While regulators are driving the focus on accountability and responsibility at a cultural level, the fines for non-compliance are focusing on individuals.
From decrees made during the French Revolution, through a number of influential world leaders, to the mentor of a well-known comic book webslinger, “With great power comes great responsibility” has been attributed to many sources. But it resonates with a number of current and future regulations facing financial institutions around the world.
It is interesting to see common themes around accountability and responsibility arise and continue to grow in the compliance and regulatory environment. It has now been over fifteen years since Sarbanes-Oxley came into effect, almost a decade since the Dodd-Frank Act was proposed in the United States, and over five years since the UK parliament passed legislation to enact the Senior Managers and Certification Regime (SM&CR).
Similar legislation has been implemented in many other countries around the world, and continues to spread and evolve across the global financial services landscape, such as the Banking Executive Accountability Regime (BEAR) in Australia and the Manager-In-Charge (MIC) regime in Hong Kong, to name just two.
These regulations are designed to build the focus on accountability and responsibility into the structure and culture of a financial services organisation. While there can be an increase in bureaucracy to meet these regulations, they can give great opportunities to clarify business structures and areas of responsibility. Similar requirements exist across the global, lessons learned in meeting requirements in one market can be relevant in other markets for other regulations.
Adding core regulatory values to organisational culture
With regard to SM&CR, the UK’s Financial Conduct Authority share a video on their website where a number of banking leaders share their experiences adopting the regime. The interviews all point to a set of common themes: clarity of responsibility, focus on escalation, ownership of the process by the business and not just by compliance. These themes resonate across whitepapers and thought-leadership quotes around all of these regulations worldwide.
Giving personnel a clear structure of their responsibilities and helping define escalation paths builds strong communication between every managerial level and reinforces the core values of the specific regulations within the culture of an organisation. This also imposes challenges as to how to ensure individual responsibilities and process and procedures are relayed to all employees, and how information can be gathered, interpreted and understood by the responsible managers.
Traditionally, this would be the responsibility of the compliance team but with the focus of accountability on the individual managers, it becomes even more important to make all information flows as automated and efficient as possible. Technology can help in this by devolving the managing of process and procedure to the responsible individuals while providing feedback to them from an attestation and compliance overview and an operational governance perspective.
Fines (and pressures) are increasing
Indeed, as reported in the Financial Times, average fines levied against individuals by the FCA almost trebled from around £63,000 in 2017 to around £186,000 in 2018, and there is an increasing number of cases under investigation by the FCA. Currently in 2019, the FCA have imposed multi-million-pound fines and industry bans against responsible individuals.
In January of this year, the FCA fined Mr Stewart Owen Ford £76,000,000 and prohibited him from performing any controlled functions for a combination of breaches of APER 1 (Performance in a controlled function), APER 4 (Integrity in actions) and FIT (Fitness and Propriety). In 2016, FINRA fined Raymond Jones Financial Services for failing to establish and implement appropriate Anti Money Laundering procedures and also fined and suspended the company’s AML compliance officer directly.
The mounting costs of compliance: It’s estimated that globally, the banking sector alone spends $270 billion per year on compliance-related costs.
With potential large fines and prohibitions, managers will have ever-greater pressures upon them to ensure their teams meet required compliance standards and show that effective controls have been put in place to prevent breaches.
Technology can help ensure accountability and compliance
Implementing an effective policy management solution can help both by gathering attestation on responsibilities from a manager and with the distribution of policies and procedures to staff while giving the manager oversight of the compliance of his areas of responsibility. Communicating non-compliance and areas of exception back to the manager is critically important to manage and mitigate the risks faced and workarounds can be put in place and controlled through the implementation of an integrated workflow automation solution.
From an operational and information governance standpoint, an enterprise content management system can provide structure around content management while providing perspective on the level of compliance in areas such as KYC. But these are only parts of a much greater web of tools that need to be used to pull all the threads of a framework together.
Senior managers cannot wear Lycra and a mask to hide their identities like a comic book hero, as accountability is now a very real part of the financial services landscape. But having a clear business-led focus on achieving compliance with a suitable framework of operational solutions in place can alleviate some of the complexity and difficulty in bearing the burden of responsibility on their shoulders.