– Bion Behdin, CRO at First AML
It’s not surprising that some c-suite members are struggling with compliance; a 2023 survey by Deloitte found that 40% of c-suite executives always or often feel overwhelmed at work. Predictably, when this happens, compliance can lose out up against other burning fires on the to-do list.
When feeling the pressure, it’s tempting to rush through what needs to be done and skip key steps to feel like progress is being made. In actual fact, this can have the opposite effect; the organisation could create a workflow that is not fit for purpose, information can fall through the cracks or be double-handled, and all of this could lead to an uninformed and disengaged workforce.
This is why taking the time to lay strong foundations proves essential. But what are these crucial elements that breed success? And what is the CXO’s role in making sure a business stays compliant? The answers lie in roots before branches.
Building a culture of compliance
The foundation stone for any effective compliance strategy is having a company-wide culture of compliance. This unified culture means the business is strategically and operationally set up to manage compliance, is invested in its success, and its employees are aware of its significance. But how do companies build and nurture this environment?
The first step is to have a leader or point of contact who can own the function and oversee the organisation’s compliance needs – this is often a compliance officer or head of compliance. Many financial services firms, for example, are required to have a money laundering reporting officer (MLRO) that reports to the FCA. This person is responsible for encouraging awareness and training of compliance across the organisation and ensuring the company is operating in line with the latest regulations and legal obligations.
Regulators have asked that the person who holds the compliance function and/or the role of the MLRO be reasonably senior in the company, and it’s understandable why. This ensures that their recommendations and directives carry sufficient weight and authority – without this level of influence, the compliance function is rendered toothless.
C-suite’s role in facilitating compliance
While a compliance officer plays a vital role in creating and maintaining this culture, for this foundation to be cemented in the company, the culture has to stem from the c-suite. Not only is it usually responsible for hiring or internally appointing the compliance officer, but they are also responsible for implementing any changes or recommendations given to them.
Perhaps even more importantly, employees take their example from the top. The c-suite’s approach to compliance directly impacts how strongly the company adheres to regulations and CDD processes. With the greatest oversight of the company’s operations, the c-suite can also see what areas of the business are struggling with compliance, allocate resources as necessary and implement risk controls.
While it can be tempting to rush through processes to ‘get compliance done’, incorporating a careful and thorough approach from the top down builds a structure and culture that can then deal with compliance in a more efficient and seamless manner. So, while this may initially require more time and money, it will save much more on both aspects in the future.
Above all, by adopting this approach, the c-suite is not only demonstrating the firm’s commitment to integrity but also instilling ethical practices throughout the organisation. While discussions about lofty ideals can sometimes elicit eye-rolls, it’s crucial to recognise the importance of these principles in fostering trust, compliance, and sustainable business practices.
Inadequate foundations
Last year, the CFTC accused Goldman Sachs of having a ‘culture of non-compliance’ after giving the firm a $30million fine. Embedded within this culture was a failure to carry out appropriate CDD and prioritise compliance. Moreover, at the end of 2023, Switzerland’s financial regulator concluded that the infamous collapse of Credit Suisse was due to “shortcomings in management and strategy over several years”.
Both these examples highlight that, while many branches of these large organisations may well have been fully compliant, without the necessary foundations – a culture of compliance and c-suite strategy – it is incredibly hard to ensure compliance across the company.
The roots of compliance success
How a company performs compliance will vary depending on its risk level and business needs. But laying strong foundations allows firms to adapt their strategy from this base to meet any challenge head-on. This centres on building a culture of compliance throughout the company, with the c-suite the driving force behind creating this environment and facilitating this approach. High profile cases show how failing to lay these solid foundations can deliver far greater repercussions.
With the roots firmly in place, the branches can then grow across the company and form a unified defence in the face of compliance threats.
