With heightened regulatory scrutiny in the decade following the financial crash, the role of the chief compliance officer is rapidly evolving
Challenges facing the chief compliance officer (CCO) and the compliance function itself have been mounting since the 2008 global financial crisis. Mis-selling of payment protection insurance, or PPI, and the scandal surrounding the manipulation of the benchmark interest rate Libor have kept regulators’ focus on governance in the financial services industry. The result is that the role of compliance in financial services is likely to become evermore important.
In an environment of greater scrutiny and more judgment-based supervision, CCOs are responsible for not only understanding and applying regulations, but also ensuring a culture that highlights the value of business ethics. History has already shown that over-reliance on control can lead to a situation where behaviour or actions not explicitly forbidden can be considered acceptable.
Now the job is as much about shaping the culture of an organisation as it is about the nuts and bolts of making sure the firm is compliantMike Hampson, Bishopsgate Financial Consulting
At the most progressive institutions, attitudes towards compliance are changing. Whereas in the past the CCO was often viewed as the “business prevention officer” and compliance bureaucrat, organisations are now understanding that governance and standards can be strategic too, and the role is attracting a different calibre of individual.
“It probably started as a fairly technical role, but now the job is as much about shaping the culture of an organisation as it is about the nuts and bolts of making sure the firm is compliant with whatever regulations are coming along,” says Mike Hampson, chief executive of Bishopsgate Financial Consulting.
With the increasing requirements of the role and the breadth and depth in the range of skills required, the type of candidate applying for the role of CCO is also changing.
“It’s attracting a higher quality people into the roles, because they recognise that compliance is going to be around for a while. It isn’t just an administrative thing; it is quite interesting working with regulators and making sure that firms stay compliant,” says Mr Hampson, former managing director, financial institutions business, at ABN AMRO transaction banking.
Accenture’s 2019 Compliance Risk Study points to business growth as the largest driver of transformation in compliance, such as the re-engineering of processes given the focus placed on client life cycle management or understanding how to mitigate potential changes to compliance risk profiles due to the emergence of digital identity.
“Compliance should take steps to modernise its thinking to remain relevant as an adviser to business amid the pace of the fourth industrial revolution,” the study says.
Personal culpability and eye-watering fines will also certainly have played a role in the change, but the evolution is also driven by consumers, as well as regulators. In April, the Financial Conduct Authority fined Standard Chartered £102.2 million for poor anti-money laundering controls, making it the second largest such penalty.
“In the early days, the role was seen as a hospital pass to throw at underperformers. It had no teeth. Now running an effective compliance function is an essential extension of senior management oversight, but also a way of communicating ethical behaviour across an organisation. The reputational risk associated with bad behaviour has become just too high,” says Nikolas Holttum, lawyer and regulatory specialist.
CCOs are adopting more innovative approaches such as better use of technology to develop the compliance function, but with growing cost pressures it is a juggling act to take advantage of the new technologies available and manage budget constraints. Moreover, technology will not fix all the challenges ahead or create a solid governance framework.
With the growing importance of ethical judgments and the need for compliance to be the duty of everyone, there is a risk that responsibilities of the function become blurred. This can, however, be resolved by establishing clear divisions of responsibility and lines of accountability.
A three-lines-of-defence approach to compliance will require adjusting so compliance can be sufficiently independent and remain the control function without being conflicted by offering advisory or legal advice, for example. Indeed, the number of lines of defence are expected to grow so compliance is rooted throughout an organisation.
“The establishment of independent compliance functions, becoming more distinct from the legal function for instance, has not solved the perception from some quarters that compliance is a Big Brother figure, siloed off as an internal watchdog that challenges commercially motivated decisions,” says Paul Search, executive director, global FINEX (financial, executive and professional risk), at Willis Towers Watson.
“The need for the CCO to be a driver of cultural change is also causing them to break out of this silo and seek to become more embedded in the broader interests of the business.”
Indeed, some financial institutions have already begun reshaping the compliance operating model, with the front office stepping up to its position as a true first line of defence, allowing compliance functions to focus on the highest risks, according to the Accenture study, based on a survey of 151 senior compliance officers in global banks, capital markets and insurance institutions.
Know your client
Most respondents to the Accenture study say responsibilities previously performed by second-line-of-defence compliance were now shifting to the first line, in areas such as know your client, or KYC, testing and surveillance.
“This shift is allowing compliance to adjust its operations within a more integrated second line to manage new risks without disrupting the pace of business,” according to the study.
In the absence of precedents, compliance teams may take a conservative viewSuchitra Nair, Deloitte EMEA Centre for Regulatory Strategy
With disruption may come internal pressures, however, as change-makers adjust older, less efficient processes and structures to innovate.
Suchitra Nair, director at the Deloitte EMEA Centre for Regulatory Strategy, says: “In the absence of precedents, compliance teams may take a conservative view. Unsurprisingly, this can lead to tension between the innovators and compliance specialists. Upskilling compliance teams and engaging them, such as during the planning and design stage of innovation, can alleviate some of these tensions.”
Michael Harris, director at Lexis Nexis Risk solutions, says: “In the UK, we need to establish a much better educational framework for compliance. People came into compliance in the past by accident. Countering financial crime is so important that we need to get to grips with it and ensure proper education.”
What is clearly critical to the future of compliance is ensuring the new breed of compliance officers combine the technical with the digital to fulfil new responsibilities.
To find out more about the risk management technology ecosystem of the future, download Harnessing Risk Management.