Ross Marrazzo is Managing Partner of Treliant. He is also responsible for the firm’s Global Financial Crimes Compliance service area. Ross has over 35 years of domestic and international experience in the design, oversight, and assessment of corporate and regulatory compliance, Anti-Money Laundering/Bank Secrecy Act, Economic Sanctions/Office of Foreign Assets…
A recent conversation drove home for me (yet again) the precarious nature of work in Financial Crimes Compliance (FCC) in this age of constant change. The problem is only getting worse, and we all need a better understanding of the bank risks that can go unchecked when the FCC role is undervalued and underfunded.
The takeaway from my discussion with a former FCC officer was compelling. “Why would I stay in a field with so much personal risk?” he asked. His point of view is certainly understandable—yet more concerning than ever as financial crime escalates, technology accelerates, and regulatory uncertainty persists.
Compliance officers have long faced objections to spending money on their (and therefore, their company’s) needs to build and maintain an effective, sustainable compliance program. Even in companies that have gone through the nightmare of an enforcement action, executive management and boards soon forget what got them into the mess in the first place. Short-term memory kicks in, and they revert to old ways as if nothing happened. That’s often the point at which expense management under the auspices of gaining efficiencies is replaced by blind cost cutting. It’s the moment when new managers are brought in to decimate the very enhancements required by the enforcement action or to maintain an effective compliance program—or current managers are saddled with eliminating the staff and tools required for long-term sustainability.
Now Is Not the Time to Cut Corners
Not since the adoption of the U.S. Bank Secrecy Act (BSA) and USA PATRIOT Act have so many changes to the financial crimes risk management environment been in play, such as:
- Interagency statements late last year in which U.S. regulators encouraged banks to develop more effective and efficient FCC tools—and allowed banks to share resources where appropriate;1
- U.S. Congress’s consideration of changes to the BSA;2 and
- Introduction of new regulatory technology (RegTech)—in particular, artificial intelligence (AI) as a method to gain efficiencies and be more effective.
These recent moves are targeting methods for the industry to leverage itself for greater efficiencies, thereby reducing regulatory burden. But they should not be misread by executive management and boards to mean that compliance departments will require less funding for staff or tools to manage and mitigate risk.
For example, it may make sense for smaller institutions to work together on processes such as FCC training to reduce their costs, as suggested by regulators. However, more challenging to cross-leverage may be Financial Intelligence Unit activities.
Meanwhile, in Congress, you might think the changes under consideration are going to cut FCC compliance program requirements. But this probably won’t be the case, since lawmakers are astute enough to know that any changes cannot be allowed to reduce the effectiveness of U.S. law but should rather modernize it to make it more efficient and effective for today’s risks. And those risk considerations are clearly much more focused on terrorist financing and human trafficking.
And then there’s RegTech. Machine learning and AI are being held out as lifesavers and the ultimate cost reducers. However, AI has not yet been perfected. And while the experts seem to believe it will deliver greater efficiencies and effectiveness, this does not automatically translate into a reduction in staff.
All this may be from a U.S. perspective but this is not to say that FCC officer challenges are unique to U.S. financial institutions or foreign bank offices in the U.S. The regulatory environment across the globe carries similar expectations for effective compliance programs with FCC compliance officers in the cross-hairs. Personal liability is a constant risk no matter where you are located.
Making the Case for Compliance
Compliance officers often face tough arguments against hiring. Their rebuttal should be just as strong. They need to make sure their executive management and board are well-informed of the financial crimes risk management expectations and the tools that are available for gaining efficiencies while maintaining effectiveness. But there are no silver bullets in this broad and changing regulatory, legislative, and RegTech environment—something company leaders need to know. Driving home this point will allow compliance officers to direct the discussion about the environment, while keeping a finger on the pulse of executive management and the board to forestall any considerations of material reductions to funding an effective compliance program.
Compliance officers should routinely report their department activities through metrics, no differently than sales executives report sales. This will provide inarguable support for “Big C” and “Little c” compliance needs, with Big C being the Compliance function and Little c being those areas that own compliance risk, like first line of defense functions. A + B = C metrics are extremely compelling and difficult to challenge.
At the same time, compliance officers should constantly reassess their department from a staffing and structure perspective, and be prepared to offer up reasonable reductions when needed—but only if they can live with them. To live with reductions means that there are stopgap processes available to ensure that no critical processes or controls are compromised.
1 https://www.fincen.gov/sites/default/files/2018-12/Joint%20Statement%20on%20Innovation%20Statement%20%28Final%2011-30-18%29.pdf and