By Bob Souster

Few functions in the banking industry have seen as many changes in their fields of operation than in compliance. Once regarded as a specialist area with a narrow focus on legal and regulatory matters, the work of compliance departments has expanded in scope and has moved steadily to occupy centre stage. This article examines some of the drivers behind such changes and looks ahead to the challenges of tomorrow.

The traditional view of compliance regarded it as a function that was necessary to ensure that the organisation operated within existing laws, regulations and generally accepted standards. This aligned with a simplistic view that ensuring adherence with rules would prevent undesirable behaviours and hence adverse outcomes to the organisation and its stakeholders. It also led many bankers of the past to be attracted to a ‘box-ticking’ approach through which the level of compliance would be assessed by the extent to which the organisation operated within legal and other parameters. The global financial crisis of nearly two decades ago shattered the illusion that a rules-based approach was sufficient or adequate.

At the time, bankers became subject to profound public scrutiny, with some contemporary commentators complaining that those responsible for the ethical deficiencies “should have been locked up”. But there are simple reasons why nobody (or very few) people were locked up: firstly, some of those responsible for the demise or near-demise of their employers did not break any rules and operated within the letter of the law; secondly, they were actually doing what bankers were then expected to do, which was to make judgments about risks and rewards within the frameworks that existed at the time. In the words of Tracey McDermott, former Director of Enforcement and Financial Crime at the Financial Services Authority (FSA), as reported in the Chartered Banker magazine’s 2015 article, The Compliance Balancing Act, “In the same way as regulators have to stop ourselves reaching for rules, you have to stop yourselves reaching for ever more prescriptive controls to try and fix deeper seated issues. We have learned that rules alone are not the answer – the FSA rule book expanded significantly during the period building up to the crisis – but did it make people behave better? History would suggest not.”

To many bankers today, the crisis described above is either a distant memory or occurred before their time. Some younger bankers were still in elementary school when Lehman Brothers collapsed and Northern Rock was rescued by the UK government’s intervention. Yet one does not have to go as far back to understand that lessons were not learned and that history can repeat itself. The relatively recent demise of Silicon Valley Bank can arguably be attributed to simple failures, including overconcentration of business risks and unwillingness to modify business strategy when prevailing market conditions demand it.

Of course, these problems reflect shortcomings of leadership rather than compliance failures, especially if one restricts the view of compliance to the narrow, historic approach. The responsibility for deciding a bank’s ‘road to travel’ and staying on that road lies squarely with the board of directors, whose strategies and policies are put into effect by the executive team. Yet, compliance has a significant role to play in reducing the prospect of future crises. While such risks cannot be eliminated, they can be mitigated by structuring compliance functions in an appropriate manner, whilst maintaining the delicate balance between managing commercial opportunities and ensuring rigorous scrutiny and oversight.

Compliance With What?

While compliance starts with ensuring that the organisation operates within laws and regulations, it is now recognised that the scope of the work of compliance departments goes much further. There will always be a need to commit resources to anti-money laundering and countering financing of terrorism policies, reducing exposure to market abuse and prevention of fraud. The people and budgets devoted to such activities are likely to increase still further in the future. Increasingly, however, banking organisations have to be aware of challenges such as conduct risk, demands of regulators to treat customers fairly at all times and generally accepted obligations to ensure that their strategies and policies are consistent with best practices in respect of ESG (environmental, social and governance). Significantly, none of these can be managed effectively by well-defined rules, or performance measured by ticking boxes. In future, compliance departments may have to rely on qualitative assessments, including making subjective judgments on matters that either cannot be quantified or around which no consensus has been formed.

Forward-looking, Judgment-led Orientation

While a popular (and misguided) view of the compliance function likens its work to that of a ‘traffic cop’, a more positive approach is to regard it as an enabler. Properly executed, compliance functions can improve reputation, reduce customer attrition and identify areas for improvement.

Embedding Compliance Across the Organisation

Increasingly, compliance professionals have to work hand in hand with functional managers, especially paying due regard to risk management imperatives. In addition, new demands will result in the need to consult specialists and experts. For example, in assessing whether a bank is acting in a manner that is consistent with the Principles for Responsible Banking, it may be necessary to analyse the positive and negative externalities of a deposit, an investment or a loan. In many cases it will be important to rely on expert support. This is a difficult and sometimes impossible call to make, when existing hard facts and scientific knowledge cannot provide definitive or conclusive answers.

Changing Dynamics

The external environment is constantly changing, which means that compliance departments must adopt a proactive approach to their work. The next decade will see rapid innovations, including more widespread adoption of machine learning, predictive analytics and artificial intelligence. All of these have the potential to enhance the efficiency of banks and add value to the customers’ experience, but they also represent steps into the unknown with associated risks.

Accepting that Compliance and Ethics are Related but Distinctive

Banks have been focusing more attention on ethics and professional standards in recent years. This has resulted in new demands of many functions relating to human resources management, including recruitment, selection, induction, training, performance management, measurement and appraisal. As a result of this, the work of some compliance functions has expanded into how bankers conduct themselves as well as what they do and how they do it. However, the lessons of history confirm that it is possible to act in a manner that is lawful and consistent with policy, yet still be unethical, whether assessed in terms of obligations to others or consequences.

Robert (Bob) Souster is a Partner in Spruce Lodge Training, a consultancy firm based in Northampton, England. He lectures on economics, corporate and business law, management, corporate governance and ethics. He is the Module Director for ‘Professional Ethics and Regulation’, a core module of the Chartered Banker MBA programme at Bangor University, Wales.