High profile scandals and enforcement actions around the world have elevated the stature and scale of the compliance function across our industry. This could be seen as, perhaps, one of the few good outcomes of the financial crisis. Yet compliance is moving
into unchartered waters. The focus on personal liability as an enforcement priority is sending a chilling message to boardrooms and compliance teams alike, just as regulators are also shifting focus from rules-based compliance to concepts which are harder
to measure, none more so than culture and conduct risk.
But measure is exactly what we must do. This week at our 10th annual
Compliance & Risk Summit in London, the UK’s Financial Conduct Authority (FCA) enforcement director Tracey McDermott spoke to a packed house of 500 compliance professionals. Ms McDermott’s message is that conduct and culture will be key indicators used
to assess if the customer is being treated fairly.
Conduct risk was not even on the radar of most compliance officers three years ago and its exact meaning is still not strictly defined. What we do know is that conduct risk is not market, credit, liquidity or operational risk; it is more about the way that
firms and their staff conduct themselves. For compliance teams this means traditional quantitative-based analysis around the compliance of rules won’t suffice in assuring boards and regulators that their firms have done the right thing by the customer.
Across the financial industry there is welcome talk of moving to a compliance culture. Companies fail when compliance is seen to be the lone responsibility of the compliance team. The FCA has articulated that a high standard of behaviour has to
be in evidence from every part of the organisation – from top to bottom and front to back. However, the intricacy of today’s organisation and its supply chain make this ever more complex.
We have already seen the reputational damage from companies and/or their suppliers’ use of forced labour in factories or the abuse by workers across some industries. The Summit heard that far from being remote, there are an estimated
30 million people involved in slavery and forced labour generates approximately
$150 million in illegal profits. Preventing and combating this blight requires that banks, corporations and regulators work together to tackle the criminals using the banking system to hide this illegal and harmful activity. Financial institutions, in
particular, are in a unique position to use their data to identify anomalies in financial transactions which may shine a light on human trafficking. Companies need to look beyond the financial metrics to understand how their suppliers are going to deliver
those services at a particular cost.
At the Summit this week, the FCA was clear that banks are not yet out of the penalty box. In fact, we heard that 10 banks were fined $243bn from 2008 to 2014 for mis-selling, market rigging, anti-money-laundering (AML) abuse and other issues. Beyond the
headlines, the real pain cuts much deeper as firms often spend the same figure again on the legal counsel, accountants, management time, and more to manage the related investigations. All of this serves to highlight that the risks associated with both non-compliance
and the costs of compliance are higher than ever before.
The lack of a black and white rulebook is causing more complexity. My advice for our industry is to stay in touch with the nuance around regulatory expectation. There is a need to define what looks good and then decide how to measure, communicate and consistently
apply. We can’t just track rulebook changes; there needs to be an understanding of how the regulatory powers will be used. We must also look at the cultural implications of remuneration and sales incentives in the event they drive poor customer outcomes –
examples have already illustrated.
Finally, we shouldn’t underestimate the challenges. Tracey McDermott used the word ‘sustainability’ to refer to those firms with the right models that will be here in the medium- to long-term. With signs that the economy is improving, now is the time to
embrace a compliance culture.