In McKinsey’s 2018 compliance benchmarking survey https://www.mckinsey.com/business-functions/risk/our-insights/the-compliance-function-at-an-inflection-point.
5 conclusions are drawn from the analysis among 24 leading banks:
- Compliance spending growth is slowing
- Size and effectiveness of the compliance function are not yet in balance
- Compliance maturity is not high
- Automation and analytics remain a challenge
- Spending more on technology does not guarantee maturity
No surprises in these findings, but let me make 1
observation and talk about 2 of the recommendations.
First the observation. If people talk about the cost of
compliance, the focus is often on the compliance function; the 2nd
line of defence. I assume that McKinsey is no different. However, the cost of
compliance involves all staff that
are performing work on compliance processes, whether that is explaining
policies to clients, clarifying monitoring alerts or obtaining documentation
required from clients for the sake of the customer due diligence process. Plus
of course the dedicated AML operations teams. The number of FTEs in the 1st
LoD is easily 10 or even 20 times as high as the number of FTEs working on
Financial Economic Crime in the 2nd LoD. Achieving operational
compliance needs a focus on the 1st LoD.
Secondly a few notes on 2 of the recommendations in the
article
- Strengthening risk ownership in the first line
This recommendation is a no-brainer; client contact and
operational tasks are executed in the 1st LoD. The compliance
function instructs, advises and checks but the actual work is done in the 1st
line, if something goes wrong from a compliance point of view it is usually
there. The fact that ownership in the 1st LoD is still not where it
should be, is troubling. Despite all the fines, publicity, tone-at-the-top
workshops and more it’s disappointing that bankers apparently still don’t get
the message.
-
Streamlining compliance processes in the first
line
Streamlining is perhaps an oversimplification; to achieve an
operationally compliant financial institution you need compliance with all
policies, proper and prompt customer services and efficient execution of
operational process. Every day, with every transaction, with every client
interaction, in every corner of the bank. This is best achieved under single
headed ownership; meaning that there is 1 person in the 1st LoD
ultimately responsible for the adherence to FEC policies.
There’s still a lot of work to be done for FIs globally; in the
first line of defence.
