This is part 2 of a five-part series with Tom Fox and the FCPA Compliance Report on defining and building an effective compliance program. The series will consider key challenges in compliance, why compliance needs a seat at the table, how to do compliance on a budget, compliance training and culture, and what is on the horizon for compliance.
What are the biggest compliance issues facing banks in the United States? Even in the midst of the COVID-19 crisis, there are other key challenges facing compliance professionals. One notable issue is the uptick in various types of fraud—including cyber-related events, phishing attacks, and other schemes—designed to take advantage of the government stimulus activity underway not only in the United States but in other countries as well.
Another primary challenge involves managing and administering a compliance program when teams are working remotely. Rather than having operational teams in a centralized location processing transaction monitoring alerts for AML or potential sanctions violations, for example, you now have employees required to work from home, through a VPN connection. Other global challenges emerging include the regulatory focus on AML and sanctions, managing the competing needs of compliance programs, and incorporating and enhancing technology into compliance programs.
Regulators have recognized the increase risk as a result of the coronavirus outbreak, with a number of regulators issuing guidance to financial institutions outlining the fraud risks and providing some general guidance on how institutions and also individuals can protect themselves. While noting that the rules remain the same and banks are expected to continue upholding the AML sanctions regulations, regulators have also established hotlines for banks to call to keep them informed if they run into any challenges that would result in them not being able to administer their compliance program to the pre-pandemic level.
This focus on the need for continued compliance even in the midst of the COVID-19 crisis brings into the forefront the always salient debate of compliance as a cost center. If compliance programs do not remain effective, enforcement actions will continue to be extremely costly. Over the last 10 years, fines issued to noncompliant institutions have been substantial. This has meant that businesses not only need to have compliance resources focused on remediation, but business resources as well.
However, as significant (and as costly) as these fines and penalties have been, it is the intangible damage which, in the long run, may be even more costly. A bank might be restricted to certain types of clients and not be able to play out on the risk curve with clients that might be higher risk or located in higher jurisdictions or operating in higher risk industries.
With all that is at stake, both from a compliance and a business standpoint, it is more important than ever that compliance has “a place at the table” with business partners and is a part of the firm’s overall strategy. And not only should they be sitting together, the two teams should be working together. Businesspeople should be attending compliance governance forums. Likewise, compliance should be sitting at the business table understanding the direction of business strategy, the clients that are being on-boarded, and the types of clients and relationships in which the business is interested. Each team should be actively communicating their view of what’s happening in their respective world.
By working together, compliance officers and firms can figure out how best to roll out a compliance program that is commensurate with the organization’s risk and compliant with regulations. If compliance is relegated to the back of the (corporate) bus, this opportunity is lost.
Of course, even the most well-thought-out compliance program will not succeed if it is not operationalized. Compliance is much more than simply implementing policies and procedures. It takes regular communication and dialogue with the people who have to adhere to the policies and regular training so that they actually understand what the requirements are.
People generally want to do the right thing and to follow regulations and the “rules of the road.” It is important, therefore, to make sure that the underlying messages are actively and regularly communicated. This should be coupled with a strong culture where people feel comfortable raising their hands if they think that something is awry, or something is happening that should not be. It is critical for management to communicate that they value compliance and that compliance is important. This means, again, that compliance needs a seat at the table.
To listen to the next podcast in the series, please click here.