Consent Orders, C&Ds (Cease and Desist Orders), Fines and Penalties – we see these regularly and when we read through the details, one key element is mostly a root cause. Compliance efforts were what they should have been to detect and remediate the gaps internally within the organization before becoming a regulatory finding and eventually an enforcement action and civil money penalties. Every financial institution maintains a compliance organization in some shape or form. Some compliance organizations are extended wings of the Risk organization, others are standalone second line of defense, and some are spanned over all three lines of defense. As practitioners and industry leaders, we often blame the regulatory environment and mention a rising cost of compliance as a material concern. Have we taken a step back to evaluate if compliance-related costs were not what they should have been in the past? Are we experiencing higher costs because we are playing catch-up? Are we building a compliance organization now, which we could have done gradually over the last many years? Is the regulatory mandate a result of not moving in the right direction for many years? Some of these thoughts are painful and some require an out of the box thinking process. In some cases, organizations have built a very heavy compliance infrastructure, which is crushing the organizational agility and expansion under its weight.

Well, sometimes the solution is not very complicated. In our humble opinion, Compliance Framework can be designed to complement the existing organizational business and operational models. Compliance organizations in today’s fast-paced environment should function as internal advisory as well as assurance functions, where not only they assist the organization in identifying any gaps, they also partner with sales and operations through the remediation efforts. Identifying gaps without providing advice and guidance for remediation is neither effective nor efficient and can result in an ever-growing list of open gaps. Technical compliance related procedures and controls should be embedded within the regular business process. Adding a layer of compliance procedures on top of regular procedures add substantial cost and often results in loss of agility for the organization. Compliance can also function as a provider of key trends and analytics to executive and business leadership. Since compliance monitoring function reviews business activities at a transactional level, it can serve a dual purpose and generate key customer behavior trends and transactions anomalies for the business leadership to consider while conducting strategic and expansion planning for the future.

Debate over cost and structure of compliance organization is very much active and affects the expansion plans for many organizations.

Comments? You can contact me directly via my AdvisoryCloud profile.