This week on Innovation in Compliance, in a five-part podcast series, sponsored by K2 Intelligence FIN, we consider defining and building effective compliance programs. I am joined in this series by Michelle Goodsir, a Managing Director at K2 Intelligence, and Gail Fuller, Financial Integrity Network (FIN) Vice President. In today’s blog post, we considered why compliance needs a seat at the table and how to do compliance on a budget. You can check out the full series on the Compliance Podcast Network.
Michelle and I discussed why compliance needs to be an integral part of your business strategy going forward. We began with the straightforward question of what are the biggest compliance issues facing banks in the US? Goodsir said that although the major focus (and rightly so) is on Covid-19, there are other key challenges for compliance professionals. She noted there is an uptick in “various types of fraud activity, cyber related events, phishing attacks and fraud schemes to take advantage of some of the government stimulus activity that that’s been underway not only in the US but other locations as well.”
Finally, Goodsir spoke about the evolving risks and challenges of dealing with, managing and administering a compliance program when teams are working remotely. Rather than having operational teams in a centralized location processing transaction monitoring alerts for AML or potential sanctions violations, for example. You now have employees required to work from home, through a VPN connection which can make overall administration “more challenging. Indeed, regulators have noted the rules remain the same and banks are expected to continue upholding the AML sanctions regulations. Some have established hotlines to call in and they also encourage financial institutions to keep them informed if they run into any challenges which would result in them not being able to administer their compliance program to the same level of pre pandemic.”
Interestingly, Goodsir said that the always salient debate of compliance as a cost center is even more important now. Goodsir believes that if compliance programs are not effective, most importantly during Covid-19, enforcement actions will continue to be extremely costly. She pointed to the “amounts of the fines which have been and will continue to be, substantial. Over last 10 years, there’s also a resulting impact on the business where you not only have to have compliance resources focused on remediation, but business resources as well.”
Yet Goodsir noted that as significant (and costly) as these fines and penalties have been, it is the intangible damage which, in the long run, may be even more costly. She said that the cost could be that a “bank might be restricted to certain types of clients and not be able to play out on the risk curve with clients that might be higher risk or located in higher jurisdictions or operating in higher risk industries.” Further, there are other consequential impacts if compliance does not have a seat at the table. If compliance has a seat at the table, there can be “some leeway for compliance officers and for firms to figure out how best to roll out a compliance program that is commensurate with the organization’s risk and compliant with the regulations.” If compliance is relegated to the back of the (corporate) bus there will be little chance to do so.
Next we considered operationalizing compliance. It turns out that is one of Goodsir’s favorite phrases. She views compliance as much more than simply policies and procedures. She believes that it takes regular communication and dialogue with the people who have to adhere to the policies and regular training so that they actually understand what the requirements are. Goodsir takes it a step further, “compliance officers should be able to explain why a policy is in place.”
Goodsir concluded that compliance must be “at the table with the business partners and be a part of the firm’s overall strategy in order to be successful.” She reiterated, “I think it is important that they literally should be sitting together. Business people should be attending compliance governance forums and they should be actively communicating both views of what’s happening in each of their respective worlds. And likewise, compliance should be sitting at a business table understanding the direction of business strategy, understanding the clients that are being onboarded and the types of clients and relationships which the business is interested.”
We then turned to challenges around budgeting for compliance. Given the current health crisis and economic dislocation, Goodsir believes it is now “more critical to leverage teams and skillsets for broader compliance purposes”. Whether you call this doing more with less or more fully leveraging the tools you already have, it all moves you towards the same place. She pointed to leveraging AML tools to support an anti-bribery/anti-corruption (ABC) compliance program. Further, as the tools that are regularly used for AML programs involve case management tools, there is also opportunity to customize case management tools to support other types of clients programs and some that may be less operationalized for compliance. This allows a compliance professional to track and document both the steps and the decisions that they’re taking. Goodsir also finds using data to produce different types of metrics reporting can be quite cost-effective. She notes, “those same tools can actually be used as monitoring tools, which is a cost-effective way to implement a monitoring capability”.
Another term is “utility” which is basically using resources leveraged for various types of compliance purposes. From the perspective of financial institutions, it could be as straight-forward as reviewing transactions and filing suspicious activity reports. However, Goodsir noted that it can be expanded around case management, for processing alerts involving sanction screening. Because a lot of the same tools and lists are being used for ABC compliance purposes. Utility teams can also be set up for due diligence purposes. This means, you could have a consolidated team that supports client onboarding, supporting third party due diligence and even vendor due diligence because some of the underlying processes and tools which are used for that type of due diligence are fairly similar.
We then turned to the increasing use of technological solutions in ABC compliance. Goodsir noted that her “experience has been that those compliance programs tend to be less focused on technology and more focused on policy administration and policy guidance.” She believes this has created an opportunity to use more technological tools in ABC compliance such as case management for transactional alert reviews to support an ABC program. This can include documenting escalations submitted to the compliance team around transactional due diligence and potential connected hiring’s. This can lead to more efficient advisory on those types of escalations and more efficient guidance. The use of case management tool for such a strategy can also create a documented audit trail for regulators (i.e., Document, Document, and Document).
Moreover, the legacy information and historical data can be leveraged down the road. Further, Goodsir believes, “some of the tools available in the market for reporting metrics and risk indicators are great tools that can be used for an ABC program and can be a more cost-effective way of doing that.” Goodsir was quick to point out that such tools are not cost-prohibitive as she believes “smaller organizations with less of a global footprint have an advantage when it comes to implementing some of these tools because they can use them more broadly”. Bringing in a case management tool or a screening tool can have the advantage of covering multiple types of compliance risk and screening requirements that are needed to effectively manage risk. This is because smaller entities have “fewer databases, so it is a bit easier to draw the information and data that is needed to feed the screening tools and the processing engines that are used within these financial crime compliance programs.” Goodsir concluded, “in some regard, I think it’s a little bit easier for technology to be leveraged for some of these smaller institutions that it is a broader global one.”
Goodsir concluded, “I think while people are starting to talk about it in practice, it’s not happening as much as it could. And I think there are a lot of opportunities out there to think more holistically and it really comes down to the managers of those programs. Thinking outside of their program and talking to some of the other managers who are responsible for some of these other financial crime compliance programs and thinking about how some of the tools and capabilities could be more broadly used and stepping back in terms of ownership and thinking more holistically about the good of the organization and the benefit to the organization.”
[View source.]
