Today, with increased fines and regulatory pressures, financial institutions are taking additional precautionary steps to identify all suspicious activity. As a result, suspicious transaction reports (SARs) filed with the Financial Crimes Enforcement Network (FinCEN) have dramatically increased over the last seven years.
In order to deal with the growth in alerts from the transaction monitoring system as well as internal employee referrals, compliance managers are making requests for an additional headcount to address the increase in case volume. While additional staff may address case requirements, perhaps it is more important than ever to evaluate if a successful compliance program is being run.
How does one measure success?
To date, compliance program success has typically been measured by the number of alerts, referrals and investigations completed. While important, these metrics do not provide the leadership team the answer to a very basic question: is the compliance department appropriately managing risk in a cost-effective manner?
The following are key metrics to evaluate:
Investigations: The cost and time it takes to complete each case (system-generated alerts, employee referrals and investigations).
To maximize investigations output, begin breaking down and understanding each part of the investigation with the intent of developing specialists, which will optimize case processing. As a result, more informed hiring decisions can be made. Instead of hiring generalist investigators, shift the organization to hire and train people to become specialists at performing each required task.
Finally, know how much money each investigation costs the institution. An effective compliance leader will be able to clearly demonstrate to its leadership team that the cost to complete each case lowers over time.
Technology: Is the technology proportional to the organization’s needs?
Large financial institutions need a sophisticated case management system, but this is not always a shrewd investment for smaller institutions, including many financial technology (fintech) companies. Before any company moves forward to build or buy a case management system, they must calculate the return on investment (ROI) the system will bring them. What are the time savings vs. the cost of the case management system? Be scrappy—come up with a creative solution to address this if possible.
One of the most critical components of a robust compliance program is a transaction monitoring system. It needs to be fine-tuned and monitored. Are the expected results being achieved? Are the right rules in place? Is the investigations team focusing on the right risks for the business? Are machine-learning models being incorporated?
Training: What is the cost of a robust and ongoing program?
A shortcut many financial institutions take is to provide their employees with outdated and generic training. As every financial institution faces unique risks, it is best to customize training. Consider implementing at least one 30-minute training session per month with the latest guidance for internal staff. In the longer term, this is much more cost-effective and important to highlight to a regulator. A strong training program is a pillar to a successful compliance program.
Business Support: How does the compliance team support the commercial counterparts?
Support for the commercial team should not be limited to annual compliance training. Were flash briefings provided when risks or regulations changed? How can new products or potential-entry markets be creatively supported? Better yet, have new opportunities been proactively researched for the commercial team?
Risk can be effectively managed while remaining a business enabler. As a compliance officer, it is easy to say “no” when evaluating new products and services; however, take the challenge to find a creative solution to help move the business forward.
It is important to highlight to the leadership team that risk is being appropriately managed in a cost-effective manner. Consider incorporating the key metrics outlined above into regular reporting. Redefine the role of compliance officer to a business enabler who protects the company. Compliance officers will then be seen as respected and crucial leaders in the organization.