Regulatory compliance is now an essential component of any business strategy, and particularly for financial institutions. We analyze legislative developments and the sustainable commitments to which it is currently subject.
We talk with Sonia Lecina, who took the reins at Area XXI’s Regulatory and Governance Department on January 1 of this year. “Compliance has evolved significantly in recent years, driven by globalization, a rise in the number of companies internationalizing their operations and the growing complexity of regulation,” she says. In the case of Spain, the 2010 criminal legislation reform was a significant milestone, as it included the possibility of indicting legal entities.
Compliance has evolved from being an almost symbolical function to being an essential instrument in helping companies avoid corporate sanctions and responsibilities. For insurers and reinsurers, it’s a transcendental function since the entry into force of European Solvency II regulations in 2016 as a prerequisite to doing business. Although it was created as a reactive mechanism, with the aim of avoiding fines or sanctions, the framework is evolving toward a more proactive approach, integrated into the philosophy of any organization. “Compliance shouldn’t be limited to avoiding legal sanctions – it should be element of business strategy,” Lecina emphasizes.
Compliance and sustainability
ESG (environmental, social and governance) commitments mean that external laws affecting any sector exist in tandem with internal regulations that are aligned with the values and strategy of each company, who now reflect their commitments and values in this respect in through sustainability and social responsibility. “It’s an effective way of reinforcing the trust of employees and collaborators that allows compliance to be integrated more coherently into the business model,” she asserts.
Continuous training and team awareness is the cornerstone of a compliance program. “No employee will understand that they must constantly apply controls and save evidence if they aren’t trained to do so. Their activity is essential to achieving reasonable security. Training encourages responsible behavior that makes them see the compliance and internal audit functions as allies, not enemies”, explains the expert, who notes that “successful compliance management is built on culture, the involvement of people, prior analysis, investment in resources of all kinds and a lot of inter-departmental collaboration.”
The complex global legislation
In an environment of globalization and digital transformation, adopting local and international regulations has become more complex. “In the European financial sector, as in the insurance market, companies present in several countries encounter harmonized European legislation that is not always transposed in a homogenous manner, which can generate regulatory friction. Moreover, there are differences in the supervisory practices of the authorities,” says Lecina. Using technology and automated control checks is essential in managing global compliance.
This context requires companies to be more diligent and to plan months in advance, as the risks associated with compliance are increasing. If the company operates on a large scale and across several territories, Sonia Lecina considers it necessary to create supranational structures where teams have local authority and independence in each region and are functionally subordinate to the compliance area of the group’s holding structure. “There is hyper regulation in the financial sector affecting customer data protection, sustainability, prevention of money laundering etc. All of them have important legal implications. Companies traditionally used to measure legal risk based on the monetary amount of the various sanctions. Ethical and reputational risks are now at the fore, and the publication of a public warning has greater repercussion. Business ethics are key in an era in which customers and providers both demand trust and transparency in all dealings”.
New vulnerabilities bring major challenges
Cybersecurity, environmental impact, ESG criteria…more and more regulation, national and international, keep compliance professionals on their toes. “There’s still a long way to go, this legislation is not easy to get your head around. Cybersecurity is a global problem, and the finance sector is one of the most vulnerable. Our country’s banks and insurance companies are suffering the consequences. Everyone is exposed and we need to be aware that being a small insurance company doesn’t exempt you from an attack. As withany risk, we can only mitigate against it with foresight, investment in technology and governance,” Lecina states.
These same regulations also serve as a guide for implementing more appropriate controls and ensuring that there are no loose ends that facilitate entry for criminals. ESG commitments are being successfully integrated into business plans, with more sustainable investments and employee care. However, the challenges faced by compliance areas are, apart from the regulatory revolution, determining factors. For Lecina, the first challenge is to secure more support from the management level. She believes that conviction is lacking in terms of the benefits of compliance and how it is reflected in corporate growth: “It’s not usually used as a tool in strategic decision-making processes, and should not be seen as a cost, but as an investment. “The second major challenge is to seek allies in the business areas. They can’t continue being the black sheep or ugly ducklings of a company. “Back in the day it was the auditors who faced resistance internally, and now this ire is directed at compliance teams. This is especially frustrating given that compliance can only be achieved with everyone’s collaboration,” she concluded.
Article collaborators:
Sonia Lecina holds a degree in law from the University of Barcelona and also has a master’s degree in public policy. A regular teacher on industry courses and master’s degrees, she has collaborated since 2003, representing Spain, as a national adviser and expert in various projects to support regulatory supervisors in Europe and Latin America.
While working for Spain’s Directorate-General for Insurance and Pension Funds, she headed up the Complaints Department, the Legal Department and was unit head inspector in the Inspection Division and head of the PBCFT Unit. In 2018 she moved to SEPBLAC as head inspector of supervision for the Financial Sector, where she remained until December 2024.
On January 1, she took over Area XXI’s Regulatory and Governance Department, with the aim of adding value to the firm’s ongoing projects and developing new ones that provide legal support to companies in regulatory, governance and compliance matters. Sonia graduated Doctor cum laude from Universidad Rey Juan Carlos for her thesis titled The function of compliance as an ethical, strategic and sustainable instrument of growth in insurance organizations.
