Compliance sustainability

In my previous articles on Financial Security, I have highlighted the high stakes involved in compliance matters. I have also underlined the complexity of transversal project and provided some clues on how those issues should be addressed . Once the gap has been offset, once appropriate compliance processes have been implemented, once training programs for existing staff and new comers have been rolled out, there will be only one outstanding consideration: sustainability.

Compliance sustainability is about three pillars.

The first pillar is about strength of the control framework. Procedure even the smartest ones, can be abandoned in the cloud waiting for the next audit to resurrect them. Procedures are a set of strict steps belonging to a bigger picture that must be performed every day. To ensure procedures are not just words on papers Organisation must implement a second layer of controls that ensures that indeed all steps are performed effectively. The strength of this layer is measured through two factors: the quality of the second level of controls (including the process to address control findings), the independence of those performing them and very often permanent controls are already in place in many organisations. But yet, are they efficient enough, how did they dealt with their very last issue? What would be the one thing a bank could do tomorrow to improve them?

The second pillar is about actualisation. Part of this topic is addressed by the capacity of the organisation to capture and translate changes into actual processes and controls. This capacity is strongly correlated to the dialog between businesses, operations and compliance. As none can expect to get it right in the first place, a process of actualisation should be in place. Anytime an issue occurs, a process should be initiated so all involved parties should sit at the same table and review what went wrong. This includes businesses, compliance, operational control and HR as well for training matters. It is not about a blame culture, it is about a transformation culture, it is about learning and self-actualisation. This pillar can only exist through a strong culture of transformation, a critical quality in these disruptive days. Although this culture is stronger in Tech Companies (The financial brand journal listed 5 banks having transformation values as core values), many financial institutions are growing such values in their culture e.g. “Constantly raising the bar” Standard Bank. But what are the two innovating characteristics of a bank that guarantee transformation values inspire the organisations? what will be the next step to spread even more these values to compliance or department in charge of controls?

The third and last pillar is the ultimate daily “compliance firewall”. It is about people mindset. It is about behaviours and conduct. Eventually, no hard rules can make an open system full proof. There are two reasons behind this statement. First, compliance is a rapidly changing framework: today’s rule will not be tomorrow’s and there will always be some lag between the organisation reaction and the regulator demands. And this despite any organisation agility. Second, organisations greatest threat is the environment creativity. You may be the best at compliance, be praised for that, this will surely be one of the reasons you gain market shares. But the better you are the better your environment will be with its unlimited access to creative minds. Banks last and best firewall is staff awareness and ethic. Since it is about the part of the world without rules, organisations can’t rely on procedure only but on people awareness and ethic. Awareness based on knowledge provided by trainings and people ability to judge new situation from an ethical perspective: staff able to make the right decision despite the absence of rules e.g. “Intensified oversight of ethics” Deutsch Bank. Banks are running code of conduct programs (Bank Of America, BNP Paribas) to spread a greater awareness about ethic. Hence, the question that CEO should ask themselves is how will the market assess their staff with regards to ethic in five years’ time?