year, such as the new Financial Accountability Regime (aka FAR, for short). That's a lot of complex legislation that can be hard to understand, let alone implement.

Combined with emerging threats such as cyber attacks and advances in technology, disruptive global events and a volatile economic environment, businesses need to be more than simply aware of the risks. They need to look ahead of the changes and implement a realistic plan using adequate resources to manage these complex risks, as well as the regulatory landscape.

Against this, and somewhat incongruously, there is a growing trend of businesses downsizing their risk and compliance capabilities to meet broader margin pressures. This leaves many organisations scrambling to meet their increased regulatory compliance obligations with fewer resources available. Organisations are seeking to fill this gap through data and technology capability, but there is a relative immature understanding of big data, and while a lot of data is captured, businesses are not set up to interrogate and utilise that data to drive real insights, let alone for use in reliable generative AI.

It is no wonder that legal and regulatory compliance was the second-most-common issue (after cyber-crime and data security) keeping Australian directors awake at night, according to the Australian Institute for Corporate Directors' Sentiment Index Survey (2nd Half 2023). Also, concerningly, 72% of risk professionals say their risk-management capabilities have not kept up with the rapidly changing landscape, as found by consultants Accenture in their Risk Study 2024 Edition.

What are successful businesses doing to know they are complying?

Here are some insights that we have from working with our clients and others in the industry about what successful businesses are doing to stay on top of the changes to understand and manage their obligations, as well as to minimise commercial, legal and reputational risks.

Large scale proactive readiness is cheaper than large-scale reactive remediation: To navigate compliance, you need to start by understanding it. Most regulators want to know what you have done proactively not reactively, and this expectation forms a large part of new accountability regimes. Teams can only be proactive if they understand complex regulations and how to implement the relevant ones into a reliable compliance management framework. They also need to keep on top of changes and review existing processes and systems to make sure they are effective in managing new regulations. A future-forward approach to risk and compliance is essential for avoiding costly remediation, and catastrophic brand and reputation damage.
Enablement through compliance capability and technology: Identify the right mix of compliance capability and transformative technologies for your business – it is not a one size fits all – in-house, outsourced or co-sourced options coupled with the right technology platform offer opportunities to do more with less in your risk and compliance practices.
Expert advice for peace of mind: Seek expert advice tailored to your businesses' unique circumstances about how to efficiently understand and implement relevant complex regulatory requirements. This provides peace of mind that you are at least keeping pace with industry innovation, and government, regulatory and public expectations. This can give the board, senior management, and compliance and risk teams confidence in their ability to meet their obligations, and reduce your risk profile.

Want to know more to future proof your business?

We will continue to share more insights on other common challenges to successful obligation management and how to manage obligations, as well as who 'owns' risk and compliance under the new Financial Accountability Regime.

This publication is a joint publication from Ashurst LLP, Ashurst Australia, Ashurst Risk Advisory LLP and Ashurst Risk Advisory Pty Ltd, which are all part of the Ashurst Group.

The Ashurst Group comprises Ashurst LLP, Ashurst Australia and their respective affiliates (including independent local partnerships, companies or other entities) which are authorised to use the name "Ashurst" or describe themselves as being affiliated with Ashurst. Some members of the Ashurst Group are limited liability entities.

Ashurst Risk Advisory LLP is a limited liability partnership registered in England and Wales under number OC442883. Ashurst Risk Advisory LLP is not regulated by the Solicitors Regulation Authority of England and Wales.

Ashurst Risk Advisory Pty Ltd is proprietary company registered in Australia, and trading under ABN 74 996 309 133.

Ashurst Risk Advisory LLP and Ashurst Risk Advisory Pty Ltd services do not constitute legal services or legal advice and are not provided by qualified legal practitioners acting in that capacity. The laws and regulations which govern the provision of legal services in the relevant jurisdiction do not apply to the provision of risk advisory (non-legal) services.

For more information about the Ashurst Group, which Ashurst Group entity operates in a particular country and the services offered, please visit www.ashurst.com.

This material is current as at 5 April 2024 but does not take into account any developments after that date. It is not intended to be a comprehensive review of all developments in the law or in practice, or to cover all aspects of those referred to, and does not constitute professional advice. The information provided is general in nature, and does not take into account and is not intended to apply to any specific issues or circumstances. Readers should take independent advice. No part of this publication may be reproduced by any process without prior written permission from Ashurst. While we use reasonable skill and care in the preparation of this material, we accept no liability for use of and reliance upon it by any person.