Why a ‘Culture of Compliance’ in Banking Should Be Second Nature

Regulatory compliance in banking is a lot like eating your vegetables. It starts off as doctor’s orders, but becomes a lifestyle once you realize the benefits.

That’s what a lot of banking leaders are recognizing. And that’s a radical shift for the industry, which historically has been more reactive than proactive about regulations out of fear of negative consequences.

Banks often refer to those consequences, such as hefty fines or a damaged reputation, as motivators for compliance-driven change. Yet reactiveness is not a sustainable approach in a competitive market. Banks that adopt compliance as a cultural practice find they gain the agility and efficiency necessary for long-term health and adaptability.

One thing is clear: The changing nature of regulations is a constant.

Immediately after the 2008 financial collapse, reforms focused on the avoidance of another economic meltdown. In the decade that followed, regulators started shifting their scope to address risks stemming from cybersecurity, data privacy, and other emerging technologies. Political forces have also added to the complexity of the regulatory landscape.

Here’s what’s coming down the regulatory pipeline in 2019, according to “Ten Key Regulatory Challenges of 2019,” a report from advisory firm KPMG:

• Increased liability for boards of directors. The Federal Reserve “views compliance breakdowns as weakness of governance and board oversight, and it will hold the board accountable for responsibilities.”
• Renewed regulations on trade reporting. “Regulators are renewing their focus on non-financial regulatory reporting, specifically looking for timely, accurate, and complete information on a continuous basis, propelling firms to evaluate process automation options.”
• Heightened expectations for records and data storage. “The SEC and the CFTC are both examining firms’ awareness of where their data is stored, the format in which it is stored, and how to retrieve it in a timely matter, and how and when it is destroyed.”

This is all in the immediate future, of course. Unquestionably, additional regulations are brewing on the horizon.

In addition to issuing mandates and hefty fines, regulators have urged banks to take proactive measures that reform and transform the industry. In response, banking leaders have been working on what’s become increasingly known in the industry as “cultivating a culture of compliance.”

“A ‘culture of compliance’ requires an organization to demonstrate the values of integrity, trust, and respect for the law,” says Amy Matsuo, principal, advisory, operations & compliance risk at KPMG. “Regulators are increasingly focusing on an organization’s compliance culture and recognizing it to be an essential preventive control against many forms of misconduct. Regulators often view the lack of a culture of compliance as the root cause of misconduct within an organization.”

The key actions KPMG recommends to best prepare for upcoming regulations clearly require organizations to have a culture of compliance:

• Break down compliance silos in favor of “a more integrated compliance risk management approach.”
• Achieve “real-time” compliance status.
• Streamline compliance controls across the three lines of defense (front-line operations, risk management and other compliance functions, and internal auditing).
• Enhance first-line ownership (front-line operations) of compliance risks.

Simply put, banks that prioritize self-governance and make it part of their culture are better prepared to stay ahead of regulatory changes.

As we all know, actions speak louder than words. So for an organization to demonstrate a culture of compliance, banks must do more than talk about values; their organizational structure must “walk the walk.”

But here’s why infusing a culture of compliance within an organization has been a challenge: Traditionally, internal auditors have been the ones tasked with ensuring regulatory compliance across an organization. As the third line of defense in risk management, internal auditing evaluates the effectiveness of the first and second lines of defense—the operational management and compliance functions, respectively.

Yet all too often, internal auditing is a manual process of hunting for exceptions outside the business workflow (despite having the word internal in its name). Combing through mountains of paper or reviewing lines on a screen is akin to searching for a needle—or needles—in a haystack. No wonder compliance has been thought of as a burden, instead of a boost, to workflow efficiency.

A culture of compliance requires sharing the responsibility of regulatory obligations with the whole organization. But how is that possible without slowing down the business workflow? That’s where the effectiveness of your financial management system plays a critical role.

Thanks to newer technologies, including artificial intelligence and machine learning, and state-of-the-art automation, today’s financial management systems can offer much greater support in the area of built-in internal controls.

Here are just some of the ways a financial management system with such controls cultivates a culture of compliance:

Improved governance in a single system. Compliance as a shared responsibility starts at the source, or rather, a single source of truth. A single system gives internal auditors a comprehensive view of the organization all in one place. Segregation of duties, “always-on” documentation, and authorization process are just some of self-governance features that reinforce compliance as a cultural practice.

This is a big change from the limitations of many of the legacy systems that are still in use. Due to storage and processing power limitations, most legacy financial platforms lack built-in internal controls, forcing internal auditing outside a business workflow. System vendors have tried to solve this issue by “bolting” internal controls onto their financial management systems, but these attempts often increase the privacy and security risks rather than solving them.

Investment and corporate bank Natixis is already seeing the benefits of built-in governance in a single financial management system: “It is so easy for us now with processes, such as obtaining a physical signature. With Workday, we can track this signature and know whose approval is still pending. It saves a lot of time and effort on manual follow-ups,” says Magdalen Tsang, head of HR at the Hong Kong branch of Natixis.

“Being on one unified system is huge for our business,” says Wayne Sisco, senior vice president and CFO at Redstone Federal Credit Union. “It’s allowed us to move from a transactional to a strategic focus, improve visibility throughout the business, simplify and access more effective reports, and drive a needed shift in company culture.”

Proactive anomaly detection. As they say, you don’t know what you don’t know. So until an internal auditor completes an assessment, an organization won’t know if its processes are at risk of non-compliance. Organizations will benefit from financial systems that can leverage machine learning and other technologies to audit routine transactions and detect possible anomalies upon data entry long before they become problems.

These capabilities reinforce the idea that compliance starts with front-line management. And since technology is doing the routine data gathering, auditors gain more time to analyze the data and contribute to the company strategy.

Future-focused with real-time auditing. A financial management system that leverages real-time data enables banks to perform continuous auditing, a necessity to keep up with the rapid nature of financial transactions. Auditors are able to spot trends as they are happening, and they can wield that insight to help the organization identify potential risks sooner than later. Real-time auditing also compels the organization to keep compliance top of mind.

Fear won’t be enough to keep up with the evolving nature of regulations. But a financial management system with built-in controls—such as workflows in a single system, anomaly detection, and real-time auditing—makes compliance an everyday practice that enables companies to operate at greater efficiency. In addition, governance allow for the values of compliance—integrity, trust, and respect for the law—to thrive in the company culture.

As a result, a bank can empower its entire organization to operate with fiduciary responsibility while maintaining the flexibility necessary to stay ahead of ever-evolving regulations and business challenges.