Compliance policies and decisions need to be standardised and made with commercial viability in mind. But they need to avoid any conflicts of interest where they might skew the recommendations to profitable initiatives.
Some practitioners say that compliance as a second line of defence can only be neutral or negative as it works to identify risks and potential consequences. Otherwise there are likely to be conflicts.
If compliance benefits directly from business gains, for instance, then they will find it more difficult to distinguish themselves from the front office. Compliance functions would become KPI-driven and, potentially, reckless.
It is important for compliance to remain a function which is assessed on how it enables the business.
In this way, compliance teams can be more visible in being seen to make decisions on how compliance itself can be demonstrated. This includes setting policy objectives and minimum standards to be adopted by the business.
And whether that enablement translates to profitability is not within the control of compliance, says practitioners.
A ‘business’ decision to comply, whether as a matter of rule or exception, is a business-owned decision.
Making business decisions
Having said this, implicitly all compliance officers should factor in their employer's business viability in their decisions. But this should stay out of their formal KPIs.
Where there is certainly more of a role for compliance is in helping senior management find a balance between over-regulation and doing business.
Senior compliance managers should participate in business discussions such as prior to launch or committing to a transaction.
More fundamentally, this is what a strong first line of defence does – act as a gatekeeper to help senior management reduce risk to acceptable levels, but minimise impact to doing business. How this is achieved in practise, however, is an art not science.
Without more business experience and an understanding of how to comply in a commercially-viable way, compliance practitioners say that many officers might take the easy route of saying ‘no’ instead of understanding the risk and creating a process to reduce it, in order to enable business.
At the same time, compliance officers would benefit in their assessments and decision-making if the business provided more information and background.
A common approach
Without standards for the industry, rules will get interpreted and implemented differently from one institution to the next.
In turn, this will lead to potential consequences such as the potential for regulatory arbitrage, as well as instances of fraud as people look for easy gateways.
There is no cookie-cutter approach to compliance judgment, just as there is no one standard private banking business or management model.
But more can be done to formalise the sharing of good practices.
In Singapore, for example there are informal compliance roundtables, although membership can at times appear exclusive to market-leading firms. Participation is not mandatory and often inconsistent – in short, it does not have the trappings of a professional body.
Some practitioners believe that efforts should be made to promote harmonisation – if not standardisation – at least in approach and strategy.