The regulatory obligations that organisations need to comply with are rapidly increasing, and it's clear organisations are struggling to keep up and find ways to comply. Lawyers can help – ideally as part of a multi-disciplinary approach incorporating other experts and technology focussed on solving the business problem rather than just as legal advice without considering how it can be incorporated most efficiently into business processes.
The problem is not new. Even well-established legislation such as the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 is still causing problems for banks, with recent enforcement action being taken against two New Zealand banks for infringements over many years.
However, it is getting harder. New regulations are continuing to come out, with even more demanding ongoing requirements.
For example, on 1 October 2021, the Credit Contracts and Consumer Finance (Lender Inquiries into Suitability and Affordability) Amendment Regulations 2020 will come into effect. These regulations will require lenders to very specifically assess whether it is likely that credit or finance will meet a borrower’s requirements and objectives, and to make reasonable inquiries about whether it is likely the borrower will make the payments under the agreement without suffering substantial hardship.
Looking further out, the Financial Markets (Conduct of Institutions) Amendment Bill will require affected organisations to have a “Fair Conduct Programme”. This is defined as “policies, processes, systems and controls to ensure compliance…”
We have moved beyond just having compliance registers, policies and training, to needing to ensure compliance in very specific situations. We now need to be able to demonstrate – at any time - how that is working. What that means in practice is that:
- The requirements are no longer a high level “tick the box” exercise - they require very specific actions to be taken throughout individual business processes.
- You can no longer capture and communicate requirements by summarising them in an Excel spreadsheet or a Microsoft word table. They are too detailed.
- Running periodic training courses telling people what to do in general terms won’t cut it.
- Policy and procedure manuals that people don’t read have never worked.
- It’s not possible to build more legal review and approval processes into every business process, as it will create expensive and unworkable bottlenecks.
- Surveying people every six months and asking them to confirm they have complied with requirements they never understood will, at best, bring non-compliance to light after the fact.
New ways of designing and managing compliance are required. We need to build compliance into the day-to-day work systems that people use to do their jobs so that they are complying without necessarily understanding the legal requirement. The system can guide them to think and act in ways the regulations and business management require. When issues are identified, you need to quickly intervene, update the process, and be sure that the revised process will be followed from then on.
New solutions that can enable this are now available.
With no code software solutions, and specialised compliance software that can now be licensed for use rather than custom-built, it is now possible to map out legal and other logical requirements into a process map and then automate key parts of that process with integrations where required.
This new approach to compliance and business process improvement requires a multi-disciplinary approach. It is not enough for lawyers to summarise the law into lengthy Microsoft word opinions or hundreds of rows of Excel spreadsheets without understanding how clients will implement that advice. Lawyers should understand what systems and processes their clients are going to use to comply and how they will use them to tailor their advice to match the way the client will do the work.
Examples are everywhere
As an example of how widely these solutions are emerging across all business sectors, and often not coming from the legal profession and with a legal focus, we stayed in an Airbnb in the most recent school holidays. A chance conversation with our host led me to learn about their site management and health and safety solution, siteconnect.
As document automation specialists, with a particular interest in construction documents and processes, we have previously looked into the possibilities of automating the production of a site specific safety plan (SSSP). But the document itself is not the objective – it’s the actual management of site safety that matters, and I’ve felt that a more dynamic solution is required.
The siteconnect team seems to have done a great job of building a solution for managing site safety and health and safety in real-time, as you can see here: https://sitesoft.com/sssp-management/.
In my view, a lawyer advising a client on health and safety should understand whether their client is using a system such as siteconnect. If they are, it could greatly simplify the scope of the law firm’s engagement to focus their advice on ensuring the client’s use of such systems delivers the required outcomes, with the firm filling any gaps identified. If the client is not using such a system, the firm may provide a lot of value simply by helping the client identify and select a solution.
These systems can create new workstreams for forward-thinking lawyers. By understanding the system – what it can do and what it can't – a law firm could develop a specialist skillset to work alongside the customer, the technology provider, and other experts to help customers fully comply with their legal obligations as part of an overall business process.
FintechNZ Webinar: 2021 CCCFA Regulatory Compliance: what you need to know
As a corporate and finance lawyer for most of my career and having automated a lot of legal documents and processes, I have a particular interest in the financial sector, developments in the fintech space, and how more complete solutions can be designed and delivered.
On 14 September, I’ll be joining regulatory expert Simon Jensen of Buddle Findlay and Kris De Coussemaker of Sandstone Technology on a webinar for FintechNZ. Demonstrating the multi-disciplinary approach that is required to tackle these situations, we’ll be looking at how a combination of deep regulatory expertise, legal automation expertise and fintech solutions which focus on solving business problems, as opposed to selling standard software products can ensure and demonstrate compliance by lenders with required processes while also improving overall business and customer experience and reducing business costs and risks.
You can register for the FintechNZ webinar here: https://events.humanitix.com/webinar-cccfa-regulatory-compliance-requirements. You can learn more about LawHawk’s legal automation and compliance solutions here: https://www.lawhawk.nz/automation-services