Compliance has always tested relations with the sales and marketing teams but increasing regulatory action has shown the absolute need for a company to remain compliant with all relevant regulations. A change of approach can see all teams working together for the common good.
In June this year, Commerzbank was fined £37.8 million by the UK regulator for various anti-money laundering and know your customer (KYC) compliance failings, just another example of how slow the industry has been to address its compliance culture shortcomings. Reading through the Financial Conduct Authority’s comprehensive document, one thing is clear to me—this incident is not an isolated one. Chronic understaffing, poor governance, ageing and not-fit-for-purpose regtech… more than one firm is guilty of this approach to compliance.
It will come as no surprise, I’m sure, when I say the majority of firms approach compliance as a box-ticking exercise. Compliance doesn’t generate revenue—in fact, many revenue-generating functions view it solely as a hindrance to doing business. KYC slows down the process of onboarding, and that’s time to revenue in the eyes of sales and the front office. If your firm has a proper client lifecycle management and onboarding tool with proper governance in place, it shouldn’t slow the process down too much. But, let’s be honest, that requires investment in something that few firms really want to invest in.
Most regtech purchases are driven by an incident, such as a regulatory fine or negative press that results in a fall in share price or client complaints. It’s often reactive, not proactive.
Let’s turn back to the Commerzbank example for a second. One of the findings of the FCA was that the compliance team was struggling to get a particular business line to cooperate in gathering the necessary KYC documentation to meet its compliance obligations. The reticence on the part of the sales team was that it would annoy clients to be asked multiple times for the same data. This is a valid point: I did some research a few years ago that involved talking to buy-siders about their onboarding and KYC experiences. Those experiences, I’m sad to say, were generally quite negative and, yes, being asked repeatedly for the same documentation is viewed by those clients as a pain point (relayed to me in rather more colourful tones, I must admit). But there are other options out there.
I am not a fan of the term ‘utility’, and I don’t want to push anyone down any particular fintech route, but managed services can help avoid some of these issues by acting as an insulator between clients and their service providers for compliance documentation. Yes, you might lose a touchpoint with a client but if that touchpoint is one that isn’t value-generating, what’s the danger?
Anyway, back to my tale of conflict and woe. There are valid reasons why the sales and front office teams resent compliance obligations, but for the sake of the business, these teams and compliance teams need to work better together. Any resistance needs to be overcome—after all, the compliance requirements are there to protect the business in case of KYC and AML issues. Identifying whether an individual is a potentially risky client and preventing them from doing financial or reputational harm to the bank or industry at large is an important task—we just often lose sight of that goal as we chase the revenue-generating opportunities those individuals represent.
There are all kinds of compliance courses that front office individuals have to go through to gain and maintain their relevant certification, but if these are viewed as box-ticking exercises, they fail to make the right impact. Another approach needs to be adopted. Compliance goals and targets need to be embedded within individuals’ goals and objectives—not just for compliance teams but for the business side of the equation too.
This includes the marketing team, who will be aware of the many compliance obligations that fall under their remit, from the EU’s General Data Protection Regulation (GDPR) requirements through to obligations stemming from KYC and AML rules. Given that data privacy and KYC can sometimes come into conflict, this is an area that needs to be carefully treated when engaging in client profiling and data handling.
The process also needs to be made easier for compliance teams, especially if understaffed, and this involves automating processes and subscribing to relevant data feeds. It’s hard enough working in compliance, where you are treated with fear and/or loathing by colleagues from other functions. Just give them the right tools and work with them, so that they can do their jobs. It will keep your firm out of the spotlight and the regulator away from your door.