Choose your preferred analogy – whether it’s fighting fires, or shutting the stable door after the horse has bolted, Compliance functions are becoming increasingly effective at reacting to and remedying known issues.
But what about the effectiveness of Compliance in identifying new risks, questioning longstanding assumptions and ‘accepted practices’, and driving improvements in the management of known risks?
Have the underlying lessons of recent conduct scandals such as LIBOR, FX, and PPI been learned, and are Compliance functions becoming more proactive and better placed to prevent conduct issues on the same scale from reoccurring?
As the Compliance curve continues to steepen, both for the business and for Compliance officers, what are some of the key factors impacting the ability of the Compliance function to sustain a sufficiently proactive approach?
Increasing demands on Compliance Officers to achieve more with less
As firms continue to struggle with bottom line results, cost pressures are bearing down on the work of the Compliance function. Some firms are taking an additional ‘Compliance dividend’ and cutting Compliance budgets on the basis of bolstered control activities in the business, and on the belief that the worst of their conduct issues are now in the past.
One positive outcome from recent misconduct episodes is that the business is now much more engaged on Compliance matters and is shining a bright spotlight on the Compliance function, and is increasingly critical of the quality of support and control provided by it.
Regulatory compliance with MAR, MIFID II and other regulations – necessary, but not sufficient.
As firms dedicate additional resources to meet changes in regulatory requirements, and give more short-term focus to them, they must also remember that ensuring regulatory compliance is a necessary but not sufficient approach to managing conduct risk. Firms shouldn’t be distracted from proactively searching out unmanaged or unidentified conduct risks, even while regulatory compliance issues remain a near-term high priority.
How can Compliance Officers develop and demonstrate their effectiveness?
Front-line Compliance officers are increasingly likely to be required to justify their existence by demonstrating proactive risk management actions taken. But barriers to this, beyond the constraints of resourcing, can remain. For example, the ‘adviser/controller dilemma’ can cause some Compliance staff to be reticent about being proactive with the business on risk identification and control matters.
Trade and communications surveillance has found a new lease of life after years of underinvestment. While detective trade and communications surveillance may, by definition, only find conduct problems after they have occurred, early identification of and intervention into inappropriate practices can prevent them from becoming systemic if they are ‘nipped in the bud’ early.
Elsewhere in Compliance, monitoring activities that resemble internal audit work can struggle for effectiveness. Ultimately, the purpose of monitoring must be to find problems so they can be fixed. But monitoring teams can sometimes be unclear about what skills their want their staff to possess e.g. skills weighted more towards auditing and testing, or more towards conduct risk identification and mitigation?
Nascent risk assessment work is another area of Compliance activity requiring development. Risk assessment work can often be too skewed towards delivering a product for external regulators, rather than producing an assessment that supports improved proactive risk management. Many risk assessments merely tell Compliance management what they already know and risk scores can be distorted by the subjectivity, confirmation bias, and cognitive biases in the Compliance staff completing the assessment.
Is Compliance Culture an elusive panacea?
Conduct issues, whether involving client or market mistreatment, and rogue trading incidents, have been a feature of wholesale financial markets for a generation.
before. Yet, despite efforts made to improve culture, egregious misconduct remains a persistent problem. While there are reasons to be optimistic that culture can change, culture can be fickle and is no substitute for a robust control framework. It will be interesting to see how the concept of corporate culture evolves, and indeed whether culture remains a meaningful concept, as working practices change, as the ‘third industrial revolution’ continues, and as the ‘era of the corporation’ ends.
Financial industry legacy issues: Are they behind us?
While firms caught up in regulatory actions involving LIBOR, FX, financial crime, and PPI mis-selling, are putting those issues behind them, many more stones might remain unturned in the financial services industry. Retail and commercial banks, as well as investment banks, should continue to proactively scan for conduct risks that are current, and that might be on the horizon. My bet would be that there are many more ‘legacy issues’ to come in the future.
Heads of Compliance and Surveillance must choose their technology providers carefully
Increased use of technology in the business can provide more chances to ‘force’ compliance into processes that are vulnerable to human error or misconduct. And more technology in business processes also result in better feeds of data to support surveillance for unusual or suspicious activities, or for analysis of patterns that might indicate heightened risks.
Trade & Communication surveillance technologies continue to evolve with multiple suites and modules now available for various types of client mistreatment, market abuse, and unauthorised trading risks.
However, employing more technology isn’t necessarily a simple one-way bet. Recent high profile technology outages and cybercrime incidents underline the need to ensure that technology platforms are fit for purpose, reliable, and properly resourced and supported.
Some commentators have expressed a view that the impersonal and distant nature of electronic relationships with clients can make it easier to rationalise dishonesty or cheating. “As a society, we’re moving away from tangible representations of money,” says Dan Ariely, author of ‘The Honest Truth about Dishonesty. “Could it be that, as psychological distance increases, people behave in a worse way but still feel good about themselves? If it does, what are the precautions we should have under those systems?”
Overall, technology surely presents significantly more opportunities than threats. And while proactive risk identification and management may be challenging to sustain, increased use of technology both in the business, and by Compliance, offers new opportunities to achieve step-change improvements in both the effectiveness and efficiency of Compliance activities.
Trimming sail for the voyage ahead
The work of the Compliance function continues to grow in complexity and importance. The traditional advisory aspect of the role of Compliance is declining relative to its controlling role, resulting in a recalibration of resources towards monitoring and surveillance.
On the human side, Compliance staff need to find and take opportunities to go an extra ten per cent in providing scrutiny of, and challenge to, the business.
On technology and surveillance, the requirement for systems and surveillance routines that can interrogate a wide range of communications and trading data, producing useful results that minimise false positives, is ever more important. While surveillance activity in the past has often failed in its role to detect unusual and suspicious transactions, we are entering a new ‘era of surveillance’ with increasingly substantive opportunities to find the issues and fix them – before they become out of control.
Tell us what you think. Is the Compliance profession on the right track and evolving well enough for the challenges ahead? What opportunities do you think technology presents for Compliance as a risk function? Please leave your comment below.