Compliance functions at financial institutions have transformed significantly in recent years. However, several emerging trends will require even more radical transformation of compliance over the next few years, including the further evolution of regulatory expectations related to conduct and culture, cost pressures on all parts of financial institutions, and technological enhancements.
Our goal is to help financial organizations to better understand and identify current deficiencies within your established compliance programs to avoid costly and embarrassing scandals and turn compliance into a competitive advantage moving forward.
Banking Compliance Scandals in the News
In recent years, some of the world’s largest financial institutions have made the news, albeit for all the wrong reasons. The current wave of scandals sweeping across the financial industry is not merely caused by greed, but rather by significant deficiencies in the controls and governance of their compliance programs.
Danske Bank, for example, was hit with criminal charges earlier this year over a €200bn money-laundering scandal after Danish prosecutors accused it of failing to investigate and report suspicious transactions and having inadequate controls and checks on customers. As a result, Danske is currently under investigation by law enforcement and could be facing fines upwards of $8 billion.
Similarly, during a decade in which big banks have suffered immense damage to their reputations, U.S. Bancorp was an outlier, avoiding many of the crisis-era scandals that damaged some of its main competitors.
However, in February of last year, U.S. Bancorp agreed to pay $613 million in penalties to state and federal authorities for violations of the Bank Secrecy Act and a faulty AML program. This was a result of the banks’ failure to adopt and implement an effective compliance program with adequate internal controls, testing, and training.
Lastly, in May 2018, two of Canada’s largest banks, Bank of Montreal, and the Canadian Imperial Bank of Commerce’s Simplii Financial confirmed hackers stole the personal and financial data of more than 90,000 customers. While the banks took online security measures after the hackers contacted them, it was surprising to see that these processes were not put in place beforehand. Especially since cybersecurity risk is the most prevalent IT risk in the financial services industry.
A bank’s ability to detect and report suspicious or non-compliant activity is determined by the strength of their risk and compliance programs. Banks can exercise a large degree of control over certain risks by enabling and investing in efficient internal and external controls, systems and processes. They can also manage some types of risk by ensuring meticulous, tech-driven audits and compliance.
Rooted in our experience working with some of the world’s largest, most-heavily regulated financial institutions, here are a few ways banks can safeguard and future-proof their organization against a compliance scandal.
3 Ways Banks Can Future-Proof their Compliance Model
1. RE-POSITION COMPLIANCE TO HAVE A CONTINUOUS AND STRATEGIC IMPACT
We believe that every successful compliance program should be embedded throughout the entire organization. To improve your current compliance initiatives, leaders in the financial industry can:
Invest in better training – Investing in advanced training programs promotes a globally consistent approach to compliance. When compliance officers are given access to new training opportunities, it helps to reduce attrition rates and enables a more creative approach to compliance functions.
Increase your number of senior staff – As the compliance landscape continues to evolve, organizations will need to diversify their talent pool. Senior Compliance Officers with strong leadership abilities are the types of individuals who will help you build an effective compliance team. If your goal is to reduce or streamline operational responsibilities, then attracting the right talent should be at the top of your priority list.
Accurately define compliance within your organization - Most organizations have multiple compliance responsibilities, but often fail to clearly define a risk framework. This makes it harder to analyze responsibilities and activities, and this lack of clarity ends up in wasting valuable time and resources. Regardless of how your organization chooses to define "compliance responsibilities," they need to be considered before any critical business decisions are made. This will help you identify potential risks and allow you to allocate the appropriate resources to prevent non-compliance and financial penalties.
2. TRANSITION TO A DATA AND TECHNOLOGY-DRIVEN RISK MANAGEMENT PROCESS
Limited resources have always been the Achilles heel for the majority of compliance programs. However, as the complexity and speed of change continue to increase, Compliance Officers need to move beyond simple risk identification programs and leverage a more sophisticated, and dynamic data-driven model.
Use data to drive your programs – Implementing a metrics-driven compliance program doesn’t happen overnight. First, make sure your team is collecting and organizing data in the right way. By leveraging a data-first approach, you’ll be able to create an ongoing risk management program that can evolve into a risk tolerance framework. The development of this type of framework will also provide compliance teams with the ability to focus their efforts on the areas that have the highest risk, and help senior management identify where the risks lie from an enterprise perspective.
Leverage technology to drive enhanced risk detection capabilities - As new technologies continue to emerge, financial organizations can (and should) utilize these tools to drastically improve their risk management capabilities.
Technology helps compliance functions become dynamic and proactive in identifying problems before they occur. It provides an opportunity for businesses to take an entirely new approach to regulatory change management and improve the level of surveillance needed in today’s market.
Many solutions, such as Blueprint’s Regulatory Change Manager, now give users the ability to manage large amounts of structured and unstructured regulatory data more effectively, while also providing functionality that makes it easier to identify, assess, remediate, monitor, and prove compliance with the regulations that govern their operations. And in cases where a centralized repository is present, a bank’s ability to understand and process this data is greatly increased. This type of functionality is one that many financial institutions are beginning to leverage and the use of big data will be one of the biggest drivers of compliance change and improved effectiveness over the next few years.
Other functionalities, such as automation, machine learning, predictive analytics, data visualization, and traceability and impact analysis help compliance functions become more dynamic and provide much-needed visibility across your organization.
In order to be successful, Compliance Officers should focus on building a long-term strategy, with the goal of creating a well-rounded approach to the management of compliance data at their financial institution. This will help transform compliance and risk management programs into a competitive advantage for their business moving forward.
3. ADOPT CONDUCT, CULTURE AND VALUES TO ENHANCE THE COMPLIANCE ROLE
We all acknowledge that corporate culture plays a critical role in every successful business. In the wake of this year’s past events, many financial institutions have begun their journey of embedding group-wide conduct, culture and value standards throughout their organizations.
Company culture and values determine how employees should act when there is not a specific policy or rule in place and strive to protect customers and maintain market integrity.
The days of merely following a rule-based approach are no longer viable, and the question has shifted from “can I do it” to “should I do it.” This change in corporate culture will help to build and maintain brand and market integrity, and work towards the ambition of many financial institutions, which is to become the “most trusted financial institution.”
To successfully implement this type of compliance transformation, risk and compliance leaders will be required to discuss what is critical to clarify the role of Compliance in their organization going forward. We believe that an integrated approach to compliance and risk management that utilizes today’s emerging technologies is critical in digital business and expanding the compliance mandate should be a top priority for financial institutions because it is the most effective way to affect significant change and future-proof against non-compliance scandals.
To discover how Blueprint's Regulatory Change Manager (RCM) solution is helping resolve the complex compliance and risk management challenges of the world's largest and most-regulated financial organizations, download our RCM Product Brochure or request a customized demo with one of our solution experts.
Watch this on-demand webinar to see David Paris from Cognizant and Blueprint CTO Tony Higgins discuss today's most effective compliance technologies for financial institutions.