Between security, financial, and many other regulations, compliance has become a critical business function for every large organization. Keeping track of the rapidly evolving compliance landscape requires time and resources. And actually becoming and staying compliant? That’s a whole other ball game.
Compliance management is the process of ensuring employees and activities across the organization are in line with laws, regulations, and requirements. Requirements are set by a wide range of entities, including governments, regulatory and industry bodies, and employee unions.
Non-compliance often leads to significant fines and disruption. So, to ensure compliance, organizations use documented procedures and policies in combination with audits and (in some cases) enforcement.
However, compliance management is far more than just a check-box or documentation exercise. Organizations that rely on simplistic or archaic processes may seem compliant on paper but are often found to be lacking when an incident occurs.
“The cost of non-compliance is great. If you think compliance is expensive, try non-compliance.” —Former U.S. Deputy Attorney General Paul McNulty
There are many arguments in favor of strong compliance management. In particular, it:
However, in most cases, these arguments are secondary. The real reason why organizations across all industries and geographies emphasize compliance is because not doing so is very expensive.
Between FINRA, CFPB, FFIEC, FDIC, the GDPR, and dozens of other regulatory agencies and frameworks, today’s organizations face huge fines if they fail to comply with regulatory requirements. Even worse, some industry-specific regulators have the power to suspend or bar organizations from providing certain products or services if they fail to comply.
Faced with these potentially existential risks, organizations are naturally anxious to ensure their compliance obligations are met consistently. And, as compliance obligations rise in number and complexity, the task of compliance management grows harder by the year.
Well-defined policies and procedures lie at the heart of compliance management. However, it’s one thing to set them, and quite another to ensure they are implemented and followed consistently.
To manage compliance activities, many organizations use dated systems and processes such as disparate spreadsheets, emails, and aging software. This approach typically leads to sporadic success at best and creates a large risk to the organization. In particular, the lack of clear evidence of compliance across a wide range of activities can easily lead to non-compliance incidents.
For one MCO customer, a lack of consistency in just one area of compliance management—seeking approval for gifts, entertainment, and hospitality—led to a host of challenges, including difficulties in:
To make matters worse, the compliance landscape grows increasingly complicated year-by-year, especially for organizations that operate across multiple jurisdictions. A recent MCO survey identified hundreds of separate compliance requirements levied by 69 different regulators.
Worst of all, we’re not just talking about complexity in a single area of business. Compliance activities are usually spread across a wide range of business functions and interests, including:
To demonstrate how complicated compliance management can be, let’s take a closer look at just two of the many areas of compliance management: gifts, entertainment, and hospitality, and transactional conflicts of interest.
There are many areas where conflicts of interest can cause problems, but the most common are gifts, entertainment, and hospitality. These functions are further complicated when interacting with politically exposed customers and state-owned enterprise customers, where the potential for corruption (real and perceived) becomes a serious issue.
While many different bodies provide guidelines and regulations in this area, FINRA’s gift rules set the standard. As a result, most organizations have strict rules in place to govern the giving, offering, and receiving of gifts—but it’s hard to ensure they are applied and adhered to consistently.
MCO’s Conflicts of Interest survey found most organizations have strict rules to govern:
Clearly, all of these measures are vital and can have a meaningful impact on risk reduction… but only if they are properly documented and enforced.
For financial institutions, managing transactional conflicts of interest for investment deals and private transactions can be a huge challenge.
Between complying with regulatory requirements, achieving investment objectives, anti-money laundering (AML) initiatives, and monitoring security trading in accounts, portfolios, and funds, the resources needed for trade surveillance are increasing by the year.
Regulators are paying more attention to deal conflict management than ever before. Financial institutions are required to track wall-crossing employees, manage corresponding insider lists, and a host of other complex and time-consuming activities—all while processing hundreds of deals each week.
As a financial institution offers more services, the risk of conflicts only increases. Common areas of conflict include:
In addition to complexity, time is also a significant challenge. Reviewing a transaction for conflicts can take days, and delays can easily lead to missed opportunities.
And if there’s a mistake? The costs associated with non-compliance and insider trading are far from trivial.
On the face of things, the answers to compliance management challenges seem obvious. If you have clearly defined processes, disciplinary action for breaching protocol, and compliance managers to keep abreast of all the organization’s obligations, what can go wrong?
Sadly, the devil is in the detail—and building a compliance management program based on policy and fear of reprisal is not an effective way to ensure consistent application of internal procedures and policies.
We advocate a different approach.
Rules are important, but organizational values are a far more reliable way to influence employee behaviors. If your values emphasize the importance of ‘doing the right thing,’ you’ll have a far greater chance of maintaining compliance across your organization.
Some foundational principles to keep in mind are:
As you have probably gathered, compliance management is not an easy field to master. The penalties for failure are severe, and legacy systems and approaches fall short of what’s needed to minimize risk and maximize employee engagement.
MyComplianceOffice helps organizations of all types and sizes manage, track, and administer their compliance activities. The platform provides:
With 400+ customers across 80 countries, MyComplianceOffice can help you monitor, identify, and resolve compliance issues and conflicts of interest across your entire organization. This enables greater control and transparency, reduced risk, and a stronger overall approach to compliance management.
To see how MyComplianceOffice can benefit your organization, arrange a free demo of the platform.