Financial institutions face tough compliance demands in a highly regulated and ever-changing environment. They must meet requirements from multiple regulators and show increasing transparency while staying focused on growth and profitability.
The challenge is not only a matter of meeting complex government mandates; compliance breaches have an adverse impact on customer loyalty, brand equity, new business and the bottom line. Despite major investments of 25 to 33 percent of their capital budget to establish and maintain strict compliance standards, financial institutions continue to face alarming incidents of internal and external fraud. A 2016 Point B study of compliance breaches of financial services companies shows that stock prices fell by 6.5 to 9.5 percent in the month after a misconduct was made public, with an average collective cost to shareholders of $1.9 billion per scandal-struck company.
How do you show regulators and customers your commitment to regulatory compliance? How effectively does your organization identify and reduce risk? Who is accountable for tracking progress and getting results?
Point B’s Perspective
In the rush to keep pace with changing demands, it's tempting to dive into costly compliance initiatives without the groundwork to ensure success. Without a clear and cohesive governance structure, even the best-intended compliance efforts can fail.
Point B helps our clients manage and stay on top of regulatory challenges by first establishing a formal governance structure—the strong operational framework needed to manage and deliver compliance action plans that satisfy management and regulators alike.
How do you create a governance structure for compliance that lets you act with confidence?
Establish an executive oversight committee
It takes enterprise-wide leadership to prioritize a compliance action plan and keep it on track. We recommend creating an executive oversight committee that includes senior executives from cross-functional departments (i.e., compliance, finance, human resources, legal, risk). This oversight committee is responsible for approving and prioritizing all projects in the action plan. Projects may be as diverse as employee training, creating a more vigilant culture, simplifying business processes, and applying technology in seamless ways.
The oversight committee also provides strategic direction to those implementing the compliance action plan to ensure progress in addressing any regulatory concerns.
Give executives ownership and accountability
Executive owners are crucial to moving your action plan forward. They are typically the heads or senior leaders of various functions or business units across the organization. In turn, they may have one or more "deliverable owners" who report to them and are responsible for helping to shape operational improvements, execute any remediation plans and complete the action plan.
Dedicate a program management office (PMO) to compliance
It may be tempting to place compliance projects within an existing PMO. However we find this decision should take into consideration how your current PMO model supports your organization:
- Limited or no PMO—creating a new compliance PMO is often required.
- Multiple PMOs—establishing a new dedicated compliance PMO can be effective.
- Centralized enterprise-wide PMO—extending the existing PMO’s charter and capabilities to include compliance can generate business value while also controlling risk. This level of sophistication requires an understanding of how changes to people, process and technology to meet compliance requirements can be combined with requirements for growth or profitability goals.
Regardless of PMO model, the compliance function will need to garner the metrics, skills, resources and executive focus to deliver on the action plan. This specialized PMO capability must support the executive oversight committee who, in turn, can inform the board or regulators, as required.
Working alongside the PMO are functional and business unit subject matter experts. You'll want the expertise of business operations, as well as legal, audit and risk departments, to ensure that any interpretations of new regulatory mandates translate into achievable operational changes.
The PMO is also responsible for identifying any key issues that could impede the action plan. It's up to the PMO to escalate such issues to the executive oversight committee, and to provide potential solutions.
Make traceability one of your strengths
Regulatory compliance demands transparency—which calls for traceability.
A strong governance structure will provide a framework for clear, compelling evidence of compliance. It will signal your organization's ongoing commitment to compliance in an ever-evolving regulatory environment. And it will support repeatability, which is important to proving compliance to the board, regulators and investors.
Your action plan should include all regulatory directives together with any explicit criticisms received from regulators. It should also include a set of deliverables with due dates approved by executive owners and the executive oversight committee. You’ll want to be able to show where you're headed and track milestones along the way.
The Bottom Line
A strong governance structure is key to compliance and keeping your organization on top of the challenges of a complex and changing regulatory environment. By engaging executives across your company in this structure, you gain the holistic oversight to satisfy changing mandates, demonstrate ongoing commitment to regulators and reduce compliance risk. While specific projects in your action plan will come and go, this governance structure is a long-term asset that will save time, money, risk and brand reputation.