Pamela Dusoruth : Compliance, your strategic business partner
Share
Anyone’s first reaction to the word “Compliance” has historically been associated with those who “police” the organisation, carry out conformance reviews and raise findings on what has gone wrong in the organisation.
In the 21st century, in a world of global markets and technological evolution, where does compliance stand? More than ever, organisations are now recognising the importance of having a sound compliance programme. Leaders are closely aligning risks and compliance in defining their strategy, where the ability to manage global risks while minimising costs and increasing bottom line, work in synchronisation.
The role of the compliance function has evolved significantly over the past decades, shifting from the “Policing” approach to the “Advisory” approach. Compliance is now a trusted business advisor that adds value through process reengineering and by navigating through risks and regulatory
complexity.
Compliance today assesses industry trends and global practices to define a more effective strategy to deliver on future compliance operations. It is now increasingly important to have in place a framework that does not only focus on mitigating known risks, but also proactively identifies, assesses and allows readiness to embrace emerging global risks.
With the implementation of the Enterprise Risk Management Framework across financial institutions and the development of relevant processes, the responsiveness of banks to emerging risks promotes resilience and sustainability from an operational perspective. Aligning compliance risk within the Enterprise Risk Management process is essential for organisations to remain relevant in the current competitive industry.
Doing business the ‘right way’ is now a key requirement if one wishes to maintain a sustainable business. Regulators are more and more focused on measures organisations are taking to ensure that the right balance is struck between profitability targets and customer centricity. Recent trends observed across various jurisdictions in which regulators have taken a firm stand against organisations, reinforce this message. Heightened levels of scrutiny, regulatory sanctions being enforced upon organisations as well as the heavy fines levied against these organisations have shown how seriously regulators take this aspect of running a business.
The level of accountability and responsibility being imposed on CEOs in instances where market abuse or conduct related matters are raised further indicate how regulators expect businesses to conduct themselves. Today, even compliance officers face greater responsibility and accountability in ensuring that their organisations are operating in a sound environment, in which there are appropriate control frameworks to detect and mitigate various types of risks. Personal liability is also being looked at in situations where severe control deficiencies are
identified.
Driving compliance in organisations becomes key and, instigating the right culture and awareness across the various layers of an organisation becomes a key aspect of the role of a compliance officer as well as that of the senior management. The ability of compliance officers to perform their duties in the organisation is driven by the focus and importance that the management attributes to such activities.
It is however also important for compliance officers to consider and strike the right balance in assessing risks: we should not forget that we are in a risk-taking business and the “tick the box” approach needs to be challenged. Cutting through red tapes and ensuring that the cost of compliance remains “affordable” to the business, while at the same time remaining within regulatory and policy requirements form part of the compliance culture one should embed and sustain.
The dynamics of a sound compliance programme is to ensure that we remain relevant to the organisation and the environment in which we operate. The foundation for an effective compliance strategy therefore resides along three main principles.
First, “Tone at the Top”. One of the most important pillars of a sound compliance programme, where senior leaders demonstrate their commitment which is then adopted by all layers of the management.
Second, Risk and Control Framework. Understanding business lines’ strategies and operations of the bank to identify risks or threats. A compliance programme misaligned to growth areas of the organisation will be ineffective in managing associated risks and regulatory requirements, and will act as a roadblock to meeting the organisation’s strategic objectives effectively.
Third, responsibility and accountability. While compliance, in its trusted advisory role will provide guidance to the business, a secondary key role is in terms of its “surveillance” responsibilities. An effective surveillance or monitoring programme is equally important to assess and establish the adequacy of how risks are managed as well as the effectiveness of controls. The recent split seen across various organisations into the ‘3-Lines of Defence’ model is the first step organisations have taken to define, and attribute responsibility and accountability to the ‘First Line of Defence’, who owns and manages the risks and the ‘Second Line of Defence’, compliance, that maintains the relevant oversight.
How do organisations therefore achieve their compliance objectives? By ensuring that compliance requirements are given the right focus and importance at leadership level and that those requirements are taken into account when assessing performance within the organisation.
Where leaders directly promote a sound compliance and compliance officers understand their business and remain aligned with the organisation’s strategic objectives, the right compliance and conduct culture will follow.
