Lastest news

The changing business of the compliance function

Sep 01, 2019

Many firms have seen a massive increase in their compliance functions since 2008, but there are now growing pressures for change to improve both the effectiveness and the efficiency of the compliance function. 

By Gillian Kelly

Over the last ten years, compliance functions in financial services have increased their resources and have widened their range of tasks, resulting in a dramatic increase in their monitoring and surveillance activity, whether manual or substantially automated. This growth has reflected, in part, the post-crisis regulatory reform agenda. This includes not only resilience and – for banking – resolution requirements, but also a host of retail and wholesale conduct, anti-money laundering, governance, financial crime, culture and – in Ireland – Senior Executive Accountability Regime (SEAR), more intensive and intrusive supervision, including the Consumer Protection Risk Assessment (CPRA) Framework.

Increased pressure on compliance functions

However, a changing business environment, tough economic and competitive conditions, evolving risks, changing regulatory landscape with fines and reputational risks (as demonstrated by the tracker mortgage scandal and the misselling of payment protection insurance (PPI)), and cost pressures on financial institutions have led to increasing pressure on compliance functions to re-align to business strategic goals and transform into a more value-add service line that can deliver more effectively and efficiently. 

Moreover, despite having strengthened the control environment and enhanced compliance with regulatory requirements over the last decade, the focus and mindset of compliance in many firms remains overly risk-averse, conservative and struggling with the remediation of past problems, resulting in limited bandwidth to support and challenge the business. This focus may be partly the result of perceptions of regulators’ expectations. 

In addition, there is a lack of clarity in some firms over the mandate and role of compliance, how it fits within the three lines of defence, and the relationship between compliance and the business.

Compliance functions need to:

  • Support and challenge the business effectively by adapting to changes in the business itself.
  • Operate in a much more strategic and predictive capacity.
  • Spend less time fire-fighting, with a greater focus on making strategic investments to ensure a more proactive approach to risk identification. 
  • Take a consolidated view of the skills, capabilities and experience across the compliance function, together with periodic assessment of gaps between the current skills and abilities and those necessary to deliver the mandate effectively.
  • Reconsider the skillsets hired, with more diverse and experienced professionals to complement existing compliance officers. 
  • Increase efficiency through greater use of technology, with more focus on data and process optimisation.

Gillian Kelly is a Risk Consulting Partner in KPMG.