Building a compliance culture in turbulent times
Executive summary
The Financial crisis has focussed investment firms more than ever on the need to better monitor and manage risk. The conveyor-belt of ever more complex investment products has slowed and firms face increasing levels of scrutiny from both regulators and customers. As a result, the need for a better understanding and tighter control of risk has moved rapidly to the top of the agenda for most investment firms.
While the market now acknowledges that the financial crisis has highlighted a failure in the monitoring of risk and that the current regulatory environment is not effective in mitigating risk, it remains to be seen how regulators and investment firms will respond. What is clear is that investment firms will require a more pro-active and inclusive strategy to compliance. However, compliance risk specifically is often less understood by senior management than other areas of risk, creating a gap between the firm’s business strategy and the implementation of the appropriate compliance processes.
In this paper I discuss how it is possible for investment firms to learn from the mistakes of the past and bridge this gap successfully, and most importantly, within a reasonable time frame and budget. The good news for investment firms is that with a clear strategy for implementing compliance processes, the compliance function will soon be adding real value to the investment firm and ultimately enhancing and protecting its brand.
Building a compliance culture
Risk strategies now need to include a clear focus on compliance risk, that is accurately and consistently monitoring and managing the variety of risks that the investment firm and their customers are exposed to, as well as reporting on the status of compliance risk to all stakeholders including management, regulators, auditors and customers. To successfully bridge the compliance gap mentioned earlier, the compliance division must move away from the traditional reactive approach to compliance and play a move active role in the investment firm’s overall risk management processes. To achieve this in practice, investment firms committed to best practices in compliance are empowering their compliance division to play a more active role in defining the risk strategy and implementing the risk monitoring processes across the organization.
A new vision for managing compliance risk is required and investment firms are now recognising that it is simply good business practice for a company seeking standards of excellence to step beyond the reactive tick-box approach and introduce a compliance culture, involving all employees at all levels. A business culture in which investment firms value and promote a compliance culture can have positive effects beyond adding value to the investment firm’s brand, playing an important role in preventing potential misconduct and promoting ethical standards which in turn contribute to fair and orderly markets in which consumers, firms and regulators can all have confidence.
Investment firms are restructuring the compliance function away from an isolated checking function towards a more co-operative approach or in some cases merging the compliance and risk functions, where an effective strategy can be put in place to monitor all the risks faced by the business. This co-operative approach requires a compliance culture within the investment firm starting at the top and with the ultimate goal of enhancing the firm’s brand and protecting the reputational risk of the firm. The compliance function should be structured, resourced and operated in a manner which fosters integrity and efficient operation and the compliance officer should have the necessary authority and responsibility and should report to the governing body in respect of that responsibility.
In this new model the compliance function is responsible for creating an environment of continuous improvement where compliance processes move beyond today’s requirements and look to new trends and further ways to add value to the business. Specifically, the compliance function is responsible for implementing effective processes to monitor and manage traditional compliance checks such as client mandate, regulatory and in-house checks as well as the various portfolio analytics and risk measures that are calculated across the business. Whether it is derivative exposure, VaR (value at risk), expected shortfall or tracking errors, the compliance and risk teams need to co-operate to ensure that all the relevant risks faced by the business and its clients are monitored effectively. In addition, compliance can play a crucial role in monitoring the integrity of data used by the business ensuring consistent and accurate results. The compliance function is responsible for monitoring absolute and relative deviations from targets or benchmarks and ensuring effective communication and resolution of any breaches that occur.
Where the compliance function is outsourced the investment firm needs to be careful not to lose sight (and possibly control) of its risk management strategy and should continue to focus on building a compliance culture to implement that strategy effectively. The investment firm remains responsible for protecting the interests of its customers and must continually be aware of and monitor the processes of the outsourcer to ensure that they remain appropriate for the changing needs of the investment firm.
As investment firms become more specialized, so the nature of the risks that the investment firm is exposed to diverge. This trend emphasizes the need to build compliance processes that are aligned to the exact nature of the risk profiles of the different areas of the business. A Hedge Fund, for example, will be more interested in monitoring portfolio analytics and risk measures than regulatory rules. Multi-Managers will need to monitor a variety of different types of rules at manager, product and client levels while firms with retail products will be focussed on compliance with the relevant regulations. Where investment firms combine various different investment activities, an integrated system for monitoring, managing and reporting across all the business areas (with appropriate ‘Chinese walls’) will provide real benefits to the investment firm in understanding the status of compliance and implementing a consistent compliance process as well as building a compliance culture across the business.
One of the key challenges in achieving an integrated compliance process across the business is managing the various different sources of data in the different business areas. Many compliance implementations have stumbled at this data hurdle resulting in the compliance team feeling like their ‘hands are tied’ by data limitations. The good news for compliance teams is that the new breed of specialized compliance systems, such as StatPro Portfolio Control, typically provide tools to integrate and manage data, enabling the compliance team to focus on managing the process rather than spending their valuable time resolving data integrity issues.
As investment products become more complex and possibly expose customers to more risk it is critical that the investment firm has the tools to effectively calculate the risk exposure of their customers as well as to monitor and manage those risks. In response to the increasing risk profile of investment products and some high profile failures, regulators in some regions have published detailed regulations governing the investment marketplace and well as increasing their attention on the ‘policing’ of the market. These regulations, such as UCITS III in Europe, have had a major impact and helped to define best practice in the industry to date although the more compliance focused investment firms will acknowledge that regulations are just one part of their compliance process and as such should not be the driving force in the firm’s compliance strategy.
It will be interesting to see how the Financial crisis drives future regulations although the more savvy investment firms understand that in fact, today’s best practices by investment firms often become tomorrow’s regulations. This was confirmed in a recent global survey of senior executives in the industry which revealed that compliance with government and industry regulator rules is seen as less important in avoiding reputational risk than internal codes of practice. The survey also emphasized that compliance risk, together with reputational risk, have overtaken more traditional risk areas, such as credit, market and financial risk to join operational risk at the top of the investment firm’s agenda.
The uncertainty around the direction of future regulations and the appropriateness of compliance processes emphasize the need for investment firms to fully understand the risks faced by their business, set related tolerance levels and implement appropriate measures and processes to monitor and manage those risks including employees’ compliance with them. An isolated compliance function will not be able to understand and translate the variety of different risks across the business into a clear and concise compliance implementation. To achieve this compliance checks and processes must be aligned to the strategy of the organization – in other words, there must be a culture of compliance throughout the investment firm, starting at the top.
Building a compliance culture in the investment firm requires effective communication of the status of compliance across the firm at all times. Effective communication means presenting clear and accurate information to all stakeholders including clients and regulators, as well as getting the balance right between distributing too much or too little information. Getting that balance right and ensuring that the communication is appropriate and consistent with the investment processes of the firm requires a compliance culture that encourages co-operation across the business and can be enhanced using technology tools such as email and easy to access web-based enquiries.
Investment firms are spending more on compliance than ever before and the results from the increased expenditure have often not met with the expectations of management. New compliance systems provide flexibility through sophisticated tools to enhance the compliance process but building an effective compliance culture across the firm is the key to ensuring that such systems are implemented effectively and that value is realized from the increased expenditure. Investments firms looking to reduce costs but not compromise on quality are also considering how SaaS (software as a service) can provide quick savings and enhanced service delivery. Software firms such as StatPro are now offering SaaS solutions, effectively providing a specialized outsourcing solution including IT infrastructure, software and third party data required for compliance and risk monitoring, reducing the total cost of ownership by 30% or more.
Implementing systems that can automate the compliance monitoring process are critical to be able to manage the complexity and volume of today’s monitoring requirements. Best practices require daily automated compliance monitoring processes supplemented by intra-day and pre-order checks to identify, communicate and resolve breaches as soon as possible. Automation should go beyond checks and balances to the process of managing and resolving breaches. Building a systems workflow that is aligned to the business process will ensure that high priority scenarios are highlighted and the appropriate people are always informed of the status of compliance. A full and detailed audit trail is also critical to tracking and reporting all stages of the compliance life-cycle.
Experience shows that the successful implementation of compliance processes is often compromised by the sometimes conflicting requirements of the front or back office so it is critical that new compliance systems provide tools geared towards the specific needs of the compliance team and empower them to meet 100% of the monitoring requirements as well as report effectively to all stakeholders. Complete and accurate data for compliance purposes is one of the key challenges in successfully implementing a compliance system and the tools referred to above should include the ability to manage the extensive range of data from a potential variety of different sources that is required to monitor all the checks and risks across the business. Data management should also include checks and balances to ensure the integrity of data, with any exceptions being highlighted as part of the compliance process. Further, the complexity and varied nature of the different monitoring checks mean that compliance systems require additional and enhanced data. New ‘best-of-breed’ compliance systems, like StatPro Portfolio Control, provide the ability to manage and enrich the data required for compliance checks to ensure the accuracy and reliability of the data which will enable a successful compliance monitoring process and will give all stakeholders confidence in the results.
In summary, building a compliance culture that extends throughout the investment firm will deliver wide ranging benefits that will ultimately improve the brand of the investment firm and protect the firm’s reputational risk as well as enhance service levels to customers. The compliance culture starts at the top of the organization and is implemented by a compliance team that is empowered and responsible for successfully aligning risk monitoring and management processes to the business strategy. With the right focus, this new model can be implemented quickly and cost-effectively and will start delivering immediate benefits - a compliance culture is a culture of successful business practice!
The Financial crisis has focussed investment firms more than ever on the need to better monitor and manage risk. The conveyor-belt of ever more complex investment products has slowed and firms face increasing levels of scrutiny from both regulators and customers. As a result, the need for a better understanding and tighter control of risk has moved rapidly to the top of the agenda for most investment firms.
While the market now acknowledges that the financial crisis has highlighted a failure in the monitoring of risk and that the current regulatory environment is not effective in mitigating risk, it remains to be seen how regulators and investment firms will respond. What is clear is that investment firms will require a more pro-active and inclusive strategy to compliance. However, compliance risk specifically is often less understood by senior management than other areas of risk, creating a gap between the firm’s business strategy and the implementation of the appropriate compliance processes.
In this paper I discuss how it is possible for investment firms to learn from the mistakes of the past and bridge this gap successfully, and most importantly, within a reasonable time frame and budget. The good news for investment firms is that with a clear strategy for implementing compliance processes, the compliance function will soon be adding real value to the investment firm and ultimately enhancing and protecting its brand.
Building a compliance culture
Risk strategies now need to include a clear focus on compliance risk, that is accurately and consistently monitoring and managing the variety of risks that the investment firm and their customers are exposed to, as well as reporting on the status of compliance risk to all stakeholders including management, regulators, auditors and customers. To successfully bridge the compliance gap mentioned earlier, the compliance division must move away from the traditional reactive approach to compliance and play a move active role in the investment firm’s overall risk management processes. To achieve this in practice, investment firms committed to best practices in compliance are empowering their compliance division to play a more active role in defining the risk strategy and implementing the risk monitoring processes across the organization.
A new vision for managing compliance risk is required and investment firms are now recognising that it is simply good business practice for a company seeking standards of excellence to step beyond the reactive tick-box approach and introduce a compliance culture, involving all employees at all levels. A business culture in which investment firms value and promote a compliance culture can have positive effects beyond adding value to the investment firm’s brand, playing an important role in preventing potential misconduct and promoting ethical standards which in turn contribute to fair and orderly markets in which consumers, firms and regulators can all have confidence.
Investment firms are restructuring the compliance function away from an isolated checking function towards a more co-operative approach or in some cases merging the compliance and risk functions, where an effective strategy can be put in place to monitor all the risks faced by the business. This co-operative approach requires a compliance culture within the investment firm starting at the top and with the ultimate goal of enhancing the firm’s brand and protecting the reputational risk of the firm. The compliance function should be structured, resourced and operated in a manner which fosters integrity and efficient operation and the compliance officer should have the necessary authority and responsibility and should report to the governing body in respect of that responsibility.
In this new model the compliance function is responsible for creating an environment of continuous improvement where compliance processes move beyond today’s requirements and look to new trends and further ways to add value to the business. Specifically, the compliance function is responsible for implementing effective processes to monitor and manage traditional compliance checks such as client mandate, regulatory and in-house checks as well as the various portfolio analytics and risk measures that are calculated across the business. Whether it is derivative exposure, VaR (value at risk), expected shortfall or tracking errors, the compliance and risk teams need to co-operate to ensure that all the relevant risks faced by the business and its clients are monitored effectively. In addition, compliance can play a crucial role in monitoring the integrity of data used by the business ensuring consistent and accurate results. The compliance function is responsible for monitoring absolute and relative deviations from targets or benchmarks and ensuring effective communication and resolution of any breaches that occur.
Where the compliance function is outsourced the investment firm needs to be careful not to lose sight (and possibly control) of its risk management strategy and should continue to focus on building a compliance culture to implement that strategy effectively. The investment firm remains responsible for protecting the interests of its customers and must continually be aware of and monitor the processes of the outsourcer to ensure that they remain appropriate for the changing needs of the investment firm.
As investment firms become more specialized, so the nature of the risks that the investment firm is exposed to diverge. This trend emphasizes the need to build compliance processes that are aligned to the exact nature of the risk profiles of the different areas of the business. A Hedge Fund, for example, will be more interested in monitoring portfolio analytics and risk measures than regulatory rules. Multi-Managers will need to monitor a variety of different types of rules at manager, product and client levels while firms with retail products will be focussed on compliance with the relevant regulations. Where investment firms combine various different investment activities, an integrated system for monitoring, managing and reporting across all the business areas (with appropriate ‘Chinese walls’) will provide real benefits to the investment firm in understanding the status of compliance and implementing a consistent compliance process as well as building a compliance culture across the business.
One of the key challenges in achieving an integrated compliance process across the business is managing the various different sources of data in the different business areas. Many compliance implementations have stumbled at this data hurdle resulting in the compliance team feeling like their ‘hands are tied’ by data limitations. The good news for compliance teams is that the new breed of specialized compliance systems, such as StatPro Portfolio Control, typically provide tools to integrate and manage data, enabling the compliance team to focus on managing the process rather than spending their valuable time resolving data integrity issues.
As investment products become more complex and possibly expose customers to more risk it is critical that the investment firm has the tools to effectively calculate the risk exposure of their customers as well as to monitor and manage those risks. In response to the increasing risk profile of investment products and some high profile failures, regulators in some regions have published detailed regulations governing the investment marketplace and well as increasing their attention on the ‘policing’ of the market. These regulations, such as UCITS III in Europe, have had a major impact and helped to define best practice in the industry to date although the more compliance focused investment firms will acknowledge that regulations are just one part of their compliance process and as such should not be the driving force in the firm’s compliance strategy.
It will be interesting to see how the Financial crisis drives future regulations although the more savvy investment firms understand that in fact, today’s best practices by investment firms often become tomorrow’s regulations. This was confirmed in a recent global survey of senior executives in the industry which revealed that compliance with government and industry regulator rules is seen as less important in avoiding reputational risk than internal codes of practice. The survey also emphasized that compliance risk, together with reputational risk, have overtaken more traditional risk areas, such as credit, market and financial risk to join operational risk at the top of the investment firm’s agenda.
The uncertainty around the direction of future regulations and the appropriateness of compliance processes emphasize the need for investment firms to fully understand the risks faced by their business, set related tolerance levels and implement appropriate measures and processes to monitor and manage those risks including employees’ compliance with them. An isolated compliance function will not be able to understand and translate the variety of different risks across the business into a clear and concise compliance implementation. To achieve this compliance checks and processes must be aligned to the strategy of the organization – in other words, there must be a culture of compliance throughout the investment firm, starting at the top.
Building a compliance culture in the investment firm requires effective communication of the status of compliance across the firm at all times. Effective communication means presenting clear and accurate information to all stakeholders including clients and regulators, as well as getting the balance right between distributing too much or too little information. Getting that balance right and ensuring that the communication is appropriate and consistent with the investment processes of the firm requires a compliance culture that encourages co-operation across the business and can be enhanced using technology tools such as email and easy to access web-based enquiries.
Investment firms are spending more on compliance than ever before and the results from the increased expenditure have often not met with the expectations of management. New compliance systems provide flexibility through sophisticated tools to enhance the compliance process but building an effective compliance culture across the firm is the key to ensuring that such systems are implemented effectively and that value is realized from the increased expenditure. Investments firms looking to reduce costs but not compromise on quality are also considering how SaaS (software as a service) can provide quick savings and enhanced service delivery. Software firms such as StatPro are now offering SaaS solutions, effectively providing a specialized outsourcing solution including IT infrastructure, software and third party data required for compliance and risk monitoring, reducing the total cost of ownership by 30% or more.
Implementing systems that can automate the compliance monitoring process are critical to be able to manage the complexity and volume of today’s monitoring requirements. Best practices require daily automated compliance monitoring processes supplemented by intra-day and pre-order checks to identify, communicate and resolve breaches as soon as possible. Automation should go beyond checks and balances to the process of managing and resolving breaches. Building a systems workflow that is aligned to the business process will ensure that high priority scenarios are highlighted and the appropriate people are always informed of the status of compliance. A full and detailed audit trail is also critical to tracking and reporting all stages of the compliance life-cycle.
Experience shows that the successful implementation of compliance processes is often compromised by the sometimes conflicting requirements of the front or back office so it is critical that new compliance systems provide tools geared towards the specific needs of the compliance team and empower them to meet 100% of the monitoring requirements as well as report effectively to all stakeholders. Complete and accurate data for compliance purposes is one of the key challenges in successfully implementing a compliance system and the tools referred to above should include the ability to manage the extensive range of data from a potential variety of different sources that is required to monitor all the checks and risks across the business. Data management should also include checks and balances to ensure the integrity of data, with any exceptions being highlighted as part of the compliance process. Further, the complexity and varied nature of the different monitoring checks mean that compliance systems require additional and enhanced data. New ‘best-of-breed’ compliance systems, like StatPro Portfolio Control, provide the ability to manage and enrich the data required for compliance checks to ensure the accuracy and reliability of the data which will enable a successful compliance monitoring process and will give all stakeholders confidence in the results.
In summary, building a compliance culture that extends throughout the investment firm will deliver wide ranging benefits that will ultimately improve the brand of the investment firm and protect the firm’s reputational risk as well as enhance service levels to customers. The compliance culture starts at the top of the organization and is implemented by a compliance team that is empowered and responsible for successfully aligning risk monitoring and management processes to the business strategy. With the right focus, this new model can be implemented quickly and cost-effectively and will start delivering immediate benefits - a compliance culture is a culture of successful business practice!
Labels: compliance, Credit Crunch, Portfolio Control, StatPro
