|
|
|
Features
< Back
Sarbanes Oxley : Auditing : Thought Leader
EY Finds Mixed Picture on Compliance Progress
By
Rick Kryzynski
|
|
Rick Kryzynski
Senior Manager
Ernst & Young
|
What is the state of financial services compliance today? How prepared are compliance departments for the challenges to come? A survey conducted by the Economist Intelligence Unit on behalf of Ernst & Young attempted to answer those questions by exploring how institutions organize the compliance function, measure compliance quality and effectiveness, attempt to foster a culture of compliance, and evaluate the success of their own compliance operations.
The online survey drew responses from 105 senior executives at large global banks and broker/dealers. The findings present a decidedly mixed picture.
Too few institutions explicitly measure the return from compliance activities. Fully 51% of respondents said their firms do not explicitly measure the return gained from compliance activities. This finding suggests that there are basically two schools of thought on measuring compliance effectiveness. Some firms find that while they can measure their activities (i.e., the things they are expected to do as part of a compliance program), it is difficult to determine whether those activities actually reduce compliance risk.
Nevertheless, more organizations are attempting to quantify the benefits of the compliance effort by using metrics such as measuring the quality of the compliance department?s advice, assessing the department?s effectiveness, performing cost-benefit analyses, and using ?what if? scenarios to determine the cash-flow effect of regulatory violations. While 51% of respondents complete an assessment once every three months, almost 25% do it just once a year.
Institutions need to derive greater value from their ethics programs. Only 29% of respondents said they use ethics training to promote a compliance culture, yet 79% require such courses. This contradiction suggests that companies need to alter their training programs so that they do have an influence on culture. Similarly, few institutions use performance incentives to drive an ethical culture. Most rely simply on policies and hiring the right people.
Executives may be overly optimistic about the level of employee engagement in compliance. Nearly two-thirds of the compliance executives surveyed believe that employees place a high priority on reading communications from the compliance department. But this may be optimistic, given the volume of communications the typical bank employee receives daily. To ensure that employees do read their messages, some institutions require acknowledgement of receipt, use multiple communication channels, including e-mail, and use a structured template for memos from compliance.
Many institutions have failed to develop a way to identify and respond to emerging regulatory issues. Only one-third of companies have a formal process in place to identify the areas regulators will likely focus on in the future. Companies that lack such a process have no way of knowing where to allocate resources in order to prepare. Of those who do have a process, most rely on internal committees. They also try to learn from the regulators themselves, often simply by asking.
Areas cited by respondents as likely to receive scrutiny in the future included the suitability of complex products for investors, proprietary trading, and customer privacy.
Recommendations. The survey results suggest that institutions should:
Adopt a more systematic approach to measuring the effectiveness and return on compliance activities. The areas of measurement could include the strength of the firm?s compliance culture, the effectiveness and efficiency of compliance programs, and the level of compliance risk the organization faces.
Create a multi-faceted approach to building a culture of compliance. In addition to ethics training, this should include an enterprisewide code of conduct, an ethics hotline, and compliance measures, such as a score derived from an ethics checklist, that are explicitly included in employee performance reviews.
Scrutinize and expand the channels of compliance communications. Compliance executives should ask themselves whether they are communicating with employees in the best way. A survey of employees could reveal how well they understand compliance guidelines, and which messages are getting through.
Devote resources to identify emerging areas of regulatory risk. This could include forming a committee that periodically reviews regulatory risks and holds meetings with regulators to learn about their areas of concern. Once the institution has identified areas with increased regulatory risk, it should assess the implications for the business and take steps to mitigate the risk, which will require top management support.
The last five years have brought new compliance worries to an industry already mired in regulation. The survey findings suggest that while institutions have made clear progress in some areas, they must do more work to maximize the benefits of a strong compliance culture.
|
|
|
|
