Compliance is a global initiative; it requires a collaborative approach between the public and private sectors to achieve mutual objectives of economic development and growth, financial transparency, customer protection and enhanced customer service.
Therefore, a strong financial system is fundamental to financial stability and sustained growth; Middle East and North Africa (MENA) countries are no exception. Significantly, in an effort to attract capital and foreign investments, regulators are increasingly seeking partnership with the private sector for increased market integrity and transparency. Regulatory rulebooks are being rewritten with increased focus on ethics, compliance and customer satisfaction.
As a result, compliance has evolved significantly in the MENA region over the past decade from a mechanical approach to compliance – for example, just checking names against blacklists or doing as little as can get away with and complying only with minimum legal requirements – to a culture where compliance is embedded as part of everyone’s responsibility with board and senior management directly involved and a strong learning culture that focuses on values and ethics to meet the spirit as well as the letter of regulatory requirements. However, a well-developed values-based compliance program where every employee has a sense of involvement and lives the core values to do the right thing takes time.
For starters, an effective compliance program must have:
■ A corporate culture that encourages ethical conduct (tone at the top)
■ Chief Compliance Officer is independent of the line and reports to the Board and administratively to the CEO
■ Compliance has sufficient authority and competent staff & resources
■ Compliance program includes risk identification, mitigation, monitoring and reporting
■ Effective training
■ System of anonymous reporting and no retaliation
This journey is at varying stages of evolution across the MENA countries, further complicated by the existence of regulatory reform challenges, including:
■ Insufficient consultation on proposed regulations resulting in less voluntary compliance
■ Inadequate comprehensive assessment of significant costs and benefits of regulatory choices
■ Insufficient coordination among different regulators resulting in inability to promote homogenous regulations acr oss MENA
■ Close-knit society susceptible to unfair use of connections and facilitation payments
■ Costs of implementing compliance infrastructure are high (e.g. people, process and technology)
■ Rules not applied equally to regulated and unregulated companies offering comparable products and services
Compliance is also being called upon to expand its scope. As example, there is an expectation that financial institutions should leverage their Anti-Money Laundering (AML) systems to combat all types of financial crime including tax evasion, corruption and proliferation of terrorist financing. Furthermore, they are required to ensure fair outcomes are delivered to customers. The forces of change will continue to intensify as MENA regulators increasingly codify international best practices. The ultimate sought destination is a more efficient, higher-quality, customer focused financial system.
The increased expectations are creating interdependences between functions across the organisation, for example, compliance officers need to engage with other functions such as procurement to assess the adequacy of controls in place for avoiding corrupt payments.
“With old risks evolving and new risks emerging, compliance officers need to be better prepared and quicker to respond”
Similarly, the requirements to ensure the delivery of fair customer outcomes create further interdependence with the lines of business, particularly, consumer and small and medium enterprises (SMEs). As such, compliance can no longer be seen as a distinct function working in silos. Embracing a holistic approach also requires applying the right disciplines in critical thinking, including systems thinking (the discipline of moving from seeing parts to seeing wholes), or design thinking that is empathy based, keeping the end-user in mind.
Building a Compliance Program
As a first step, compliance officers need to understand all applicable laws, rules and regulations in force and get a grasp of compliance risks across the organisation, including clarity as to what is in the scope of their responsibility. The next step is to map the risks across the impacted business functions, products and existing controls. The third step is to develop appropriate monitoring steps and reporting of results to senior management in order to continually improve processes. Creating this map stimulates dialogue, enforces accountability and facilitates collaboration.
The Trusted Advisor
Compliance officers need to be careful not to be perceived as looking only at the downside of risk (zero tolerant), but to understand the realities of running a business and applying a risk-based approach to add value. On the other hand, some regulations are clearly zero tolerant and organisations cannot be wilfully blind. Compliance officers need to be comfortable enough to ‘swim against the tide’ and strong enough to say ‘no’. Engagement-minded compliance professionals will look for a win-win scenario, after all, their objective is to protect and enhance the firm’s reputational capital and help business leaders achieve their objectives in control and compliance.
Having mapped the risks and gotten everyone engaged, compliance officers need to champion compliance initiatives across business lines focusing on areas of highest perceived risk, for example review of high risk accounts, such as Charities and Politically Exposed Persons (PEPs). To position themselves as a ‘trusted advisor’ rather than an enforcer, they need to proactively communicate new risks and have ‘skin in the game’. With old risks evolving and new risks emerging, compliance officers need to be better prepared and quicker to respond. They need to fully understand the business, look at a broader set of risks, incorporate more data sources and utilise improved tools to transform data into meaningful information and intelligence. Applying foreknowledge or the ability to anticipate issues and avoid them rather than react to symptoms will add significant value to the business.
Another important role of the trusted advisor is providing ongoing assurance on compliance controls effectiveness. Such a wide range of risks requires numerous and diverse metrics to determine how well compliance controls perform overall. Commonly used metrics include completion rates for compliance training, size of regulatory penalties and number of audit findings and so on.
However, a common denominator among all is that they are backward-looking metrics. Compliance officers should supplement rudimentary metrics with the right predictive metrics that focus on strategic issues. Examples of useful metrics include number of high risk accounts opened, review of results from employee ethics surveys, customer complaints and employees’ compliance with workforce policies that may indicate deeply-rooted issues before they materialise.
A Critical Success Factor
Applying the right strategy may result in a sound compliance infrastructure, but its effectiveness depends on execution, on individuals doing the right thing at the right time. An ethical culture within an organisation is what drives the appropriate behaviours. The argument can clearly be made for ethics as a fundamental pillar to effective compliance risk management, whereas in the context of corporate governance, compliance means obeying the law
Ethics is the intent to observe the spirit of the law, i.e the intent to do the right thing. Therefore, banks that embrace an ethical approach to compliance lay the foundation for an effective internal control environment.
Ethical behaviour also builds a foundation of trust with all stakeholders leading to a legacy of success. When an organisation brings its values into practice, customers start to believe there is a promise inherent in the product or service, which enhances trust in the organisation and can build customers for life.
In conclusion, ethics and compliance are becoming an even more urgent priority as governments focus on ‘regulating’ behaviour, expecting organisations to control their conduct and reputational risk in a similar way to how they manage other principal risks such as credit and market risk. There is an expectation that MENA regulators will increasingly echo their foreign counterparts.
Compliance officers therefore need to continue to build their competencies to lead and influence management. At the same time, they need to redesign their compliance programs using a systemic approach that focuses on creating shared value and enhancing the ethical culture. A journey to compliance best practices never ends, but one foundation remains constant that it’s not success at all cost that matters most, but success only the right way and without ethical compromise.
About The Author:
Michael Matossian joined Arab Bank plc in November 2005 as the Global Head of Group Regulatory Compliance. Mr. Matossian has more than 30 years of experience in regulatory risk management, anti-money laundering, and compliance. Prior to Arab Bank, he served as Chief Compliance Officer, as well as SVP and Director of Regulatory Risk Management, Director of Anti-Money Laundering, BSA Officer, and General Auditor at three different leading U.S. financial institutions; Mr. Matossian also spent 10 years working with a “Big Eight” public accounting firm, and two years with the Office of the Comptroller of the Currency (OCC). Mr. Matossian participates on several national and international task forces addressing governance, anti-money laundering, and compliance matters. He holds the following certifications: Certified Public Accountant, Certified Management Accountant, Certified Risk Professional, Certified Fraud Examiner, and Certified Anti-Money Laundering Specialist.