A best-practice model for compliant banking
In a recent article by Pjotr Kaminski and Kate Robu
both working for McKinsey&Company an outline is given for a more structural
solution to deal with ever increasing regulatory requirements and compliance
challenges < http://www.mckinsey.com/business-functions/risk/our-insights/a-best-practice-model-for-bank-compliance
>.
The title of the article is “A best-practice model
bank compliance” but if all recommendations are implemented much more would be
achieved than “bank compliance”. The framework will lead to what I’d like to
call ‘compliant banking’ in the true sense of the word. So let me try and
summarize the article and make some observations.
The article starts with the observation that “many
banks still struggle with the fundamental issues of the control environment in
the first line of defense…” we can’t agree more! On a daily basis we work with
our clients to improve the behavior of the front office, but it’s still a long
way for most institutions. Moreover the authors talk about the increased spend
on compliance related programs often with little effect.
These and several other challenges can according to
the article be addressed by following 3 principles:
1.
an expanded role of compliance and
active ownership of the risk-and-control framework.
The idea here is that a compliance team should not
just issue policies and give ad-hoc advice, the compliance function should be
much closer to the business, manage risks and even have an eye for operational
efficiency. Something we wrote about exactly a year ago < http://i-kyc.com/English/About-Us/blog/top-five-priorities-for-the-risk-and-compliance-function-2015.html
>. In such a role a compliance team can actually be much more effective in
building a compliance culture and be of more added value to the institution.
2.
Transparency into residual risk
exposure and control effectiveness.
Most risk frameworks nowadays start from assessing
inherent risk, followed by measuring the effectiveness of implemented controls,
leading to insight in the residual risk exposure and subsequently deciding on
actions to be taken if the residual risk is not within appetite. Most
organizations know this in theory, but the whole framework is rarely
implemented to the full. The article further suggests that the use of Key Risk
Indicators – measuring the residual risk – would be much more effective than
checking all the controls on a regular basis. If applied properly this all
would give the institution a truly comprehensive view of its portfolio of risks
and facilitates a risk-based allocation of resources
3.
Integration with the overall
risk-management governance, regulatory affairs and issue-management process.
Not only would this enhance the overall risk view
of senior management it would also lessen the burden on the business.
The article concludes with a 10-point scorecard to
measure progress in the transformation of the compliance function. I’m not
going to get into the detail of all these points, the most important is that
institutions should realize there’s still a lot of work to do to make the
compliance function the efficient and effective function it can be.
Organizations can perform better, at lower costs and with better management of
risks if the topics pointed out in the article are implemented.
Complacency is not the right answer to all the
challenges, the framework in the article might be.
If you want more information or a discussion on how
your organization is doing in this aspect let us know.
Rolf
