The scope of compliance is much broader and its impact far greater than ever before. Following the global financial crises, the complexity of the regulatory landscape has extended beyond the capabilities of many smaller financial institutions. This trend has not escaped Barbados, where new challenges such as FATCA and an increasing emphasis on preventing money laundering and terrorist financing have occupied the attention of many institutions. Increased compliance comes at a time when financial institutions are managing their costs carefully to ensure survival during a prolonged period of economic uncertainty. Resources have been diverted away from profit-making and business development activities to meet compliance challenges and this represents a sizable opportunity cost for many smaller financial institutions. Yet, the consequences of not complying, including regulatory and reputational risk, are too significant to ignore. Without effectively managing compliance risks, an institution will be reactive at best and noncompliant at worst.
Nevertheless, the increasing complexity and regulatory oversight is a reflection of our times and unlikely to abate. While institutions may continue protesting or trying to influence regulatory agendas, postponing the inevitable is an ill-advised approach in a world where standing still is effectively moving backwards. Smart and forward-thinking institutions will look beyond these immediate challenges to the opportunity of leveraging compliance as a source of sustainable competitive advantage. Compliance provides an opportunity for committed institutions to reconsider the way business is conducted for the benefit of their stakeholders.
Financial institutions must critically evaluate the existing condition of their compliance efforts, before they can advance compliance programs beyond a series of reactive or ad hoc responses to a state of embedded and integrated value. There are a number of common pitfalls to look out for when evaluating the current state of affairs including:
- Little strategic oversight of the total compliance framework;
- Tactical rather than strategic responses to compliance challenges, where compliance is seen as an end in itself as opposed to a means of creating value;
- Fragmented compliance efforts creating potential for overlap and duplication of both costs and effort;
- Compliance disconnected from operations and normal business activities;
- ‘Quick fix’ approaches that become business as usual, but aren’t sustainable;
- Compliance being an add-on responsibility for another job function which already has significant demands of its own;
- Scope and mandate quickly outgrowing the resources allocated to the compliance function;
- Unclear or changing compliance mandate (i.e. ‘goal posts’ keep moving);
- Lack authority and true independence from operations;
- Efforts too focused on the second line of defence without properly instilling ownership for compliance activities in the first line of defence;
- General lack of automation with reliance on short-term manually intensive fixes which cannot accommodate increasing business volumes;
- Poorly coördinated compliance efforts resulting in unsatisfactory customer experience; and
- Little compliance input into strategic decisions such as new lines of business, new markets and M&A activities.
Recognizing areas for improvement is an important step, but moving compliance to a strategic and embedded value added state, will require a change in mindset from the top with broad executive level ownership and visible support for change. Compliance must become an entrenched part of organizational culture where compliance activities form a part of daily routines to become ‘business as usual’.
Compliance should be aligned closely with the corporate governance framework and integrated with the operational risk program. Aligning compliance targets with corporate goals and identified risks will reinforce its higher strategic importance. The superficial ‘tick the box’ mentality of the past has limited value in modern compliance programs. Instead, adopting a risk-based approach will allow the department to better allocate its resources to the areas where they are most needed and achieve a better return on the institution’s investment in compliance.
Initiating and maintaining coherent dialogue with regulators is necessary towards understanding changing regulatory expectations and developments, as well as better enabling a financial institution to keep a step ahead of its competition.
Finally, technology should be leveraged to automate routine checks and balances and improve the quality and timeliness of exception reporting so that resources can be directed to more value added compliance areas. Dashboard reporting with insightful KPIs can keep compliance initiatives on the Board’s radar and steadily change the misconception of compliance as a burdensome cost to an appreciation for compliance being a valuable investment and a source of sustainable competitive advantage.