Written by Dawn Fisher on Tuesday January 30, 2018
As firms continue to navigate the labyrinthine minefield of legislation and regulation and claw their way up the evolutionary ladder of compliance with standards that appear to have moving goal posts, ‘tone from the top’ has never been more important.
In line with regulatory expectation, compliance with increasingly complex legislation is falling to the front office (the ‘first line of defence’) and for many, this is a complete change of approach – a reversal of the ‘burden of responsibility’ they are used to.
Many firms are changing their target operating model to include their financial crime risk management as part of the strategic direction and operation of the business rather than a cause that sits alongside business as usual and which, quite often, is seen to create a barrier to business as usual.
This level of structural change in a firm’s governance framework requires a paradigm shift in culture to truly embrace and embed financial crime risk management as part of enterprise-wide business as usual, and senior management must be visible and vocal in their support for such organisational change.
Conventional wisdom would state that it takes a generation to change culture, but with ever-increasing regulatory scrutiny, firms typically measure their timescale to achieve change in months rather than years.
Key to effecting change is engaging the participants and for success in this space, the approach must be multifaceted. It is not enough to advise that there will be a new policy and updated procedures and expect the first line to just get on with it – crucial to engagement is communication of the issues and requirements for remediation, inclusion in the transformation process (including inviting feedback where appropriate) and training and education on new policies and procedures (taking care not to simply train on what the new process is and how to do it but, crucially, to explain why it has been necessary to make the change).
Change is unsettling, and where change is driven by compliance this can lead to fear in the first line – fear of the unknown or fear of losing their jobs if they get it wrong.
The challenge for senior management and those driving the transformation programme is to strike the right balance between the stick and the carrot. Breaches of the new policy should, of course, be dealt with but positive reinforcement is also necessary. Compliance should certainly form part of the appraisal process, but not to a level where a genuine error can devastate an employee’s prospects within the firm.
Messages from senior management should be unambiguous and pitched at a level understood by all – not corporate jargon that baffles and bemuses the worker bees. Most of all, senior management need to practice what they preach. In terms of visibility, this means attending training with the troops and be seen to be engaged.
Where AML obligations are the driving force for change, new (and often more onerous) policies and procedures should be positioned as a force for good and the message from the top should be that good compliance is good business; AML should be seen as part of business, and not a barrier to it – senior management should be clear that the AML effort is an investment in the future of the firm and not a cost centre akin to a black hole into which the revenue generators perceive their hard-earned money to be disappearing.
Senior management needs to set the right tone from the start as it is difficult to put a value on prevention but for those that get it wrong the cost is astronomical.
This article forms part of the #BigCompConvo - Join us as we explore and debate the latest challenges and issues facing you and regulatory and financial crime compliance professionals all over the world. If you’d like to contribute an article as part of the Big Compliance Conversation get in touch with us at firstname.lastname@example.org
Thank you. Your comment is awaiting moderation and should appear on the site shortly.
Required fields are not completed, please ensure all required fields (*) have been filled in properly.
You can leave the name empty should you wish to remain Anonymous.