Published by Journal of Risk Finance, The Michael Mainelli Column, Volume 6, Number 3, Emerald Group Publishing Limited, pages 280-284.
It had to happen; now we have the definitive UK corporate governance textbook: Corporate Governance by Dr Kathryn Vagneur. And it’s good. Dr Vagneur not only lays out the essentials of governance, she also includes challenging true/false, multiple choice, in-depth and case study questions. Hers is a significant work and a good starting point for people interested in the history and current state of corporate governance. She points out that societal demands for corporate governance, and we all know exactly (sic) what that means, have led to numerous different forms in the USA, UK, France and Germany all exactly (sic) meeting each society’s needs perfectly.
Naturally, we find different forms for governance within these countries for listed firms, large private firms and smaller firms, let alone government entities or non-governmental organisations (NGOs). We really don’t know what we want in each country, before considering imposing standardised international structures. Further, she highlights one of the great contradictions of most organisations – why is the finance director (or CFO) both responsible for the reporting of performance and the delivery of a large element of performance, i.e. financial efficiency? This contradiction vexes one of the key elements of good governance, compliance – proving that you’re doing what you say you’re doing.
One could almost caricature two contradictory finance directors – one, the MBA-trained aggressive financial engineer full of off-balance sheet vehicles, sale & leaseback schemes and highly-geared derivative strategies; the other, a stereotypically dull numbers person insistent on chasing down the final penny and presenting an accurate report of the exact state of today’s affairs regardless of any political discomfort. In today’s typical board, most finance directors are expected to mix parts of both, with attendant conflict and tension about how far they have swung to one extreme or the other. This tension was touched upon in an earlier paper [Mainelli, 1999] that postulated the need to separate the ‘compliance’ functions of the finance director from the ‘operational’ functions. Perhaps compliance has grown so large that finance directors need to be replaced by a “Compliance Director” and a “Financial Engineering Director”.
Governance is not compliance, and compliance is not just about regulation, but the Centre for the Study of Financial Innovation’s annual “Banana Skins” [CSFI, 2005] survey shows that the top risk for banks is “too much regulation”, up from sixth out of 30 in 2003. From a City of London perspective the burden of regulation and quasi-regulation is increasing:
Historically, compliance has been seen as an overhead or ‘cost of doing business’. But today the costs are significant. The top 1,000 US corporations spend an average of $5.1 million on just Sarbanes-Oxley compliance according to Korn/Ferry. Financial institutions with exemplary compliance functions improve capital efficiency and reduce compliance costs resulting in competitive advantage; poor compliance functions consume staff, investment and capital. What should we make of these quotes?
“Up to 15% of support staff at Dresdner Kleinwort Wasserstein are working on compliance projects or financial regulations, Stephen Ashton, director of global IT business management at the investment bank, revealed last week.” [Computer Weekly, 1 February 2005]
“Regulatory controls take up a sizeable proportion of spend. Basel 2 and Sarbanes-Oxley compliance is chewing up 40% of investment spend.” Kevin Lloyd, Barclays CTO [Computer Weekly, 15 June 2004]
Both quotations resonate with people in the financial services industry. The numbers, 15% of support staff and 40% of IT investment, are not questioned. While the numbers are probably unscientific, their casual acceptance in conversations indicates the depth of accord with the sentiment implied – compliance is inflating out of control. One internal approach for large organisations is to institute enterprise risk/reward management systems [Mainelli, 2003]. However, this is no longer enough; large financial organisations have to change their external environment. Financial institutions have two obvious avenues to fight back at over-regulation – manage compliance and automate compliance. Too little has been done on both fronts.
You can’t manage what you don’t measure. Few financial institutions have any idea of the actual costs of compliance. Sure, measuring compliance is not straightforward. Large banks have a variety of different compliance units and compliance structures. Compliance can report to a global head or be combined with other functions or allocated to product lines. Much compliance is intertwined with normal procedures, e.g. Know-Your-Client requirements are wrapped up in account opening processes. An organisation that seems to spend little on ostensible compliance may be superb in compliance due to smoothly functioning systems. An organisation that spends an enormous amount on compliance may be ineffectual. Historic investments in compliance systems may lead to lower compliance costs today. Under-investment can lead to large apparent expenditure that is simple inefficiency. But just because measurement isn’t straightforward is no reason to evade it.
Global benchmarking of Comparative Compliance Costs could work towards measures such as:
Most industries faced with spiralling costs in an area that is essentially paperwork would ‘try and automate the problem away’. Financial services institutions have long resisted approaches that imply they could learn a lot from ‘sausage factories’ [Mainelli, 2002; 6 – Mainelli, 2004]. However, new approaches may permit large amounts of compliance to be automated. At heart, compliance is investigating anomalies in order to understand them or to flag them upwards in the governance structure.
Where these anomalies are contained within automated transaction systems, they can be investigated using statistical techniques embedded in as Dynamic Anomaly and Pattern Response systems [7 - Mainelli, 2004]. Automated systems can flag anomalies or exceptions upwards to humans in the governance structure. Financial institutions of the future cannot afford to have large numbers of staff ineptly and inconsistently looking for inconsistencies in thousands of transactions. Automated systems can help to flag regulatory submissions that are ‘out of line’, trades that are likely to require manual intervention, or transactions with unusual amounts or fees. Some institutions will succeed in automating the bulk of compliance tasks and this automation will give them a competitive edge.
According to Dr Vagneur, governance is:
“the act, manner or functioning of the rules, guidance and controls which determine a course of actions through an intended or emergent system of processes.”
For too long financial institutions, supposedly exemplars of probity, have relied on emergent systems of processes, i.e. reacting to past events rather than designing forward control systems. Due to a groundswell of disappointment flowing from bad financial surprises, society has applied the blunt tools of law and regulation to financial institutions in order to impose norms from outside. The last column [Mainelli, 2005] showed that one front in this battle might be promoting voluntary or market-based operational risk standards, such as ISO 9000 or fiduciary ratings, that provide greater flexibility than regulation. If financial institutions want to take control of their destiny, they must begin to recognise that competing on the efficiency and effectiveness of compliance will be, whether they like it or not, as exciting a battleground as the forex markets or the retail mortgage markets.
The financial institution of the future, for a host of reasons, will be one that can demonstrate corporate governance, detect anomalies in transactions in real-time and prove to regulators that it is well run. Further, the automation of compliance reinforces the confidence of regulators in the compliance function. While customer service, product innovation and clever ways of using capital will always be important, the boring part of the finance director’s role, compliance, may be the new battleground. On balance, it is more likely that the field will be lost by ‘compliance’ rather than won. However, for financial institutions, perhaps a main-board director needs to be dedicated to the compliance battleground full-time. In the future, success-proofing may be proving that you comply.
I would like to thank Dr Kathryn Vagneur for the advance manuscript that inspired this column and Freddie McMahon for being the ‘grit’ that forced this paper forth.
Michael Mainelli, PhD FCCA FCMC MBCS CITP MSI, originally did aerospace and computing research followed by seven years as a partner in a large international accountancy practice before a spell as Corporate Development Director of Europe’s largest R&D organisation, the UK’s Defence Evaluation and Research Agency, and becoming a director of Z/Yen (Michael_Mainelli@zyen.com). Michael was awarded IT Director of the Year 2004/2005 by the British Computer Society for his achievements in DAPR systems. Z/Yen won a DTI Smart award for its DAPR products PropheZy and VizZy.
Michael’s humorous risk/reward management novel, “Clean Business Cuisine: Now and Z/Yen”, written with Ian Harris, was published in 2000; it was a Sunday Times Book of the Week; Accountancy Age described it as “surprisingly funny considering it is written by a couple of accountants”.
Z/Yen Limited is a risk/reward management firm helping organisations make better choices. Z/Yen undertakes strategy, finance, systems, marketing and intelligence projects in a wide variety of fields (www.zyen.com), such as developing an award-winning risk/reward prediction engine, helping a global charity win a good governance award or benchmarking transaction costs across global investment banks.
Z/Yen Limited, 5-7 St Helen’s Place, London EC3A 6AU, United Kingdom; tel: +44 (0) 20-7562-9562.
[An edited version of this article first appeared as "Competitive Compliance: Manage and Automate, or Die", The Journal of Risk Finance, The Michael Mainelli Column, Volume 6, Number 3, Emerald Group Publishing Limited (June 2005) pages 280-284.]