INTRODUCTION
In the latest in a series of Whitepapers from ComplySci, we demonstrate the significance of a effective organisational culture and focus on how risk and compliance procedures are integral to the strength and resilience of any firm.
We consider how organisational cultures are created, changed, and measured, and how technology is helping firms maintain a strong culture of compliance.
CULTURE IN THE FINANCIAL SERVICES
Over the last 50 years, the financial services industry has undergone a huge transformation. Once known as a stable, highly controlled, and risk-averse sector, the industry changed amidst the 2008 financial crisis, with risks being allowed to escalate and light-touch compliance activities being deployed. We all know what happened next.
In the “restorative” years that followed, players slimmed their operations and became increasingly focused on controls management and disseminating measures deployed by the Regulatory and Supervisory Authorities.
At the same time, the market was changing. Customer, client, and employee expectations were shifting, while legacy players did little to change perception or recover trust.
Newcomers such as challenger banks and fintech start-ups emerged into the market and started to offer value-led propositions with huge benefits for disillusioned users. Their elders merely watched from the wings, and beset by regulatory and historical burdens, simply couldn’t move fast enough to effect important aspects of change.
Many companies missed opportunities to embed new cultural metrics across their disparate teams. In an environment where cost-cutting was the norm, many organisations ignored their creaking systems’ architecture, with departments “just about managing” with patched software and reliance on generic applications.
In addition, many players also cut internal communications budgets, so team spirit and knowledge of what other departments were doing evaporated.
Siloed teams became the norm, with duplication rampant and uncontrolled levels of competition across business functions. This well-documented issue was seen in Deutsche Bank but evidenced across the industry in almost every sector.
On reflection, the most astounding result of this lack of cultural dividend was that few people working in diversified companies knew what was right or wrong. The regulator was all-influential and reporting against their measures was the primary concern, with many cultural indicators being missed.
The five years immediately following the 2008 crisis saw a time of introspection and bunkering down, focusing on “sticking plaster” efficiencies and regulatory control.
Many institutions started to heavily invest in cultural change. They began to review their infrastructure in the light of external demand. The constant balance of regulatory change, liquidity stress testing, supervision, and reporting is now a key part of business performance, as well as an important facet of internal compliance culture.
Knowing how the compliance culture in your organisation leads to—or prevents— innovation is critical. To understand this, it’s useful to consider how firms have created their own internal culture, and to see where these focused internal values emerged into their external service offering. We’ve looked closely at several growing financial services firms to see how a compliance culture was built from the ground up.
IT ALL BEGINS WITH ONBOARDING
Starting a new company means that legacy systems, people, and previous faux pas don’t exist, so the employment of talent with the right attitude to help develop cultural norms is the first task.
At this point, the headline cultures will have already been decided by the founding partners, funders, or investors. However, one firm we highlight wanted their potential new leadership team to put the “meat on the bone.” That included how the overarching cultural norms would influence everything they did in the future.
By the end of three months of recruitment, the firm’s leadership team was formed from six industry sectors, with only two having come from an FS/Regulatory background.
- Sales – FMCG.
- Controls – Food retail.
- HR & Facilities – Financial services.
- Marketing – Fashion.
- Technology – IP comms.
- Product Management – Insurance.
These onboarded individuals brought a huge breadth of experience and a pursuit of a culture that placed innovation and controls at its heart.
BUILDING THE BACKBONE OF THE OPERATION
By prioritising principles of empirical evidence, local reporting, and safety into a Financial Services environment, another growing firm fostered the backbone of the entire operation. Here’s what they did:
- Build technology to support automated checking, reporting, attestation and gap analysis.
- Build systems to alert outliers and noncompliance.
- Make systems and humans work in tandem, as the ability to make decisions quickly within a mandated/controlled environment is crucial.
- Create a culture where errors are recognised, reported and mitigated within a ‘no-blame’ environment.
- Support openness by creating communication channels, reinforced by a highly efficient Whistleblowing policy.
- Align compliance to corporate aims including innovation, compliant sales, eco-credentials, governance and efficiency.
- Insist on personal development by celebrating learning and attestation success.
- Flex risk appetite based upon market conditions, company performance and regulatory activities, all supported by empirical evidence.
- Place both leading-edge and lagging compliance metrics in performance reviews and reward structures at all levels and across all teams in the organisation.
TRACK, TEST AND REPORT
We’ve all taken the easy route at some point in our careers, haven’t we? Even in some of the most professional compliance teams, the ability to tick a box without understanding the wider implications is still a major risk.
One firm achieved success when a combination of machine learning and attestation was deployed in every decision tree. An audit trail of decisions was readily available to supervisors, providing outlier reports, areas of concern, and the ability to effect immediate retraining for users operating outside of the corporate risk framework.
And once again, the installation of a RegTech software solution provided the quantitative approach. Supervisors were trained to carefully analyse reports for compliance activities.
Ensuring that a box-ticking culture was avoided was crucial. We’ve all heard the old railway mantra of “Safety is everyone’s problem.” In this case, “Compliance is everyone’s concern” was at the heart of internal messaging.
This cultural focus ensured that those employees on the front line, the web developers designing a customer UX, or the marketing professionals talking about the organisation, were all aligned. Safe – Convenient – Efficient was born.
FLEXING A COMPLIANCE CULTURE AT A TIME OF UNPRECEDENTED GROWTH, OR DURING AN UNEXPECTED CRISIS
Many companies ebb and flow with market demand, customer loyalty, and wider industry trends, but in fallow times, the strength of an organisation is constantly tested. In years of working within financial services, we’ve seen corners cut during challenging times, but as we’ve investigated, regulators are unlikely to reflect positively on any company not undertaking regulatory compliance activities during a transformation.
In times of growth or increased demand, it’s easy to see how compliance procedures can be sidelined to allow the organisation to exponentially grow. Good systems and software architecture can help with this, but an embedded culture of compliance ensures that these activities are always top of mind.
It’s also during testing times that the leadership comes into sharp focus.
This level of “compliance in a crisis” has been pivotal in both internal and external communications during COVID-19, resulting in several new market entrants reporting Net Promoter Score increases.
HOW A COMPLIANCE CULTURE WORKS WITH REGULATORY EXPECTATIONS
The FCA believes that the culture of compliance can vary from company to company. From a regulatory perspective, fairness, transparency, and diversity are core principles for financial services firms of all sizes.
In the case of the firms we analysed, the fair treatment of all stakeholders became the heart of their propositioning, with any conflicts of interest, remuneration, reward, or recognition tackled and addressed openly by leadership.
They also addressed transparency. By establishing regular communication channels with employees, regulators, and their investment partners, they were always front-foot and once again, completely open and honest, even where there were challenges.
Under SM&CR, several organisations also looked at regulatory best practices and expanded them. This not only helped ensure a broad demographic range throughout the organisation, but also involved their end-users in developing new products and services through active feedback loops.
This culture of placing compliance and transparency at the heart of the organisation also led to development of a more sustainable agenda for these firms. Building upon a consumer desire to address the environmental impact of big business, for example, and a change in market dynamics for investors to largely focus on eco-friendly companies, firms placed respect front and centre. Respect for people, the environment, and their own business became central and made these firms beacon for many others looking to replicate their success.
WHAT CULTURAL CHANGES CAN WE EXPECT FOLLOWING COVID-19?
These conscious decisions will help the financial services industry develop a new path forward. Compliance should be at the centre of the organisational ESG and cultural agenda, and firms of all sizes should place governance, safety, and control at the heart of everything they do.