Handling Compliance Complexity
Compliance is about values and brand, it matters.
As I have exposed it before, Compliance in general and Financial Security in particular are complex and very sensitive matters. Complex for they imply to adapt business and operating models to regulatory constraints as well as many other parameters: client types, geography, financial products and activities. All these elements are key in the equation that will deliver the most resilient efficient and ethical business model. Sensitive for financial stakes are high and personal responsibility can be called in: from front to back everyone shares some responsibilities.
With cars, there is a predictive side to the speed limit equation: you know the speed of your vehicule, the speed limit on the road and the fine can be calculated based on those two factors. However, what you don’t know, is the damage you may cause and the probability to for both the fine and the accident to occur.
Unlike with cars, Compliance is much more complex and there is no real predictive side. To a certain extent, Compliance regulations are specific enough and limit interpretations of what must be done. But beyond this, handling Compliance complexity is very much like risk. Although it is its duty to put in place all necessary failsafe to comply with regulations, there is not such a thing as a 100% Compliance proof system. Financial Institutions have to assess this risk (probability and impacts) and ensure mitigations measures are in place to reduce this risk to its minimum acceptable level.
To address this complexity, Financial Institutions must assess that new risk through a dedicated approach. Such an approach to secure an entire framework in terms of Compliance must be structured around 7 key elements: a strong and up to date control framework; a specific and well followed-up training policy; an adapted commercial strategy; end to end control framework; a full proof IT architecture; an operational and independent permanent control setup. To ensure consistency and efficiency overall, a strong governance is critical. This governance must ensure all stakeholders are fully involved and decisions are made and embraced.
Financial Institutions are full of resources to perfectly ride this wave of change. They must rely on their internal expertise in particular in terms of financial activity, business and IT processes. A culture of control is also a strong asset. Staff needs for ethic is definitely a strong lever banks can lean on. This last strength matters for Financial Institution’s staff will be their last failsafe to adapt to an ever changing regulation context. It will help with the ability of some to exploit loopholes like it does exist for cyber security too.
Surely, banks will require external help to bring additional scarce Compliance skills, neutral opinions and silos independent resources that will bring new options to enhance business and operating models to a new necessary level.
But the key success to Compliance transformation will be the coordination between all those actors and therefore the importance of the governance. Compliance technicity and Silos within banks will be their key challenge to meet. Strong CCO (Chief Compliance Officer) and the support of ExCo commitment are the cornerstone and regulators will not miss that: leadership will be an essential part of the game.