Banking compliance and risk has become one of the most significant concerns for financial institution executives. Compliance functions evolved from unknown, well-hidden departments deep inside banks to become a complex and high-impact professional discipline. After the 2008 financial crisis, banks have faced an increase in the level of scrutiny from the government with innumerable statutory and regulatory compliance requirements. The focus of the discipline has also shifted from primarily being about legal interpretations to many other areas such as risk assessments, project management, training, monitoring and data extractions as well as driving cultural change and communication. All banks differ in the way they operate, but one thing they have in common is compliance.
This transformation towards a greater emphasis on compliance has also made it more important than ever before to focus on the why of compliance. Why is compliance so important and why should institutions be continuing to invest in this function?
“Regulators aren’t just more aggressively pursuing institutions who break the law. Lawmakers are imposing higher penalties on lawbreakers. Compliance has become a pivotal issue for banks because failing due diligence on customers and transactions leaves a company open to scrutiny and litigation.” – Adrian Morrissey, Manager of the Compliance Division, Robert Walters, New York.
Banks want to have a strong compliance culture in order to protect their customers & employees, ensure satisfied shareholders and have the trust of society at large – including the respective regulators. If banks face regulatory action for non-compliance, the consequences could be catastrophic – ranging from fines, temporary suspension to permanent closure of business.
Everything with compliance is about winning the customers’ trust. Non-compliance with regulations will have a significant impact on the brand reputation of the bank. For financial institutions, customers are more sensitive to brand reputation and non-compliance would lead to a significant decrease in customers.
Regulatory compliance, which is making sure that any business or action conducted by a bank is within legal parameters and all “reasonable” actions have been taken in order to prevent / manage incidents.
Internal Compliance, concentrate on internal policies, practices and standards and thereby ensuring that a bank operates according to its’ own created culture.
How it is evolving?
Accenture conducts an annual Compliance Risk Study to gain insight into the different strategies that firms are pursuing to create compliance functions that meet the demands of a rapidly changing financial services industry. The recent study throws some interesting observations on Compliance Risk viz. decrease in headcount– a drop in the number of people under this function observed. While headcount is decreasing, the spending is increasing for meeting compliance requirements of the present and future as well. While spending is heading north, a skills gap between skills currently available and those required is notably observed. This gap is preventing compliance from understanding the ecosystem of risks it faces. This could be partly because of few shocks to the industry like open banking, crypto-currency and quantum computing that create uncertainty and test the resilience of compliance. This skills gap and other challenges with data, perhaps hindering a proactive approach to important risks on the horizon like proliferation of virtual currencies & struggling regulations surrounding them, issues on innovative technologies like a responsible approach to use of artificial intelligence, emerging concerns on corporate governance etc.
Approach to compliance
“Compliance starts at the top. It will be most effective in a corporate culture that emphasizes standards of honesty and integrity and in which the board of directors and senior management lead by example. It concerns everyone within the bank and should be viewed as an integral part of the bank’s business activities. A bank should hold itself to high standards when carrying on business, and at all times strive to observe the spirit as well as the letter of the law. Failure to consider the impact of its actions on its shareholders, customers, employees and the markets may result in significant adverse publicity and reputational damage, even if no law has been broken” – Basel Committee on Banking Supervision in its approach paper on Compliance and the compliance function in banks
Basel Committee has come out with certain guidelines, placing specific emphasis on board of directors and senior management, recommends a complete independence of compliance function to make it more effective.
In a regulatory climate of uncertainty, it can be very tricky for banks to be future proof against evolving requirements. Regulation is rarely black and white, and one size fits all approach will definitely not meet the requirement of banks. Compliance function of one bank may not be considered appropriate for another bank. However, the evolving compliance role with organizations poses a challenging and important question- Is this sustainable and does it create a long-term strategic win?