The compliance profession has seen a significant transformation in responsibility, accountability and technology since the financial crisis erupted in 2008.
Along with that transformation has come greater pay and status, and as well as the challenge compliance officers face of adapting their firms to these transformations and keeping leadership involved.
Compliance professionals must also appreciate a growing sense from regulators that they could face potential liability for their actions or inaction.
The transformation has been so swift and broad that it may be time to take stock, to review prominent changes to the profession and what is expected of the modern compliance officer, plus how to succeed in the role.
Compliance experts in a variety of roles have contributed to this reflective exercise, as discussed below.
* * *
Financial technology, or fintech, is growing in importance to financial services businesses as new processes, tools and business models offer customers more options and greater flexibility and ease in transacting. They also, combined with the “Big Data” now available for monitoring and analytical exercises, provide a means for compliance professionals to carry out their responsibilities, as long as compliance officers are trained in using them and appreciate their limitations.
“The fintech industry has created new products and ways of doing business that the compliance function in traditional financial services firms has not seen before,” said Rafael Gomes, an executive in Accenture Finance & Risk Services. “For example fintech has facilitated new ways to bank digitally — not only checking balances online, but applying for loans and other credit products via mobile phones, making payments via smartwatches, etc.”
“Compliance needs to ensure that the right controls are in place across these new digital media,” Gomes said.
Technology is helping compliance professionals in their job roles and spurring them to enhance their skills, said Maria Tomlinson, general counsel and chief compliance officer of Optimal Payments Services, Inc., in New York. “Even if they cannot write code, they can implement and use savvy new tools and have a better sense about what their exposure is to risks such as money laundering, sanctions violations, and the like,” she said.
The growing role and interconnectedness of new technology have also created new systemic and operational risks, spurring an emphasis on cybersecurity that has been echoed by the Securities and Exchange Commission (SEC) and other regulators. Shortly after the SEC released a survey last year finding that most of the registered broker-dealers and registered investment advisers surveyed had reported being the subject of a cyber-related incident, it issued new guidance on creating effective cybersecurity policies.
* * *
I asked a veteran recruiter about what he’s been hearing from compliance officers looking for new opportunities and employers seeking to fill those roles.
“Compliance professionals are seeing more opportunities develop for their expertise outside of the banking industry, in some less traditional sectors,” said Maurice Gilbert, founder and managing partner of Conselium, a compliance and risk search firm and founder of Corporate Compliance Insights, an online supplier of news and analysis articles for compliance and risk professionals.
“We’re seeing money transfer companies, prepaid debit card firms, mobile money businesses, all getting into the act of hiring compliance professionals,” he said. “Obviously, this widens candidates’ opportunities.”
“Another positive development is that CCOs are getting the access to boards to do the reporting the regulators have sought in their rules and the language of their enforcement actions. They are also getting access to the CEO — informing the executive suite on an administrative basis — like the general counsel and chief financial officer have enjoyed,” Gilbert said.
The appearance that demand is exceeding supply is a reality, Gilbert says. That helps candidates command greater salaries, but some businesses have not yet come to terms with what they have to pay to get the skills they need.
Furthermore, Gilbert said, the increased regulatory focus on individual liability — which has occasionally targeted compliance executives — is giving some of his senior candidates pause. “For the first time in 15 years, in the last few six months, I’ve had two qualified candidates turn down CCO positions because they do the ‘risk versus reward’ equation in their minds, and the risk of being held personally liable does not seem worth it.”
The fear, Gilbert said, is that a new firm might not “have their CCO’s back” when violations occur and would allow the CCO to be a scapegoat for corporate lapses.
“You know what? The potential for personal liability enables candidates to more seriously choose the organization they are willing to work for,” said Tomlinson, of Optimal Payments Services. Tomlinson is a compliance executive with over 15 years of experience, and she sees the personal liability issue in a positive light.
The compliance officer must choose the right firm — one that will offer support, take compliance seriously, and give the department adequate resources to perform the job, she said.
“This focus is helping firms get the best compliance officers, because only those who know they will do a good job, and who are picky about the firms they join, will apply.”
* * *
A PricewaterhouseCoopers survey in 2014 found that 93 percent of financial services firms reported they have a CCO and, among those firms, 73 percent reported that this person performs this role as his or her sole responsibility.
Tomlinson has seen attitudes toward compliance shift over her career in a manner that takes compliance more seriously, and she credits U.S. regulators’ more aggressive fines.
“These fines are finally having an impact on firms’ bottom lines and reputations, as fines go up and news spreads rapidly about them. That has propelled firms to appreciate that good compliance goes hand in hand with good business,” she said.
Indeed, Tomlinson said she has served as a member of a firm’s board of directors, rather than just having periodic access to it.
Technology is also having a positive impact and streamlining effect on the compliance profession, she said. The compliance and technology teams are communicating more to design tools that help their firms specifically address the risks they face.
She sees it as the emblem of good compliance practice when a firm advertises it as a business advantage that it has avoided enforcement action, and when it uses its good compliance record as a marketing claim to distinguish itself from competitors.
The onslaught of regulations has made it more important for lawyers to occupy the CCO chair, she said, rather than someone with just an operations background.
“In the past, a CCO was often the former chief operations officer, and this was not a sufficient background once the onslaught of regulations began,” she said. “It’s important to have training in interpreting and applying the law.”
Her own double role in applying and interpreting the law — as general counsel and CCO — can work well, depending on the firm and how it is carried out, she said. “You cannot give yourself counsel as the GC/CCO, and you cannot solely handle the company’s litigation efforts.”
But the combined role can help synchronize efforts. “I can do the contract writing that both the GC and CCO should be involved in and make sure all of our contracts and arrangements have the compliance details they require, not just the standard legal ones,” she said.
In the next post, I’ll talk about best practices for today’s CCO.
Julie DiMauro, a Contributing Editor of the FCPA Blog, is a regulatory intelligence and e-learning expert in the GRC division of Thomson Reuters Regulatory Intelligence. She’ll be a speaker at the FCPA Blog NYC Conference 2016.