COMPLIANCE FUNCTIONINFINANCIAL …

1 IFAST financialiFAST FINANCIAL byWong Teck KowCOY REGISTERED NO. 200000231R 2006 FINANCIAL ADVISERS TRANSACTION IN FINANCIAL INSTITUTIONSis increasingly sophisticat-ed. With growing regulatory demands, major financialinstitutions such as banks are devoting substantialresources into COMPLIANCE functions. Surprisingly, there is a lack of intellectual resources oncompliance in Asia. This article aims to bridge that hope to contribute a resource, increase awareness incompliance issues, stimulate interaction amongst financialand COMPLIANCE professionals, and ultimately enhancecompliance standards in the financial industry. Who is Responsible? COMPLIANCE officers seem to be the obvious candidates totake responsibility if things go wrong.

2 But does the buckreally stop there?The prime responsibility to ensure that the business com-plies with regulations rests with the board of directors, orwith the owners or the most senior executive managementgroup where there is no board. The board, owners or seniormanagement will usually delegate COMPLIANCE activities, butWHO IS ULTIMATELY RESPONSIBLE FOR COMPLIANCE IN A FINANCIAL INSTITUTION?AND WHAT DOES A COMPLIANCE DEPARTMENT DO? THIS ARTICLE SHEDS LIGHT ON THESE QUESTIONS. COMPLIANCEFUNCTIONINFINANCIALINSTITUTION S iFAST financialiFAST FINANCIAL COY REGISTERED NO. 200000231R 2006 FINANCIAL ADVISERS TRANSACTION personal responsibilities cannot be delegated that the laws and regulations permeate mostactivities of a financial business at every level, manage-ment has two choices.

3 The first is to appoint complianceofficers to perform quality control of each designatedfunction at the operational level ( System A ). The secondis to make every individual in the business responsible forcompliance with all regulations relevant to their jobs( System B ). It is the author s view that System B yieldsgreater benefits to the firm in the long term. In System B, employees are trained and relied upon to dotheir jobs in a compliant way, just like other job trained in their regulatory obligations, the employeestake complete responsibility to follow COMPLIANCE proce-dures. In practice, each employee s performance appraisal(which affects his remuneration, increment, promotion, benefits etc) will be positively co-related to his complianceperformance.

4 He thus has a vested interest to comply. Overtime, this promotes a COMPLIANCE culture in the firm. On the other hand, firms adopting System A needs tokeep adding COMPLIANCE headcount in order to control asmany processes as possible. Apart from escalating costs, itis hard for such firms to inculcate a COMPLIANCE culture. The Role of theCompliance DepartmentBroadly speaking, the roles of the COMPLIANCE Departmentare as follows:(1) FACILITATE THE DEVELOPMENT AND MAINTENANCE OFTHE RIGHT CULTUREA healthy, positive COMPLIANCE culture within the firmminimizes the risk of regulatory failure and the resultantsanctions and damage to its reputation. (2) DELIVER COMPLIANCE TRAININGT raining is essential to ensure that the employee is able toperform his job in a compliant way.

5 COMPLIANCE training ismore effective if it is integrated into the training that theemployee receives on his core job functions ( operations,IT, finance etc). On this basis, COMPLIANCE s role is to trainthe trainer and ensure that the COMPLIANCE element of thetraining is properly incorporated, updated and adequate.(3) ADVISE ON REGULATORY ISSUESA dvising on relevant regulatory issues concerning the firm sbusiness is a fundamental responsibility of COMPLIANCE . Forinstance, COMPLIANCE advice may be required when a newbusiness line or product is launched, when a procedure ischanged, or when new regulations are promulgated whichmay impact the business.(4) MONITORINGThe COMPLIANCE department is commonly associated withthis task.

6 Good monitoring by COMPLIANCE provides asource of timely and focused feedback to other depart-ments on how well they are fulfilling their regulatory obli-gations. But, excessive monitoring can overkill and causean unnecessary burden to the business. It may also create amoral hazard for other staff to relax their diligence know-ing that the COMPLIANCE function will pick up any errors . (5) COMMUNICATINGC ompliance is an important interface between regulatorsand regulations on one hand, and business on the other. Inthis connection, COMPLIANCE will communicate any newrules or guidance issued by regulators to the relevantdepartments. It must also provide the regulators with anyinformation they request and notify both senior manage-ment and the regulators of any significant issues that arise.

7 (6) HANDLING ISSUESR egulators expect all regulatory issues to be resolvedpromptly and thoroughly. COMPLIANCE can advise theinvestigating manager (usually a supervisor within thedepartment from which the issue emerged) on the substantive issues and the process to resolve the issues.(7) BALANCING COMPLIANCE COSTS AGAINST REGULATORYBENEFITSAs a cost centre, COMPLIANCE needs to justify the costs ofcompliance against regulatory obligations, devise ways ofkeeping implementation costs low, and maximizing thebenefits of the COMPLIANCE role of COMPLIANCE is summarized in Figure Approach(1) RATIONALEIt is recommended that COMPLIANCE adopts a risk-basedapproach which recognizes that different areas of the busi-ness and different regulatory issues carry different levels ofregulatory risk.

8 There are two main benefits. First, thefirm s resources can be prioritized and allocated to most-needed areas, fostering greater productivity. Second, thecompliance function and management can talk a commonlanguage based on an agreed notion of risk. This promotesmutual understanding and greater objectivity.(2) HOW TO MEASURE REGULATORY RISK?Risk can be measured against two dimensions: the iFAST financialiFAST FINANCIAL COY REGISTERED NO. 200000231R 2006 FINANCIAL ADVISERS TRANSACTION of a particular problem occurring and themagnitude or potential impact if it occurs. Be objectivewhen assessing risk. A practical way is to analyze other realexamples, where available, of that risk being realized.

9 Objective criteria for assessing the probability of aprocess failure could include the number of such failuresexperienced during the course of a particular time periodsuch as six months or one year. All risks should be assessedover the same period for comparability. Sources of informa-tion on the failures include the breach and complaint logs,regulatory visits reports, internal and external audit reports. One way of expressing the magnitude of regulatoryrisks to the firm is the potential financial risk of compen-sation in the event of breach. For instance, a breach ofinvestment powers may result in compensation of the cost ofselling the offending security and reinstating the fund topre-purchase position.

10 A breach of client money bankaccount regulations could result in the loss of all clientmoney held outside a correctly designated client account. (3) IMPACT OF THE RISK-BASED COMPLIANCE APPROACHI mplementing the risk-based approach will change the wayComplianceand other departments do their and employees will gradually be ingrained tounderstand and talk in a common language of risk. Risk wouldbe an agenda item in regular team meetings held amongemployees anywhere, at any level, of the firm. As the differentrisks are identified, ways can be explored of managing them. Some firms have also organized dedicated risk workshopsto discuss all manner of risks faced by the business, includingreputational and financial risk, in addition to regulatory is possible where the firm has a cross-functional team ofexperts looking at risks on a business-wide of the COMPLIANCE TeamRegulators emphasize that the COMPLIANCE function musthave direct reporting lines to senior resources must be available for COMPLIANCE todo its job effectively.