In a few weeks, it will be the year of the pig, but I’m not so sure that its going to be that generous.  Much of what kept us awake in 2018 will continue to do so in 2019 with potentially greater consequence.  Some thoughts below.

After a turbulent 2018, here’s what is top of mind over the next twelve or so months in the risk and compliance space. 

- The Europeans will get tougher on risk and compliance in the wake of Danske Bank and ten years of foreign (primarily U.S.) enforcement actions.  

- The U.S. will be less aggressive than in years past but will continue to roll out enforcement actions targeting a number of institutions in Europe, Asia and the Middle East.  Regulatory action in the rest of world will be important to watch as geopolitical tensions rise (with positive correlation between geopolitical tension and enforcement).

- The dollar will remain the primary settlement currency, but there will be increasing exploration into the use of other currencies (including dollar-pegged currencies).  This will pose enforcement challenges.  

- Innovative and newly formed emerging market banks will increasingly look for ways to circumvent normal payment channels (e.g., SWIFT), but tradition will take longer than people think to displace.  

- Risk and compliance will continue to be one of the many battlefields in international spats.  The Huawei situation is only the beginning and one that has already now involved the United States, Canada, Poland, New Zealand and Australia.  Moreover, it will become clear that a number of other internationally-minded companies may have circumvented sanctions to increase the bottom-line.

- China will begin to test its own form of sanctions.  Various geopolitical or economic flash points could make that a reality sooner rather than later.  

- International confusion (resistance) around the Trump Administration’s re-imposition of Iran sanctions will lead to a number of violations – likely regarding global corporates versus banks – who operate in the Middle East but have not fully contained their compliance risk exposure.  Russia will remain a manageable, yet risky prospect for companies as well.

- With a civil lawsuit against the former CEO of Danske Bank as precedent, Boards and management will increasingly fear personal liability around risk and compliance and begin to demand further independent (emphasis on external) auditing and testing of processes, procedures, customer risk profiles, etc.

- The recent announcement by U.S. federal regulators encouraging regtech experimentation and other innovative solutions to reduce compliance spend and increase efficiency will help potential users get comfortable with adopting new technology, but business-as-usual at global banks and corporates will slow progress (despite a real desire to improve).

- Nonetheless, investment in regtech will continue to soar.  For example, more money was invested in regtech in the second half of 2018 than in all of 2017 combined.  In comparison to other related investment opportunities that are heavily saturated (e.g., payment, wealth management, challenger banks and blockchain), there is still significant upside in a space that is underinvested.

- Compliance departments and regulators will be presented with new challenges from crypto currency innovations, such as the Lightning Network, that further obfuscate transactions on the blockchain.  Emergent monitoring technologies will face challenges in keeping up (as will law enforcement).

- Corporations, governments, and banks will spend more money on cyber defense.  A lot more.  In particular, counterparties will be increasingly scrutinized as they have become a large surface vector for attack.

- In line with this, there will be a premium for companies (particularly in emerging markets and frontier markets) that are increasingly transparent.  In other words, the harder it is to understand entity risk and ownership, the harder it is for investors and counterparties to make decisions.  

- Firms will begin to value new, enriched data to make better risk and investment decisions.  Nowhere will this be more coveted than across emerging and frontier markets who represent 70% of global GDP growth over the next five years.

- Risk and compliance evolve.  The current approach to risk and compliance was envisioned and constructed before the public Internet was fully realized.  Understanding and managing internal data will remain a requirement, but how firms handle, and mange public data will separate the followers from the leaders.

- Leading institutions will demonstrate to regulators (and shareholders) a more proactive approach to risk management.  Proactive approaches, to include ones that allow for more dynamism in understanding and monitoring enterprise risk across hundreds of countries and thousands of clients will prevail.  They will also help firms avoid significant regulatory and reputational risk.