To me, the siege of Helm’s Deep is one of the highlights in the motion picture “The Lord of the Rings – The Two Towers”. The director Peter Jackson really succeeded in taking us on an emotional roller coaster through the battle. First, we were impressed by the gigantic walls of the fortress Hornburg, especially compared to the puny village Edoras that they fled from, but hope deserted us and the defenders as we understood that they were seriously outnumbered by the Orcs. Nevertheless, they were able to defend their outer walls from several attacks. But, alas, not even Orlando Bloom as Legolas can defend them when the Orcs plant explosives in the sewer so that the first line of defense crumbles. The second line of defense was the inner wall that they deserted almost immediately and fled to the inner chambers to take a last stand. I do not think that any Chief Compliance Officer (CCO) would classify this as an ordinary day at the office yet but, they use the analogy with three lines of defense to explain their governance model to ensure compliance in their organizations. The customer facing personnel represent the first line of defense that will curb any attacks on corporate policies. Next, the compliance officers are to support the first line and act as a second line of defense. Lastly, the internal audit is the last line of defense to ensure compliance. I will argue in this blog post that Chief Compliance Officers should learn from this dramatic film and prioritize the first line of defense to save themselves from some of the stress caused by the rampage of new legislations.
The CCO is one of few heads that is allowed to recruit personnel as the banks are trying to slash costs to restore their Return on Equity to pre-crisis levels. But, the increased capacity is not adequate to keep up with all the new legislations. There is an alarming report, based on an extensive survey, that cites that 60% of the compliance officers wake up in the mornings worrying about stress and consider quitting their jobs.
According to the report, the prime cause of stress is keeping up with new laws and regulations as depicted in the graph below.
Sure, the CCO can recruit additional compliance officers and create a supportive atmosphere to grow confidence that they can stay abreast with legislations but I think that focusing on the other concerns regarding the first line of defense will yield better results. Some may argue that a majority of the investments in compliance are already allocated to the first line of defense. True, training and examination of customer facing personnel are some of the largest contributors to the compliance toll. And the share is even higher if the costs for adopting IT-systems to the new policies are included. But I argue that those investments are expensive check marks on the compliance score card unless you have the buy-in from the management of the customer facing personnel on the new policies. In this new normal, where everyone is supposed to do more with less, managers have to assume full responsibility for the implementation of the policies, especially when the policy is perceived as a roadblock to good customer service and sales. The first verdict on Forex bank by Finansinspektionen (FI) illustrates the importance of management in providing guidance to customer facing personnel on how to deal with conflicting interests. As a teller at Forex bank at the time of the FI audit, it must have been clear that transactions triumph antimoney-laundering training when there are no routines on how to turn down dubious business.
Some CCOs are experimenting with ways to give the managers a gentle reminder on their responsibilities in ensuring compliance. One successful approach is the compliance self-assessment that some of our clients have deployed so that managers can rate themselves on their unit’s compliance to selected policies. The purpose of these self-assessments is not to replace the second or third line of defense but to increase the accountability on compliance among the leaders for the first of the defense. The chart below illustrates the process support that we envision for compliance self-assessments.
One of my clients told me about a positive side effect that they didn’t anticipate when they first deployed a compliance self-assessment solution. The self-assessments did not only remind the line-of-business on their responsibilities, it provided feedback to the compliance department on where the first line needed the most assistance. To me, that testimonial is key to how to deal with the stress induced by all the new regulations. The answer is to engage management of the first line to ensure that their personnel is empowered to do the right thing and that the second line ensures that they are aligned to provide pro-active support to the first line. Or, to use the analogy of the film, you have to ensure that your equivalents to Legolas and Aragon are engaged and that they are supported by engineers with a risk-based approach from the second-line so that possible sewers can be identified.