Enterprise Compliance Risk Management. Ramakrishna Saloni
Чтение книги онлайн.
Читать онлайн книгу Enterprise Compliance Risk Management - Ramakrishna Saloni страница 4
Given that compliance is in itself expensive, it makes sense to ensure that money is spent wisely so that major risks are avoided before they become a problem. Prevention is much cheaper than remediation, so choose the areas that give rise to the biggest risks and do not assume that the TOM is a given. It always pays to create a specific blueprint for the industry and firm and implement projects once! The three lines of defense model has its drawbacks. Often, the front office takes no responsibility for operational failures. Regulators are forcing changes in compliance where senior managers are being held accountable and have to self-attest that systems and controls are in order. For example, see the senior managers regime (SMR) in the UK: It is important that every control has an owner, a challenger, and assurance that this process is implemented. The blueprint that Ms. Saloni Ramakrishna details in the How part of the book captures these principles elegantly and fleshes them out through actionable templates.
Firms should adopt compliance as a core strategy, and expenditures should be targeted in the areas that have the largest breach risks such as mis-selling. In a compliance strategy the following three factors are critical. Firstly, a firm must account for compliance in their TOM and the knock-on impact on the BM. Secondly, compliance must not be executed as a box-ticking exercise, but rather project budgets should be aligned with the greatest risks to the bank in an optimal control framework. Finally, given the huge drain of resources, banks should prioritize projects. A bank that desires a stable profit stream needs to ensure that this can be delivered by a compliant target operating model. The new agenda for compliance is to ensure that it is in sync with the risk appetite of the firm, the conduct strategy, and the axis of the BM/TOM. “Active and positive compliance” is the core of sustained healthy growth of a financial organization and the theme of this book.
– Dr. Colin Lawrence
Dr. Colin Lawrence has a PhD in Economics from the University of Chicago. He is a partner with EY LLP, UK; former director of the Risk Specialists Division (FSA and PRA); and former strategic risk advisor to the Deputy Governor, Bank of England. Dr. Lawrence is a well-known practitioner with varied experience as a regulator, a banker (he was managing director in derivative trading at UBS and Global Head of Risk at Barclays), a consultant, and an academic.
Chapter 1
An Overview of Compliance in Financial Services
“Money plays the largest part in determining the course of history.”
It is a chicken-and-egg story: “Regulation influences banks' behavior by shaping the competitive environment and setting the parameters within which banks are able to pursue their economic objectives.”1 Interestingly, however, banking crises have been the trigger for many, nay most of the regulations, more so in recent times. So it is difficult to say whether it is the regulations that are shaping the behavior of banks or banks breaching the expected fair business practices that is shaping the structure and content of regulations. Or it is the interplay of both that has created the complex structure and behavior of the banking industry and by extension the financial services and its regulations?
It is not an exaggeration to say financial services is perhaps the most regulated industry in recent years. There are more regulations, more expectation of compliance, and more supervision to ensure compliance. There is unprecedented scrutiny of the industry at national, regional, and global levels. This scrutiny and the host of far-reaching regulations together are of topical interest not only for the stakeholders but also to policy makers, politicians, and media, thus putting the spotlight on adherence or lack thereof to the set expectations.
“Financial services” is a broad umbrella term that covers different subsectors like banking, insurance, securities, investment management, and so on. The division into subsectors is more of academic interest, given the changing contour of financial services industry like:
• The emergence of financial conglomerates that are growing both in size and numbers
• Bank, insurance, and market intermediary linkages that are becoming commonplace
• Abolition of barriers/restrictions on investment/commercial banking combinations2
Unified or stand-alone, these sectors combine to form the economic vehicle of a country, a group of countries, or the entire globe to facilitate movement of capital and currency across. They help channel money from lenders to borrowers and vice versa through financial intermediation. It is no exaggeration, therefore, to say that they are responsible for the financial well-being of not just individuals and firms but also countries.
Given the criticality of the industry, it is understandable that the environment it operates in and its various stakeholders have expectations in terms of dos and don'ts from the industry. These dos and don'ts are spelled out in the form of laws, regulations, standards, and codes of conduct. Financial services organizations are expected to comply with these requirements in such a way that there is order in the system and all stakeholders are protected, including the financial services organizations themselves.
Regulatory change is the only constant across industries. The rate of change is what differentiates financial service regulations of recent times. The debate on regulation versus deregulation, market maturity versus too big to fail, less regulation versus excess regulation, and regulatory gap versus regulatory overlap continues to rage.
Be that as it may, it has resulted in a tidal wave of regulations, which some of my banker friends call a tsunami of regulations. Add to this the increasing stakeholder demands for scrutiny, and one would understand the colossal challenges that the industry faces in managing its environment. This also explains why compliance activities have moved from being transaction-focused to becoming integral elements of business management. In spite of the multiplicity of regulations, the paradox of their coverage is that there are pockets of over-coverage like those for deposit-taking institutions and for traditional products, typically for the “on–balance sheet items.” In contrast, there are less regulations of firms that pass under the radar while dealing in huge volumes of money, value, and instruments. An example of this category are the hedge funds that deal in innovative off–balance sheet products or derivatives. This leads to a regulatory imbalance that affects both ends.
The purpose of regulation is essentially sixfold, and here I use the term “regulation” broadly to encompass laws, statutes, regulations, standards, and codes of conduct. They are:
• To ensure fair market conduct and protect the various stakeholders, particularly consumers and the markets
• To reduce, if not completely take away, information asymmetry between the financial services and the customers who buy products or services from these organizations
• To protect financial services from unwittingly becoming conduits for financial crimes such as channeling money for antisocial activities like money laundering and terrorist financing
• To reduce the probability and /or impact of failure of individual financial services firms, especially the “too big to fail” category firms,
1
“Evolution of the UK Banking System,”
2
Adapted from the presentation of Dr. K. C. Chakrabarty, Deputy Governor, Reserve Bank of India @BCSBI conference for Principle Code Compliance officers, April 2013.