Innovation in financial services brings its own unique challenges for compliance, notably, how to support these efforts while vigilantly complying with regulations. Having navigated these circumstances at leading global firms like RBC and Barclays, our Compliance Strategy Principal, Iain Duke-Richardet, sat down with me recently to discuss how compliance can build a sustainable partnership with the business.
William: Iain, there’s a common perception that compliance is inherently at odds with the business or growth strategies in technology issues. What do you think lies behind that?
Iain: Will, I think that’s a great question. In truth, Compliance did earn this reputation through a generation of compliance officers who said no to any ask, even the most reasonable ones. Compliance doesn’t necessarily trust easily; it wants to see and touch and confirm that controls do in fact operate as designed, and therefore the organization is not facing supplemental risk. Change can therefore be challenging because it demands an assessment of those controls, and even an adjustment without always necessarily knowing the precise outcome. It requires some degree of flexibility in a field that is all about inflexible rules and regulations.
More recently, though, and certainly in my own experience, compliance functions are increasingly interested in technology and innovation. In fact, in some circumstances, compliance may actually be driving that conversation. The response to both growth and technology has pivoted from a reflexive no to, at the very least, a ‘let’s discuss it.’
William: Quite the evolution. In your experience, when have you seen the partnership between Compliance and the business work best?
Iain: This is going to seem fairly straight forward, but the partnership between Compliance and the business is one that calls for both groups to understand each other’s priorities. Too often, the partnership doesn’t work because Compliance is not willing to consider the business’ needs or the business is coming to Compliance with too broad an ask. The business wants to sell or develop widgets or provide the service, and compliance is focused on the controls that minimize any risk to the organization. So the partnership really works best when compliance has an opportunity to assess the business’ outcome and the business tailors outcomes to align with any limitations that already exist. If the business objective is designed with absolutely no controls, they’re unlikely to receive a great deal of support from the compliance function.
William: So putting it into practice today, what are some initial steps or next steps that firms could take towards building this cohesive partnership between Compliance and the business?
Iain: I think a lot of the progressive organizations have taken a couple of steps in terms of building this partnership. One of those is to bring a compliance partner into the early stages of a business project, sometimes even as early as the actual ideation. Given that opportunity, a compliance partner can flag early in the exercise any kind of risk or hurdles that may lurk, which then means that those can be addressed throughout the planning, development, and execution. So rather than the business coming with everything prepared, having put a lot of work into an exercise, with compliance seeing it for the first time right before launch, the groups are actually aligned and both have skin in the game to see it succeed. As part of this process, I think it’s always helpful when business and compliance come together to learn about the technologies that underlie the desired outcomes; again, they’re working together.
The other step that I’ve seen organizations take is cross functional training and education. So if the Compliance team understands and has a little bit more exposure to the business, as well as the business stakeholders having more exposure and understanding of the compliance framework, the impact is that the functions can actually appreciate each other’s objectives and work towards them and within them as opposed to coming at each other focused only on their own side of things.
In Summary:
- To strike a balance between innovation and compliance, it’s critical to insert Compliance directly into the ideation or strategy phase.
- Too often teams put ideas in front of business leaders without vetting with Compliance first, which inevitably leads to challenges down the road with compliance.
- As new ideas, technologies, and campaigns are ideated, firms should naturally confer and align with Compliance before presenting to the business. One way to systematically ensure this happens is to instill dedicated partners cross-functionally, for instance nominating a compliance technology partner.