"Broken by design": Advice, Institutions and Compliance

Few compliance teams emerged from the RC "trailing clouds of glory", but the Commission's broader focus on Management and Culture has distracted criticism of the capability, competence and courage of those charged with the responsibility to ensure ensure compliance with the law.

Thankfully, both ASIC and leading Licensees had already identified, and sought to mitigate, the pressures that compromise the effectiveness of compliance.

Despite all the hand-wringing and public protestations, there are few surprises in the Royal Commission's Interim Report. In fact, the worst-kept secret in financial services, recently exposed by the Interim Report and earlier by REP515, is that not all compliance 'experts' are equal, efficient or effective. 

Some compliance experts have a solid knowledge of their craft and deep domain expertise. Others haven't mastered their craft and still others are struggling to learn the fundamentals. Others simply lack the resources and authority to be effective.

In my view, one of the key obstacles to Licensees’ capacity to act efficiently, honestly and fairly is often their own compliance function. Sometimes, these failures are the result of normal accidents or mistakes but others, I'd suggest, are inevitable consequences of deliberate decisions. In some businesses, the compliance function is broken by design.

It's a contentious assertion, but not an unreasonable one.

Consider how many of the failures identified by the Commissioner were inevitable, and predictable, consequences of management decisions to replace 'effective' compliance managers with 'commercial' compliance managers?

Think about whether, given their commitment to good governance and prudent risk management, so many institutional licensees failed to properly consider the non-financial costs of restructuring their compliance functions or the risks and limitations of shared services?

Ask whether their 'restructuring' initiatives, properly assessed the consequences of losing corporate memory or casually dismissing of 'independently minded' experts?

Ask yourself how these Licensees could, or did, assess the competency and culture of the applicants on whom their business would depend?

Traditionally, many organisations considered 'compliance' to be a necessary evil; While required to avert regulatory attention, it was tangential, if not irrelevant, to the business. Recognising its capacity to impede business, it was generally inadequately resourced, poorly-led and marginalised.

In these licensees, Compliance could never be effective. It was broken by design.

Compliance as strategic management

Compliance is, or should be, a strategic management function that’s critical to the sustainability of the business in which it’s located. 

Unfortunately, compliance functions often lack the capacity to appropriately influence and advise because of their own inability to adapt to environments of uncertainty, ambiguity and change.

"Good culture and proper governance cannot be implemented by passing a law. Culture and governance are affected by rules, systems and practices but, in the end, they depend on people applying the right standards and doing their job properly." Interim Report V1 @ p322

Compliance as Capability, Competence and Courage

Quixotically, I believe that a new culture of ethics, service and management accountability will emerge as a result of the Royal Commission. In fact, we're already seeing 'generational' change as the myopic sales-focused managers are replaced by more aware, sustainability-focused leaders.

Unfortunately, any substantive progress in limiting misconduct will depend on Licensees' success in developing, and embedding, a culture of operational excellence, innovation and compliance.

In my mind, this requires Licensees to equip their Compliance staff with the realisations and insights they need to achieve operational excellence, by encouraging their recognition of the need to explore, invent, experiment and adapt.

The Licensees, Regulators and Associations identify the learning and performance gaps that have contributed to the failures identified by ASIC, the media and the Royal Commission. As the new 'voice of risk' starts to compete with the 'voice of finance', institutional focus on employees’ capability, competence and courage must increase.

At an industry level, this requires the development of a Compliance Capability Framework, against which Licensees conduct a training needs analysis to identify competencies and determine the gaps between the desired and actual knowledge, skills and abilities of their compliance staff. Some licensees are already walking down this path, but a broader perspective may be required to overcome self-interest and internal biases.

Our Capability Framework, for example, encourages speedier adaption by examining, in context, the essential values of Capability, Competence and Courage.  

Capability - Processes, skills, behaviour and knowledge;

Competence - Knowledge, skills, behaviour and attitude;

Courage - Ethics, conscientiousness, application of values, social norms and emotional cues.

• Who watches the watchers?
• Compliance Insights: Lessons from REP515

Compliance as Custodians

It's as unfair to blame 'Compliance' for cultural and management failures as it is to expect effectiveness from staff that are ill-equipped and unprepared to act independently, capably and courageously. As the Interim Report asserts at page 144

"Preventing improper conduct (and promoting desirable conduct) is a central task of management, at every level in an entity."

While we might argue, reasonably, that 'compliance is everyone's responsibility', there should be no mistaking the critical need for independently-minded experts focused on compliance, ethics and sustainability.