The compliance function at an inflection point - Views on the McKinsey benchmark

January 17, 2019

In McKinsey’s 2018 compliance benchmarking survey (click) 5 conclusions are drawn from the analysis among 24 leading banks:

Compliance spending growth is slowing
Size and effectiveness of the compliance function are not yet in balance
Compliance maturity is not high
Automation and analytics remain a challenge
Spending more on technology does not guarantee maturity

No surprises in these findings, but let me make 1 observation and talk about 2 of the recommendations.

First the observation. If people talk about the cost of compliance, the focus is often on the compliance function; the 2^nd line of defence. I assume that McKinsey is no different. However, the cost of compliance involves all staff that are performing work on compliance processes, whether that is explaining policies to clients, clarifying monitoring alerts or obtaining documentation required from clients for the sake of the customer due diligence process. Plus of course the dedicated AML operations teams. The number of FTEs in the 1^st LoD is easily 10 or even 20 times as high as the number of FTEs working on Financial Economic Crime in the 2^nd LoD. Achieving operational compliance needs a focus on the 1^st LoD.

Secondly a few notes on 2 of the recommendations in the article

– Strengthening risk ownership in the first line

This recommendation is a no-brainer; client contact and operational tasks are executed in the 1^st LoD. The compliance function instructs, advises and checks but the actual work is done in the 1^st line, if something goes wrong from a compliance point of view it is usually there. The fact that ownership in the 1^st LoD is still not where it should be, is troubling. Despite all the fines, publicity, tone-at-the-top workshops and more it’s disappointing that bankers apparently still don’t get the message.

– Streamlining compliance processes in the first line

Streamlining is perhaps an oversimplification; to achieve an operationally compliant financial institution you need compliance with all policies, proper and prompt customer services and efficient execution of operational process. Every day, with every transaction, with every client interaction, in every corner of the bank. This is best achieved under single headed ownership; meaning that there is 1 person in the 1^st LoD ultimately responsible for the adherence to FEC policies.

There’s still a lot of work to be done for FIs globally; in the first line of defence.

Rolf van der Pol

The compliance function at an inflection point – Views on the McKinsey benchmark

From the blog

The new Payment Services Act in Singapore

Beyond Tick-the-Box Compliance: Unveiling the True Impact of Regulatory Annual AML/CFT Training

On the Wolfsberg Group, financial inclusion and the importance of financial crime compliance training