In McKinsey’s 2018 compliance benchmarking survey https://www.mckinsey.com/business-functions/risk/our-insights/the-compliance-function-at-an-inflection-point. 5 conclusions are drawn from the analysis among 24 leading banks:
- Compliance spending growth is slowing
- Size and effectiveness of the compliance function are not yet in balance
- Compliance maturity is not high
- Automation and analytics remain a challenge
- Spending more on technology does not guarantee maturity
No surprises in these findings, but let me make 1 observation and talk about 2 of the recommendations.
First the observation. If people talk about the cost of compliance, the focus is often on the compliance function; the 2nd line of defence. I assume that McKinsey is no different. However, the cost of compliance involves all staff that are performing work on compliance processes, whether that is explaining policies to clients, clarifying monitoring alerts or obtaining documentation required from clients for the sake of the customer due diligence process. Plus of course the dedicated AML operations teams. The number of FTEs in the 1st LoD is easily 10 or even 20 times as high as the number of FTEs working on Financial Economic Crime in the 2nd LoD. Achieving operational compliance needs a focus on the 1st LoD.
Secondly a few notes on 2 of the recommendations in the article
- Strengthening risk ownership in the first line
This recommendation is a no-brainer; client contact and operational tasks are executed in the 1st LoD. The compliance function instructs, advises and checks but the actual work is done in the 1st line, if something goes wrong from a compliance point of view it is usually there. The fact that ownership in the 1st LoD is still not where it should be, is troubling. Despite all the fines, publicity, tone-at-the-top workshops and more it’s disappointing that bankers apparently still don’t get the message.
- Streamlining compliance processes in the first line
Streamlining is perhaps an oversimplification; to achieve an operationally compliant financial institution you need compliance with all policies, proper and prompt customer services and efficient execution of operational process. Every day, with every transaction, with every client interaction, in every corner of the bank. This is best achieved under single headed ownership; meaning that there is 1 person in the 1st LoD ultimately responsible for the adherence to FEC policies.
There’s still a lot of work to be done for FIs globally; in the first line of defence.