In 2014, the Financial Conduct Authority (FCA) fined companies a total of £1,471,431,800 for compliance failures*.As a result of the fines and losses,partly stemming fromthe failure of senior management to engage with compliance issues, many financial sector firms are now looking to create a trickle-down compliance culture whichcomes from the very top and is driven by the board.
In the past, more often than not,thecompliance function was quite separate from the rest of the business. People saw compliance as something thatwas done by a set of individuals as opposed to the organisation as a whole. It has been quite a culture shift to introduce a pervasive, organisation-wide approach to creating a compliance culture and mistakes have been made.
Mistakes in implementing a culture of compliance
To implement corporate compliance effectively, the main issue has been getting engagement at board level. Firms simply did not take compliance seriously enough. A lack of engagement by senior managementled to a failure to identify risks, or when they were identified, they were not properly addressed. If something made money for the bank, compliance concerns were dismissed but now there is an increasing realisation that although a course of action might make a lot of money it could also create issues that could cost a lot of money or incur high fines.
A financially regulated firm needs to considerall the risks of any kind of regulatory failure and identify weaknesses. These might take the form of high-risk products, or that the firm operates in high-risk jurisdictions. Previously, most regulatory failures of banks stemmed from the fact that they simply did not understand the risks that they were taking when dealing with certain products or operating in certain markets.
Firms have commonly made the mistake of failing to engage all employees, every single one, in a culture of compliance. Many organisations fail to train all staff effectively as compliance is just not seen as important. There has also been a widespread failure for senior management to incentivise employees in the course of fostering a compliance culture. This may be a result of concerns around ensuring incentives help and do not hinder the creation of a compliance culture – incentives in the form of large sales bonuses were the root cause of some compliance failures. It is preferableto introduce incentives that reward behaviour that supports compliance rather than punish compliance failures by withdrawing bonuses. This might include rewarding good customer service, measured by hitting KPIs for response to customer complaints.
How to create a trickle-down compliance culture
Firms have taken a number of steps to create a trickle-down culture of compliance. Some boards have set up new departments, such as a risk department, to inform other departments of concerns about risks and develop organisation-wide procedures for dealing with risks.
To create a trickle-down culture of compliance, firms are now aiming to engage all individuals right from the start, beginning with the induction process, impressing on new starters that the firm is serious about its compliance culture, that everything must be reported and escalated and that any potential risks are flagged.
Training must be effective and not just a tickbox exercise – firms should consider ways of measuring the effectiveness of training. Senior management must be prepared to undergo training even if they have been at the firm for a long time and are experienced in their field. It is vital that senior managers understand that compliance begins and ends with them and that they should have a very clear picture of what is going on their business and be fully engaged with any regulatory ramifications. Regulators are keen to reiterate that effective compliance is all about senior management understanding what their responsibilities are, trickling down to a wider compliance culture.
Why create a trickle-down compliance culture?
As a result of the 2007 crisis, the FCA has had a big push on senior management responsibility in creating a trickle-down compliance culture where everything they do is designed to achieve the best outcome for the firm while meeting the needs of the regulators – as opposed to viewing life as one long battle with the regulators.
In 2015 the firms that have the most effective compliance cultures are increasingly looking like the best firms to work for and the best firms to do business with. Some of the larger banks that have yet to get this right and introduce a culture of compliance are still failing to treat customers fairly and do business ethically but these dinosaurs look set to be overtaken by nimble rivals who are operating securely within the regulations.
Tips for effective trickle-down compliance include:
- The whole firm has to be trained in the need for compliance, not just key individuals. Training should begin at the beginning with an effective induction programme that covers the firm’s compliance ethos.
- It is important to check and measure that training is effective and is changing behaviour not just imparting facts.
- Compliance needs to be ‘business as usual’ and not viewed as a totally separate function. Training should aim to make people realise they all have responsibility for ensuring the firm is fully compliant with the regulations. This may range from training on all the regulations or simply making sure all staff appreciate the firm’s ethos and are prepared to consider the compliance implications of their actions automatically in their daily workflow.
Dirk Thissen is Director at IMC Learning.Dirk has a doctorate in Engineering, Information Technology & E-learning and has been working in the learning technologies sphere for over 15+ years. IMC Learning is a full service provider in the field of digital learning with more than four million global users. For further information visit www.im-c.com or