What is compliance? The Merriam-Webster dictionary defines it as “the act or process of doing what you have been asked or ordered to do”. For many years, this definition has accurately described how regulatory compliance has been practiced by financial services companies.
However, after the global financial crisis of 2008, regulators around the world have been placing firms under much greater scrutiny. Whereas there was previously more emphasis placed upon obeying the letter of the law, there has been an evolution happening where compliance is shifting more towards making business decisions based on the spirit of the law. In response to this trend, financial institutions are now investing heavily in hiring more compliance staff. According to Bloomberg, the biggest growth area in U.S. finance is in compliance.
How does this change in focus impact Chief Compliance Officers (CCOs) and their teams?
Save a Seat at the Strategy Table for the Compliance Officer
“As the CCO’s role further evolves, [tweet_dis excerpt="#Compliance will be tied in with business performance and #CCO will have more strategic role via @trulioo"]compliance will become more integrated with business performance and CCOs will assume a more strategic role[/tweet_dis]. Overall, the future of compliance depends on defining not just the compliance function, but also specifically the organization’s desired role for the compliance chief,” said Sally Bernstein, principal, PwC.
In the 2015 edition of its State of Compliance Survey, PwC found that although 78 percent of CEOs surveyed believed that hyper-regulation was the biggest threat to business growth, only 35 percent of companies surveyed involved their CCOs in their annual business strategy development meetings.
As companies increasingly recognize the need to evaluate and refine their existing compliance processes, CCOs are faced with challenges similar to Chief Financial Officers (CFOs) nearly 20 years ago. Like the previous generation of CFOs, CCOs must now find ways to become more strategic partners within the organization and be involved in the business planning process in a proactive role rather than a reactive one.
CCOs can play a key role by providing insight into important business decisions and provide the confidence that the leadership team needs in order to take the necessary risks to grow the company. By being actively involved during the planning phase, CCOs can help to identify and address compliance issues before they occur. As a result, CCOs and their compliance teams can build solid working relationships with business managers and be seen as valuable strategic partners rather than as arms-length overseers.
The Role of Technology
Like other evolving business functions, compliance is not unaffected by technology. EY reported that while the vast majority of companies surveyed said that they used compliance technology to collate, analyze, and share risk information, around 66 percent of respondents considered their systems to be basic. One of the most common tools used by companies was an Excel spreadsheet.
There is tremendous potential for regulatory technology (RegTech) solutions to play a much larger role for CCOs and their staff. Although it currently cannot fully automate the entire compliance process, RegTech can provide greater efficiency and cost savings when integrated into existing systems that include business operations, oversight functions, and independent assurance as lines of defense.
With major changes in regulations as regulators drive home the desire for businesses to establish a proactive culture of compliance, the role of the CCO is also changing.
“A shift in thinking for compliance means that CCOs need a seat at the table when the executive team meets to discuss the company business plan,” said Jon Jones, President at Trulioo. “Compliance teams now have powerful tools at their disposal – thanks to RegTech – that will make their jobs easier while protecting consumers and keeping their businesses compliant.”
Switching to Judgment-Based Supervision
A study released by Deloitte UK highlights some of the key changes that are being made by regulators in their approach. In the UK, both the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) have made it clear that companies need to move away from determining what is allowed (“Is this permitted in the regulations?”) and rather focus more on whether or not an action should be taken (“Is this something that we should do?”).
In a speech delivered in March 2014, Martin Wheatley, Chief Executive of the FCA, discussed the importance of regulators and firms taking the right approach in terms of ethics.
“[It] is not simply defined by the ethics of obedience, so what is legally right or wrong,” said Wheatley, “but actually looks towards the ethics of care and the ethics of reason.”
William Dudley, President and CEO of the Federal Reserve Bank of New York, made a similar point in a speech that he gave in October 2014.
“Supervisors will need to... see evidence of how these efforts yield results in the form of more open and routine escalation of issues, consistent application of ‘should we’ versus ‘could we’ in business decisions,” Dudley said.
Will the rising liability place increased emphasis on the ability of Chief Compliance Officers to identify, manage and mitigate their own personal regulatory risks? Or should more emphasis be placed on corporate culture to administer shared accountability?