For Compliance, Risk, and Governance teams
Gain control and efficiency with our comprehensive dashboard
Effortlessly centralize document and file management securely
Organize and streamline activities with automated scheduling calendar
Empower compliance with timely notifications, alerts, & deadline tracking
Ensure timely response, accountability, and risk mitigation through escalations
Gain compliance control, mitigate risks, & save time with framework library
Streamline assessments. enhance collaboration, ensure compliance.
Strengthen accountability, compliance, and transparency with audit logs
See our platform in action for free. No credit card required!
Efficiently manage GRC using your everyday tools
The Ultimate Agile Solution for Compliance Teams
Goin 360-degree visibility with intuitive compliance dashboard
Stay informed and proactive w ith notifications & alerts
Simplify file and document management with ease
Automate compliance workflows for seamless efficiency
Streamline compliance with customizable framework library
Enable collaboration across locations, departments, and teams
Centralize compliance work for streamlined efficiency
Goin actionable insights with robust reporting feature
The Essential Solution for Empowered Risk Managers
Identify and track risks using the centralized risk register
Enable collaboration across stakeholders for better resolution
Streamline risk assessment with process automation
Enhance risk visibility with intuitive and centralized dashboard
Establish connection across teams, departments, and locations
Elevate risk awareness through proactive notifications
Manage files & evidence centrally for efficient control
Enhance decision-making with actionable risk insights
An Unparalleled Solution for Policy Management Teams
Efficient policy distribution through central repository
Streamline policy drafting and lifecycle management for simplicity
Simplify compliance with comprehensive policy templates
Simplify policy management with efficient version control
Accelerate policy approvals with automated processes
Collaborate seamlessly with cross-functional teams
Effortlessly measure policy training effectiveness with assessments
Manage policy life cycle with automated reminders and notifications
The Complete Solution for Empowered and Efficient Audit Teams
Maintain transparency and accountability with audit trails
Organize and streamline audit with automated scheduling and calendar
Centralize audit files for streamlined evidence collection and management
Stay informed with proactive audit activity notifications & alerts
Streamline audit assessments for comprehensive compliance
Bring audit plans, activities into the single space for complete control
Simplify audits with automated workflow efficiency
Gain 360-degree visibility with intuitive Audit dashboards
Empowering success through streamlined compliance, risk, and governance solutions
Empower your business with simplified regulatory compliance solutions
Empower your enterprise by elevating risk management practices
Transform GRC operations for optimized efficiency and effectiveness
Mitigate risks with seamless third-party risk management
Check out our comprehensive guides for seamless management!
Empower your business with pre-built customizable regulatory and control frameworks
Achieve quality success through ISO 9001 Framework
Deliver compliance excellence with the power of SOX framework
Simplify your security approach with ISO 27001 framework
Navigate cybersecurity excellence with NIST framework compliance
Promote data security through compliance with PCI DSS framework
Unlock trust and security with SOC 2 framework for compliance
Empower your industry with unmatched effectiveness and efficiency
VComply for the Financial Services Industry
VComply for the Manufacturing Industry
VComply for the Banking Industry
VComply for the Non-Profit Industry
VComply for the Higher Education Industry
VComply for the Food & Beverages Industry
VComply for the Healthcare Industry
VComply for the Construction Industry
Stay connected and grow alongside VComply
Stay informed on compliance, risk, audit, and policy management trends
Streamline work with comprehensive guides for seamless management
Navigate complex GRC challenges with valuable e-books
Discover user stories for valuable insights into user-experiences
Access comprehensive definitions and explanations for essential GRC terms
Gain a comprehensive understanding of the features, benefits, and capabilities
Discover insights from experts on the latest happenings in GRC
Learn tips, tricks, and insights to make compliance work for your organization through our expert webinars!
Utilize our go-to templates and checklists to help you stay compliant
Keep in sync with the latest changes by updated framework templates
Get compliance assistance through VComply compliance checklists
Download policy templates that you use to create guidelines and processes.
Discover the power of VComply through our detailed use case guides
Get to know what make VComply the best GRC platform on the market
Discover VComply's value, mission, and vision for better GRC future
Stay informed about VComply and GRC industrylatest updates
Join VComply, redefine compliance, unleash potential
Know about our partnership program
Get to know our board of advisors
Our legal terms of services and privacy policy
Stay up to date on the latest VComply news
VComply offers unparalleled Sales and Customer Support
Send us your sales queries and let us know your needs
Get 24/7 quick and dedicated support anytime
Lets get social
Follow us on LinkedIn for company updates
Join VComply on Twitter for live updates
Regulatory watchdogs around the world served stiff penalties in 2020, with major financial institutions being asked to own up for their deficiencies and malpractices. Citigroup faced a $400 million fine for risk management shortfalls, JP Morgan was charged $920 million for illicit market activity, Westpac agreed to a record fine of AUD 1.3 billion for anti-money laundering breaches, Goldman Sachs was fined $2.9 billion in connection with the 1MDB scandal, and Wells Fargo saw a huge $3 billion penalty for he fraudulent account fiasco.
The list could go on, but as the fines grow weightier, all eyes are on what compliance can do to protect organizations from not just economic damage, but the long-lasting reputational damage that accompanies financial abuses. Here are some compliance learnings one can glean from the Goldman Sachs and Wells Fargo cases.
In the 1MDB scandal, Goldman Sachs came under intense scrutiny for its role in money being siphoned from Malaysia’s sovereign wealth fund, 1Malaysia Development Berhad. The ongoing investigation probes the bank’s role in underwriting 1MDB bond issues. About $6.5bn was raised in 2012 and 2013 and the bank is said to have earned over $600m in fees for the work. The complex global fraud saw Malaysian common folk deprived, private pockets filled, and Goldman Sachs staring at fines to the tune of $5 billion.
Recently, the bank’s chairman and CEO, David Solomon, called the scandal an “institutional failure”, noting that “certain former employees broke the law, lied to our colleagues and circumvented firm controls…we did not adequately address red flags…”
In the aftermath of the 1MDB scandal, experts from around the world have opinionated on what might have led to the massive corruption scheme.
Goldman Sachs intended to expand aggressively and dominate the South-East Asian market. The problem lay in the fact that the SEA market was also known to carry a high risk of money laundering. Turns out that Goldman’s compliance and risk management systems weren’t primed in keeping with the high-risk business model that the bank was adopting for the region. The US Department of Justice later noted that, “Goldman’s business culture…particularly in south-east Asia, was highly focused on consummating deals, at times prioritizing this goal ahead of the proper operation of its compliance functions.” A key learning from this is that compliance is a crucial element of business strategy.
Central to the1MDB scandal was former chairman of Goldman Sachs in South-East Asia Timothy Leissner and he later pleaded guilty to conspiring to launder money. Bloomberg reports Leissner as revealing that the “culture of secrecy” at Goldman led him to conceal wrongdoing from compliance staff.
“It must be presumed,” lecturer from the University of Alexander Dill says, “that he would not have attained partnership status, without executive management’s approval of his conduct and character. Who makes partner at Goldman is a true reflection of the company’s tone at the top.”
When the tone at the top upholds ethics and integrity, compliance has a firm footing. If ethical norms are brushed aside by an organization’s leadership, it can only be a matter of time before cracks emerge.
International fugitive Jho Low, is accused of having masterminded the 1MDB plot and Leissner tried to have him as a Goldman Sachs customer. The move was prevented by the bank’s Compliance Group and Intelligence Group on concerns they had over the source of Low’s wealth. Yet Leissner continued to work with Low and financial regulation news analyst Regulation Asia points out that, “a siloed approach to KYC allowed its sales team to circumvent controls and onboard Low as an indirect customer via the 1MDB bonds.”
If your organization’s sales teams, compliance departments, senior management, and board work in silos, information can slip through the cracks and controls in place to detect financial crime can give way. In case of money laundering, the first step of “placement” that is the act through which the fraudster seeks to insert tainted money into the legal system, is crucial. For KYC controls to work efficiently, it is best that all departments work together.
The account fraud scandal at Wells Fargo came to light towards the end of 2016.Over million fraudulent bank and credit card accounts were reportedly created on behalf of clients of the bank without their knowledge or consent. Wells Fargo betted hard on a cross-selling strategy and by 2012 had an average of .9 products per customer. However, by 2013, rumors had surfaced that employees were gaming the system to meet their cross-selling targets.
Cutting to the chase, a Shearman & Sterling report later pointed out that, “Many employees felt that failing to meet sales goals could (and sometimes did) result in termination” and that “certain managers explicitly encouraged their subordinates to sell unnecessary products to their customers in an effort to meet sales goals.”
It’s clear from this that the Wells Fargo fiasco boils down to aspects like a problematic business strategy, bad company culture, and poor tone at the top. Back in September 2016 the bank was fined $18 million and as recently as February 2020 Wells Fargo faced charges amounting to $3 billion.
Reports reveal that in mid-2014 Well Fargo attempted to curb the malpractice of creating fraudulent accounts with an ethics workshop. Yet, reports also indicate that bank managers allowed illegal conduct to persist until 2016. The point here is that compliance cannot really thrive or survive if there is discord between your Code of Conduct and company culture. You need to weed out rouge employees and correct a bad company culture if you are to be successful.
Stanford researcher Brian Tayan keenly points out that branch-level employees received incentives to cross-sell, but the senior-executive bonus system did not have the increase in products per household as a metric. Are there business-critical matters that are passing the oversight of senior members at your organization? Compliance is everyone’s responsibility and requires the entire team, right from the employees to the senior management and board, to protect the organization from known risks.
Assuming that you set realistic targets for your employees and have appropriate controls in place to mitigate risk, how do you maintain a controlled and cohesive environment, prevent stuff from slipping through the cracks, and avoid risks from growing unnoticed? A notable way of doing this is to use cloud-based GRC software that works on an organization-level.
VComply, for instance, gives you the tools you need to assign responsibilities, escalate matters, conduct gap analysis, monitor your risks, evaluate existing controls, distribute, and test policies, and a lot more. You may or may not have thousands of employees like Wells Fargo; nonetheless, overseeing the lifecycle of your compliance, risk, and policy efforts can be painstaking and even impossible if you do not have the tools to do so.
Wells Fargo has been, and still is, among the biggest banks in the US. Imagine the shock and betrayal customers would have experienced on hearing that Wells Fargo created fraudulent credit cards or bank accounts in their name. The reputational damage of non-compliance is immense. “Simply put, Wells Fargo traded its hard-earned reputation for short-term profits, and harmed untold numbers of customers along the way,” US attorney Nick Hanna is quoted as saying.
The moral is that no one is above the rules of regulations. Regulatory compliance is not something you want to gamble with as it can wipe out your customer base and share holder value.
Whether t’s anti-money laundering or nurturing an ethical business culture, Goldman Sachs and Wells Fargo teach us that compliance is more than a checklist. It evolves with your organization and having the tools to stay compliant best serves your growth.
We have spoken in length about the consequences of non-compliance, penalties and untangling complex web of compliance challenges. To reduce the risk of violating regulations and standards, establish a holistic approach across your organization with streamlined compliance processes, controls, risk assessment and audits. Leverage an automated tool like VComply and streamline your compliance programs.
Ready to set up a trial of VComply and automate your compliance process?
Explore our new 
