The importance of compliance in banking

Table of content

Table of content

List of figures

1 Introduction

2 Compliance
2.1 Conception of compliance
2.2 Corporate Governance
2.3 Compliance management
2.4 Aims of compliance management
2.5 Code of conduct

3 Characteristics of compliance risk
3.1 Compliancerisk
3.2 Governanceofrisk
3.3 Factors of non-compliance in banking
3.4 Preventingcompliancerisk

4 Conclusion

Bibliography

Internet sources

List of figures

Figure 1: Governance risk

1 Introduction

A regulation ensures that an organization is following the standards and the rules set for the industry. These rules are set by the government, corporations and the law. These reg­ulations contribute to maintain confidence in every sector and help to protect a financial dilemma. Corporations like banks or financial institutions have to provide a compliance regulation. Nevertheless, are they even necessary, and can they prevent certain, and un­certain risks?¹

This present paper is facing the importance of compliance in banking and explains how banks can prevent their firms from risk. The term paper is divided into two main parts. The first part includes a theoretical discussion of the term compliance and provides an introduction to the tasks of compliance management. It represents an explanation of the classification, the goals and the necessity of compliance. The second part reflects the compliance risk, and the question of how it can be prevented will be answered. In the end, there will be a summary with a conclusion of this term paper.

2 Compliance

2.1 Conception of compliance

The term compliance comes from the wording to comply with. Furthermore, it stands for observing laws, codes of conducts and regulations. This wording led to the responsibility in the management for compliance and its regulations. The observance of the compliance regulations should stop fraud and bring a positive and trustworthy reputation. Considering that there is not an established definition for the term compliance and its usage, some see compliance as a comprehensive and far-reaching responsibility of all employees of an institution.²

When considering or creating internal compliance regulations, the company must reflect the ethical and cultural background of the company. The rules are broader than the law and based on moral concepts. Those companies should act morally came into the discus­sion after the New York Times published an article by Milton Friedman. The Nobel prize winner in economics set a public statement in the article it said that the only business of business should be business. He was therefore of the opinion that companies should only focus on profit and that they should do so under the law, nothing else. This article led to corporate social responsibility, which expresses the responsibility to society, stakeholders and shareholders from a company. In the course of this, compliance and the idea arose that companies should adhere to moral rules that go further than the law.³

2.2 Corporate Governance

The German corporate governance code contains statutory regulations for the manage­ment and supervisory of German listed companies. It includes standards for ethical and responsible corporate management. Good corporate governance is intended to promote the trust of investors, customers, employees, management and supervisory board of com­panies. There two different perspectives of the code - the internal and the external. The interior view deals exclusively with the corporate body. The focus is mainly on their role competencies, modes of operations and their interactions. In Germany, the unique feature of dualistic corporate governance consisting of an executive board and a supervisory board. Relevant regulations are contained in the German stock corporation act (AktG).⁴

2.3 Compliance management

In conclusion, compliance is a crucial element of corporate governance codex. Regula­tions that are ascribed to the area of compliance can also be assigned to the area of cor­porate governance. They contribute to an improvement in the relationships between the management, the company and the stakeholders. In the financial sector, the supervisor authorities are included as stakeholders, which provides the need. In the view of the fact, that compliance and corporate governance cannot be distinguished, people started merg­ing the two terms into corporate compliance. The broad concept of compliance is being expanded to include a company-wide, integrative approach to the effective and efficient fulfilment of essential stakeholder requirement. Therefore, corporate compliance be­comes a prerequisite for sustainable, ethical and compliant corporate management.⁵

Many companies, especially financial institutions, have an entire department that mainly deals with compliance. This department is often called compliance management. The tasks of compliance management are divided into information, prevention, communication, correction and documentation. That equals that the most crucial function is the prevention of violations of the law.⁶ Wrong decisions and thus, related risks should be recognized early, and these should be eliminated as soon as they got noticed. These decisions brought up a so-called code of conduct. This code of conduct reflects rules which the company lives by and passes on to its employees.⁷

Employees in compliance management are responsible for the general conditions of com­pliance and the continuous update of it. They deal with new laws drafts and adjust the internal company guidelines accordingly. They communicate these new requirements to the company's employees in consultation with the management. At the same time, the employees of this department also have to check the existing rules and examine their necessity. Above all, they must check that they are formulated in a way that is under­standable and accessible to all. A further focus of compliance management is the constant monitoring of compliance with the rules. In order to minimize this task as much as pos­sible, training and education should be held regularly. It should be emphasized that this does not guarantee the proper act of the employees. A helpdesk should be available to answer upcoming questions and help employees within insecurities, to create a trustwor­thy environment for employees. Another part of compliance management deals with re­porting. Employees who are suspicious can report suspicious and risky behaviour of an­other employee anonymously. This behaviour ensures that violations can be prosecuted as effectively as possible. In addition, the company earns the trust of its employees, which results in a higher rate of employee commitment.⁸

2.4 Aims of compliance management

Violation of any legal principles can end up in high fees, and these are known to be very expensive, especially in the financial world. This results in the winning goal of compli­ance management are to save unnecessary costs by adhering to stricter rules than needed. These self-imposed rules can act as a buffer to the real legal limit.⁹ As an example, a lack of compliance rules in 2010 became very expensive for the car manufacturer Daimler. For years, Daimler donated a luxuriously armoured S-Class and luxury excursions to a senior official from Turkmenistan. These gifts were made not only to the official in Turk­menistan also to other officials from around the world. Thus, the Daimler influenced the officials. Daimler denied that they wanted to influence these officials. However, in2010 court in the United States ruled that this unintentional manipulation of the officials was not legal and thus demanded 185 million euros from the company. This unethical behav­iour could have been prevented by mature and ubiquitous compliance.¹⁰

To prevent these certain matters, many companies have a golden rule when it comes to accepting and giving gifts. This rule states that - as far as giving presents to potential or existing customers is concerned - a visit to a restaurant is perfectly acceptable, but the acceptance of any other gift, be it a small gift from the home country of the other party or a trip, cannot be made, and it must be strictly rejected. In this way, it can be checked that the legal requirements for gifts are not exceeded.¹¹

The aims of compliance can be distinguished in four different pillars. The first pillar de­scribes the protection of the company and its employees by avoiding conscious and un­conscious breaches of rules. Thus, defending against claims for damages, penalties or fines and damage of reputation. With quality assurance, the corporation can make sure it is providing customers with investment and the know-your-customer principle. The know-your customer principle ensures that a bank is only doing business with the cus­tomer they know, and which are verified. To gain the trust of a bank, the customer has to be checked. This check includes updating customer files, screening the customers, check­ing the balances and the transactions and due diligence checks.¹² This procedure is nec­essary to prevent money laundering and to prevent the conscious and unconscious misuse of data or information. The third pillar is the monitoring function. It describes the control of compliance with the law and international regulations. Another pillar declares the mar­keting it is preserving the reputation.¹³ A further goal is to maintain a good reputation and a higher shareholder value, also known as the value of the company. Social responsibility makes the company more attractive. Investors can assume that the company is acting honestly and that the return can be paid reliably.¹⁴ In addition, by observing the compli­ance measures, an increase in the commitment and loyalty of employees can be promoted, as they trust their company and can be proud of its honesty and transparency.^{15 16}

2.5 Code of conduct

„The core concept behind our Code of Conduct is that no one at JPMorgen Chase
should ever sacrifice his or her integrity, whetherfor apersonal gain orfor aperceived
benefit to the Company’s business. Harm to our reputation affects the entire Company
and is enduring. Anyperceived ethical transgression, no matter how isolated or minor, can damage our company. “}6

Jamie Dimon, Chairman & CEO of JP Morgan Chase & Co

The code of conduct isjust like Jamie Dimon, a concept for the whole company and every employee in it. It is intended to provide employees with guidance and prevent un­desirable actions. Employees are expected to behave responsibly, ethically correct and with integrity. This expectation also applies to third parties, such as business partners and suppliers. The law builds the scope with essential standards. A code of conduct is built of own ethical rules and values. Issues like bribery, discrimination, insider training and environmental issues are framed in it. It lays out the rules and standards for behav­iour. These rules should be followed by every employee and member of the company. Most important is that leaders should set a positive example through following it. The example of the leaders ensures that employees are more likely to follow the rules. How­ever, this does not guarantee the proper behaviour of employees. A good understanding is needed to follow these rules. Employees should undergo training which contains all the necessary rules of the code. Non-compliance could create legal issues or bad ru­mours, which can lead to a bad reputation.¹⁷

The code of conduct of JP Morgan Chase contains the leading phrase “it Begins with You”¹⁸. The highly known investment bank is asking its employees to think about every step they are doing in the bank. They want them to take responsibility to protect the information they receive. The code of conduct at JP Morgan Chase is divided into five different parts. First part is the personal account dealing, to prevent insider training. An employee is asked to disclose its trading account and provide a duplicate of transaction statements. They have to obtain pre-clearance prior to trading. Another pillar describes the rules about gifts and entertainment. Gift giving, receiving and entertainment to gov­ernment officials require prior approval from compliance in all cases. The outside activ­ities also obtain pre-clearance before specific outside activities. Furthermore, the em­ployees are asked not to serve as a director, officer or advisor for a competitor. They must not engage in a business that competes with JP Morgan. When dealing with clients from other locations, the employees of JP Morgan Chase have to understand the re­quirements in otherjurisdictions before dealing with them. The last part of the code of conduct describes the social media of employees. They are asked to use it wisely and not to put any information out there on the internet. Abide when using it for personal and or business purpose. They have to be aware of additions, role-specific restrictions.¹⁹

A well written and implemented code of conduct clarifies the values, the mission and the principles of a company. The code can become a benchmark against individual per­formance can be measured. Additionally, the code supports the employee in the every­day business and the normal decision-making process. Also, it can serve as a reference, helping employees to find documents and solving processes.²⁰

3 Characteristics of compliance risk

3.1 Compliance risk

The Basel Committee on banking supervision defines compliance risk as “the risk of legal or regulatory sanctions, financial loss, or loss to the reputation that a bank may suffer as a result of its failure to comply with all applicable laws, regulations, code of conduct and standards of good practice.”²¹

[...]

¹ See https://hbr.org/1994/03/managing-for-organizational-integrity, access 13/07/2020

² See https://hbr.org/1994/03/managing-for-organizational-integrity, access 13/07/2020

³ See Behriger, S., Compliance kompakt, 2015, p.34 seq

⁴ See http://www.corporate-governance-code.de/ger/kodex/in-dex.html, access 12/032020

⁵ See Menzies, C., corporate compliance, 2006, p.2.

⁶ See Reker, J, Reiß, H., Compliance im Mittelstand, 2011, p. 5 et seq.

⁷ See Behriger, S., Compliance kompakt, 2015, p. 363.

⁸ See Behriger, S., Compliance kompakt, 2015, p. 44

⁹ See Grüniger, S., Steinmeyer, R., Wieland, S., Compliance Management, 2020, p. 40-42.

¹⁰ See https://www.handelsblatt.com/unternehmen/beruf-und-buero/buero-special/compliance-die-groess- ten-skandale-in-deutschen-konzernen/6641352.html?ticket=ST-11091083-Y6JHgB6ayUZcqIm7czaY-ap5, access 04/07/2020.

¹¹ See Grüniger, S., Steinmeyer, R., Wieland, S., Compliance Management, 2020, p. 40-42.

¹² See https://www.ing.com/About-us/Compliance/KYC-and-anti-money-laundering-measuresNew.htm, access 28/07/2020

¹³ SeeLöeser, T., Compliance, 2005, p. 104-108.

¹⁴ See June, L., Corporate Compliance, 2010, p. 10.

¹⁵ See June, L., Corporate Compliance, 2010, p. 13.

¹⁶ https://www.jpmorgan.com/pdfdoc/jpmc/about/business_principles.pdf, access 17/03/2020

¹⁷ See https://www.investopedia.eom/terms/c/code-of-ethics.asp, access 18/07/2020

¹⁸ https://www.jpmorganchase.com/corporate/About-JPMC/document/code-of-conduct.pdf, access 18/07/2020

¹⁹ See https://www.jpmorganchase.com/corporate/About-JPMC/document/code-of-conduct.pdZ access 18/07/2020

²⁰ See https://www.ethics.org/resources/free-toolkit/code-of-conduct/, access 28/07/2020

²¹ https://www.bis.org/publ/bcbsl42.pdf access 18/07/2020