The regulation of financial services operation is expanding and getting stricter. Consumer protection is growing, the complexity of business processes is increasing and the dynamic environment puts higher demands on performance of compliance function.
Although some companies are required by law to implement and operate a compliance function, it is due to the above stated reasons that they are starting to view compliance as an integral part of their operation which adds the value. This is because compliance not only systematically protects a company’s value through addressing potential risks, but also facilitates its continuous growth and cost savings.
The role of compliance
The main purpose of a company’s compliance function is to ensure that all of the company’s activities adhere to applicable legislation, regulatory requirements and internal guidelines, agreements, plans, etc. The function provides the administrative, managing and supervisory bodies with advice and assurance regarding compliance with the rules. Compliance also includes assessing the impact of any legislative changes on the company’s operations and determining and assessing the risk of not complying with relevant the regulations. Proper management of compliance risks, which consists of systematically ensuring, monitoring and reviewing the compliance of company activities with applicable legislation, helps avoiding situations that could result in reputational damage, legal or regulatory penalties, fines or other losses.
The key compliance objectives are to:
- Help an organization to accomplish its objectives through systematic compliance risks management;
- Safeguard and develop company value—effectively address the requirements placed on the company by regulatory bodies and legislation; and
- Reduce the administrative burden associated with business and operational activities in compliance area —prevent duplication of controls, increase the use of information and communications technology tools, etc.
- The main compliance activities include:
- Monitoring the compliance of company activities with applicable legislation, internal policies etc.;
- Overseeing adherence to ethical principles;
- Designing and updating a central database of internal guidelines; and
- Coordinating control activities and closely cooperating with the company’s other assurance and monitoring functions (particularly the internal audit, risk management and legal departments).
Various approaches in the financial sector
Large banks have sizable compliance teams that primarily focus on ensuring the adherence of activities and internal guidelines to legislation, i.e. monitoring and control activities, as well as on issues relating to the code of conduct, internal and external fraud, etc. These types of firms also use special ICT tools (e.g. a regulator monitoring tool, a compliance incident database, a system for reporting internal fraud) and view the compliance function from the perspective of best practice leadership. In other financial institutions, on the other hand, the compliance activities are performed by a handful of individuals whose options of covering the entire range of the company’s activities are limited. Their management tends to regard the compliance function as a necessity rather than a helpful tool in achieving their goals.
The added value of compliance
The effective design and operation of the compliance function can be crucial not only in helping the company forecast, eliminate and manage risks, but also in enabling efficiencies and cost savings.
Some food for thought:
- Does the company’s approach to compliance function management correspond to its objectives, strategy and risk appetite?
- Is it aligned with the risk management system?
- Is the approach to this function adequate to the company size, complexity and industry regulation?
- Does the firm run the function effectively? Does it identify potential business impacts and opportunities properly? Is its reaction adequate?
- Does it communicate changes in the legislation etc. effectively?
- Does the function have adequate position and resources within the company?
- Is the centralized or decentralized model more appropriate?
Benefits of an effective compliance function
Efficiencies/cost savings:
- Reduction in the unnecessary administrative burden placed on business and operational functions;
- Elimination of duplications in identifying relevant legislation, interpreting and determining its business impacts;
- Avoidance of duplications in monitoring and control activities;
- Increased efficiency of the system for managing internal guidelines;
- Identification of priority areas for implementation using a cost-benefit analysis; and
- Reduction in training costs.
Business and operational opportunities/risks
- Improvement in monitoring mechanisms allowing early detection of discrepancies and the monitoring of corrective actions;
- Timely identification of business and operational opportunities and threats, including their impact on the company’s strategy, arising from existing or upcoming legislation prevention of financial losses resulting from transactions carried out in conflict with applicable legislation;
- Improved operational risk management reduced risk of financial penalties (fines) being imposed by regulatory bodies
Management reporting and communication:
- Keeping the company’s management better informed;
- Consistent approach to compliance across the organization;
- Keeping track of all compliance activities;
- Increased employees’ awareness of their obligations arising from legislative and regulatory requirements;
- Centralized record-keeping of “compliance violations”;
- Ability to demonstrate a functioning compliance system to regulators; and
- Demonstration of a proactive approach to social responsibility.
Reputational risk
- Reduced risk of losses incurred due to reputational damage
- Improved reputation and projection of the image of a company with a transparent compliance function to the company’s stakeholders (shareholders, employees, professional public, state institutions, regulators, etc.).
Criminal liability
- Protection of statutory body members and top management against potential governance-related omissions;
- Protection of the company against activities resulting in corporate criminal liability (involving the risk of possible penalties);
More often organizations are beginning to see a functioning compliance management system, not only as the necessary fulfillment of legal requirements, but also as an effective management tool they can use to achieve their objectives. Viewed from the right perspective, properly design and approached compliance can be regarded as making business processes more efficient and helping increase company value. Labeling compliance as “a necessary evil” is, therefore, inappropriate. Companies with non-existent or poorly designed compliance programs may face adverse legal and business consequences in the form of legal sanctions, inefficiencies, increased operating costs, criminal prosecution or lost business opportunities. In addition, a failed compliance program can threaten a company’s credibility, negatively affecting its business activities or its very existence. With increasing legislation and complexity isn’t it right time to review your compliance function?
The article is written by Marek Čáp and Martina Höferováof KPMG Czech Republic.
R.G. Manabat & Co., a Philippine partnership and a member firm of the KPMG network of independent firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
For more information on KPMG in the Philippines, you may visit www.kpmg.com.ph.