Fines, prosecution, financial crimes, How and why they happen. An examination of issues with business and the need for steadfast compliance
In a recent discussion regarding an article posted on LinkedIn, That focused on compliance, there was a comment that stated;
"When you look at all of the turmoil around the latest scandals and investigations you can't help but wonder and ask; how did they let this happen?"
This is a great question and one that I'm sure everybody has some sort of answer to that points at greedy CEOs, corruption and other sinister plots. While this may be the case in some instances the majority of the time it is simply bad decisions.
Of course choosing to become a criminal is a bad decision but that's not the bad decision that's being referred to.
I'm talking about bad business decisions. Decisions based on complacency, laziness, unfounded fears, promulgated by both internal and external scare tactics.
Since the main subjects involved in the turmoil are banks and other financial organizations I am directing the first part of this "how and why does this happen" examination at them.
All regulated financial companies have a fraud, risk, legal and or compliance departments and auditors that all manage oversight to prevent illegal things from happening.
It is well known that there are inherent issues that deal with the concepts of what makes a competent, qualified and/or capable person in any of these positions which is an issue all on it's own.
Assuming that the majority of people are competent you would think it nearly impossible to get away with anything with all of those eyes keeping watch, but that's not the case.
The main and most important watchdogs are the compliance professionals, and the auditors. But what about when the numbers match up, when everything appears to be copacetic, then how do we know that there is a wrongdoing or where and how to spot one?
The answer is prevention. Not letting something happen is the only sure way of it not happening.
Compliance exists to ensure that controls are in place and that they are being followed correctly in order for those controls to function properly. Compliance is the next most important role within an organization next to the CEO even the simplest tasks may need approval.
Unfortunately like many laws and regulations, there are loopholes and workarounds.
Bear in mind that all of these institutions are customer based. The problem starts at the customer facing level; The company salespeople. I am not throwing them under the bus, but as a long time salesperson I understand that there is a different mentality and thought process then that of the rest of the organization.
No matter how you try to realign the way that business should be approached, it comes down to two things on-boarding and retaining customers.
In an environment based on metrics to ensure, job security, revenue stream, and bonus, as a salesperson you want to gain the most amount of customers, keep the ones you have, and impress them, and most importantly make and keep them happy. To keep a customer happy you give them what they want!
What makes a customer unhappy? Issues, problems, delays, inconveniences, invasions of privacy, all of the above. This is what occurs many times.
Regulations, rules and requirements all get in the way of that customer bliss.
This is where the problem begins.
Loopholes and workarounds are sought, threats are made regarding unhappy customer, loss of revenue, offending companies, and so on, which spurs a frenzy for the search of alternative routes many of which include circumventing compliance, waivers that are forgotten about, poor risk decision based on "customer trust". Eventually this cascades into a pattern of behavior that filters up and eventually you have a culture of rerouting, circumventing and working around and everyone suddenly becomes a risk manager making what seem to be minor judgement calls yet can turn out to be catastrophic. The biggest issue is executive override and senior management pressure forcing the hand of compliance or excluding them from either necessary portions or the entire process.
The second part of this examination is short. The reason these things happen is incompetent people, not just the compliance professionals but the senior management, hiring managers, and recruiters who do not know what qualities make an efficient and effective risk, fraud and compliance specilaist, analyst, or the dozens of other titles I have seen that are given to these positions the requirement that i have seen listed for many of these positions is proof that the profession of risk and especially compliance are still very misunderstood. I have seen everything form requiring a legal license to programming and coding experience, which would be understandable if it were a senior level position or a cyber or IT compliance, but unfortunately it was not. If effective people are not in place performing compliance implementation, analysis, or testing and nothing else, then things will go unnoticed.