Richard Hill, Executive Director for CJBS’s Centre for Compliance and Trust, outlines seven key questions compliance officers should be asking of their colleagues, their bosses – and themselves.
1. What does our business actually do?
This is the key, absolutely imperative first question. Drill down into the way the business operates. Ask a front-line person to explain to you the exact nature of the company’s work and how it carries it out. This is the origin for everything else – and don’t be afraid to ask anything. It has to be understood by all that there are no stupid questions. If you don’t fully understand who you’re working for, what they do and how they do it, you’ll always struggle to do an effective job.
2. Why are we doing it?
Of course a main aim of any business is to make money, and your company may be highly profitable. But if that’s the only reason anyone can give, you need to ask more questions. PPI was extremely profitable and that stopped many institutions from questioning why it was being sold and what it achieved. As a product it has proved highly damaging to individual institutions and the industry – but not enough people at the time asked the fundamental questions.
3. Who benefits?
If it’s just the business that is benefiting and no-one else, the question needs to be asked. Service industries are in place to serve a customer, and if there is no obvious benefit there perhaps something needs to be examined. Who’s making the profit? Where are the margins being made? How can our positioning as compliance officers influence this?
4. Where is the detriment?
It’s imperative to look at where the potential is for detriment, for suffering, for loss. Too frequently that question simply hasn’t been asked – assumptions about a constant upside, such as with mortgage-backed securities, need to be countered by exploring the downside. You might need to look very hard – do not be easily deterred. If there is a chance of detriment you need to find it.
5. What is my role?
It goes without saying you can’t take away the responsibility from the front line – you’re not the CEO. But you need to understand your own place within the culture of the organisation. You need to ask: “Do I have a voice? Am I listened to? Do I have a veto? Am I a trusted partner or a regulatory obligation?”
6. Am I courageous enough?
What happens if you see a practice that needs challenging? What does courage look like? Being courageous is an extraordinarily challenging act and one that can feel incredibly difficult to attempt. Is it whistleblowing, is it having the confidence to go to the boss? Does the culture of the organisation allow you to do that – or can you work towards creating that culture?
7. How can I get colleagues on board?
Banking has changed and institutions have recognised that they have to change with it – they have to be more transparent and accountable. CEOs and leadership teams are already committed to change, and the challenge now is to bring the entire organisation with them. The disappointment and loss of public trust in the last few years needs to be overcome – compliance officers have a key role to play in this transformation, setting and supporting a framework for the rest of the bank to work towards.