How to build a compliance culture in Financial Services Organisations?

    As regulated businesses, firms offering financial services have always needed compliance and anti-financial crime teams to ensure compliance with applicable laws and regulations.

    Nevertheless, in the past there was often a separation between these teams and the operational and front office teams. The latter were there to drive the business forwards, facilitate the use of financial products, and grow the customer-base. Compliance, on the other hand, might have been seen as a tick box exercise– a barrier, even. Financial Crime professionals were there to keep customers’ money safe and keep the regulator happy by meeting minimum regulatory requirements, rather than striving to go beyond these requirements and promote an ethical compliance behaviour and efficient governance within the business environment.

    In commercially driven organisations this siloed approach to compliance was more evident. Such companies usually had an increased focus on revenue-generating activities. The internal perspective was that “Compliance just doesn’t understand the real world”. In such environment, the compliance awareness attempts usually faced tensions and challenges being perceived as hindering the ability of other teams to meet their goals.

    But over the past few years, we’ve seen this start to change. The UK regulators, including the Financial Conduct Authority and the Prudential Regulation Authority, have been instrumental in pushing regulated businesses to foster a pivotal culture among their employees that encourages compliance, individual accountability and conduct risk, along with governance.

    Financial services organisations have realised that in an ever-changing regulatory environment, with new challenges presenting almost weekly, it is more important than ever to establish and maintain a culture of compliance. This means creating a company culture where compliance with laws and regulations is not only a top priority but also an integral part of how the organisation conducts its business.

    Compliance needs to be integrated in every area of the organisation- from the creation of products, through to delivery, and growth. This requires a coordinated approach that includes a comprehensive set of robust monitoring programs, policies and procedures, training and awareness, audit, monitoring and testing, and a commitment to continuous improvement.

    Theoretically it may seem achievable, but how do you begin this journey towards a strong culture of compliance?

    Culture in an organisation always begins at the very top level, so the senior leaders should have compliance firmly at the top of their agenda as a key strategic objective. If the senior management demonstrates a commitment to compliance and integrate it into all decision-making processes, this commitment will filter through every area of the business. Senior management must allocate sufficient resources and up to date professional support to their compliance function.

    From onboarding new employees and training, to technology, performance metrics and internal policies, compliance should be integrated throughout. In this way, employees understand the importance of compliance, and can be held accountable if they don’t work to the required standards.

    Having well-developed policies and procedures in place is essential for promoting compliance within an organisation. These policies are material evidence to the business’s clients, as well as its regulators, that the organisation takes compliance seriously. Policies and procedures should be regularly reviewed, updated and enforced consistently, with appropriate consequences for non-compliance. It’s important that these materials and senior management expectations are communicated effectively to all employees, as well as used for the basis of compliance awareness training across the organisation to ensure that employees understand their roles and responsibilities.

    Having an experienced regulatory compliance team in place who are well-versed in developing these types of procedures, is invaluable. Good compliance officers will act as a regulatory liaison, ensuring that they are constantly informed of any changes and that the organisation is in compliance with all regulatory requirements.

    Without implementing a comprehensive training and education program, it will be very difficult to build a culture of compliance. Regular training on internal policies and procedures, compliance issues, including new regulations, changes to existing regulations, and best practices for complying with regulations, should be put in place in the same way as training on delivery. Trainings should help employees understand how compliance requirements apply to their day-to-day work and how to report compliance concerns.

    If training is tailored to specific teams and roles, it’s more likely to make an impact. Effective compliance training should be delivered in a way that is engaging and interactive, encouraging employees to actively participate in the learning process. This may involve using case studies, best practices, red flags, or other techniques to help employees apply their knowledge in real-world scenarios and identify misconduct or gaps in their understanding.

    Having the policies in place is great. Having the right training available is key. But how do you really ensure these things result in a positive culture of compliance?

    You need internal controls to ensure all the things you’re putting in place, are happening.

    Examples of internal controls include segregation of duties, authorisation and approval processes, reconciliation of accounts, and monitoring of the organisation's activities or transactions.

    Implementing access controls based on the "need-to-know" security principle is another critical component of promoting a healthy compliance culture within an organisation.

    It’s also important to regularly review compliance metrics, such as the number of compliance incidents, the number of employees who have received compliance training, the effectiveness of internal controls, and regulatory compliance. By monitoring compliance metrics over time, an organisation can track progress and ensure that its compliance program remains effective and relevant in the face of evolving regulatory requirements. This data can contribute to inform strategic decisions taken by senior management about compliance priorities, resource allocation, and program enhancements.

    An organisation IS its people, and to create a culture of compliance, those people need to feel included and involved in it. You could hold monthly compliance round-table events with different teams, to get their take on compliance at a granular level – and ask them to suggest areas or ideas for improvement.

    Another way to encourage collaboration in compliance is to establish cross-functional compliance teams by engaging other employees from different areas of the organisation, such as legal, sales, marketing, and operations, to work together on compliance initiatives.

    You should also ensure employees feel comfortable and safe to raise awareness if they feel something is wrong, or to report issues. Nothing is more counter-productive to a culture of compliance, than employees being made to feel uncomfortable for speaking up. To foster a culture in compliance, businesses must implement clear and transparent reporting channels for compliance concerns (including mechanisms for anonymous reporting where appropriate) and systems to protect employees from retaliation.

    If you really want a culture of compliance, then employees who demonstrate a commitment to compliance should be rewarded. It’s important to ensure that rewards and recognition are not only based on avoiding regulatory fines or sanctions, but promote ethical behaviour and a commitment to compliance excellence.

    Employees can be incentivised to commit to compliance by ingratiating this into their targets, KPIs and performance evaluations. Linking compliance to metrics for performance bonuses or salary increases will have a big impact, and sends a clear message that compliance is valued and that employees who comply with regulations and policies are an important part of the organisation's success.

     

    The challenges for financial services businesses are many; and there is a lot to do to counter-act financial crime, keep on top of regulatory requirements, and keep customer’s funds secure. But it’s also an exciting time, where businesses can thrive and grow, offering new products and securing new customers.

    Building a culture of compliance is key to achieving the growth, whilst also overcoming the challenges; and by taking the right steps, with the right talent in place, organisations can create a culture where compliance is not only a top priority but also an integral part of the business.

     

    Liliana Balan

    Liliana has held a number of senior compliance roles in banking and financial services sectors. She has a strong background in building and transforming enterprise risk, compliance and financial crime control framework, ESG, audits and corporate governance. She is also highly experienced in managing regulatory licensing applications in the UK and Europe for fintech businesses and ensuring they are functioning in complete compliance with complex AML and regulatory frameworks and card schemes requirements. Liliana has a pretty unique skills set covering regulatory compliance, cybersecurity, corporate & team building and management, data analysis, finance and marketing intelligence, holding ICA, Financial Crime Academy, ICTTF&ICA, SSC and NIST professional qualifications. As a true leader in her field, Liliana is a professional member of International Compliance Association and Association of Professional Compliance Consultants and in 2022 she was nominated by WGRC for the Chief Compliance Officer of the Year.