Risk and Compliance Blog

A Quick Guide to Compliance Management

Written by Lisa Deschamp | Jun 1, 2021 3:58:05 PM

Between security, financial, and many other regulations, compliance has become a critical business function for every large organization. Keeping track of the rapidly evolving compliance landscape requires time and resources. And actually becoming and staying compliant? That’s a whole other ball game.

 

What is Compliance Management?

Compliance management is the process of ensuring employees and activities across the organization are in line with laws, regulations, and requirements. Requirements are set by a wide range of entities, including governments, regulatory and industry bodies, and employee unions.

Non-compliance often leads to significant fines and disruption. So, to ensure compliance, organizations use documented procedures and policies in combination with audits and (in some cases) enforcement.

However, compliance management is far more than just a check-box or documentation exercise. Organizations that rely on simplistic or archaic processes may seem compliant on paper but are often found to be lacking when an incident occurs.

Why is Compliance Management Important?

“The cost of non-compliance is great. If you think compliance is expensive, try non-compliance.” —Former U.S. Deputy Attorney General Paul McNulty

There are many arguments in favor of strong compliance management. In particular, it:

  • Reduces organizational risk.
  • Ensures employees adhere to business policies.
  • Reduces the chance of negative publicity.

However, in most cases, these arguments are secondary. The real reason why organizations across all industries and geographies emphasize compliance is because not doing so is very expensive.

Between FINRA, CFPB, FFIEC, FDIC, the GDPR, and dozens of other regulatory agencies and frameworks, today’s organizations face huge fines if they fail to comply with regulatory requirements. Even worse, some industry-specific regulators have the power to suspend or bar organizations from providing certain products or services if they fail to comply.

Faced with these potentially existential risks, organizations are naturally anxious to ensure their compliance obligations are met consistently. And, as compliance obligations rise in number and complexity, the task of compliance management grows harder by the year.

Compliance Management Challenges

Well-defined policies and procedures lie at the heart of compliance management. However, it’s one thing to set them, and quite another to ensure they are implemented and followed consistently.

To manage compliance activities, many organizations use dated systems and processes such as disparate spreadsheets, emails, and aging software. This approach typically leads to sporadic success at best and creates a large risk to the organization. In particular, the lack of clear evidence of compliance across a wide range of activities can easily lead to non-compliance incidents.

For one MCO customer, a lack of consistency in just one area of compliance management—seeking approval for gifts, entertainment, and hospitality—led to a host of challenges, including difficulties in:

  • Enforcing policy consistently across business units.
  • Adding new rules and thresholds to increase control and meet evolving compliance requirements.
  • Creating benchmark stats to track and improve compliance across the organization.

To make matters worse, the compliance landscape grows increasingly complicated year-by-year, especially for organizations that operate across multiple jurisdictions. A recent MCO survey identified hundreds of separate compliance requirements levied by 69 different regulators.

Worst of all, we’re not just talking about complexity in a single area of business. Compliance activities are usually spread across a wide range of business functions and interests, including:

  • Personal trading
  • Conflicts of interest
  • Outside business activities
  • Political contributions and donations
  • Authorizations, registrations, and licensing
  • Third party data capture and due diligence
  • Vendor suitability
  • Trade surveillance
  • Deal review compliance
  • MNPI insider information

To demonstrate how complicated compliance management can be, let’s take a closer look at just two of the many areas of compliance management: gifts, entertainment, and hospitality, and transactional conflicts of interest.

Gifts, Entertainment, and Hospitality

There are many areas where conflicts of interest can cause problems, but the most common are gifts, entertainment, and hospitality. These functions are further complicated when interacting with politically exposed customers and state-owned enterprise customers, where the potential for corruption (real and perceived) becomes a serious issue.

While many different bodies provide guidelines and regulations in this area, FINRA’s gift rules set the standard. As a result, most organizations have strict rules in place to govern the giving, offering, and receiving of gifts—but it’s hard to ensure they are applied and adhered to consistently.

MCO’s Conflicts of Interest survey found most organizations have strict rules to govern:

  1. All gift giving and prizes.
  2. Entertainment.
  3. Limits on giving and receiving entertainment and gifts.
  4. Pre-clearance and documentation for gifts given and received.

Clearly, all of these measures are vital and can have a meaningful impact on risk reduction… but only if they are properly documented and enforced.

Transactional Conflicts of Interest

For financial institutions, managing transactional conflicts of interest for investment deals and private transactions can be a huge challenge.

Between complying with regulatory requirements, achieving investment objectives, anti-money laundering (AML) initiatives, and monitoring security trading in accounts, portfolios, and funds, the resources needed for trade surveillance are increasing by the year.
Regulators are paying more attention to deal conflict management than ever before. Financial institutions are required to track wall-crossing employees, manage corresponding insider lists, and a host of other complex and time-consuming activities—all while processing hundreds of deals each week.

As a financial institution offers more services, the risk of conflicts only increases. Common areas of conflict include:

  • Other deals in the pipeline or portfolio.
  • The organization’s portfolio holdings.
  • Employee trading and holdings.
  • Outside business interests.

In addition to complexity, time is also a significant challenge. Reviewing a transaction for conflicts can take days, and delays can easily lead to missed opportunities.

And if there’s a mistake? The costs associated with non-compliance and insider trading are far from trivial.

Tips for Better Compliance Management

On the face of things, the answers to compliance management challenges seem obvious. If you have clearly defined processes, disciplinary action for breaching protocol, and compliance managers to keep abreast of all the organization’s obligations, what can go wrong?

Sadly, the devil is in the detail—and building a compliance management program based on policy and fear of reprisal is not an effective way to ensure consistent application of internal procedures and policies.

We advocate a different approach.

Rules are important, but organizational values are a far more reliable way to influence employee behaviors. If your values emphasize the importance of ‘doing the right thing,’ you’ll have a far greater chance of maintaining compliance across your organization.

Some foundational principles to keep in mind are:

  1. Safety first. Make sure your employees must feel safe to speak up and engage with your compliance program. If they don’t, they won’t.
  2. Embed compliance in your business processes. Compliant behavior shouldn’t be an ‘add-on,’ it should be integral to the organization’s critical systems and processes. Make compliance needs visible to all employees, and make it clear why they are important.
  3. Empower employees with useful tools and information. Most people want to do the right thing, but they won’t read through long, dry documents full of legalese. Make your compliance content engaging and easy to understand, and use whatever medium is necessary to engage employees. E.g., if you have a younger workforce, you may consider an alternative to text-based documents.

A Modern Approach to Compliance Management

As you have probably gathered, compliance management is not an easy field to master. The penalties for failure are severe, and legacy systems and approaches fall short of what’s needed to minimize risk and maximize employee engagement.

MyComplianceOffice helps organizations of all types and sizes manage, track, and administer their compliance activities. The platform provides:

  • A single, integrated platform that tracks compliance issues across all systems.
  • Centralized data that’s easy to access and consistently formatted.
  • A scalable, modular approach that adapts to fit your organization’s specific needs.
  • An intuitive employee interface that boosts efficiency and engagement.

With 400+ customers across 80 countries, MyComplianceOffice can help you monitor, identify, and resolve compliance issues and conflicts of interest across your entire organization. This enables greater control and transparency, reduced risk, and a stronger overall approach to compliance management.

To see how MyComplianceOffice can benefit your organization, arrange a free demo of the platform.