“A ship at shore is safe, but that is not what it is constructed for”
The above words said by Grace Murray Hopper are also aptly suited for the banks as well as other financial institutions. Banks have to take risks all the time with the money that does not belong to them. We cannot eliminate risk completely; we can manage the risk. However, implementation of the entire risk management process would be unsuccessful if the steps detailed in the process are not complied with. Let us take the example of the spread of coronavirus. It is a grave risk and the governments all around the world are fighting hard to contain and eliminate it. To manage this risk, the risk management process will require everyone to follow social distancing, wash or sanitize their hands regularly, avoid shaking hands, avoid touching mouth, eyes and nose etc. If these steps are not followed, this outbreak can affect many and lead to several casualties. Can we say that only the government or the doctors are responsible for the containment of this disease? No. each one of us is responsible to comply with the steps required to prevent the spread of the disease.
Each kind of risk is unique and demand that risk management process is followed and effectively complied. A financial institution faces a number of risks today- Credit risk, Market risk,Operationalrisk, Liquidity risk,Business risk,Reputational risk,Systemic risk etc.If compliance of the regulations is not done, the risk will still be there.In some cases, neglect of compliance has led to the decimation of the entire organization.Undoubtedly,compliance and risk management are intertwined. For organizations to maintain their stability and integrity both compliance and risk management are required at several levels. In fact, a robust risk management program cannot be contemplated without compliance and the vice versa.
In India there has been a rapid change in how financial institutions operate due to introduction of ever-changing technology and the advent of fintech companies. The integration between finance and technology has brought unprecedented changes in almost every aspect of banking. Financial technology is too disruptive a force and is expected to reshape and redefine the banking ecosystem. This paradigm change has impacted not only the banks but also the regulators. Compliance has emerged as the key focus area and an important challenge for the top brass of any banking and financial system.
In general, Compliance means conforming to a rule, a specification, a standard, a policy or law including the voluntary ones. However, just giving a lip service to such regulations is not enough. Compliance should go beyond what is legally binding.
Broader standards of integrity and ethical conduct need to be adopted.A bank should hold itself to high standards when carrying out business, and always strive to observe the spirit as well as the letter of the law. Following the organization’s own internal rules, policies, and procedures, acting in accordance with ethical practices is equally important. A strong compliance culture should also ensure adherence to fair practice codes, manage conflicts of interests, and treat customers fairly, with the larger objective of delivering efficient customer service.
The Compliance Function should cover various legislations such as Banking Regulation Act, Reserve Bank of India Act, Foreign Exchange Management Act, Prevention of Money Laundering Act etc. It should also adhere to observe other regulatory guidelines issued from time to time; standards and codes prescribed by BCSBI, IBA, FEDAI, FIMMDA etc. Of course, each bank’s internal policies and fair practices code must be complied with.
Now, the question arises: who is responsible for compliance in an organization. As earlier explained in the coronavirus example; compliance should not be an activity of the Compliance Function alone but as a culture that pervades across the Bank. Over the last decade there has been an increasing focus on ethics in Business and Regulators have moved away from enforcement of specific rules to the tough question of making compliance an inherent part of the core business model. The responsibility of compliance lies with everyone in an organization. Compliance starts at the top. The senior management should set the tone at the top and usher in a strong compliance culture in banks up to the grass root level. Compliance should be an integral part of the culture of the organization. If a guard misbehaves with a customer and does not comply with his basic duty of polite behavior or a proprietary trader does not take care of the bank’s trading policy and incurs heavy losses. Both the cases suggest about lack of compliance culture in the organization.
Benefits of good compliance culture
This is how a good compliance culture can benefit a financial institution
- It leads to low individual and organizational risk.
- It leads to low reputational risk.
- It infuses more confidence among employees while performing their jobs. It also helps attract and retain talent and ensure employee engagement.
- It helps taking a pro-active approach in dealing with any new compliance requirement.
- It leads to enhanced relationship with regulators, investors and others.
It is very important for banks to demonstrate a good compliance culture not only for the sustainability of the organization but also for the sustenance of the entire financial world globally. As we know that in extreme cases (Sub-prime crisis) the systemic risk arising out of failure of one organization led to the fall of many “too big to fail organizations”.
There is huge reputational risk possible due to the risk of legal or regulatory sanctions,material financial loss, or loss to reputation a bank may suffer as a result of its failure to comply with laws, rules, regulations and of course to its sector specific code of conduct applicable to banking. For example: the now-suspended managing director of one crisis-hit bank reportedly admitted to the RBI that the bank's actual exposure to one of the bankrupt corporates is more than Rs 6,500 crores. It is almost four times the regulatory cap. It also amounted to a whopping 73% of its entire assets of Rs 8,880 crore.This was against the RBI guideline of a cap of 15% of the core capital of exposure to an individual company. The exposure to the bankrupt group was camouflaged/misreported to RBI. On the other hand, if an effective compliance culture pervades through an organization compliance risks can be identified in each business line,product and process, and timely action can be taken to devise ways to mitigate such risks. A proactive compliance function also does timely compliance testing and plugs the loopholes. In case of failure to adhere to proper conduct, such instances should be converted into case studies and disseminated among the staff for education and percolation to the respective business lines.For example, IBA is doing an yeomen’s service by sharing the modus operandi of major frauds and breach of risk management
processes with the entire banking industry. The relation between compliance and frauds is inverse. It will not be an exaggeration to say that some of the big losses suffered by banks on account of frauds could have been avoided if a good compliance culture was
ingrained in respective banks. As defined earlier, compliance also includes adherence to internal policies and procedures of banks. In most cases of frauds, a common thread is non-adherence to internal policies and procedures by employees concerned. Increasing incidences of frauds in recent years, the quantum of amounts involved and the complexities of modalities adopted highlight the importance of a strong compliance culture in the banks.
Compliance to bank’s internal HRD policies, labour laws, policy on sexual harassment etc for the benefit of the employees of the organization also has a positive effect on the working culture across the organization. It promotes less hesitance and more confidence among employees while performing their jobs. It helps attract and retain talent and ensure employee engagement. To manage the talent pool of an organization and to tackle employee retention risk complying to extant rules is a must to create a healthy work environment.
The Compliance Function has received a high level of attention from regulators worldwide. One of the topmost priorities of an organization should be to increase the value of the stakeholders including the investors. Investors look for investment opportunities that follow exemplary ethical values, high degree of corporate governance and sound compliance culture. For most of the institutional investors, it is always mandated to the investment managers to invest only in companies following corporate governance. Investors feel their investments safe in such companies. Sound compliance may permit the supervisor, one of the most important stakeholders to place more reliance on the bank’s internal processes.
A few steps for inculcating compliance culture
- The compliance culture should be strengthened through various forms of communication and interactions across the organization, e.g. training, quizzes, case-studies, newsletters, discussions on compliance incidents observed within the Bank, digital Iearning etc.
- It should be part of the value statement.
- Compliance culture and awareness should be tested through employee surveys and reviews, at whole bank level. Compliance culture goals should be part of the performance review meetings.
- The Compliance Function of the Bank should be an independent function that has the ability to objectively assess and express its views on the policies and practices of other functions/businesses in relation to compliance.
- The Compliance Function of the Bank should monitor Compliance risks through suitable monitoring mechanisms.
- Open lines of communication are important for effectively managing Compliance risks.
- There should be close co-ordination between the compliance function and the other business and operational verticals etc.
Challenges
The above points are also challenges before an organization that how this compliance culture can be engrained from top to bottom. Besides, a few other challenges are:
Combating cyber-attacks and safeguarding sensitive data has become one of the most important challenges for the financial institutions today. If a culture of compliance is not deeply rooted in the organization, an institution may fall prey to such online frauds within no time. Thus, compliance is not only a regulatory option but also becomes a compulsion. It becomes a question of survival. In the recent past, several banks have been afflicted by a series of cyber-attacks. The sensitivity and potential value of the data in their possession makes financial institutions a prime target of cyber-attacks. To be prepared with a comprehensive risk assessment planning and suitable strategies become imperative for banks. Financial technology (Fintech) has redefined how banking is done in terms of improving speed, performance, and reliability. At the same time, it
has introduced even greater risk and thus made the task of compliance more complex.Cost is another challenge. After the introduction of ‘Aadhar’ a lot of bank’s core banking systems were modified to facilitate faster account opening through online methods. However, after the honorable supreme court ruling that Aadhar cannot be made mandatory, the banks not only had to do corrections in the systems, it also entailed a lot of expenditure on communicating the entire staff about the change. Recently, RBI mandated all the banks to provide the facility to consumers to enable them to switch on or off their ATM cards. It not only required the banks to put their existing workforce to comply with this new rule, it also needed heavy expenditure. So, cost is another very
important challenge before the financial institutions in view of the continuous change in rules and regulations.
Conclusion
There is a strong need for compliance culture across banks to address various kinds of risks. Such sound culture would help in building organizations that are strong, resilient, disciplined and enjoy the benefits of sustained growth and customer’s confidence. It will also pre-empt several supervisory actions, and reputational risk, that would follow in case transgressions are detected.
Niraj Kumar
Chief Manager (Faculty)
State Bank Institute of Learning & Development, Pune.