Strategies Banks Can Adopt For Worry-Free Compliance

Since 2009, financial services’ compliance functions have undergone drastic changes and modifications and the pandemic only elevated them further. Banking institutions are now looking for a more efficient and streamlined compliance model to actively define and shape the firm’s next strategy and operational excellence. 

With the adoption of modern technology and new risk and regulation compliances, banking institutions are looking at immediate holistic transformation in the banking compliance management approach. According to a McKinsey report, by 2025 all the imminent risk factors faced by banks would be entirely different than they are today. Banking organizations need to be better prepared and equipped to handle such magnanimous changes otherwise, they might get overwhelmed with the new process in play. 

Banks need to address the 3 core principles to create an efficient model for compliance risk management.

#1.Integration with the overall risk-management governance and operational-risk view

Banking compliance risk factors might sound quite similar to other types of banking risks, but in case of any unfortunate and unforeseen outcome, it can often lead to catastrophe if not managed efficiently. 

From 2009 to 2014, we witnessed the regulatory fines going up by 45x compared to banks’ operating income and credit impairment costs and the momentum is showing no signs of slowing down. 

Source 

Banks need to integrate the risk management framework with the bank’s operational-risk view approach as it offers a plethora of benefits such as:

1. The management and the stakeholders have an organizational-level holistic and comprehensive view of all the compliance-level risk factors. It helps them to derive the mitigation strategy appropriately as no material risk is left ignored. 
2. It removes the redundancy of double-reporting. As organizations previously used to work in silos, duplicate risk assessment, risk-related training, and remediation activities were common phenomena. A great amount of manpower and effort was consumed in this process due to operational inefficiency and a decentralized approach. As redundancy is removed, it frees up the resources to be involved in core tasks. 
3. It develops a risk-based practical approach to resource allocation and enables management to take swift action on the basis of remediation and investment in controls. 

A few practice actions a bank can take to enhance the efficiency in this approach are: 

• Develop a holistic and comprehensive portfolio of all the imminent and residual operational and compliance risks.
• Create a centralized banking compliance risk management mechanism.
• Coordinate risk assessments and remediation processes.
• Develop an integrated training and communication program. 
• Involving the relevant stakeholders and decision-makers in regular intervals to keep them updated with the improvements and developing the action plan and prioritization of issues. 
• Establish a clear and transparent governance practice across all the functions

#2. Transformation and expansion of existing compliance roles 

Modern-day risk management framework requires new roles to be involved in the decision-making process. Those days are gone when the compliance department is called only to provide advisory and consultancy. As new risks and regulatory frameworks have emerged, banks also need to rapidly upgrade the roles and responsibilities of compliance officers. Rather than being pushed to a corner over other issues, they would take the middle seat now and drive the conversation pertaining to the banking compliance risk management framework and define the next steps. 

A few inclusive responsibilities of the compliance officers are:

• Explaining the importance of laws, rules, and regulations across the business and how and why they would be turned into operational efficiency requirements
• Defining the standards of material risk, the level of tolerance, and the risk appetite threshold. 
• Creating a comprehensive risk identification and assessment process to score and measure risk factors quantitatively.
• Integrating the tools necessary to effectively handle the risk assessment and management part.
• Defining and enforcing the training programs catering to multiple functions across distinct departments
• Keeping a check on the defined process by doing regular assessments. 

Additional Read: First 100 days as a new compliance officer

Having an effective and proactive risk culture is the key to success. Previously, with an archaic system and mentality in place, the risk department was siloed from the central operation team. Also, the recommendations from the team were perceived and acted on as reactive measures rather than taking them upfront. 

With the increased scrutiny and exponential rise in regulatory fines, it is high time a proactive risk culture is introduced and enforced to tackle any form of risk in banking. 

Having a complete cultural overhaul might not be easy but we can approach it with a methodical and systematic process. A few steps which can lead us to the desired outcome are:

• Enforcing a proper change management process that can flag off any operational changes such as volumes, workflows, products, and more. 
• Conducting regular enterprise-level compliance risk assessments such as understanding the underlying paradigm of dynamic risk management and the consequences of inherent risk exposures.
• Having an overall and extensive risk measuring mechanism in places such as creating a common inventory of risk-related outcomes, situation analysis, quantitative measurements, and more. 

#3. Effective residual risk management

Typically, organizations followed a traditional way of risk identification where they first identified ‘high-risk processes’, then moved on to identifying all the incumbent risk factors and underlying controls associated with them. With the increasingly complex scenario, this risk identification and management process fell short as amid the ambiguity and inconsistency in the process, the real high-risk factors often got subdued. 

The biggest problem in this approach is to define the high-risk factors as there wasn’t any proper objective or guideline. As it was completely at the discretion of business lines, often critical risk components were removed due to their low-value proposition on the business aspect.

The second imminent issue was the need for documentation of all risk factors and the control points actually became a hindrance to doing in-depth analysis (such as creating detailed qualitative and quantitative inventories of all the risk factors). That was because significant bandwidth was spent on mere documentation. 

With the revamped approach to focused and effective residual risk management, banks can ensure that there are no unattended and hidden risk factors to look for. All the points of assessment are taken into consideration such as critical process breakpoints, products/processes risk mapping, and defining key risk indicators to identify, assess and manage. 

Learning Resource- A complete guide to Risk Management

Conclusion

Evolving regulatory compliances have always kept the banks on their toes. Multiple challenges and subsequent coercive measures might be a nightmare to the banks but there’s also a silver lining to this. If efficient banking compliance risk management function and risk culture are introduced and inculcated into the banking institutions, banks might actually create a much better and more apt compliance management system with higher efficacy. This can also translate into a window of opportunity to get ahead of the competition carve.  That said, it would be interesting to watch how banks evolve and transform their compliance risk management approach.