Malin Nilsson, Director at Duff & Phelps in the Channel Islands wrote this article for the Jersey Evening Post’s Jersey Finance Review 2015.
In recent years the Jersey financial services industry has faced what the CEO of Jersey Finance, Geoff Cook, has rightly described as a ‘tsunami of regulation’.
In the U.S., policy analysis firm Federal Financial Analytics estimates that regulations responding to the financial crisis have cost the six largest US banks alone $70.2 billion. In June this year, the Confederation of British Industry (CBI) found reducing regulatory costs was UK banks’ top policy priority for their country’s new government.
Numbers in compliance departments have soared, doubling at HSBC and up by a third at Citigroup from 2011 for example. Competition for skills has, likewise, pushed up staffing costs – as specialist recruitment consultant Morgan McKinley found in its 2014 Salary Guide for compliance functions in the UK: ‘As a result of the huge demands, average salaries have increased by around 20-30% as most institutions are willing to pay premium salaries for strong technical professionals.’ In a smaller jurisdiction such as Jersey, a limited supply of skilled compliance staff also makes recruiting high caliber compliance staff more difficult.
This spending is easily justified by the potential consequences of compliance failures. However, if financial services businesses in Jersey and beyond want to see real change and genuinely effective procedures, compliance must evolve from being considered a cost center to a value generator. Firms have to buy in to a positive case for compliance. In Jersey, the recent statement from the Jersey Financial Services Commission regarding Equity Trust (Jersey) Limited highlights that working with the JFSC in a candid, accountable and collaborative way can result in positive change in a firm’s relationship with the regulator.
There is, of course, no shortage of ammunition with which to threaten firms and make the negative case for compliance.
Most obviously, the cost of compliance is still dwarfed by potential fines and penalties for regulatory failures. Multi-billion dollar settlements for major breaches reflect a broader trend of rising penalties According to findings in the Global Enforcement Review 2015 published by Duff & Phelps’ Kinetic Partners division, the average value of fines issued by the Financial Conduct Authority (FCA) was up
more than 18-fold on five years ago.
This increased use of fines may have further resonance in Jersey given the introduction of new powers for JFSC to impose financial penalties on regulated firms, which can now be imposed for breaches of the Codes of Practice, including the Anti-Money Laundering (AML) Handbook, where previously sanctions were more restricted.
There is also an increasing tendency of regulators to focus on individuals, both through criminal sanctions and civil fines. In 2014, 59% of enforcements by the US Securities and Exchange Commission (SEC) were against individuals, while next March will see the new Senior Managers Regime come into force in the UK, increasing firm executives’ accountability. Jersey also plans to follow this trend with the implementation of a financial civil penalties regime in 2017.
Aside from fines, there are certain consequences of compliance breaches that are harder to measure. Firms with regulatory failings tend to find staff retention difficult and replacing lost staff costs firms in terms of both recruitment expenditures and business disruption. The effectiveness of risk controls can also impact firms’ capital requirements. Moreover, reputational costs, though notoriously difficult to measure, cannot be discounted.
While firms are still coming to grips with FATCA, UK FATCA and AIFMD, the stream of new regulation shows little sign of abating. For example, the fourth AML Directive took effect in the EU in June. Meanwhile, in Jersey specifically, the European Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism undertook its first assessment since 2009 of the systems for detecting suspect behavior at the Island’s banks, trusts and crime units. The findings are likely to inform regulation in years to come.
However, all of these incentives to invest in compliance are not enough. First, despite the investments in compliance, regulators remain unsatisfied, and continue to call for cultural change from firms. Firms must move beyond mere compliance.
Further, if firms focus purely on avoiding sanctions and the adverse consequences of regulatory breaches, compliance will only ever be reactive. Opportunities to realize benefits from a proactive, strategic approach will be missed. These benefits are as wide ranging as the risks firms face. Savings from eliminating duplicated efforts and over-spend on compliance are among such benefits, as well as operational efficiencies arising from the implementation of seamless administration systems. They also bring potential for better client servicing.
Embedding compliance tasks into front-line procedures can reduce delays in on-boarding new clients, for example, by ensuring the correct questions are asked and information collected at the outset. Reducing the time spent on remediation as a result of oversights also frees staff to concentrate on growth.
Moreover, by integrating controls into the business so that compliance becomes second nature to staff, businesses can more accurately monitor and manage their risks. This potentially frees them to take on new business – with the necessary controls – they would otherwise avoid: businesses can practice risk management rather than risk avoidance, and the compliance function can move from being the ‘business prevention unit’ to the business enabler.
Finally, give equity buyouts in Jersey, it is worth considering that an examination of a firm’s compliance framework will be an important part of any serious buyer’s due diligence process. For those considering a sale in the future, an effective compliance regime will be central to achieving a good price.
A long road
Delivering such a transformation nevertheless requires commitment, with requirements for significant changes to both client-facing teams and the compliance and control functions.
The former must learn to see compliance as more than mere box ticking, but rather an integral part of the business process. Staff must take ownership of risks and learn to be naturally curious, developing a sense of the issues that need to be escalated for checking with compliance. For the purposes of AML and counter-terrorist financing measures it means cultivating an awareness of the high-risk jurisdictions, sectors and businesses.
The compliance team, on the other hand, must drive through procedures that are effective, but also practical and commercially aware. Without that awareness, they will never gain the vital support of senior management.
Finally, managers need both quantitative and qualitative management information to be able to benchmark and track performance. Compliance staff attrition levels, regulatory visit findings, compliance breaches and self-identified issues need to be monitored alongside overall compliance costs. These should also be set in the context of profitability measures, as far as is possible: reduced capital requirements, reduced recruitment and staff retention costs and losses avoided, for example.
Only by setting out the benefits as well as the costs of compliance, can firms begin to put in place incentives for a cultural transformation – one that regulators demand and that the industry should be seeking for its own sake.