A global survey of compliance professionals by Reuters concluded that they struggle under the weight of regulation and need the support of the board and supervisory authorities.
It’s not the most exciting or surprising report that has come along in the areas of compliance -- perhaps the most interesting aspect is what it doesn’t say about internal organization to better link compliance, risk management and business. An additional omission is the total absence of any discussion of technology.
“This year’s survey again showed, from both the number of respondents and the range of the detailed comments received, that compliance officers have been finding life increasingly challenging,” the survey said. “2013 may well turn out to be the ultimate juggling act for compliance functions which were already under strain. The effective management of risk and compliance in the world of financial services requires key contributions not only from a firm’s compliance function but also from its board and its supervisor.”
The survey found that 81 percent of compliance professionals expect an increase in the volume of regulatory information in 2013 with almost half expecting this increase to be significant.
The compliance report was somewhat similar to the Chartis study on risk management done for SunGard.
Both indicated that financial firms are expecting risk and compliance to meet growing demands without substantial increases in budgets.
Chartis found that banks were often spending more effort on regulatory risk management -- meeting the requirements of regulators -- at the expense of economic risk management -- using risk tools to improve returns.
Reuters found that: “A third of respondents expected their compliance budgets to be the same or less at the end of 2013. When contrasted with 81 percent of compliance professionals who expected an increase in the volume of regulatory information this year, this may indicate that in around one third of firms budgetary constraints will lead to increased pressure on existing resources to do more.”
Curiously, compliance seems to operate in a silo in many firms, separate from even risk management.
“In an ever-more complex operational environment within firms it is a matter of ongoing concern how much, and sometimes how little, different functions talk to each other.”
The survey results in this area highlighted stark regional differences in internal communications between compliance and the other control functions. In the UK, 21 percent of respondents spent more than 10 hours per week consulting with the risk function; this was a marked increase from last year’s figure of 14 percent.” In the U.S. and Asia, buy contrast, 42 percent of compliance officers spent less than an hour a week talking to risk.
“The differing UK approach to speaking to the risk function might suggest that risk and compliance are becoming more aligned than those in other jurisdictions, where they still appear to be very distinct from one another.”
Enforcement seems to have made an impact.
As Samuel Johnson said ““Depend upon it, sir, when a man knows he is to be hanged in a fortnight, it concentrates his mind wonderfully.”
Something similar appears to hold in finance.
”Enforcement did not appear on the list of challenges in last year’s survey, but it appeared high on the 2013 list of challenges...Some very high-profile enforcement and criminal cases against major market players such as UBS and HSBC have clearly given firms pause for thought.”
The fines against major banks UBS, Standard Chartered, HSBC -- have been impressive, but the Reuters survey also quoted Tracey McDermott in the FSA’s enforcement division on the continuing internal costs that result from enforcement.
““We estimate that over the past two years redress paid by authorized firms solely in connection with enforcement-related matters is in the region of £290 million. The costs to firms of implementing and monitoring those redress packages, which are usually overseen by an independent third party, also run into many many tens of millions of pounds.”
Reuters concluded its report by saying that “Compliance, boards and other risk committee should aim to have wide-ranging and frank discussions about how boards can best support compliance functions and, in reverse, how compliance functions can help boards to improve the effectiveness of corporate governance and risk management throughout the business.”
The report suggested compliance, risk, legal and internal audit should be involved.
Nowhere did it mention IT, data management or systems architecture and the role they play in making compliance and risk management more effective, or more difficult.
I'll have more to come in future articles on the role of technology, silos, and common data sources through centralization or federation. I’d welcome examples of the good, the bad and the ugly in financial firms’ integration, fiefdoms or persistent silos.
