Firms urged to spend more, complain less to meet compliance challenge
By Rachel Wolcott
LONDON/NEW YORK, May 16 (Thomson Reuters Accelus) – Talk to any compliance officer these days and the chances are they will tell a story about too many new rules from too many jurisdictions that are too complicated and labour-intensive and expensive to implement. Each time another missive hits their desks from the Financial Services Authority (FSA), or one of the many other global, European Union or U.S. regulators, bankers, their compliance officers or risk managers, wonder quite how they will be able to manage the implementation process and also, perhaps more importantly how much it will all cost.
At the Cass-Capco Institute Paper Series on Risk conference held last month in London, a senior compliance official from a global systemically important financial (G-SIFI) institution said: “We are deluged with regulations that we don’t know will work, then we have to implement them. People are getting lost in a mire of complexity.” This type of comment sums up the industry-wide mood when it comes to its regulators and their demands. Indeed, a wave of regulatory fatigue is emanating from the financial services industry. There seems to be a strong feeling that all this costly regulation will only stifle business and, what is more, that it probably will be ineffective. The question is why bother.
Amid the sighing and hand-wringing, a starkly different view has begun to emerge from consultants and lawyers, who argue that, if financial services firms believe they have too much work to do in regulatory compliance and not enough resources, then they should be spending more. There is no excuse, especially for the big firms, to have understaffed and under-funded compliance and risk management departments. Furthermore, they have suggested, what firms do not spend on being compliant, they may well end up paying in fines.
Jason Wintie, director of compliance at the Consulting Consortium, said: “In terms of resources the banks, the big firms have no reason to have under-resourced compliance departments and functions. If they have, it’s probably because they haven’t actually worked out what they need to have in place to fulfil their obligations.”
TOUGHER REGULATORY REGIMES
There are undeniably more rules and regulations with which banks need to comply, but perhaps what is equally important for financial services firms to accept is that regulators are getting tougher in their enforcement of existing rules.
The UK’s FSA is a good example of a regulator that has seriously sought to raise its level of scrutiny of firms. Prior to the financial crisis the FSA was viewed by some as a body which was mainly concerned with cracking down on independent financial advisers (IFAs), mortgage brokers and insurance salespeople who were ripping off their clients. Big firms and investment banks had a predominantly prudential supervisory relationship with the FSA, which did not look too closely at firms’ conduct.
Moreover, before the crisis, the FSA’s staff did not necessarily have the ability to ask tough questions at investment banks. FSA staffers may have understood the world of IFAs and mortgage brokers, but when it came to the complexity of investment banks, they were blinded by science. Caught out by this lack of insight into what big banks were doing in the run up to the financial crisis, the FSA has subsequently sought to increase its expertise and its ability to monitor more complex firms.
“They’re more knowledgeable and they’ve recruited people from different sectors and there’s a greater knowledge base at the FSA. When they’re supervising these more complex and larger firms, they are able to ask the right questions and ensure that firms know what’s going on at the conduct level,” Wintie said.
Now that they have recruited staff who are able to ask tough questions with confidence, regulators such as the FSA are already starting to interrogate firms more thoroughly, and under-resourced compliance departments are not always able to give the regulator the detailed answers that they seek. More than ever, regulators have been finding that some institutions have only implemented minimum standards, and that compliance at some firms is little more than a veneer.
“[The FSA is] lifting the covers and actually diving into the details. That’s what’s causing some trouble for firms, because they don’t have the resources to ensure that the detail stacks up. It looks like the compliance structure is there in practice, but a lot of firms have got away with [weak compliance departments] because the FSA hasn’t looked too closely. Firms have been able to get away with a perception of having enough resources on compliance,” Wintie said.
Richard Indge, head of Ernst & Young’s fraud investigation and dispute services, said: “If firms use a veneer to try to fool the regulator into thinking they’ve done enough then they really do run big risks when the regulator sees through it. And it will.”
WHAT IS THE ACTUAL COST OF COMPLIANCE?
Perhaps the biggest impediment to the construction of an effective compliance function is the perception that the costs will be enormous. The heavy regulatory load imposed by implementation costs, whether in technology spending, people hours or legal and consultants’ fees, is cited as one reason that firms are making less money post-Lehman Brothers. There is, however, no hard evidence that regulatory compliance is the huge financial burden which most firms have claimed; many do not have a realistic view of the cost.
Robbie Constance, a senior associate at RPC in London, said: “I’m interested to find out how much firms think regulatory compliance is costing them. I’m not sure many have a grasp on what it costs in terms of the hard costs of employing risk and compliance personnel and the softer costs of business opportunities missed from doing things in a less compliant way.”
Constance said that the firm had done some research into costs, which had focused mainly on the insurance industry. It found that most firms had no clue what their cost of compliance was. Insurers and other firms cited costs in the range of 1 to 15 percent of turnover and many did not know how to express the cost. “I saw figures that put the cost of regulation for UK insurance brokers at about 3 percent but, by comparison, costs for regulated firms in Europe generally at under 1 percent. If these numbers are typical, and while I can see why UK firms might complain in comparison with their EU counterparts, it’s surprising that it is something people get worked up about. Firms’ perception of the costs may be exaggerated,” Constance said.
Most of the big firms can afford to do compliance properly if they chose to do so. Instead of trying to skimp and cut corners, firms should be trying to build up their compliance teams. The regulators are upping their game and financial services firms need to improve their compliance teams so that they at least keep pace.
“Firms should identify how much regulatory compliance does actually cost them and stop seeing it as a resented cost centre and rather as an opportunity to invest in doing things better,” Constance said.
Many of the firms complaining about too much new regulation being a burden in terms of cost and ability to be innovative are not up-to-speed with the existing rules. Firms are making costly mistakes in anti-money laundering, insider trading, product mis-selling, fraud and corporate governance, among the many recent infractions. None of these rules and regulations is new. Firms have simply not implemented sufficient compliance standards. As the FSA continues to investigate firms it is likely to find that many of them are deficient in most respects and will have serious flaws in a number of compliance areas.
“Firms are feeling the pressure and they’re paying the price for years of just bumbling along. The FSA is having a field day with firms that it didn’t previously get close to. I personally worked at a number of large prestigious banks that have been turned over or have pending disciplinary action from the FSA. The mistakes they’ve made are what I’d call fundamental and basic. They’re not mistakes around new rules or changing rules. It is a failure to implement rules that have been in place since 2001. It’s a failure to work it out, apply it and take it seriously … combined with a compliance function that doesn’t really have the authority to challenge properly and be heard by senior managers,” Wintie said.
EMBRACE AND EMBED
Part of what the FSA is looking for when it goes into firms is to make sure that they are embracing and embedding a compliance culture. It is similar to what other regulators mean when they say they want firms to be following not only the letter of the law, but also the spirit. It is what they mean when regulators say they want to see the right tone being set at the top when it comes to regulatory compliance, risk management, ethics and corporate governance.
“If firms are going successfully to embrace and embed regulation, which is one of the FSA’s buzzwords when it criticises firms for failing to ‘embed’ a compliance culture, that must mean putting the risk and compliance people on to the highest committees and board of the firm,” Constance said.
Firms which fail to elevate their compliance functions to the level required by the regulator are going to run into trouble. It goes back to the idea of the tone at the top. If senior management and boards of directors are not seen to be taking compliance and risk issues seriously, it will be difficult for them to embed a compliance culture at that firm. Instead of complaining about the cost, firms need to be making sure that compliance is done properly.
Compliance teams should be carrying out good, impartial and challenging monitoring which genuinely tests firms. Compliance teams should educate the staff and senior managers about what the FSA and other regulators expect. There are fewer detailed rules there used to be, which means that someone has to pick up the principles and figure out what they mean. Firms need to invest the time and the brain power needed to do that, but if they have got a compliance function that is too light on resources pursuing many time-hungry activities, then they will get nowhere.
“Every piece of new regulation or legislation that comes in requires a response. It requires you to think about it. There is insufficient time invested in figuring out what it means for the business and what changes need to be made to evidence compliance. You can say you thought about it, you can say you did X, Y and Z, but if you can’t evidence it, you’re nowhere. You might as well not have done it,” Wintie said.
That has been one of the thematic review of the Bribery Act 2010. The FSA’s review of 15 investment banks found that while some had completed plenty of work to implement anti-bribery and corruption systems and controls, most had a long way to go before they were compliant with the Bribery Act or even with the regulator’s existing anti-bribery and corruption rules.
Even where firms did have some structure and plans for anti-bribery and corruption systems and controls, one of the main things the regulator found was that those controls had not been tested, or that firms could not provide evidence to show what they had done. Firms had not embraced and embedded the Bribery Act, and part of the reason for this was they simply did not see the Bribery Act as being relevant to them.
ADVERSARIAL RELATIONSHIP WITH REGULATOR IS A BAD IDEA
Firms have not exactly been muttering quietly about what they see as the regulatory burden and its cost. Nor have they been shy about letting the FSA and other regulators know what they think about the steps that have been taken to prevent another financial crisis. Banking chief executives, lobbyists and even some compliance officers have been quite vocal in their complaints.
Consultants and lawyers have said, however, that banking executives would probably be better off just spending the money to get compliance right. Rather than complaining, firms should be complying.
Constance said: “Firms that resent it all, that moan about the cost, will be the ones that reluctantly allow the compliance officer to report to the board every six months and who are probably are running big risks of being exposed if they ever get investigated, if there is a whistle-blowing incident, or if they have their periodic ARROW visit from the FSA. They will be the first ones to complain about regulatory fatigue even if they are not really engaging with regulatory compliance.”
Regulation is not going away. Globally, the regulatory and political agenda is to clamp down on the financial services sector. No firm should be under the illusion that the regulatory workload will decrease. Senior bankers and compliance officers taking pot shots at regulators’ representatives at industry conferences, in person or in the media will likely only hurt the firms for which they work.
Indge said: “The way you deal with the regulator is absolutely key. You do find institutions that take the view that the regulator is an ‘us and them’ environment. In my experience, that’s very short-sighted. You have to win the regulator over. You have to be able to demonstrate, and it’s more than words, that you are taking actions to remediate. It’s by constantly demonstrating that your good intentions turn into deeds that the regulator cuts you some slack and gives you some time to put things in place.”
(This article was produced by the Compliance Complete service of Thomson Reuters Accelus. <a href=”http://accelus.thomsonreuters.com/solut ions/regulatory-intelligence/compliance- complete/” target=_new”>Compliance Complete</a> provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 230 regulators and exchanges.)