Agosto 8, 2017

Why Banks Need to Collaborate on Compliance in Order to Survive

David Pogemiller

The most striking change I have seen in the past several years in the controls and compliance field is a fundamental shift in financial institutions’ desire to collaborate for the common good. The unfortunate reality is that despite sharing largely the same mandates and challenges there has been little effective collaboration amongst the community. That lack of collaboration has had a deleterious effect on the community’s ability to effectively meet the intense regulatory and internal demands put on them. The result has been a significant expenditure of time and money on low-value add activity that is common across institutions and an evolution of capabilities that is too slow and sporadic to meet the need.

This is changing though as the community has had an influx of forward thinking leaders both within and from outside the banks, technology has become an enabler to collaboration, and there are proven models to learn from such as the FS-ISAC. The benefits of collaboration are many, but I believe two of the most impactful will be:

1. Standards & Common Understanding
I participated in a small group breakfast with the compliance and controls leadership from five of the top global banks last week. Much of the discussion was around the challenge each bank faced in creating a “holistic assessment of trader risk.” The difficulties are many, but most fundamental was a question of how do they take all of the available data on their people and synthesize it into something that is both understandable and actionable.

The group didn’t solve the problem in that breakfast, but they did figure out how to get to a solution — collaborate to create a common methodology for assessment and visualization. This type of collaboration will have very direct benefit to the banks, but also to the regulators who are charged with understanding and promoting best practices and to vendors who will know that the product they are building meets the definition of what all banks want.

2. Removal of Knowledge Gaps
The community typically has gaps around two categories of knowledge. First are the strategic gaps around best practices for processes, technology, and organizational design that define the construct of each organization’s supervisory process. A common example of this gap that I’ve personally seen over the past several years has been a lack of understanding regarding how powerful today’s technology is and what it should allow them to do. As a result, many firms have been stuck with an outdated view of what is achievable.  

The second, tactical gaps, are the instances of missing knowledge about people, events, information, and behaviors that are the subject of the surveillance activity itself. A powerful example of this is found in eComms surveillance where earlier this year I learned that a small set of traders had started using the Nando’s menu as code words and only a small few in the community were aware. In a world of effective and institutionalized collaboration as one institution discovers this behavior, all peer institutions should immediately benefit from that knowledge.

So, Is Collaboration Inevitable at This Point?

Unfortunately, while the collaborative momentum in the industry is powerful and growing, it isn’t yet an inevitability. So, how can the community continue to build on this increased desire to collaborate?

1. Champion Collaboration Internally
Controls and compliance teams have significant pressure from both internal and external constituencies and that can often result in restrictive and risk averse postures. While leaders will have to forcefully advocate for collaboration to overcome internal hurdles, they now have an ability to increasingly point to their industry peers — at a firm and personal level — as examples of how collaboration can materially improve the firm’s controls and compliance efforts and overall risk posture.

2. Get Plugged Into the Community
There are some very interesting and powerful community led initiatives coming to fruition now that include eComms surveillance, holistic surveillance, conduct risk training, and more. We are pleased to be a participant in many of these along with Armstrong Wolfe whose CCO & COO forums have been the starting point for many of these new collaborations.

3. Actively Identify Opportunities for Collaboration
The community is just at the early stages of collaboration and there are undoubtedly many more areas for collaboration than have been identified so far. In addition, as the practice of surveillance rapidly evolves over the next several years, it will be critical to ensure that it does so in a way where the community first asks “how can we do this” versus “how can I do this.

4. Smartly Leverage Technology
A core consideration for all new technology decisions must be: “how does this help me take advantage of the community’s collective knowledge and capability.” This means leveraging technologies that are open, have clear standards and APIs, and don’t lock you into an information and technology bubble. The good news is that with today’s technologies you should have no limits here, but be wary as those creating the solutions may have different views and incentives that result in more restrictive implementations.

The community’s collaboration efforts will undoubtedly have the most significant impact on its ability to successfully meet their intense regulatory and internal mandates. More so than technology alone or regulatory changes. For this reason, we are excited to be in the middle of this movement and look forward to helping the community drive and capitalize on the opportunities it presents.

Sobre a Forcepoint

A Forcepoint é líder em cibersegurança para proteção de usuários e dados, com a missão de proteger as organizações ao impulsionar o crescimento e a transformação digital. Nossas soluções adaptam-se em tempo real à forma como as pessoas interagem com dados, fornecendo acesso seguro e habilitando os funcionários a criar valor.