To ensure the safety and stability of the financial system
• To create a level playing field that reduces monopolistic, anticompetitive situations that would result in less choice and higher price points for customers
All these seem like noble objectives. If that is so, where is the challenge in adopting these measures is a question that requires exploring. As businesses have become more complex, so have the regulations and the resulting obligations. Interestingly, compliance or noncompliance is the outcome of an organization's meeting or not meeting those obligations. The maze gets multiplied with the multiplicity of regulators. Should a country have a single regulatory body for all the components of financial services like the United Kingdom (until March 31, 2013, when it was split into two regulatory bodies with distinct areas of operation, one focused on Prudential regulations and the other on Conduct), Japan, and Indonesia (Indonesia adopted this model in 2011)? Or should there be multiple regulators, with the USA being the lead example? Both have their pros and cons.
The focus should be on how regulation is conducted and not so much on who regulates or how many regulators. There is a constant debate as to whether more regulations or a more effective mechanism for implementing the existing regulations could solve the problem. This is a difficult question and merits a closer look, something we will attempt in a subsequent chapter. The relevance of this question is that more the regulators potentially more the regulations that require more effort at planning and executing compliance.
A disturbing trend over the past few decades is that the system has gotten into a vicious cycle of financial services organizations breaching the rules and regulations both overtly and covertly with serious and negative impact not just to themselves but also the system in which they operate. Like Newton said, “Every action has an equal and opposite reaction.” These breaches and their resultant impact have typically been met with two obvious responses:
1. More and more regulations (the newer regulations are getting broader and deeper)
2. More supervision (both off-site and on-site) by the lawmakers and regulators
As a natural outcome of the two responses, compliance over the last decade has become, or more appropriately been made to become, a fundamental component of financial services by taking on a more formal shape and structure. The challenge that this evolving structure is grappling with is to “comply” with an ever-expanding plethora of regulations. That leads us to two interesting questions: What is compliance? Where does it start and stop? There is apparently a simple answer to the first and a not-so-clear one for the second. Two definitions or descriptions of compliance provide a good starting point for the conversation. It is important to understand that present-day compliance, particularly in the regulatory context, has two aspects:
1. The actual adherence to standards and regulations
2. Demonstrated adherence to standards and regulations
The first is an understood and accepted high-level expectation from the compliance function. It is the second that is worth a closer look. The compliance universe will be increasingly tasked with the responsibility of “demonstrating compliance.” Demonstration at a fundamental level makes two demands on the system. The first is the expectation of transparency and free flow of information. The second is the tracking and recording of proof of compliance. It is these aspects that will increasingly challenge organizations on multiple fronts. Starting from information and people silos, to lack of proof points, to deficient communication, and to actual noncompliance, there are many systemic issues that need addressing.
The emphasis is both on increased transparency as well as on greater enforcement. We will revisit this aspect under the section on real-life issues of compliance. The relevance of this definition is to illustrate the point that the understanding of and expectation from “compliance” is expanding manifold. The Australian standards discussed next add additional depth to the conversation.
Australian Standard AS 3806 – .2006 describes compliance as “adhering to the requirements of law, industry and organizational standards and codes, principles of good governance and accepted community and ethical standards.” As a practitioner, I see this as a more appropriate and encompassing definition. Particular mention needs to be made of the last part of the aforesaid description. The specific callout of “principles of good governance and accepted community and ethical standards” interests me, because the earlier part is the “letter” aspect of compliance, and the latter one is the “spirit” aspect. The overemphasis on the first across time has, as we have seen, not been effective. This definition puts the focus where it should rightfully be – on the intention to encapsulate principles of good governance and business ethics at the core of compliance.
The 2012 LIBOR (London Interbank Offered Rate) scandal is an example where a highly respected body of bankers flouted basic business ethics and took the entire system for a ride. We will discuss the scandal itself in some detail under the Real-Life Cases. For now, the reference is to highlight the fact that the foundation of positive compliance is good governance and sound business ethics. It is the bedrock of sustained and balanced growth. The absence of this bedrock could give monetary gains in the short term but would collapse like a pack of cards when it is discovered that the “business ethics” foundation was faulty or nonexistent. There are proof points galore on this from Northern Rock to Bear Stearns to Countrywide Financial to Washington Mutual to Lehman Brothers, apparently infallible organizations whose names do not exist anymore because of one crisis.
Impact and acceptance of compliance risk as a critical risk in a short period of under a decade is evident through the fact that it is today considered at the top of the risk table. This is because of the challenge of balancing business objectives and the environmental expectations as detailed through several laws and regulations. Imbalance leads to compliance risk. Compliance function is tasked with managing the conflict of interest and to ensure that a win-win situation is created, which is a tall order to say the least.
The other fundamental challenge of compliance risk is that it cannot be addressed through a capital cover, a fixed percentage of capital say, the 8 percent prescribed for the traditional risks like credit, market, and operational risks. There is no “fixed downside” that can be provided for. This is because it is difficult to both quantify the quantum of compliance risk that a bank carries and truly provide for a worst-case scenario. This aspect will be discussed in some detail in the section on risk management.
From an evolution perspective compliance expectations have always been associated with every passing regulation. In the earlier times different disciplines within the organizations would subsume the responsibility of fulfillment of the related obligations. Formation of a compliance function can be traced to the late nineties when regulators like Reserve Bank of India called for the introduction of a “compliance officer,” a trend reflected in other countries like UK's MLRO, where it was made mandatory to have a “nominated officer” in 2007.
But most of these measures were disjointed and sporadic responses, and both regulators and industry soon realized that the area of operations of compliance “needed not only to be enlarged but very clearly defined.”3 What all of the recent regulations topping off with the BCBS 2005 guidelines have done is to establish compliance and compliance function as a necessary part of the industry. As one regulator put it, “In a sense, the need for compliance can, effectively, be equated to the frictional force which, though it impedes the progress a bit, is still necessary for movement. Compliance works more as a lubricant which oils the business machinery and keeps it going.”4
For a better appreciation of the context, it is important to look at both the past and present events that have shaped the content and structure of compliance in financial services. From there, it will be possible to look at
K. C. Chakrabarty: “Compliance function in banks – back to the basics,” July 12, 2013; http://rbidocs.rbi.org.in/rdocs/Speeches/PDFs/SIIBF160713.pdf (reprinted with the permission of RBI).
Ibid.
