The past decade has brought a compliance boom in banking

Date: 30-04-2019
Source: The Economist

Staff trying to keep banks on the right side of regulators are in high demand

COMPLIANCE OFFICERS are the killjoys of finance. To bankers and traders keen to let rip, they are the po-faced types who, while generating no revenue themselves, frown at any transaction that might breach this rule or contravene that regulation. A recent episode of “Billions”, a television drama about Wall Street, captured the rainmakers’ frustration: so fed up is “Dollar” Bill Stern with having his wings clipped by Ari Spyros that the veteran trader rams the side of the compliance chief’s Porsche (pictured above) when he pulls out of the car park of their hedge fund, Axe Capital.

But pity not finance’s in-house policemen, for they have had a golden decade since the crisis. While swathes of banking has laboured under cutbacks and stiff capital requirements, compliance departments’ headcount and clout have grown. Banks clobbered by fines for aiding corruption, money-laundering and sanctions-busting have beefed up their compliance, risk, legal and internal-audit teams. Compliance officers will never be the rock stars of finance, but they have moved from drums to rhythm guitar. And though some banks hint at having reached “Peak Compliance”, staffing and investment are likely to remain well above pre-crisis levels.

Combating financial crime is central to the compliance effort. Enforcement has been ratcheted up since America passed the Patriot Act, which targeted money flowing to terrorists and other bad actors, after the September 11th attacks. Regulators have fined financial firms at least $28.4bn for money-laundering and sanctions violations since 2008; BNP Paribas alone coughed up $8.9bn for sanctions shenanigans. Aiding tax evaders has cost banks at least another $9.5bn. There is more to come: Scandinavian banks embroiled in scandals involving laundered Russian money, including Danske Bank and Swedbank, are bracing for penalties.

Corrupt money is only part of the picture. Compliance is about keeping on top of a plethora of regulations, covering everything from capital and corporate governance to disclosure and diversity. Compliance teams even have to fret about diversions like “office pools”—sweepstakes on sports events—in case they fall foul of gambling laws. Thomson Reuters, which tracks regulatory alerts, reckons that 56,321 were issued by 900 bodies in 2017. “You have to build an industrial-scale operation just to digest all the regulatory changes,” says Colin Bell, HSBC’s chief compliance officer (CCO).

Keen to show that compliance is a priority, banks highlight it much more in filings than they used to. They seem to have backed up talk with action—though its extent is hard to gauge because disclosure is patchy and banks define compliance and related functions in varying ways. Disclosures, such as they are, suggest that it accounts for 10% or more of the workforce at large banks these days, up from perhaps half that in the mid-2000s.

At the end of 2018, some 30,000 (or 15%) of the 204,000 employees of Citi, an American bank, worked in compliance, risk and other control functions—enough to fill more than two-thirds of the seats at Citi Field, the New York Mets’ baseball stadium. At the end of 2008 it was just over 4% of employees. JPMorgan Chase could just about fill it with the 43,000 it claims to employ in “fortress controls” (a category that is probably broader).

HSBC, which was fined $1.9bn in 2012 for banking Mexican drug money and other lapses, has around 5,000 employees in anti-money-laundering (AML) compliance. Standard Chartered, which has coughed up $1.8bn for breaches of sanctions, has 3,500. Both banks spend $500m a year on AML alone—for Standard Chartered, the equivalent of a fifth of its pre-tax profit for 2018. British banks’ annual AML spend is £5bn ($6.5bn), according to the Financial Conduct Authority.

Since BNP Paribas was hit with its mega-fine in 2014, it has nearly doubled headcount in compliance and other control functions, to almost 13,000. Growing demand for AML sleuths has been a boon for those who certify them, too. The Association of Certified Anti-Money-Laundering Specialists, based in Miami, has seen worldwide membership grow from 5,600 to 70,000 since 2007.

Banks caught up in dirty-money scandals are not only rushing to hire, but keen to advertise the fact in order to calm market nerves. Danske Bank has said it will hire 600 new compliance staff this year; it has already quadrupled the number since 2015, to 1,200. ABN Amro, which is under scrutiny because an operation that it used to own may have been connected with the Troika Laundromat, a Russian money-washing scheme, has disclosed details of its investment in AML (including a tripling of staff engaged in “client due diligence”). Banks are also throwing money at staff training—and policing it more assiduously. Gone are the days when traders could get interns to take their computer-based compliance tests for them while they popped out for a pint. Such ruses are now a sacking offence.

Compliance is gaining not just investment, but clout. In the past it was often buried in the legal or risk department, and compliance chiefs reported to chief risk officers or general counsels. Now they are more likely to have a direct line to the top: for instance, HSBC’s Mr Bell reports directly to the chief executive and attends meetings of the board’s risk committee. The CCO’s role now involves much more than ensuring the firm is within the law: liaising with the boss and the board, ensuring investors and regulators have the information they need, and helping shape the bank’s risk culture. “It has become a much more influential position,” says Mark Jackson of Heidrick & Struggles, a recruitment firm.

After the financial crisis, the market for compliance jobs became one of the hottest in finance. CCOs earn nothing like banks’ rainmakers, but the best-paid can expect basic annual salaries of over $1m. (Compliance also weighs heavily in pay for top dogs: at HSBC, “risk and compliance” is the biggest component the board considers when assessing the CEO, weighted at 25%. Profit counts for 20% and revenue growth 10%.)

Consequently, compliance is attracting more big names than it used to. Jennifer Calvery, HSBC’s head of financial-crime threat mitigation, was previously head of FinCEN, America’s AML regulator, a role that strikes fear into bankers’ hearts the world over. Recruiters say talented lawyers who would previously have shunned compliance roles are now more interested.

So too are banks’ profit generators. In recent years BNP Paribas has encouraged employees to move between the business side and compliance to “disseminate the compliance and conduct culture”, says Nathalie Hartmann, its compliance chief—and previously head of portfolio management. Under BNP’s post-fine compliance framework, “conduct and control officers” wander trading floors and sales desks, spotting wayward behaviour earlier than would previously have been possible.

Banks such as BNP and HSBC, which are now several years into compliance-boosting efforts, have entered a “stabilisation” phase, says a consultant. Having started by throwing people at the problem, they are now seeking to increase efficiency and lower costs. Some, including UBS, have even suggested it may be time to pare back after the boom. Spending on compliance at HSBC peaked in 2017, says Mr Bell. “As in any cycle of transformation, there is a settling-in phase, when you can, for instance, do without some of those who did the initial training or initiated technology projects that are now up and running.”

Some financial firms, particularly small ones, are outsourcing compliance functions or specific projects. Compliance Risk Concepts, an American firm that takes on such work, has seen demand for its services grow by over 30% a year, says Mitch Avnet, its managing partner. And in America, which strengthened controls earlier than Europe did, the market for jobs in compliance has eased a bit. Jack Kelly of Compliance Search Group, a recruiter, attributes this partly to regulatory forbearance: not so much actual deregulation (the Trump administration has cut less red tape than promised) as “winks and nods” from regulators to signal they will enforce rules less stringently. John Gilmore of BarkerGilmore, another recruiter, says that while the market remains strong, “we’re no longer seeing amazing bidding wars for well-qualified compliance officers where there would be two other offers on the table and you couldn’t be sure the guy would start until he actually walked through the door.”

Now, the biggest question for bank controllers is how many humans they can replace with bots without compromising compliance. HSBC is looking at the possibility of using big data to assign a financial-crime-risk score to each customer. Banks are partnering with some of the hundreds of “regtechs” that have sprouted in recent years: startups with names like Regbot and Arachnys that tout cutting-edge compliance solutions. According to HTF, a market-research firm, global regtech market revenue was $1.4bn in 2018 and is forecast to reach $6.4bn by 2025.

The most mature part is AML screening, which is dominated by bigger firms such as Refinitiv and Dow Jones that help banks and companies vet clients and potential trading partners for money-laundering, sanctions and terrorist-finance risks. It continues to grow at quite a clip: sales increased 18% in 2018, reckons Burton-Taylor, another research firm. Some big hitters are backing the robot revolution. “Over time, AI will dramatically improve [AML processes] as well as other complex compliance requirements,” wrote Jamie Dimon, the chief executive of JPMorgan Chase, in his latest letter to shareholders.

For now, though, many banks struggle to choose between the myriad products hustling for attention, says Stacey English of Thomson Reuters. “AI carries risks we don’t understand,” says a large bank’s compliance chief. Regulators will need convincing, too. In December a group of American regulators issued a statement urging banks to use “innovative approaches”, including AI, to enhance money-laundering compliance. But banks remain nervous that regulators will penalise banks if techno-experiments fail.

The idea of compliance algorithms replacing warm-blooded sleuths is fanciful, say experts. Sujata Dasgupta, the head of financial-crimes compliance at Tata Consultancy Services, sees compliance staff moving into “higher-quality investigations”, with bots used for “more rule-based, repetitive screening tasks”.

Moreover, bankers expect no let-up in either financial-crime enforcement or new regulation. America’s increased use of sanctions as a foreign-policy tool under Donald Trump means banks must be more vigilant than ever. Demand is growing for people who can help banks negotiate new data-protection and privacy rules, such as the EU’s GDPR. Tougher enforcement is increasing compliance risks, too. Britain, for instance, has increased personal liability for senior executives at financial firms caught behaving badly.

Also rewarding more vigorous compliance efforts is the growing tendency of regulators, including America’s Department of Justice, to offer big reductions in penalties to firms that self-report violations in financial-crime and corruption cases. Hardly surprising, then, that a global study of risk and compliance officers at 800 financial firms in 2018 found that 43% expected their team to grow over the next 12 months, with only 5% expecting a reduction. If the Russian laundromat scandal claims more victims, another hiring spree may be around the corner.

A picture of Eliot Spitzer hangs on a wall at Mr Kelly’s compliance-recruitment firm. As New York’s attorney-general from 1999 to 2006, Mr Spitzer was a scourge of Wall Street, tilting at banks for various alleged transgressions and sparking an earlier compliance hiring spree. “He’s one of my heroes,” chuckles Mr Kelly, “and scandals are my friend.”