Rules Navigator

Experts unplugged: Ensuring senior management follows the rules

Montage with Emily Wright and Rob Mason.
GRIP Montage: Private/Martina Lindberg

Thomas Hyrkiel

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

This series of articles is based on an extended dialogue between compliance and surveillance veterans Emily Wright and Rob Mason.

The DOJ, in its recently updated Evaluation Of Corporate Compliance Programs document, stresses the importance of the commitment of senior management to compliance and a compliant culture. After looking more closely at training we asked our experts about some effective ways in which compliance can manage the relationship with senior leadership ultimately responsible for the company bottom line.

In short – can compliance ensure that leaders behave themselves?

Mason suggests that “talk” about “setting the tone from the top never really amounts to much”. It is far more persuasive when leaders genuinely set an example by way of actions that employees, particularly other managers, can observe first hand.

He spoke about his personal experience at UBS where Sergio Ermotti was in charge then (as he is now!). According to Mason, Ermotti “went around the various major offices saying that UBS was not a proprietary house and that its primary mission, as a bank, was to service client business.” Then “someone piped up and pointed out that there was a proprietary algo trading desk ‘just over there’.” Ermotti, according to Mason, was horrified because this algo trading was happening in the background while he was sending strong messages about the bank’s identity and its strategy.

The problem was that the algo trading desk happened to be quite profitable and another decisionmaker may well have turned a blind eye to it as a consequence.

“There are senior people out there who believe in the principles … they live them and, a result, lead with integrity.”

Rob Mason

However, Ermotti “came down firmly” and said “this closes tomorrow” and it did close. Mason gained an enormous amount of respect for Ermotti because it was transparent that this was not another senior leader simply “going through the motions” and was capable of losing a nice bit of P&L because it was not aligned with what had been said and promised to both stakeholders and shareholders.

Mason was careful to point out that he is not implying that Ermotti is “somehow a paragon of virtue” but the anecdote is “intended to demonstrate that there are senior people out there who believe in the principles that are plastered all over their corporate website and try to ensure that their behaviour is aligned to those – in effect they live them and, a result, lead with integrity.” And when that happens, according to Mason, “it cascades down to your senior management and your middle management and from there leads to all employees recognizing that there is an expectation of good behaviour.”

Mason emphasizes that this is not a “nice to have” it is a necessity if an organization is truly intent on having a healthy and compliant culture in place.

Wright agreed and suggested that firms rarely knowingly “take a punt” on business when it comes to compliance. In her experience no one has ever said: “That makes so much money, let’s just simply ignore the risk around that.”

But there are areas that are more difficult to navigate. Some issues arise, for example, when it comes to going into an area or business that a firm has very little experience with from a compliance perspective. The policies and procedures may be inadequate or absent entirely. And that can put compliance on the back foot. In this context she pointed out that some US regulators, including the OCC, want to see a “credible challenge register” in order to evidence that compliance teams at firms know when to, and do, say “no” at times.

“The very fact that you have leaders in place who think that business can be something that is non-compliant is already inherently a problem in the industry.”

Emily Wright

Mason was not so sure, pointing out the Archegos and other scandals that “happened with people who had an unbelievably poor regulatory track record” yet the various banks decided to “do business with them because it looked like a good thing and lots of dollars would be made.” He acknowledged that policies and procedures are important, but suggested that it was “onboarding that can prove really treacherous” because there will be “some very questionable people out there who fold up shop in one place because they have been found out and go to the next bank and so on” and “the incentive to make money out of them if they pitch a plausible business case can be very strong.”

When it came to the front office coming to ask compliance for something, the compliance team generally wants to be a “business enabler” according to Mason. Compliance attempts to “engage with the business and try to understand the detail and help if it is possible.” If it is not possible to help and you uncover a problem, you “make sure that the risk is flagged and highlighted at the highest level.”

Wright agrees that compliance is a department that generally “tries to facilitate business”, but she believes strongly that this is the “wrong language” in a sense. Instead compliance tries to “facilitate what could be better labelled revenue generation” because the “business itself has to be compliant, to be a business”. If the “business breaks the regulations than it’s fraud, or criminal activity, or market manipulation. There are lots of names for it, but it’s not business if it’s not compliant with the regulations.” And if organizations get the semantics right than the discussion is one that is about revenue, which creates alignment and is a more helpful discussion to have.

According to Wright, the Sergio Ermotti anecdote is an excellent illustration of someone who understood that “business was more important than that particular revenue stream.” And that a principled and clear and compliant approach to business will ultimately lead to much better results. Examining compliance issues through the revenue lens also exposed a fundamental truth, which is where people are making bad decision there is invariably some form of conflict of interest.

This is not a term that gets used very frequently, but it is critical. Because people making a wrong decision almost invariably do this because they are somehow benefitting from it.

She also believes that “the very fact that you have leaders in place who think that business can be something that is non-compliant is already inherently a problem in the industry.” If someone sees business “as something that you can do without being compliant then you should not be leading a financial services firm. Because it being a “business” implies that you are operating within the regulations and laws that you are subject to.”

Other articles in this series

Emily Wright is the Author of Behind the Screens: Understanding Employee Surveillance in Financial Services. She is former Global Head of Compliance Surveillance at Standard Chartered Bank. Emily has more than 20 years of financial services experience including senior roles across Compliance, Operational Risk and HR, within Standard Chartered Bank, JP Morgan, Lehman Brothers, ICAP PLC and Newedge Group. She has worked in London, Hong Kong, Singapore and Australia.

Emily has an MSc in History and Philosophy of Science from The London School of Economics and now offers consulting and executive coaching for financial institutions in surveillance and monitoring, regulatory compliance, and culture & conduct issues.

Rob Mason is the Director of Regulatory Intelligence at Global Relay. He has a wealth of experience across both banking and regulation, having undertaken senior compliance surveillance roles within UBS and Lloyds Banking Group, where he was responsible for the oversight, management, review and enhancement and operational effectiveness of the surveillance carried out, including navigating internal and external audits as well as regulatory visits.

Before his time within bank compliance, Rob spent five years at the FCA where, most notably, he was the Technical Specialist in the team initiated to supervise the MAR – reviewing and examining all regulated firms’ surveillance capabilities aligned with regulatory expectations. Prior to joining the FCA Rob had a trading background with 10 years specializing in trading and broking on-exchange derivatives.

, , , , , ,

You may also like