This article appeared as the cover story in the November/December 2021 edition of ABA Bank Compliance. Reprinted with permission.
Compliance processes at financial institutions of all sizes are complex, and they consume seemingly ever-expanding amounts of time, money, and human resources. Yet compliance processes are essential to preventing financial crimes. With the pressures of managing financial crimes risk steadily increasing, institutions large and small must implement and maintain effective internal controls to remain compliant. In the past, these pressures largely stemmed from ensuring compliance with laws and regulations. Today, with financial institutions shifting to remote work, consumer expectations changing, and digital payments reducing in-person transactions, there are also new internal challenges, and stresses keep mounting. To prevent compliance failures, institutions need to understand the pressures they and their compliance teams are facing, and take steps to cope with them.
Not taking action to mitigate stress in a financial institution’s daily operations can have serious consequences—not just in the engagement and productivity of staff, but also in the effectiveness of the compliance program. Employee expectations are changing, along with those of bank customers, with both demanding greater mobility and flexibility. Left unchecked, stress takes a toll on workers that, for many, leads to burnout and causes them to leave. At a time when banks, especially midsize and smaller ones, are struggling to align their staff resources to meet business workloads, institutions cannot afford to lose employees.
Day after day, cumulative stress reduces workers’ energy, impairs their health and well-being, saps their productivity, and leads to disengagement. Banks are certainly not the only employers afflicted by stress, but stress has particularly severe downsides for compliance teams. By the time a compliance team member becomes disengaged, the risk of compliance failures has already increased—and it may be too late to re-engage the employee. In addition, disengagement can be contagious and spread to other members of the team.
A study by the job search firm Indeed found that burnout is increasing among U.S. workers, with 80% of respondents saying COVID-19 has impacted workplace burnout. More than two-thirds—67%—say burnout has worsened during the pandemic, while 13% believe it has improved. That a small percentage of respondents believe burnout has diminished during the pandemic implies the vast majority have either seen burnout increase or remain roughly the same. When stresses multiply, burnout becomes more likely.
The best way to stop the downward spiral for compliance teams is to prevent stresses from accumulating in the first place. Below are four ways that financial institutions can get a handle on and relieve some of the pressures facing their compliance programs.
1. Understanding pressure
For each financial institution, there are different dimensions of pressure. No two banks are exactly alike; the risks and cultures vary in institutions of all sizes. Therefore, an important step in mitigating pressure is to understand the forces that generate it. Pressure may come from different areas, depending on the size and complexity of the institution, but to one degree or another, it often starts in five areas:
- Anti-money laundering. Identifying, detecting, and mitigating money-laundering threats are an ongoing challenge for financial institutions. AML regulations and compliance frameworks require compliance regardless of an institution’s resources. One recent source of pressure relating to AML is the National Defense Authorization Act (NDAA) of 2021. NDAA outlines a lengthy set of measures that include strengthening the Financial Crimes Enforcement Network (FinCEN) and setting new requirements for AML compliance and supervision.
- Operational. Pressure in the operational sphere often is a function of the “how”: How are we going to effectively execute the compliance program? How do we know if we have the right tools for this program? How can we get things done with limited existing resources? Often the answers to these questions lead institutions to look at the effectiveness of internal controls and how well these processes address the compliance risks across the enterprise.
- People. Staff pressures are not limited to a certain size of institution; they are universal. People pressure is largely about keeping teams motivated and working effectively on what their roles require. Remote working environments, along with the duration of the pandemic, have now caused employees to reassess their workplace expectations.
- Customer behaviors and expectations. Changes in consumers’ preferences for banking include a shift toward digital payments and fewer in-person transactions, as well as more speed and convenience in their banking experience. Commercial customers also have changed their business models, often sourcing goods and services from different jurisdictions given the various approaches to pandemic shutdowns. This is an additional source of pressure for institutions to adapt to and accommodate customers’ evolving needs and ensuring that internal controls and processes are effectively adjusted to meet the changing risk environment.
- Unforeseen pressures. The COVID-19 pandemic surfaced pressures on people and organizations that few, if any, could have predicted. With offices and bank branches shut down and more employees working remotely, data security has become a greater concern. In addition, financial services continue to see massive changes in consumer behaviors, and not all of those are foreseeable. For example, consumers in recent years have shifted from cash and simple transactions to digital payments and virtual currency. This shift requires institutions to adapt, and that is another source of pressure. Additionally, regulatory agencies increased their advisory issuances, such as COVID-19-related fraud guidance and the recent FinCEN priorities, which cause compliance officers to assess the impact to their program or try to anticipate changes which may be forthcoming.
During an American Bankers Association webinar on August 17, “Managing Compliance Under Pressure,” attendees were surveyed on what they perceived as their biggest current pressures as well as what pressures they felt would emerge over the next year. Compliance professionals responding to the survey overwhelmingly cited regulatory pressures as their biggest source of pressure, seconded by resource and budget constraints. Even though “lack of leadership and board support” and “lack of appropriate technology solutions” were offered as potential answers, respondents did not cite either as pressure points.
Among emerging pressures, compliance professionals responding to the ABA webinar survey mainly considered upcoming audits or exams as a key emerging pressure, followed by their institutions expanding into high-risk business areas.
It’s important for financial institutions to realize that these areas do not exist in isolation. They combine to produce intense pressures. An example of how several of them can intertwine is alert clearing. Due to the unforeseen effects of the pandemic, institutions may have substantial backlogs in alerts. Clearing the backlog is critical to compliance with anti-money laundering regulations, but this has become more challenging due to staff limitations and the complexities of transactions resulting in lengthier time to effectively review and resolve alerts.
Financial institutions responding to a 2020 LexisNexis study on the true cost of AML compliance expected the volume of alerts to grow significantly, with 87% of U.S. respondents indicating that they expected alert volume to rise, compared with 78% in a similar study in 2019. Along with the growth in volume, the average time to clear alerts also has increased since 2019, with the median hours needed to clear different types of alerts rising significantly in 2020.
Adding staff to clear alerts is one solution, but not every institution is able to do that. Banks are incurring more labor-related compliance costs, according to the study. Notably, much of the labor expenses do not stem from increased hiring. Rather, labor-related compliance costs are up because of extra hours needed for existing staff to conduct due diligence, including know-your-customer and alert resolution.
Another example of unforeseen pressure arising from multiple areas is the Paycheck Protection Program established under the CARES (Coronavirus Aid, Relief, and Economic Security) Act in 2020. Banks raced to provide small-business lending under the PPP, in many cases reassigning staff to process loan applications in an all-hands-on-deck response to the sudden business opportunity. Unfortunately, the volume of PPP loan requests opened the door for fraudulent applications, something for which not all institutions adequately prepared.
2. Defining the sources of pressure
The second way that financial institutions can get a better handle on compliance stresses is to define the sources of pressure. Banks that clearly see where pressure is coming from are in a strong position to mitigate those pressures. Some of the main sources of compliance pressure in most institutions are:
Board expectations. Pressure in many organizations comes from the top. Meeting the expectations of a financial institution’s board can be a significant challenge for compliance officers.
Leadership team needs. Institutions’ senior leadership teams set the operational agenda to achieve strategic business objectives. Leadership needs the cooperation and support of the rest of the organization to drive the business. Misalignment of objectives and internal resources can generate a great deal of pressure on compliance teams.
External demands. Internal factors are not the only sources of pressure. External demands by regulators and law enforcement authorities augment the pressure that boards and senior leadership can place on compliance.
Team challenges. Compliance teams often have their own complex challenges. Understanding what these are, on a personal and group level, is key to solving those challenges. For example, what are the silos in the institution? Every organization has operational silos, and a lack of communication among them can be another source of pressure for the compliance team. Another challenge is the movement of staff, whether between organizations or to different roles within an institution. During the pandemic, many professionals took the opportunity to make career transitions and may not yet have had the opportunity to meet in person anyone in their new role or organization. Depending on an institution’s remote work protocols, it may take a long time for teams to resume in-person operations. This adds complexity to the other challenges team already face.
Solutions to these sources of pressure will vary by institution, but one common approach is to effectively set the tone at the top, making sure that it flows through mid-management. Execution of strategic priorities needs the buy-in of middle managers. Without their support, the best-laid plans from the top of the institution can go astray.
3. Maintaining focus
Once a financial institution defines its sources of pressure, the next challenge is to remain focused on compliance. The critical element in maintaining focus is to establish priorities and communicate those to all stakeholders. The worst thing an institution can do is to set a plan but fail to communicate it. This is easier to state than perform, but each institution can establish guardrails on this journey by asking some key questions:
- Who sets the focus?
- How should we handle competing focus points?
- What are the potential distractors? In other words, what can throw us off our game? Is remote work playing a role?
- Do we have the right communication with the right people?
- Are we using our resources effectively?
- How can we accommodate the unexpected and incorporate that into our day-to-day business?
When a financial institution has competing priorities, compliance officers must figure out how to align those priorities with the needs of their team and the overall compliance program. Institutions should avoid conflicts by being intentional with their priorities. A structured approach to priorities can help compliance officers and their teams to stay focused.
Communicating the right things to the appropriate people is vital, and compliance officers should keep in mind that communication is by definition a two-way conversation. To maintain their teams’ focus, compliance officers should understand that reporting can help keep eyes on the ball. If compliance teams need additional resources to maintain their focus on priorities, compliance officers should not be shy about asking for those resources.
Establishing key risk indicators (KRIs) and key performance indicators (KPIs) can enable financial institutions to detect potential risk events and predict future resource needs. Using trusted, outsourced partners for technology and analytics for monitoring, testing, and risk identification can make a big difference in compliance programs. But compliance officers should note that, even with sophisticated technologies and specialized knowledge, not every risk can be foreseen. Therefore, compliance officers should have the flexibility to say, “the unexpected will happen,” and be able to seek resources to address unexpected events.
4. Communicating effectively
Communicating effectively is a recurring task. Neither the leaders nor compliance officers of an institution can expect to achieve the desired results from their teams unless they strive to make priorities and expectations clear to stakeholders. Full transparency in explaining the what and why of an institution’s priorities is needed. Repeated communication is necessary with different audiences so the message is clear.
A risk-based approach underpins compliance programs, but financial institutions also need to communicate that not all risk is of equal value. Therefore, prioritizing high-risk and high-value solutions is both practical and necessary to keeping teams focused.
Effective communication involves several elements, including:
Express statements. If compliance teams need something to perform their functions—such as technology, additional resources, or outside help—they should ask for it. The ability to clearly describe and quantify needs, along with determination of the impact and regulatory objective, will be critical to getting buy-in.
Specificity. Some institutional communications have a tendency to issue general statements, but they should not gloss over things the leadership team cannot address. It’s better to be clear about what the institution can—and cannot—do and to address the impact on existing processes.
Tiering. Needs and priorities differ based on stakeholders and where pressures arise. Tiered communications tailored to those stakeholders, acknowledging their needs, is another aspect of effective communication. Also, ensuring continued engagement by all of the appropriate internal stakeholders throughout the journey will increase awareness and adoption.
Multi-channel delivery. During the pandemic era, financial institutions’ people and processes have become remote-capable. When teams are dispersed in remote and work-from-home locations, sometimes with flexible work schedules, communication becomes more challenging. This is further complicated by the fact that everyone has different preferences for communication. Some prefer text instead of email, for example, and most staff have become fatigued by frequent videoconference calls. Accommodating these differing communication preferences can be challenging. Compliance officers should apply flexibility and select communication methods that work well with remote staff and unconventional work schedules.
Financial institutions should take the time to understand the pressures on their compliance teams, define the sources of those pressures, take steps to help maintain their focus on compliance, and implement effective, regular communications. Those who openly discuss and address these issues will be in a strong position to mitigate stress, improve their staff productivity and loyalty, and, most importantly, keep their compliance programs robust.