Tackling compliance silos in finance
Financial institutions are taking compliance seriously, but many are plagued with siloed departments that reduce efficiency, according to a panel at the Global RegTech Summit.
FinTech Global recently hosted its latest Global RegTech Summit in London, welcoming RegTech leaders for a day to network and discuss the latest trends and innovations driving the RegTech sector.
One panel, ‘What Does a Unified Compliance Culture Look Like’, featured ComplianceLnD senior advisor and consultant Jess Harvey, Rabobank managing director and head of UK compliance Marili Anderson, GRC 20/20 Research GRC pundit and analyst Michael Rasmussen, Hivemind Capital head of legal and compliance Sayuri Ganesarajah, and Tide head of compliance and conduct risk Conrado Chaves.
Kicking off the panel, the panel set the scene of how compliance is currently perceived in financial institutions.
Sentiments were optimistic. The panel believes financial institutions have changed their perception of compliance from being a check-box requirement that needs to be completed, to a necessary function. As the regulatory environment continues to become complex and emphasis is placed on conduct, compliance advisors are becoming far more valuable. One panellist noted that compliance is now part of a company’s DNA, rather than a support function. As part of this, it is also becoming evident that for a successful compliance function, everyone has a responsibility with compliance.
While compliance has become a core department within financial institutions, it continues to evolve. As such, compliance officers need to be more commercial, which is especially the case with digital assets, one panellist noted. Currently there is not a strict framework that can be followed and there is a lot of grey areas in various jurisdictions. This means compliance officers cannot simply leverage traditional finance rules and use them for digital assets. They need to understand rationale behind those rules.
To illustrate this, the panellist pointed to personal trading policies, which have holding periods for stocks. If you don’t know why holding periods are 30 days for stocks, for example, you will not be able to figure out what that holding period should be for digital assets.
Communication gaps
The next question posed to the group was around why communication gaps and silos appear across organisations when it comes to unification around compliance goals.
Simply put, there are a lot of departments and functions that need to come together. One panellist likened it to the Winchester Mystery House, in San Jose, California. This is a mansion built in the 1800s, which cost $5.5m, took 36 years to build, had 147 different builders, but had no blueprint, design or architect. While the house looks normal from the outside, it is full of complexity and oddity on the inside. For instance, there are doors that open to walls, staircases to nowhere, hidden rooms, and staircases that lead to drops. This is a similar scenario for many financial institutions, they said.
There are lots of departments with compliance, such as HR compliance, IT compliance, accounting compliance, corporate compliance and ethics, and many others. These are all working independently. The panellist highlighted an insurance firm they spoke to that said they recently conducted an inventory and found out they had 28 policy portals in place, with policies out of date, out of sync and using different templates, this all happened because there was no guide or design. Compliance needs to have a strong design to ensure it can operate optimally across the entire organisation.
To get started on this, firms will need to ensure they get the tone at the top correct. While all layers of a business need to be aligned with compliance, the top level is arguably the most important as problems will trickle down from it. When implemented correctly, this can serve as the best firewall for preventing compliance failures. To achieve this, firms need to clearly establish the expectations with policies, communicating and engaging, having the proper reporting mechanisms, whistleblowing hotlines and other ways of ensuring everyone is on the same page and there is a defined structure.
The panellist believes that organisations really need an integrity audit, with the chief compliance officer really needing to be called the chief integrity officer as that is ultimately what they are about. If a firm has policies, controls and statements say one thing, but conduct says another, there is an integrity issue.
By establishing a unified compliance function, firms can experience greater visibility in a complex environment. Through technology, firms can also get a clearer picture of their compliance posture.
In September, FinTech Global will be hosting the 4th annual Global RegTech Summit USA in New York. The event is the largest gathering of RegTech leaders and innovators in the US and a great place to connect with industry experts and RegTech leaders. More information about the event can be found here.
