Enterprise Compliance Risk Management. Ramakrishna Saloni
Чтение книги онлайн.
Читать онлайн книгу Enterprise Compliance Risk Management - Ramakrishna Saloni страница 3
• To serve as a practitioner's handbook by detailing the process, content, and operations of compliance while acknowledging real-life issues
• To transcend the rhetoric and move compliance into a business model and business operations arena by bringing to the fore the role and relevance of positive and active compliance management in value creation for organizations
• To contribute to the growth of the narrative of this young, evolving discipline and serve as a reference literature on compliance and its risk management in financial services
The book is divided into five parts: To set the real-world context, every part is prefixed with Practitioner's Notes, thoughts shared by real-world practitioners from the financial services on the themes of compliance. Each of them has experienced compliance from different perspectives. Three of them have been senior regulators of their respective countries in addition to other roles, and two of them are senior bankers. They bring their experience to bear through their notes.
The first part is an introduction to the compliance universe. This section seeks to set the context of compliance and its risk management in banks and financial services. It provides a bird's-eye view of the landscape. It traces the history through some significant events/accords that have played a pivotal role in the evolution of formal compliance function as we see it today. It looks at the drivers, both direct and indirect, that are shaping the contours of this young discipline. It explores the broad areas of regulation and supervision, including the major bodies that define boundaries of compliance.
The second part covers the What, Why, and Who of compliance. The What section breaks the understanding of compliance free from the narrow confines of merely being “compliant” to take it to its higher potential of being a critical element of holistic and healthy growth of the enterprise. It addresses the semantic maze in the space and delineates the oft-used terms and their relevance within the overall context of subject. It explores interconnections with other related aspects of the organization like ethics, governance, and risk management.
The Why section makes a strong business case for active compliance management, as its positive alignment with the organization's business model will enhance both the top line and the bottom line. The attempt here is to unveil the umbilical cord between the success of the business objectives and proactive compliance as a strategic intervention. This leads to a conversation on cost-benefit analysis as also the relationship between the business model, strategy, and compliance.
The Who section looks at the canvas of players in the financial services space. It covers the entire ecosystem of stakeholders of the industry, not just the designated compliance officers. The discussion covers the expectations from these players – their responsibility, accountability, and the interrelationships. It rounds off the conversation with the lines of defense an organization has for proactive compliance management.
The third part addresses the important How question: How do we create a positive and active compliance management (PAC-M) program? It covers the entire gamut of such a program, starting from defining the policy statement. Various compliance models, training, communication plan, boundary definitions, and compliance reporting are discussed. It explores the strategic and structural framework inclusive of structure and content of the compliance charter.
The book then dovetails the various aspects of operational framework like the compliance masters and compliance maps with indicative templates for each of them. Operations and management of various aspects like breaches, complaints, remediation, and more are discussed. The “multi” maze that large organizations have to handle, like multiple jurisdictions, multiple laws and regulations, and multiple regulators and authorities, is briefly explored. The third part addresses the entire life cycle of compliance right up to building a learning organization.
The fourth part examines the concept of compliance risk, one of the youngest forms of risk in the family of risks. This section takes a comprehensive look at the manifold aspects of the concept. It endeavors to expand the scope and depth of compliance risk definition, exploring the range of subrisks under its umbrella.
This conversation then covers the complete life cycle of management of compliance risk. Various aspects like risk appetite, risk identification, risk measurement, mitigation, monitoring, action tracking for remediation, and regulatory dialogue are examined. Sample scorecards and the process of building them are detailed with examples.
The fifth part of the book covers the real-life aspects and challenges of compliance management within financial services organizations. The focus is to succinctly bring in the real-world issues that industry participants struggle with while translating an ostensibly foolproof plan into practice. I have drawn from my own experience and that of other practicing professionals to share challenges being faced as they are, without sugarcoating any of the issues.
The conversation delves into the various challenges and their ramifications: the gray areas, overlaps, conflict zones, and myths associated with compliance. Lessons the industry has not learned are examined through a sample of actual incidents and experiences that shook the industry. Practical solutions to some of the operational challenges are also explored.
The last three parts (How, Compliance Risk Management, and Real-Life Issues) together are the essential toolkit of the book. These parts with their templates, score cards, models, formats, and real-life examples will, I hope, help practitioners both in realistically understanding the field and in effective execution of their responsibilities.
In the closing notes I share my thoughts on how compliance risk management is likely to evolve and my views on what will aid in the healthy growth of the discipline.
Part One
Introduction to Compliance in Financial Services
Practitioner's Note: The umbilical cord between business model and compliance
As a regulator and practitioner I have seen that organizations that miss or ignore the vital link between business model and compliance have had higher cost of compliance and lower return on investment, not to mention reduced business opportunities. Like Ms. Saloni Ramakrishna persuasively articulates, it is vital to understand the umbilical cord between business model and compliance.
There are two critical aspects to the business model (BM) of a bank. The first is the strategic business model defining what products, markets, customers, and regions the bank would like to be in subject to the Board's risk appetite. The second underpinning is the target operating model (TOM), which covers governance, decision making, recruiting, technology, human capital, legal structure, and operations. The objective of the bank is to execute its business strategy with an optimal TOM. Compliance lies at the heart of the TOM. The BM/TOM constrained by regulation must maximize its risk-adjusted return on capital (RAROC).
Compliance costs have spiraled upwards across the globe. The estimate is that over 30 percent of costs are spent on compliance. This has lowered revenue/cost ratios significantly, and it is estimated that compliance costs drive down ROE (Return on Equity) by a full six percentage points among the GSIFIs (Global Systemically Important Financial Institutions) and DSIFIs (Domestic Systemically Important Financial Institutions). Hence, it is critical as a long-term strategic imperative to get these costs down through changing the BM and ensuring that a firm has selected the most cost-effective TOM.
There are three core channels of impact on the financials. In simple terms, risk-adjusted profitability equals (R − C)/K, where R is revenues, C is costs, and K is a measure of risk-weighted assets (RWAs). Spending on projects drives up C. Furthermore, if the control framework and risk management are still poor, then the firm will suffer a drop of revenue through fines, penalties, licenses