In the fast changing world of bank regulation right now, Rachel Wolcott has picked up on a very important and topical debate with her article in the Financial Regulatory Forum, “Time to merge risk management and compliance?”. Indeed, non-compliance with the myriad of bank regulations is a significant risk for banks – both financial and reputational. I see this as ”regulatory risk” and it is closely associated, in my mind, with that other ”newer” risk called operational risk.
In my experience, I have seen banks with separate Risk and Compliance departments; banks merging the two; and banks merging and then de-coupling them! The separation has often been due to the rapidly growing (# of staff) and complex (# of regulations and reviews) nature of compliance that banks are stretched just to keep on top, without adding the upheaval of integrating compliance into their risk organization.
The bottom line, however, is that many of the risk silos that we see in banks – credit, market, operational , as well as compliance – have been built for organizational reasons and not logical or functional ones. The contagion effect in risk which we have all experienced over the last few years, (whether it is from market to credit or operational to regulatory), makes the oversight and governance of risk silos very difficult. An intrinsic or holistic view of bank risks in a truly integrated fashion that includes non-compliance with regulations, is the only true and water-tight second line of defense.
President & CEO