Under the oppressing regulatory overburdens, Compliance has become a strategic function attracting banks management’s full attention
Non-compliance risk is defined as the risk of not complying with regulatory obligations applying to banking and financial activities including the prevention of money laundering, terrorism financing and relating to professional and ethics norms. Non-compliance risks takes the form of:
- Direct operational loss: fines banks have paid have been multiplied by 30 over the last 6 years.
- Direct business loss: even if mandatory exclusion from a business is unusual, banks have decided to de-risk their business by closing some activities with high compliance risk.
- Indirect business loss: a bank fined would suffer from a tarnished image which could jeopardize new clients acquisitions or existing clients confidence.
In the light of the recent regulatory pressure, the risk not to comply has never been highest than today and that given to :
- The number of recent and future regulations and the multiplicity of regulators layers
- The wide scope of these regulation involving the whole value-chain
Most of the fines financial institutions have faced until now refer to breaches of regulations enforced before 2009.
We can expect that regulators will exercise greater care to the post-crisis regulatory wave in the years to come.
As guardian of the temple, Compliance functions have become a strategic function for financial institutions to cope with the material risk of fines and to ensure the bank growth in a safe environment.
Compliance’s missions are enlarging and at the same time, this points out fundamental shortcomings that Banks need to address
Compliance function is born in the regulation (CRBF-97, Basel, MIFID, etc.) and is subject today to a deep mutation: firms will expect more and better from a compliance officer in the future.
Roles are swiftly drifting into more responsibility of the function:
However banks are facing fundamental shortcomings to meet these new roles:
- Blurry positioning: 1) no acknowledgment from business/operations, 2) communication issues between business/operations and compliance, 3) empowerment limitation among compliance officers, 4) limited talents attraction.
- Isolated and siloed organisation: 1) visibility and coordination with the broader risk-management framework, governance and processes difficult, 2) limited ability to translate regulatory requirements into management actions for business and operations, 3) disordered lobbying actions.
- Poor risks identification and management structure: 1) limited understanding of the business operations and underlying risks exposure, 2) monitoring strategy based on a subjective bottom-up approach and not on a objective, systematic and risk-based approach, 3) more in the reaction mode than in the anticipation mode.
- Very few concerns about efficiency: 1) very low level of industrialisation, 2) no project culture, 3) no IT equipment, 4) very few indicators defined.
First thing is to identify these critics in order to move forward and towards a rethink of the model.
A full circle approach is required to design a best-in-class compliance: from strategy to cultural change
1 & 2. CLARIFY STRATEGY & BUILD AN EFFICIENT ORGANISATION
- Key questions regarding the governance that financial institutions are putting on the table:
- Articulation Local / Global: what is the best split of responsibilities / allocation of resources between Group and Entities?
- Reporting line: what is the best reporting line for compliance? Direct to GM? Reporting to Risks? Reporting to the legal/general secretary function?
- Independence: Full independence or managed as another supporting function? i.e. having its own HR, Finance, Communication functions?
- Key questions regarding internal organisation:
- Split by compliance roles: advisory/risk monitoring/ application supervision/reporting
- Split by regulation domains: markets/ethics/financial security
- Split by business domains: CIB/AM/WM/SS/Retail
- Split by key processes: Execution/Booking/Clearing/Settlement/Payment/ reporting/regulatory watch etc.
- Vertical/horizontal organisation?
3. DEVELOP OPERATIONAL EFFICIENCY
In the current context of pressure on costs on the one hand and the expansion of compliance mission on the other one, developing an efficient compliance function represent a strong competitive edge.
E.g: Regtech is one of the leads large players are currently exploring: https://indeed.ailancy.com/2018/01/11/regtech-its-a-kind-of-magic/