Compliance functions have gone through a major period of growth and investment since the financial crisis. Many firms have seen a massive growth in their Compliance functions since 2008. But there are now growing pressures for change to improve both the effectiveness and the efficiency of the Compliance function.
In this paper we focus on how Compliance can meet the twin objectives of effectiveness and efficiency.
Over the last ten years, Compliance functions have increased their resources and have widened their range of tasks, with a dramatic increase in their monitoring and surveillance activity, whether manual or substantially automated.
This growth has reflected, in part, the post-crisis regulatory reform agenda (including not only resilience and – for banking – resolution requirements, but also a host of retail conduct, wholesale conduct, anti-money laundering, governance, financial crime, culture and – in Ireland - Senior Executive Accountability Regime (SEAR), more intensive and intrusive supervision, including the Consumer Protection Risk Assessment (CPRA) Framework says KPMG’s Gillian Kelly, Partner in Risk Consulting.
Compliance functions now have an increased profile and higher expectations placed upon them.
However, a changing business environment, tough economic and competitive conditions, evolving risks, evolving regulatory landscape with fines and reputational risks (as demonstrated by the Tracker Mortgage scandal and the mis-selling of Payment Protection Insurance (PPI)), and cost pressures on financial institutions have led to increasing pressure on Compliance functions to re-align to business strategic goals and to transform into a more value-add service line that can deliver more effectively and efficiently.
Moreover, despite having strengthened the control environment and enhanced compliance with regulatory requirements over the last decade, the focus and mindset of Compliance in many firms remains overly risk-averse, conservative and still struggling with the remediation of past problems, resulting in limited bandwidth to support – as well as continuing to challenge – the business. This focus may be partly the result of perceptions of regulators’ expectations.
In addition, in some firms there is a lack of clarity over the mandate and role of Compliance, how it fits within the three lines of defence, and the relationship between Compliance and the business.