Financial sector leaders went into overdrive with risk management because of the 2008 financial crisis. Bank management teams and shareholders devoted significant funds and efforts to board risk oversight and risk management capabilities to ward off the resulting intensification of compliance requirements and regulations.
It’s been over ten years since that crisis. What is the current role of leaders in the financial sector in ensuring compliance?
Compliance Regulation Fallout after 2008
Financial institutions and banks have significantly improved their resilience and risk management activities following the 2008 crisis. However, the increased focus on these aspects of business led to a prevailing issue.
The delineation of accountability and responsibilities between top management and board members has blurred. Board members have taken on the oversight role as well as the managerial.
It’s, therefore, key for the board, the board risk committee specifically, to deviate from this mindset and develop a framework for increasing the oversight role of the board and the implementation role of the senior management.
Additionally, over the years, compliance risk at financial institutions has become a siloed activity. Instead of focusing on business operations and exposure risk in a broader context, compliance risk settled on assessing and managing this specific area in financial institutions.
The Evolving Compliance Risk Landscape in the Financial Sector
Compliance risk in the financial sector continues to expand. We can see tighter regulations of, e.g., cards or deposits. The growing list of compliance risks includes:
- Anti-Money Laundering (AML)
- Bank Secrecy Act (BSA)
- Conduct risk
- Subcontractor risk
- Risk culture
As the risk and operating environment expand, they create the need for boards to improve their risk and bank compliance management practices. Specifically, the risk committee should take a broader look at the exposure surface, taking into account the bank’s business operations and strategies.
How Should Financial Sector Leaders Approach Bank Compliance Risk
Proactive Approach
Compliance departments should take a proactive approach to the risk control framework. This includes creating risk identification and management processes, developing risk mitigation processes, and regularly assessing the compliance program.
Risk Committee
Develop a dedicated and independent risk committee. Risk committees should have the capacity to analyze and challenge risk management strategies. The role of the risk committee should not only be to advise on how to avoid compliance risk but to actively help in the development and governance of the risk management apparatus.
Assessment and Development of Risk Culture
Risk culture in an organization always begins with a ubiquitous understanding of business operations. Good risk culture is key to facilitate decision-making processes regarding risk management among employees and leaders.
Shape risk culture to include a shared mindset to change established practices if they prove ineffective. Risk culture also entails information sharing and discovery of emerging risks to be included for evaluation.
Risk culture should be monitored and shaped. Therefore, practices that help develop risk culture include regular reporting of operational changes and sharing values and behaviors that increase risk awareness and risk management capabilities.
Information Flow
Seamless information flow is a foundation of risk culture and directly affects the quality of the board’s oversight role. Senior management needs appropriate tools such as a board portal for sharing critical information with the board promptly.
Accountability of Senior Management
It’s within the board’s key responsibilities toward the shareholders to ensure that the management fulfills its role adequately. Overall risk management and risk mitigation require senior management to be accountable.
Chief Risk Officer
Strengthen the independence of the chief risk officer. When CROs act independently, they are better equipped to reduce business and compliance risks. By coordinating and leading enterprise risk management with enough authority, a CRO can significantly minimize possible losses caused by compliance risk.
It’s critical to recognize that a CRO’s role should be separated from other business line and executive responsibilities.
Effective Compliance Risk Rules
The Compliance Framework
A financial institution’s compliance framework should be included in overall risk management. This way, an organization gains a detailed view of all risks and issues that stretches beyond compliance risks and ensures there are no gaps in data risk assessment.
Moreover, the integration of the compliance framework streamlines risk assessment activities, decreasing the number of duplicative actions.
Toolset for Ensuring Compliance
Effective compliance risk management in the finance industry relies on assessing, overseeing, and managing compliance risk concerning the whole operational risk. To stay on top of the expanding regulatory and compliance risk landscape, the board needs adequate tools and frameworks. The documentation should be organized and stored securely for authorized-only stakeholders.
Board management software, such as Convene, can help leaders in the financial sector practice good governance and ensure compliance. With Convene, bank boards can easily empower effective crisis risk management. Convene helps shift the focus from worrying about compliance to exercising effective leadership.