By Henry Umney, CEO, ClusterSeven
Financial institutions need to address and overcome a broad range of complex, conflicting and disruptive issues on a daily basis. Amongst them, there is a dynamic geopolitical environment, slowing economies, low interest rates, and the constant search for yield. There is also a plethora of disruptive market entrants that have leveraged AI and machine learning to create an environment where speed, flexibility and attention to detail are the hallmarks of a successful business. There are multiple compliance regimes that must be accommodated too. These include MiFID II, The Dodd-Frank Act, IFRS 9, SS3/18, Anti Money Laundering (AML) legislation and Anti-Terrorist Financing laws, to name a few. Somehow institutions must thread a path through all this complexity, while growing their business, and delivering ever more efficient services.
Each of these developments often involve reassessing how an institution addresses these challenges, to ensure that the risks they face – commercial, operational, reputational and regulatory – are not compromised. It requires revisiting compliance processes to eliminate any loopholes and ensure robustness on a continuous basis.
All financial institutions will already have well-developed enterprise systems to assist with regulatory compliance across all the regimes. These systems will typically be run by the corporate IT departments and ensure that firms have a solid handle on their highly structured, well established applications and processes.
However, the compliance challenge is altogether different where there are new products and services, which are supported, at least initially, by ad-hoc systems and applications that are implemented and managed by end-users, rather than corporate IT. This use of spreadsheets, databases, and other off-the-shelf applications – commonly referred to as Shadow IT – creates a challenge because typically these tools lack the controls and full auditability found in the corporate IT environment. This throws up problems of reporting and proving compliance. For example, under the5th Anti-Money Laundering Directive (5AMLD), which must be implemented by EU member states by 10 January 2020, firms are required to provide greater transparency on their clients, demanding additional searches and checks so that the identity of customers is known. How can financial institutions efficiently and speedily assure compliance with no additional budget and resource, and while using applications outside the control of corporate IT?
Likewise, how can firms best enforce compliance against highly unstructured business processes that will never be suited to the corporate IT regime – such as checks on conflict of interest, anti-slavery regulation, supplier due diligence, or anti-bribery requirements?
By some means, financial institutions need to find a way of systematically managing the compliance of these unstructured processes, alongside Shadow IT and corporate IT applications.
It’s worth pointing out that whilst not against the use of these applications, regulators are demanding end-to-end transparency and auditability of these processes.
Managing the Compliance of Unstructured Processes: Rabobank’s Experience
While these demands pose huge challenges for financial institutions, the Netherlands-based Rabobank provides a good example of an approach that financial firms can take to address the problem of managing the compliance of their unstructured business compliance processes.
Rabobank’s London operation was exposed to numerous global compliance regimes, and like most firms, utilised a range of documents, often spreadsheets and Word documents, to manage the compliance of these unstructured processes. While quick and easy to use, there were challenges with keeping documentation consistent and up to date. The workload required to manage and maintain them, as well as the effort of end users to complete them, was proving too onerous for staff. The level of management control and auditability that regulators expect was hard to achieve.
The Bank adopted automation to capture, manage, audit and report on its unstructured compliance processes. Today, the firm has set up rules-based processes to review, defined and codify the issues that the business is exposed to. The process makes extensive use of conditionality, allowing the compliance teams to guide users through the procedure quickly and easily, breaking down the non-standard issue into its component parts to steer it through to a successful resolution.
Perhaps the biggest benefit of this approach is that the Bank can undertake continuous risk assessment and has good insight into its risk exposures enabled by an ‘at-a-glance’ view of all relevant non-compliant issues. This kind of visibility is particularly important for executives today with reference to the Senior Manager & Certification Regime (SMCR), which enforces individual accountability for business operation. Today not many realise that a breach by a financial institution in one regulation could mean a breach of the SMCR too. It’s important for the C-suite to ensure compliance with all regulations as non-compliance could potentially be laid at their door, in their personal capacity.
Additionally, Rabobank now has a good framework for attestation. As well as rationalising the information from an attestation standpoint, Rabobank has automated data extraction, which is supported by an audit trail. So now, the Bank has full visibility of when and how individuals have responded to questionnaires, complete with historical information, to paint an accurate picture on the Bank’s compliance status of the various regulations.
From a business value perspective, the Bank can draw conclusions on important areas of the business. For instance, they have a good understanding on what is happening in the trading departments from different aspects.
Leveraging Compliance for Growth
While historically ‘compliance’ has necessarily been an end in itself, there is now increased demand from senior management to have a defined business benefit from using compliance solutions.
Being able to standardise the management of unstructured business processes helps the organisation to better understand the important procedures that often fall below the radar but are key to the business. Standardising their management allows the business to see where there is duplication of effort, unnecessary activity, activities that could more standardised, and therefore delivered more efficiently. It also means that any management uncertainty can be removed, by demonstrating that what might seem a sub-optimal way of delivering a service, on closer inspection, is the ideal way. Rabobank has introduced standardised controls to a ‘messy’ array of business processes. In addition, the Bank has established a platform to enhance business process efficiencies and re-engineering, to take the organisation to the next level, while remaining fully compliant.
About the author
Henry Umney is CEO of ClusterSeven. He joined the comp any in 2006 and for over 10 years was responsible for the commercial operations of ClusterSeven, overseeing globally all Sales and Client activity as well as Partner engagements. In February 2018, he was appointed CEO. He brings over 20 years’ experience and expertise from the financial service and technology sectors. Prior to ClusterSeven, he held the position of Sales Director in Microgen, London and various sales management positions in AFA Systems and ICAP, both in the UK and Asia.
