Banks’ Compliance

Banking compliance and risk has become one of the most significant concerns for financial institution executives. Compliance functions evolved from unknown, well-hidden departments deep inside banks to become a complex and high-impact professional discipline. After the 2008 financial crisis, banks have faced an increase in the level of scrutiny from the government with innumerable statutory and regulatory compliance requirements. The focus of the discipline has also shifted from primarily being about legal interpretations to many other areas such as risk assessments, project management, training, monitoring and data extractions as well as driving cultural change and communication. All banks differ in the way they operate, but one thing they have in common is compliance.

Why Compliance?

This transformation towards a greater emphasis on compliance has also made it more important than ever before to focus on the why of compliance. Why is compliance so important and why should institutions be continuing to invest in this function?

“Regulators aren’t just more aggressively pursuing institutions who break the law. Lawmakers are imposing higher penalties on lawbreakers. Compliance has become a pivotal issue for banks because failing due diligence on customers and transactions leaves a company open to scrutiny and litigation.” – Adrian Morrissey, Manager of the Compliance Division, Robert Walters, New York.

Banks want to have a strong compliance culture in order to protect their customers & employees, ensure satisfied shareholders and have the trust of society at large – including the respective regulators. If banks face regulatory action for non-compliance, the consequences could be catastrophic – ranging from fines, temporary suspension to permanent closure of business.

Everything with compliance is about winning the customers’ trust. Non-compliance with regulations will have a significant impact on the brand reputation of the bank. For financial institutions, customers are more sensitive to brand reputation and non-compliance would lead to a significant decrease in customers.

What compliance?

Regulatory compliance, which is making sure that any business or action conducted by a bank is within legal parameters and all “reasonable” actions have been taken in order to prevent / manage incidents.
Internal Compliance, concentrate on internal policies, practices and standards and thereby ensuring that a bank operates according to its’ own created culture.

How it is evolving?

Accenture conducts an annual Compliance Risk Study to gain insight into the different strategies that firms are pursuing to create compliance functions that meet the demands of a rapidly changing financial services industry. The recent study throws some interesting observations on Compliance Risk viz. decrease in headcount– a drop in the number of people under this function observed. While headcount is decreasing, the spending is increasing for meeting compliance requirements of the present and future as well. While spending is heading north, a skills gap between skills currently available and those required is notably observed. This gap is preventing compliance from understanding the ecosystem of risks it faces. This could be partly because of few shocks to the industry like open banking, crypto-currency and quantum computing that create uncertainty and test the resilience of compliance. This skills gap and other challenges with data, perhaps hindering a proactive approach to important risks on the horizon like proliferation of virtual currencies & struggling regulations surrounding them, issues on innovative technologies like a responsible approach to use of artificial intelligence, emerging concerns on corporate governance etc.


Approach to compliance

“Compliance starts at the top. It will be most effective in a corporate culture that emphasizes standards of honesty and integrity and in which the board of directors and senior management lead by example. It concerns everyone within the bank and should be viewed as an integral part of the bank’s business activities. A bank should hold itself to high standards when carrying on business, and at all times strive to observe the spirit as well as the letter of the law. Failure to consider the impact of its actions on its shareholders, customers, employees and the markets may result in significant adverse publicity and reputational damage, even if no law has been broken” – Basel Committee on Banking Supervision in its approach paper on Compliance and the compliance function in banks

Basel Committee has come out with certain guidelines, placing specific emphasis on board of directors and senior management, recommends a complete independence of compliance function to make it more effective.

In a regulatory climate of uncertainty, it can be very tricky for banks to be future proof against evolving requirements. Regulation is rarely black and white, and one size fits all approach will definitely not meet the requirement of banks. Compliance function of one bank may not be considered appropriate for another bank. However, the evolving compliance role with organizations poses a challenging and important question- Is this sustainable and does it create a long-term strategic win?


Our Hurricane Risk Models Are Dangerously Out-of-Date

Last week, researchers at the University of California, Davis, overlaid FEMA’s flood-zone maps on top of satellite imagery of the devastating flooding around Houston after Harvey poured more than 40 inches of rain across the region.

The preliminary assessment found that two-thirds of the inundation occurred outside the federal agency’s 100-year floodplains, where there should be only a 1 percent chance of flooding in any given year. More than half of the deluge happened “outside of any mapped flood zone,” even including 500-year events, in areas that should face only “minimal flood hazard” . You can read more here.

Image result

Similar instances were observed when hurricane Katrina hit the US few years ago. The predictions went wrong because of the computer models relying on data which is of no relevance today.

COSO Issues Important Update to ERM Framework: First revision since 2004 addresses evolution of enterprise risk management

LAKE MARY, Fla. (Sept. 6, 2017) – The Committee of Sponsoring Organizations of the Treadway Commission (COSO) today released its highly anticipated ERM Framework: Enterprise RiskManagement–Integrating with Strategy and Performance. This new document builds on its predecessor, Enterprise Risk Management–Integrated Framework, one of the most widely recognized and applied risk management frameworks in the world. The updated edition is designed to help organizations create,
preserve, and realize value while improving their approach to managing risk.
The update, developed by PwC under the direction of the COSO Board, highlights the importance of enterprise risk management in strategic planning. It also emphasizes embedding ERM throughout an organization, as risk influences strategy and performance throughout the organization.
“The complexity of risk has changed, new risks have emerged, and both boards and executives have enhanced their awareness and oversight of enterprise risk management while asking for improved risk reporting,” said Robert B. Hirth Jr., COSO Chair. “Our overall goal is to continue to encourage a risk conscious culture.”
The first part of the updated Framework offers a perspective on current and evolving concepts and applications of enterprise risk management to meet the demands of an evolving business environment.
The Framework itself is organized into five easy-to-understand components that accommodate different viewpoints and operating structures to enhance strategies and decision-making. The update focuses on challenges and evolving expectations of enterprise risk management that business leaders and boards are dealing with in today’s landscape, including shifts in economic markets, evolving technologies, and changing demographics in supporting decision-making.
“PwC has had a long-standing relationship with COSO. Together, we’ve seen enterprise risk management redefine its importance to an organization,” said Miles Everson, PwC’s Global Advisory Leader and Engagement Leader. “The Framework addresses the evolution of ERM, the benefits that can be achieved, and the need for organizations to improve their approach to managing risk.”Image result for coso logo
“ERM is as much about understanding the implications from the strategy and the possibility of strategy not aligning as it is about managing risks to the implementation of the strategy and business objectives,” said Dennis Chesley, PwC’s Global Risk and Regulatory Consulting leader and Project Partner for the COSO ERM effort. “This update answers the call for a stronger emphasis on how enterprise risk management integrates from strategy through implementation and performance.”

Concluded Hirth, “There is no doubt that organizations will continue to face a future full of volatility, complexity, and ambiguity. Enterprise risk management will be an important part of how an organization manages and prospers through these times.” The document is available in printed form, e-book, on-line subscription and pdf licensing for large organizations, accounting and consulting firms. COSO also offers software application licenses and a training license fee arrangement. Additionally, COSO is planning for the Framework to be translated into several languages, including Chinese, Japanese, Spanish, and French among others.

For additional information, please visit

About COSO
Originally formed in 1985, COSO is a voluntary private sector organization dedicated to improving organizational performance and governance through effective internal control, enterprise risk management and fraud deterrence. COSO is jointly sponsored by the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), the Institute of Management Accountants (IMA), and The Institute of Internal Auditors (IIA). For more information, visit