In this five-part podcast series, sponsored by K2 Intelligence FIN, we consider defining and building effective compliance programs. I am joined in this series by Michelle Goodsir, a Managing Director at K2 Intelligence, and Gail Fuller, Financial Integrity Network (FIN) Vice President. Michelle has 25 years of financial crime compliance experience which includes fraud risk management, anti-bribery and corruption, corporate security and investigations, sanctions, and Anti-Money Laundering (AML) program experience working within the financial services industry and the US government. Gail focuses on developing, refining, and implementing FIN’s quantitative and qualitative risk rating tools. She leads engagements focused on helping FIN’s jurisdictional and private sector clients understand their exposure to financial crime risk and develop and implement strategies to mitigate their risks.
Over this series we will consider key challenges in compliance, why compliance needs a seat at the table, how to do compliance on a budget; training and culture and what is on the horizon. In Part 2, Michelle and I discuss why compliance needs to be an integral part of your business strategy going forward.
We began with the straightforward question of what are the biggest compliance issues facing banks in the US? Goodsir said that although the major focus (and rightly so) is on Covid-19, there are other key challenges for compliance professionals. She noted there is an uptick in “various types of fraud activity, cyber related events, phishing attacks and fraud schemes to take advantage of some of the government stimulus activity that that’s been underway not only in the US but other locations as well.”
There have also been increased global challenges emerging. They include the regulatory focus on AML and sanctions; managing competing needs of compliance programs; incorporating and enhancing technology. Here Goodsir stated, “regulators have recognized the increase risk as a result of the coronavirus outbreak with a number of regulators issuing guidance to financial institutions outlining the fraud risks and providing some general guidance on how institutions and also individuals can protect themselves.”
Finally, Goodsir spoke about the evolving risks and challenges of dealing with, managing and administering a compliance program when teams are working remotely. Rather than having operational teams in a centralized location processing transaction monitoring alerts for AML or potential sanctions violations, for example. You now have employees required to work from home, through a VPN connection which can make overall administration “more challenging. Indeed, regulators have noted the rules remain the same and banks are expected to continue upholding the AML sanctions regulations. Some have established hotlines to call in and they also encourage financial institutions to keep them informed if they run into any challenges which would result in them not being able to administer their compliance program to the same level of pre pandemic.”
Interestingly, Goodsir said that the always salient debate of compliance as a cost center is even more important now. Goodsir believes that if compliance programs are not effective, most importantly during Covid-19, enforcement actions will continue to be extremely costly. She pointed to the “amounts of the fines which have been and will continue to be, substantial. Over last 10 years, there’s also a resulting impact on the business where you not only have to have compliance resources focused on remediation, but business resources as well.”
Yet Goodsir noted that as significant (and costly) as these fines and penalties have been, it is the intangible damage which, in the long run, may be even more costly. She said that the cost could be that a “bank might be restricted to certain types of clients and not be able to play out on the risk curve with clients that might be higher risk or located in higher jurisdictions or operating in higher risk industries.” Further, there are other consequential impacts if compliance does not have a seat at the table. If compliance has a seat at the table, there can be “some leeway for compliance officers and for firms to figure out how best to roll out a compliance program that is commensurate with the organization’s risk and compliant with the regulations.” If compliance is relegated to the back of the (corporate) bus there will be little chance to do so.
We concluded with a discussion about operationalizing compliance. It turns out that is one of Goodsir’s favorite words. She views compliance as much more than simply policies and procedures. She believes that it takes regular communication and dialogue with the people who have to adhere to the policies and regular training so that they actually understand what the requirements are. Goodsir takes it a step further, “compliance officers should be able to explain why a policy is in place.”
She believes that people will generally want to do the right thing and to follow regulations and the “rules of the road”. It is important to “make sure that the underlying messages are actively and regularly communicated.” This should be coupled with a “strong culture where people feel comfortable raising their hands if they think that something is awry or something is happening that shouldn’t be happening.” This means that it is critical for management to say we value compliance and compliance is important. Of course, this means compliance having a seat at the table.
Goodsir concluded that compliance must be “at the table with the business partners and be a part of the firm’s overall strategy in order to be successful.” She reiterated, “I think it is important that they literally should be sitting together. Business people should be attending compliance governance forums and they should be actively communicating both views of what’s happening in each of their respective worlds. And likewise, compliance should be sitting at a business table understanding the direction of business strategy, understanding the clients that are being onboarded and the types of clients and relationships which the business is interested.”
I hope you will join us for our next episode where Goodsir joins me to discuss compliance on a budget for organizations of all sizes.
K2 Intelligence financial crimes risk & compliance page: https://www.k2intelligence.com/en/services/our-practices/financial-crimes-risk-and-compliance
K2 Intelligence Anti-corruption page: https://www.k2intelligence.com/en/services/our-practices/financial-crimes-risk-and-compliance/anti-corruption
K2 Intelligence DOLFIN: https://www.finintegrity.com/dolfin.html