3 reasons why managing regulatory risk is a nightmare for compliance teams.
Managing regulatory risk can be a nightmare. Don't compliance officers deserve better?
Reputational damage. Absurd fines. Unwanted scrutiny. Suspended licenses.
These are just some of the consequences that await firms in financial services who fail to comply with their regulatory obligations well. So when it comes to managing their regulatory risk, their business LITERALLY depends on it. Naturally, with such high stakes, you would assume that there would be ample investments made to simplify the process. The truth is however, in most cases, managing regulatory risk is a nightmare for compliance teams. Here’s why.
Monster Reason #1: They are already swamped with work
Across most firms, compliance officers are typically expected to function as ‘expert-generalists’ who are tasked with managing the various aspects of their company’s compliance program. This includes advising colleagues on policy or procedural matters, the risks associated with launching new business initiatives or products, developing compliance collateral and delivering training to fellow employees. As you can see, serving as an ‘expert-generalist’ is a full-time job but so is managing regulatory risk. It takes time and effort to stay updated on regulatory developments, to undertake risk assessments and to then implement changes that impact the way the business functions. To expect someone to do this well while managing other risks for the business is a huge ask by anyone’s standards.
Monster Reason #2: They don’t have adequate resources
How do you help someone who already has too much on their plate? Ideally, you would give them a larger plate or an additional pair of hands if you can’t reduce the contents. What ends up happening in the real world however, is that the plate itself gets smaller but not the contents. This is a point we have made before but in the case of compliance officers, they are still largely expected to manage regulatory risk with emails, spreadsheets and sharepoint folders. Any investment in technology is typically restricted to sanctions screening or KYC tools, which means the regulatory change management process remains painfully (and needlessly) manual.
Monster Reason #3: The burden of responsibility is HUGE!
As we mentioned earlier, managing regulatory risk well is not an option and can make or break a business. That is a huge responsibility for anyone to bear, which is why we are seeing an increasing trend from regulators seeking to introduce individual accountability regimes that will see senior managers play a greater role in developing a better risk culture for their organizations. However, the responsibility of actually managing regulatory risk remains with compliance teams and it can feel like it’s ONLY the compliance team’s responsibility to get things right and only their problem if they don’t.
What ends up happening then is that compliance officers end up shouldering the burden of this responsibility (and also suffering in silence), because at the end of the day, they are also just employees looking to earn a decent and be appreciated for doing a good job just like everyone else. How long, however, can someone shoulder such responsibility in less than ideal circumstances? And at what cost?
A serious toll on physical and mental health
What happens when you give overworked employees a huge responsibility to shoulder with inadequate tools? Well you get employees who get burnt out and who will much rather leave at the first chance they get than continue working under such conditions. But don’t take our word for it, a recent report by Lexis Nexis Solutions arrived at a similar finding too. If the people you rely on to manage one of your most important risks are having health issues because of it, then it’s time to sit up, take notice and do something about it.
Getting rid of monsters!
If you were expecting us to end with a broad recommendation to adopt a RegTech solution to solve all the problems we identified, then we are sorry to disappoint, because it will take much more than that. Technology can only do so much in the absence of proper resource planning and a responsible attribution of responsibility to various stakeholders across an organization. Fundamentally, this is about sensible and proactive risk management and the need to support, enable and equip compliance teams to deliver their best if they are to be entrusted with a huge responsibility.
If you are in compliance and any of the points we have made resonate with you, let us know if you need help:
On the human side: we encourage you to reach out and speak out (whether it’s someone from HR or at home) if you are struggling with stress. After all, risk management is all about acting proactively and that includes addressing any risk to your personal well-being too.