Skip to content
Operational risk management

Implementing a successful regulatory compliance program

Charlie Serocold  Professional Services Consultant

Charlie Serocold  Professional Services Consultant

5 basic steps

It’s no secret that it has become increasingly difficult for multinational banks to manage their compliance programs and this is largely due to the fact that they are engaged in so many business and service lines. Since 2004, regulatory updates have increased from around 10 a day to nearly 118. One might expect this regulatory burden to have hampered banks from retaining their spirit of innovation. However, they continue to identify profitable new jurisdictions (Thailand, Chile, etc.) and potential new business lines (mobile banking, blockchain) without neglecting the new statutes, codes, regulations and guidance documents.

Ethics and compliance programs gone awry

The increase in regulations has exposed several challenges within financial institutions – from a lack of understanding as to which regulations apply to which functions and people within the organization, and the disparities of regulations across jurisdictions; to how exactly financial institutions should structure their compliance programs.

A successful regulatory compliance program begins with a solid foundation, where employees participate in the necessary training to fully understand the meaning of strong ethics and integrity, and in return apply these values to their work. If the Bank Secrecy Act stipulates that depository institutions must keep certain records that have a “high degree of usefulness in criminal, tax, or regulatory investigations and proceedings,” an employee should be able to exercise such values and point to the relevant training manual if questioned.

Deutsche Bank recently paid out an immense $258 million to US state and federal regulators to settle charges for business committed on behalf of entities in US-sanctioned countries, such as Iran and Syria. There are actually no sanctions compliance programs required by any regulations, although one might argue that Deutsche Bank should have known and implemented a written OFAC (Office of Foreign Assets Control) program. This may be an unwritten rule, but if employees were able to apply strong business morals and ethics, this incident may have been avoided.

In another case, ABN AMRO Bank N.V. paid out a smaller sum of $640,000 to the Dubai Financial Services Authority for failing to adequately supervise their private banking international staff around deficiencies in their anti-money-laundering systems and controls. Again, an understanding and application of ethics and principles may have helped to catch this failing.

Seven banks (Barclays, Commerzbank, Credit Suisse, Deutsche Bank, Merrill Lynch International, Royal Bank of Scotland and Société Générale) have been fined by the Financial Conduct Authority (its predecessor being the Financial Services Authority) for MiFID (Markets in Financial Instruments Directive) transaction reporting failures. UBS is set to receive the largest-ever fine (over $18M) for the same oversight. This is a clear indication that regulatory compliance programs are still in disarray and that in practice lessons have not translated into necessary change.

The solution

The solution contains two components – one on a foundational level and one on a practical level:

  • On a foundational level, if we accept that strong morals and integrity are a critical component of any great business – and let’s not argue this one – we can apply Jim Collins’ quote, “Greatness, it turns out, is largely a matter of conscious choice, and ” Employees can indeed learn and apply strong morals and integrity in the workplace.
  • On a practical level, guidance and assistance are Financial institutions must be aware of what they need to capture when it comes to implementing regulatory compliance programs. Banks need to:
    • Identify the risk areas
      • The types of products and services offered
      • The customers served
      • The jurisdictions of operation
      • Comprehension of all the regulatory requirements
    • Provide appropriate screening and reporting mechanisms
      • Leverage technology and software
      • Update training manuals, policies and procedures
      • Document how these updates are distributed

The 5-step implementation plan

Developing a regulatory compliance program requires time, resources and expertise. Even with a solution  in mind, banks might not have the means to begin execution. Thomson Reuters assists our clients in executing a successful regulatory compliance program with a basic 5-step implementation plan.

1 Provide a comprehensive list of regulations affecting different business lines and products depending on the jurisdiction and where the financial service is operating
2 Identify, from within those regulations, the relevant obligations applicable to those business lines and  products
3 Monitor those regulations and obligations as updates are made and ensure that the financial institution is made aware of  them
4 Help to identify gaps in the organizations’ training manuals, policies and procedures documentation
5 Implement and configure workflow software that manages risks, reporting and issues that impact the organization from top to bottom

 

Clients who have implemented this 5-step plan have observed key benefits – a greater understanding of changing regulatory requirements and their impact on the bank’s specific business lines; more efficient allocation of human and financial resources; and a superior ability to gather, prioritize and assess risk – all of which contribute to immensely improved interactions with regulatory bodies.


Learn more

What are the top 5 compliance trends in 2016?  For some key action items, download our infographic.

Thomson Reuters Exchange Magazine: Risk and compliance
Read more from Exchange Magazine in the Know 360 app
  • Facebook
  • Twitter
  • Linkedin
  • Google+
  • Email

More answers