How risk can make the job of a compliance officer easier, and other counterintuitive lessons learned from a lifetime spent in compliance
"In some ways, risk has made it a lot easier to do our jobs." Surprising words, perhaps, from a compliance officer. But as you're about to learn, the life of a compliance officer can be full of surprises, especially for one that's been at the same firm for an entire career. This week, we continue relating the lessons learned, observations made, and insights accrued from Suzanne*—the chief compliance officer at a global investment bank. Suzanne has been with the bank as it's grown from a small firm with fewer than 100 employees to a public company with offices across the US, Europe, and Asia, and as it's evolved from a firm that took companies public to one that handles M&A, financings, restructurings, and financial advisory consulting.
GOODBYE CHECKLISTS, HELLO RISK
Over the last decade or so, FINRA has altered its regulatory approach: from one of tick-the-box to one of increased focus on risk evaluation. "I don’t think it was an overnight switch from checklists to risk assessments," says Suzanne, "more of an expansion, following the 2008 financial crash and subsequent recession. Banks failed. The stock market crashed. How could this happen? Regulators were seemingly doing a great job, and then it all came tumbling down—the economy toppled by too much risk and too little understanding. So the change made sense. Just requiring adherence to the rules and the checklists wasn't enough. You have to take a broader approach, and consider all the risks facing an enterprise across all of its products."
Having to focus on risk has made life easier for compliance officers in some ways because, even if only as a last resort, they can put the fear of consequences into whomever is offering pushback. Suzanne: "We can always say, look, if you don't do this, then this can happen. And this will not be good." Though for a firm like Suzanne's, which doesn't engage in retail trading, it isn't always that simple. "We have people who think that because we're not trading securities, we don’t have to be mindful of FINRA rules. Then you have to break it down for them. For example, M&A work may involve transferring securities, and therefore we have to pay attention to FINRA. We may only be the adviser, but we still have to know the applicable rules if there are securities changing hands."
THE MISSING CONTROL ROOM LINK
Risk is never in short supply in an investment bank, particularly when it comes to putting together deals, and Suzanne's firm does a lot of them. “When your business mix lends itself to potentially working on both sides of a transaction, you need to effectively manage the risk of conflicts of interest with clients and within the bank: particularly if you’re structured around industry sectors or product lines, where the same people can be involved in many different deals.” Per Suzanne, maintaining clean deal teams is an effective approach. "If you have somebody working on a two-phased engagement, to provide both financial advisory and M&A services, a good solution is to have one team that's expert in the financial advisory side staffed to do the valuation or fairness opinion, and then another team staffed to do the M&A work."
Deal-team staffing at Suzanne's firm is run through the CRM. "The deal team is responsible for running a conflicts check before we're engaged by a client, which will bring up previous relationships. This is particularly important if you have a business mix where you can pitch both sides. Our proprietary conflicts check system is linked with the CRM. An employee enters the engagement she's working on and runs a conflicts check. So our control room function is a complex combination of identifying and resolving potential conflicts, monitoring staffing, and restricting the securities of companies that we're engaged to provide services to."
And for Suzanne, conflicts mitigation also involves taking into account personal investments of the general employee base. "If we're doing a deal and the clients are public companies, or have publicly traded debt, we have the ability to restrict trading in those securities for all employees. Not just those on the deal team." That's where Star's personal trading monitoring platform comes in. Suzanne: "If you have a particularly sensitive deal, the client may ask if anyone who is working on the engagement, or even anyone employed by the firm, has holdings in their company. We can quickly look up reported employee holdings in STAR."
The missing link in this well-oiled, risk-mitigation machine is a system that can map the deal data that's sitting in the CRM to the restricted list, brokerage account information, and private investment data that's sitting in STAR. That missing link might just turn out to be Star's Compliance Control Room—the company's new control room software solution. "We're very aware of Compliance Control Room and very interested. We think it could bridge the gap between the CRM and STAR. Being able to map the deal information in one database to the trading information and restricted securities in another would be the connecting piece for us. It would make the restricted list functionality far more dynamic."
YOU HAVE TO ENJOY PROBLEM SOLVING
Tone at the top gets a lot of attention today in the corporate world, but in many cases that attention is just lip service. For Suzanne, however, tone at the top is real and has made all the difference. "Talking with other compliance officers over the years, I realize some don't have the kind of support from their senior management that I have. It probably helps that I've been here so long, and basically grew up in the firm culture. Also, we have an excellent regulatory track record. So there's an all around understanding that we always have the best interests of the clients and the firm in mind when designing compliance programs."
"I have a friend who's trying to convince his board to buy a necessary, though pricey, system, and he's getting considerable pushback. I put him in touch with his counterpart here, to understand our decision-making process and maybe help him more effectively frame the cost/benefit argument. This is why it's important to thoroughly understand your culture and how applicable regulatory requirements can be addressed in a practical manner. I'm extremely grateful for the kind of culture we have here. I totally lucked into it, in a sense, because of a recruiter’s comment all those years ago. As big as we are, there are still really nice people here. And it can be hard for a firm that has grown, and continues to grow, as much as ours has to keep that personal, family-type feeling. There are many people who have been here for decades."
"My job is about educating extremely busy people about a topic in which they may have little interest, to get them past the notion that, if it’s not a law, they don’t need to pay attention. Above all, it’s about being concise, not wasting time. Explain the Ws: what do they have to do, why does it have to be done, and when does it have to be done by. We might need to do something because it's the rule. Or because it's within the spirit of the rule. Or because it's the right fact pattern. Or just because it makes good business sense. It's been very helpful to have a naturally strong compliance culture in a naturally conservative firm. We're pretty risk averse by nature. If you can get that kind of cultural mindset into place, you can design your policies and processes accordingly."
Time flies. Solving problems. The four words Suzanne opened this two-part blog series with. As good a way as any to sum up her decades in compliance, and as good a sentiment as any with which to end the series: "There's a lot more problem solving in this job than there used to be. You have to enjoy finding creative, practical solutions to very complex issues. Which I do."
*Not her real name. Withheld at her request.