23 September 2014

David Craig

David Craig - Thomson Reuters

2 | posts 5,660 | views 0 | comments

Who is responsible for managing compliance risk? You are

27 June 2014  |  3495 views  |  0

High profile scandals and enforcement actions around the world have elevated the stature and scale of the compliance function across our industry.  This could be seen as, perhaps, one of the few good outcomes of the financial crisis.  Yet compliance is moving into unchartered waters.  The focus on personal liability as an enforcement priority is sending a chilling message to boardrooms and compliance teams alike, just as regulators are also shifting focus from rules-based compliance to concepts which are harder to measure, none more so than culture and conduct risk.

But measure is exactly what we must do.  This week at our 10th annual Compliance & Risk Summit in London, the UK’s Financial Conduct Authority (FCA) enforcement director Tracey McDermott spoke to a packed house of 500 compliance professionals.  Ms McDermott’s message is that conduct and culture will be key indicators used to assess if the customer is being treated fairly. 

Conduct risk was not even on the radar of most compliance officers three years ago and its exact meaning is still not strictly defined.  What we do know is that conduct risk is not market, credit, liquidity or operational risk; it is more about the way that firms and their staff conduct themselves. For compliance teams this means traditional quantitative-based analysis around the compliance of rules won’t suffice in assuring boards and regulators that their firms have done the right thing by the customer. 

Across the financial industry there is welcome talk of moving to a compliance culture.  Companies fail when compliance is seen to be the lone responsibility of the compliance team.  The FCA has articulated that a high standard of behaviour has to be in evidence from every part of the organisation – from top to bottom and front to back. However, the intricacy of today’s organisation and its supply chain make this ever more complex. 

We have already seen the reputational damage from companies and/or their suppliers’ use of forced labour in factories or the abuse by workers across some industries. The Summit heard that far from being remote, there are an estimated 30 million people involved in slavery and forced labour generates approximately $150 million in illegal profits. Preventing and combating this blight requires that banks, corporations and regulators work together to tackle the criminals using the banking system to hide this illegal and harmful activity.  Financial institutions, in particular, are in a unique position to use their data to identify anomalies in financial transactions which may shine a light on human trafficking. Companies need to look beyond the financial metrics to understand how their suppliers are going to deliver those services at a particular cost. 

At the Summit this week, the FCA was clear that banks are not yet out of the penalty box. In fact, we heard that 10 banks were fined $243bn from 2008 to 2014 for mis-selling, market rigging, anti-money-laundering (AML) abuse and other issues.  Beyond the headlines, the real pain cuts much deeper as firms often spend the same figure again on the legal counsel, accountants, management time, and more to manage the related investigations. All of this serves to highlight that the risks associated with both non-compliance and the costs of compliance are higher than ever before.

The lack of a black and white rulebook is causing more complexity. My advice for our industry is to stay in touch with the nuance around regulatory expectation.  There is a need to define what looks good and then decide how to measure, communicate and consistently apply.  We can’t just track rulebook changes; there needs to be an understanding of how the regulatory powers will be used. We must also look at the cultural implications of remuneration and sales incentives in the event they drive poor customer outcomes – as recent examples have already illustrated.

Finally, we shouldn’t underestimate the challenges.  Tracey McDermott used the word ‘sustainability’ to refer to those firms with the right models that will be here in the medium- to long-term.  With signs that the economy is improving, now is the time to embrace a compliance culture.

 

TagsRisk & regulationInnovation

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from David

Who is responsible for managing compliance risk? You are

27 June 2014  |  3495 views  |  0  |  Recommends 0 TagsRisk & regulationInnovation

The rise of the renminbi as a truly global currency

08 May 2014  |  2166 views  |  0  |  Recommends 0 TagsTrade executionTransaction banking
name

David Craig

job title

President - Financial & Risk

company name

Thomson Reuters

member since

2014

location

London

Summary profile See full profile »
President of the Financial & Risk business of Thomson Reuters, which accounts for US 6.5 billion ...

David's expertise

What David reads
David writes about
David's blog archive
June 2014 (1)May 2014 (1)

Who is commenting on David's posts