By Ross Marrazzo, EVP, Enterprise Chief Compliance Officer, New York Community Bancorp, Inc.
Having been in the big “C” compliance community since my first job out of college—before “compliance officer” was a defined role—and having gone through a number of mergers, acquisitions, financial crises and political changes, during which the regulatory pendulum has swung back and forth from right to left depending on the politics at the time, the one constant I have observed has been the industry’s creativity in identifying new revenue opportunities, especially during down times. There is nothing wrong with new revenue opportunities, so long as the menu of risks is appropriately assessed and the right control framework is developed and implemented to mitigate those risks. During times of stress to the balance sheet, you may see some creative approaches to revenue maintenance and growth. Especially during these times, compliance executives must ensure they are involved throughout the initial thought processes to check and challenge new and revised products and services and help their business partners navigate the risk waters, whether it ultimately be a go or no-go.
A seat at the table
Compliance executives must be in the loop with business development and modification activities from the beginning. While I am not suggesting they should sit in on every business discussion, there is a right time for them to be brought under the tent, even prior to the submission of a new product review. This not only benefits the compliance risk-management process but also helps the business to avoid issues and roadblocks along the way. It’s all about relationship management and communication. And it goes both ways. This is especially important when the business plans to speak to regulators about new business activities.
Reputational risk and government agencies
When I look at reputational risk, I generally see five groups in no particular order of priority: (1) customers, (2) regulators/government agencies, (3) shareholders, (4) employees and (5) the public. For the purposes of this article, I would like to focus on regulators. A regulator’s perception of a company and its management’s ability to manage it, from its business to its risks, is one of the most important elements of reputational-risk management. Customers’ perceptions will also drive regulators’ perceptions. Maintaining transparent lines of communication with regulators leads to trust. To maintain open lines, the compliance executive needs to have a reasonable understanding of the business and its plans, so—going back to what was mentioned earlier—he or she needs a seat at the business table. Regulators look to compliance executives for assurances that regulatory expectations are being adhered to and, simply put, that the business isn’t doing or going to do anything stupid. The reputation of the compliance executive needs to be protected and held out as one of the bastions of the financial institution’s culture and system of internal controls for the financial institution’s sake—if it wants to operate without government-prescribed limitations. And one of the worst things that can happen is for a compliance executive to leave for reasons related to a lack of support or concerns about how a financial institution is being managed.
Culture of compliance
Government agencies from around the world, in particular the United Kingdom and the United States, have talked about and issued guidance on the importance of maintaining a culture of compliance—in the United States, the Department of Justice (DOJ), Financial Crimes Enforcement Network (FinCEN) and Office of the Comptroller of the Currency (OCC), to name a few. During times of financial stress, it is especially important to ensure that this culture does not weaken and shortcuts are not taken. This is where the partnership between compliance and business executives becomes even more important than before. Middle management is extremely important to maintaining the culture of compliance and often feels the heat during times of crisis, such as when new products and services are rapidly introduced and when headcounts and budgets are reduced. This puts personal stress on middle-management members and strains their everyday oversight capabilities. Hence, they need to be reminded of their compliance obligations and constantly assured that executive management, up to the chief executive officer, is there to support them and that they should be transparent about any concerns at any time—in other words, executive management has their backs. Without middle management supporting business-compliance processes, the compliance program will fail.
Don’t forget second-line and first-line friends
One attribute of good leaders is that they don’t think they know everything. Besides leveraging the compliance team, compliance executives should already have close working relationships with other second-line operations, such as risk and legal, and first-line functions, such as operations. Each area has staff with various experiences and looks at risks from a different lens, so putting everyone’s heads together, especially in a down market, makes for more robust discussions on risks.
Executive and board support
The chief executive officer and the board of directors must support the compliance executive, and the compliance executive must have unobstructed access to both. A financial institution’s governance structure should include regular reporting to the chief executive officer and board on everything regarding compliance-risk management. The compliance executive should feel comfortable being fully transparent with the chief executive officer and the board on the good, the bad and the ugly. And it is incumbent on every compliance executive to have the backs of the chief executive officer and the board members. This is all particularly important during a challenging economic environment. During my many years of experience, even good business leaders, unfortunately, do things that just don’t make sense and require guardrails to help avoid issues that could trip the regulatory or enforcement wire.
Being a compliance executive is tough enough at any time, but compliance and reputational-risk management requires much more attention during a challenging financial environment. Maintaining good communications with business leaders, friends in the second and even first lines, the chief executive officer and the board, and regulators will help the compliance executive manage and mitigate compliance and reputational risks.