This article originally appeared in Forbes
As scandals, large fines and sanctions at financial services firms swirl in the press, what is really keeping Chief Compliance Officers awake at night? To answer that question, I asked Elin Cherry, Principal, Compliance Risk Concepts, Alma Agnotti, Managing Director, Navigant and Robert Powell, Director of Compliance, IPC to share their thoughts at a recent event. This is an edited version of that conversation.
1. Personal Liability
“Personal liability is starting to raise its ugly head”, said Robert Powell. “In the last few months, we’ve seen cases of professional liability where compliance officers have been sanctioned for not having control of their own organization. It’s an interesting milestone that we should be careful about. Compliance officers carry liability and huge reputational risk if they are found to be not doing something that they should be doing.”
Alma Agnotti agreed. “I’ve seen compliance officers trying to do a good job, but they can often give the business plausible deniability. If you don’t properly escalate, if you don’t put the risk where it belongs — with the business – when there’s a problem, the business people are shocked and fire the compliance officer. The compliance officer becomes the scapegoat. It’s easy to get beaten down. It’s easy to stop asking for things or to stop raising issues. Instead, make sure you have a good documented governance structure so that you can make them listen, even though they might decide not to act. That way, you don’t have the weight of the world on your shoulders.”
2. Lack of funding
“It’s all about funding” said Elin Cherry. “Most compliance officers are struggling on a day-to-day basis to get funding to keep the compliance department working well. If everything’s working, nobody believes it’s broken and that you need to do something. On the other hand, as soon as it stops working, it’s suddenly your fault. Even if the compliance officer was pushing for all the things that they needed, when the big fine comes down, the first thing management thinks is ‘let’s change the CCO’. Nobody goes back and questions ‘did we properly funded this compliance officer’”?
This impacts staffing as well. “Everyone’s looking for less expensive staffing. Firms are looking at removing people age 45 and older because they’re ‘paying them too much money’. Yet when these people try to find new jobs, and are willing to take a pay cut, firms don’t want them because they have ‘too much experience’” said Cherry.
3. Bigger Fines
“One reason you’re seeing bigger and bigger fines is to create deterrence and demonstrate that firms need to focus on appropriately supervising the business” said Agnotti. “From a regulatory standpoint, big fines are important because a certain segment of the industry is making investments to improve compliance, particularly in technology, which is very expensive and difficult to implement well. When other firms lag behind and don’t make those same type of investments, that puts them at a competitive advantage. From an enforcement philosophy view, that’s a big problem”.
“We’ve moved away from when fines were regarded as a cost of doing business” added Powell. “The reputational risk that comes with those fines now far outweighs the cost of those fines. The cost of implementing good compliance solutions is less than the fines that you can receive.”
4. Culture Of Compliance Demands
We’ve seen the increased calls for a Culture of Compliance from regulators. In fact, the Financial Industry Authority (FINRA) recently conductedexams to understand the cultural values of 15 broker dealers. We hear about the importance of having the proper “tone at the top”, but, is that the real issue?
“The tone at the top is not the problem. It’s the tone running down through the organization” said Powell.
Cherry agreed. “Tone at the top is never the problem. No CEO is going to say, ‘I don’t care about compliance’. They say the right things and the written policies and procedures will say that firms are compliant with all rules and regulations. The ‘tone through the middle’ is the challenge of maintaining a culture of compliance.”
“I call it mood in the middle” agreed Agnotti. “When CCOs and other people just below the C-Suite get in front of the board of directors, they only want to come with good news. They’re afraid if they come with bad news, they’re will be criticized. That’s a realistic fear. If this is your 15 minutes in front of the board twice a year, you want to shine. You don’t want to be the problem. As a result, senior people think ‘nobody’s telling me there’s anything wrong, so it must be all fine’”. It takes a lot of courage as a compliance officer to come forward and say, ‘I’ve got these problems, this is how I recommend fixing them.”
5. Zero Tolerance Polices
What happens when firms go too far in the other direction? “We’ve seen global banks with a zero tolerance policy for any kind of regulation infraction. So any kind of breach, or any suspected breach, becomes a pink slip event” said Powell.
“I honestly believe that 99 percent of regulated employees in all of our organizations and all of my customers, are actually very happy, doing a great job, getting paid a decent salary. They have a great house, a great lifestyle. They do not want to go out in the morning to mess things up. So if they get fired for doing something utterly stupid, for a single infraction, firms should look inward and say, ‘did they have training, knowledge, and expertise to avoid breaking the rule in the first place?’” said Powell.
6. Social Media And Other Forms Of Communications
The increasingly rigorous regulatory landscape is made even more challenging by the explosion of ways that we now can communicate. Financial advisors, traders and others want to use the tools that their peers and clients use, whether or not they are approved by IT or Compliance. People are quickly migrating away from email to unified communications, instant messaging, enterprise collaboration tools, industry specific tools such as Reuters, Bloomberg or ICE, traditional social media networks such as Facebook, LinkedIn and Twitter, and newer networks such as Snapchat, WhatsApp, and networks such as WeChat, Weibo and Line that are popular outside the US. But these additional channels present compliance challenges that require proper planning in advance.
“As an example, we see Skype for Business (chat, voice, video, attachments) being rolled out across trading firms in large organizations. You can now reach out pretty much to anyone, anywhere in the world with a single click. This presents challenges to new regulatory requirements in Europe where you must record all electronic communications, including voice calls, for client orders and anything that may have led to transactions. That could include the conversation about the weekend sports, or the conversation about what the market’s doing at the moment. You are maintaining your social relationship in order to do transactions” said Powell.
“Firms are struggling because with every new communication channel, comes an additional cost and additional monitoring. They’re trying to write policies that say ‘you can’t use these’. But we all know that doesn’t work. Compliance officers and the supervised individuals at smaller firms increasingly feel uncomfortable with the review of social media and emails. Firms are outsourcing review just to get away from that discomfort” said Agnotti.
7. Staying Current With Technology
“If you have the data, the government and the regulators expect you to make good use of it” said Agnotti. “Even small firms cannot manage these vast amounts of data without decent technology. That gets firms into a lot of trouble. The best systems available quickly become a regulatory expectation and firms can get left behind. You can’t use Excel spreadsheets if there’s something in the market that’s better. You may not want to be ahead of everybody in terms of technology, but you certainly don’t want to lag behind.”
Subscribe to the Proofpoint Blog