Chapter 1
An Overview of Compliance in Financial Services

“Money plays the largest part in determining the course of history.”

—Karl Marx

It is a chicken-and-egg story: “Regulation influences banks' behavior by shaping the competitive environment and setting the parameters within which banks are able to pursue their economic objectives.”1 Interestingly, however, banking crises have been the trigger for many, nay most of the regulations, more so in recent times. So it is difficult to say whether it is the regulations that are shaping the behavior of banks or banks breaching the expected fair business practices that is shaping the structure and content of regulations. Or it is the interplay of both that has created the complex structure and behavior of the banking industry and by extension the financial services and its regulations?

It is not an exaggeration to say financial services is perhaps the most regulated industry in recent years. There are more regulations, more expectation of compliance, and more supervision to ensure compliance. There is unprecedented scrutiny of the industry at national, regional, and global levels. This scrutiny and the host of far-reaching regulations together are of topical interest not only for the stakeholders but also to policy makers, politicians, and media, thus putting the spotlight on adherence or lack thereof to the set expectations.

“Financial services” is a broad umbrella term that covers different subsectors like banking, insurance, securities, investment management, and so on. The division into subsectors is more of academic interest, given the changing contour of financial services industry like:

• The emergence of financial conglomerates that are growing both in size and numbers
• Bank, insurance, and market intermediary linkages that are becoming commonplace
• Abolition of barriers/restrictions on investment/commercial banking combinations2

Unified or stand-alone, these sectors combine to form the economic vehicle of a country, a group of countries, or the entire globe to facilitate movement of capital and currency across. They help channel money from lenders to borrowers and vice versa through financial intermediation. It is no exaggeration, therefore, to say that they are responsible for the financial well-being of not just individuals and firms but also countries.

Given the criticality of the industry, it is understandable that the environment it operates in and its various stakeholders have expectations in terms of dos and don'ts from the industry. These dos and don'ts are spelled out in the form of laws, regulations, standards, and codes of conduct. Financial services organizations are expected to comply with these requirements in such a way that there is order in the system and all stakeholders are protected, including the financial services organizations themselves.

Regulatory change is the only constant across industries. The rate of change is what differentiates financial service regulations of recent times. The debate on regulation versus deregulation, market maturity versus too big to fail, less regulation versus excess regulation, and regulatory gap versus regulatory overlap continues to rage.

Be that as it may, it has resulted in a tidal wave of regulations, which some of my banker friends call a tsunami of regulations. Add to this the increasing stakeholder demands for scrutiny, and one would understand the colossal challenges that the industry faces in managing its environment. This also explains why compliance activities have moved from being transaction-focused to becoming integral elements of business management. In spite of the multiplicity of regulations, the paradox of their coverage is that there are pockets of over-coverage like those for deposit-taking institutions and for traditional products, typically for the “on–balance sheet items.” In contrast, there are less regulations of firms that pass under the radar while dealing in huge volumes of money, value, and instruments. An example of this category are the hedge funds that deal in innovative off–balance sheet products or derivatives. This leads to a regulatory imbalance that affects both ends.

The purpose of regulation is essentially sixfold, and here I use the term “regulation” broadly to encompass laws, statutes, regulations, standards, and codes of conduct. They are:

• To ensure fair market conduct and protect the various stakeholders, particularly consumers and the markets
• To reduce, if not completely take away, information asymmetry between the financial services and the customers who buy products or services from these organizations
• To protect financial services from unwittingly becoming conduits for financial crimes such as channeling money for antisocial activities like money laundering and terrorist financing
• To reduce the probability and /or impact of failure of individual financial services firms, especially the “too big to fail” category firms, which could trigger a contagion effect
• To ensure the safety and stability of the financial system
• To create a level playing field that reduces monopolistic, anticompetitive situations that would result in less choice and higher price points for customers

All these seem like noble objectives. If that is so, where is the challenge in adopting these measures is a question that requires exploring. As businesses have become more complex, so have the regulations and the resulting obligations. Interestingly, compliance or noncompliance is the outcome of an organization's meeting or not meeting those obligations. The maze gets multiplied with the multiplicity of regulators. Should a country have a single regulatory body for all the components of financial services like the United Kingdom (until March 31, 2013, when it was split into two regulatory bodies with distinct areas of operation, one focused on Prudential regulations and the other on Conduct), Japan, and Indonesia (Indonesia adopted this model in 2011)? Or should there be multiple regulators, with the USA being the lead example? Both have their pros and cons.

The focus should be on how regulation is conducted and not so much on who regulates or how many regulators. There is a constant debate as to whether more regulations or a more effective mechanism for implementing the existing regulations could solve the problem. This is a difficult question and merits a closer look, something we will attempt in a subsequent chapter. The relevance of this question is that more the regulators potentially more the regulations that require more effort at planning and executing compliance.

A disturbing trend over the past few decades is that the system has gotten into a vicious cycle of financial services organizations breaching the rules and regulations both overtly and covertly with serious and negative impact not just to themselves but also the system in which they operate. Like Newton said, “Every action has an equal and opposite reaction.” These breaches and their resultant impact have typically been met with two obvious responses:

1. More and more regulations (the newer regulations are getting broader and deeper)
2. More supervision (both off-site and on-site) by the lawmakers and regulators

As a natural outcome of the two responses, compliance over the last decade has become, or more appropriately been made to become, a fundamental component of financial services by taking on a more formal shape and structure. The challenge that this evolving structure is grappling with is to “comply” with an ever-expanding plethora of regulations. That leads us to two interesting questions: What is compliance? Where does it start and stop? There is apparently a simple answer to the first and a not-so-clear one for the second. Two definitions or descriptions of compliance provide a good starting point for the conversation. It is important to understand that present-day compliance, particularly in the regulatory context, has two aspects:

1. The actual adherence to standards and regulations
2. Demonstrated adherence to standards and regulations

The first is an understood and accepted high-level expectation from the compliance function. It is the second that is worth a closer look. The compliance universe will be increasingly tasked with the responsibility of “demonstrating compliance.” Demonstration at a fundamental level makes two demands on the system. The first is the expectation of transparency and free flow of information. The second is the tracking and recording of proof of compliance. It is these aspects that will increasingly challenge organizations on multiple fronts. Starting from information and people silos, to lack of proof points, to deficient communication, and to actual noncompliance, there are many systemic issues that need addressing.

The emphasis is both on increased transparency as well as on greater enforcement. We will revisit this aspect under the section on real-life issues of compliance. The relevance of this definition is to illustrate the point that the understanding of and expectation from “compliance” is expanding manifold. The Australian standards discussed next add additional depth to the conversation.

Australian Standard AS 3806—.2006 describes compliance as “adhering to the requirements of law, industry and organizational standards and codes, principles of good...