0

Merge compliance and risk to avoid surprises

The financial services industry had been implementing governance models designed to make its institutions more effective well before the COVID-19 pandemic began to wreak havoc on the world. Providers and supervised financial institutions have experienced severe changes in their regulatory compliance requirements since then, due to changing risks and increasing costs as a result of health and safety concerns, plus operational difficulties associated with remote work. And supply chain problems are seemingly relentless.

I have written extensively on governance, risk and compliance, and now I wish to focus on the need for supervised financial institutions to move from isolated risk environments to integrated ones that involve human resources, sales, legal, finance, marketing and compliance. All these departments tend to approach their respective risks in isolation.

The result of managing risk in isolation was felt in August 2020, when the Office of the Comptroller of the Currency (OCC), the US regulator, assessed an $80m civil money penalty against Capital One and Capital One Bank (USA) for their “failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment, and the bank’s failure to correct the deficiencies in a timely manner”.

Considering the enhanced anti-money laundering (AML) environment, the introduction of heightened or new data privacy laws - and accompanying regulations - around cryptocurrencies all create risks that cover an entire institution and connected partners.

Against this backdrop, here are two steps for a financial institution to consider as the economy and business environments seek to rebalance themselves almost two years into the COVID-19 pandemic.

Fusing risk and compliance

The updated Institute of Internal Auditor’s 3 Lines framework, which was released in summer 2020, screamed collaboration between an institution’s risk and compliance functions. Reviewing your current processes, especially if they are manual-intensive, would be a great start to identifying opportunities for growth and realignment. By streamlining these processes, it is possible to ensure that the right people, on the right teams, are alerted to any changes in compliance conditions and any new risks.

Transparently prioritise compliance life-cycle

By increasing transparency, your institution’s business units can better understand top-line goals, the current regulatory environment and which current business activities are most risky. Moreover, ensure that your compliance resources are matched to your regulatory challenges and talent by developing a continuous improvement plan. You can better manage costs with a compliance team that strives for incremental improvements.

Conclusion

In short, fusing risk and compliance functions, while supporting and promoting consistent and transparent communication with strategic business partners, will only lead to success for your institution and help to minimise surprises.

NB: About Derek Smith Jr

Derek Smith Jr. has been a governance, risk and compliance professional for more than 20 years. He has held positions at a TerraLex member law firm, a Wolfsburg Group member bank and a ‘big four’ accounting firm. Mr Smith is a certified anti-money laundering specialist (CAMS), and the compliance officer and money laundering reporting officer (MLRO) for CG Atlantic’s family of companies (member of Coralisle Group) for The Bahamas and Turks & Caicos.

Comments

Use the comment form below to begin a discussion about this content.

Sign in to comment