"“In times gone by, compliance was seen as a backwater.
Now the job of ensuring financial institutions play by the rules is rapidly growing in importance, driven by the tsunami of regulatory initiatives and substantial fines that followed the financial crisis of 2007-09.”
This is true even on an anecdotal level, but, increasingly, research and data back up the statements regarding the growth, and subsequent importance, of compliance as a profession. In days gone by, compliance was a ‘job’, to be done as an intermediary option before moving into a more rewarding, and longer serving, career.
This view is changing and doing so rapidly. Not only are people more likely to join compliance as a professional career move, with firms helping this progress through the establishment of ‘Compliance Academies’ and career planning for staff. Compliance practitioners are also more likely to be well remunerated and to enjoy their job, things that, even a decade ago, would perhaps not have been viewed the same way.
A new report from BarkerGilmore, nicely summarised by Global Legal Post, investigates some of the questions around both satisfaction and remuneration of compliance professionals. In general, remuneration has continued to increase over recent years. Of course, the risk(s) involved in areas of regulatory work have also increased, along with the pressure to perform. This ties in to the adage regarding higher risk, higher reward.
However, it isn’t just that pay has gone up. Levels of satisfaction appear to be on the rise too. Of course, not every sector is the same, and it’s clear some of shine has rubbed off sectors such as financial services. This is noticeable across the industry in numerous countries, and not just in compliance.
As compliance, not only as a function but as a professional are of work, becomes better recognised, so too do compliance practitioners get a higher level of independence, accountability, and reward for doing a job well done. The industry still needs to move away from considering a compliance job well done to mean ‘we didn’t get fined’, but the strides are at least moving in the right direction.
There are still issues, of course. These are not confined to compliance, but the gaps between male/female pay are still unacceptably large.
"In terms of gender, on average female compliance professionals earn 72 per cent of their male counterpart’s earnings. The gap is largest at the chief compliance officer level, where females earn only 65 per cent of the total compensation that their male counterparts earn."
This will, and indeed must, change as time progresses. There is no reason pay should be different for people doing the same job, and there are plenty of excellent female compliance practitioners.
Reports like this offer good, positive news for the compliance professional, and the practitioners who fill it. Hopefully in years to come this trend will continue, as the industry grows, and companies continue to see the business benefit of a strong, accountable, independent, compliance function.
Predicting the future is a notoriously difficult exercise. For this, and other reasons, regulators in general have always tried to avoid doing so, aiming to avoid both missed opportunities and, in hindsight, glaringly obvious deficiencies.
Ignoring this and keeping with a pattern of very different, somewhat unusual, but always enlightening speeches, Monetary Authority of Singapore MD Ravi Menon decided to step all the way into 2028 for his latest delivery.
Containing some interesting hypotheticals, some (possibly uncomfortable) truths, and what seems to be a very cloudy crystal ball, his speech at the Symposium on Asian Banking and Finance is worth a read in full.
So, what did he say?
Some of the topics covered in the section on the Global Financial Crisis (GFC) are not so much peering into the future as using already established doctrine. This doesn’t make them any less valid, but the three time periods highlighted by D Menon are strikingly like those outlined in the General Model of Regulatory Development, first outlined in a book focused on compliance in Singapore from 2015.
‘The Compliance Revolution’, by Professor David Jackman, gave us a remarkably useful model with hot to analyse and view not only regulatory development, but also compliance development.
The story told by MD Menon starts at the end of the GFC, in what Jackman refers to as the ‘Crisis’ phase. The tart of the era of hyperregulation, greater coverage of ‘too big to fail’ banks, increased regulatory and compliance resource, and a significant upsurge in volume and frequency of fines, are all evident in this phase, and continue into ‘Expansion’.
MD Menon outlines an era of ‘Regulatory Evaluation and Adjustment’, something Jackman most closely equates to ‘Sustainability’. This is, of course, a more ideal situation for both regulators and the regulatory community.
Certain highlights here stand out, for example the passing, almost fleeting, nod to Trade Finance. This is something that has been referenced repeatedly in recent years, by industry bodies, the industry, and regulators, but without ever having been linked to a real, solid solution.
In the MD Menon hypothesis, we are between 2017-2020, and trade finance has a so far ’sub-optimal social outcome’. Whilst this is undoubtedly true, what is the proposed regulatory solution? Here we have, apparently, a look back from 10 years in the future, but no reference to how this issue gets anywhere close to improving, which feels like a missed opportunity.
The final section, an ‘Era of Enhanced Regulatory Supervision’, mirrors very closely the Jackman ‘Outcomes-Led’ end goal. A more efficient, cost-based approach to regulation, with a strong focus on the beneficial outcomes of regulation and compliance, which is a real shift away from the current input driven model.
I think MD Menon should be applauded for explicitly referencing this idea. There is a strong focus here on Conduct Risk & Culture, although this would seem to be far too late (from 2021) to be getting around to this job. MAS themselves have released a paper on Individual Accountability this year, following on from the UK SMCR, HK MIC and BEAR in Australia.
One line that was of concern is:
Supervisors began to use data analytics, sentiment assessments, and the tools of behavioural psychology to gain insights on the culture and conduct in financial institutions. These insights served as inputs to supervisory assessments of the risk culture in financial institutions and, where necessary, pre-emptive interventions.
A ‘pre-emptive’ intervention certainly sounds a lot like Minority Report.
Of course, no good regulatory speech would be complete these days without some focus on technology, but, once again, some of the coverage feels dated. And this speech is not due to take place for another decade.
The hypothetical ‘Global Cyber Crisis’ of 2023 certainly sounds terrible, with US $45 billion stolen from 500 banks. However even a cursory scan of news tells us this is already happening and hasn’t just started.
Crypto Exchanges have been hacked to the tune of billions (or ‘lost’ currency), as have central banks. The Bangladesh Bank Heist took place in 2016, for an attempted USD $1 billion. USD $45 billion is a lot of money, no doubt. It is also lower than the amount of fines paid by the top 20 banks in 2016, which according to the Conduct Costs Projects, was over USD $63 billion.
MD Menon then goes on to say:
It was ironic that in an industry where there were detailed internationally accepted standards for capital, liquidity, and a range of prudential norms, there were no standards for cyber risk management.
Much like an Alanis Morrissette song, this isn’t ironic. If this did eventuate, there would be no irony to share around, but an awful lot of blame. Cyber breaches of vast scale have been happening for several years, so it is incumbent on regulators, including MAS to come up with suitable guidelines and standards.
To their credit MAS have announce they are planning to review cyber standards for banks. The industry absolutely should, and must, do a lot more. Most major financial institutions still have, at best, a very rudimentary view of cyber risk and security.
To finish we must go back to the start. Crystal ball gazing is fraught with peril. A lot of the themes addressed appear, on the surface, to be radical predictions for the next decade. In most cases, they are not.
This doesn’t detract from their value, not to mention the good sense from MAS, and MD Menon, to highlight these for the industry to consider. The progressive timeline of regulatory developments (The General Model) has been discussed for some time – Complilearn have used this as a core element of learning materials for over three years.
Likewise, the rising elements and issues around Fintech and Cyber Risk haven’t just come to light. The North Korean hacking group known as Lazarus have been operating as far back as 2009. And as for Conduct Risk, the FCA and ASIC have outlined their ideas going back a few years.
In summary, this is a very entertaining speech, and a very interesting, not to mention useful, set of ideas to think about. But, if you work in regulation or compliance, and this speech was the first time you thought about or came across these concepts, then the next ten years might be even tougher for you than even MD Menon imagines.