From early box tickers to financial crime fighters, compliance officers have evolved in becoming essential “gatekeepers” for financial institutions. They make sure that the organization complies with all its outside regulatory requirements and internal policies while mitigating its risk in breaking laws and regulations. The designated officer is assigned to keep the institution’s reputation safe in full compliance with the highest professional standards applicable. The role has often been compared to an internal “police force” whose purpose is to deter and fight against all possible wrongdoings and malpractices that could potentially arise from the business line.
So, why has personal liability of compliance officers become an occupational risk?
The once villain fighter has turned to be the villain themselves. The industry trend has seen compliance officers at financial institutions personally liable and at a greater personal risk than in the past, resulting in monetary penalties and criminal prosecutions by regulatory and enforcement agencies.
Ultimately, regulators were put under severe criticism for not having been able to hold responsible key executives for all failings of the financial crisis. The lack of meaningful enforcement actions against senior individuals shifted the nature of supervisory responsibilities to personal liability. That said, compliance officers gradually became the target of “witch hunts,” in which some ended up “burned alive” at the stake for all noncompliant obligations and wrongdoings. Some of these cases include:
- Thomas Haider—In November 2012, MoneyGram International Inc., a global money services business, agreed to forfeit $100 million and enter into a deferred prosecution agreement with the U.S. Department of Justice for failing to maintain an effective anti-money laundering (AML) program, which violated the Bank Secrecy Act (BSA). As a result of the violation, the Financial Crimes Enforcement Network fined Haider, former chief compliance officer, $1 million for allegedly not ensuring his former employer followed AML laws.
- Hany Lotfy Awwad Abdelwahab—The Dubai Financial Services Authority (DFSA) imposed a fine of $45,000 (AED$165,150) and a ban of three years on Abdelwahab for misleading the regulator with false and deceptive information, and for obstructing the DFSA by failing to comply with DFSA investigative notices
- Hung Lai Ping—In Asia, the Securities and Futures Commission of Hong Kong reprimanded Ping, a former responsible officer of Delta Asia Securities Ltd (Delta Asia), and fined her $150,000 for managerial and supervisory failures.
Compliance officers are more vulnerable than ever in their day-to-day operations as the personal liability issue continues to exist. As compliance officers are held accountable for individual and organizational wrongdoings more frequently, they are becoming more worried about managing their own personal risk than their job. While they have to manage the overall risk of their organization on one hand, they have to watch their back on the other.
Consequently, competent and talented professionals are moving their way out of the industry. Many professionals are disabused despite years of frenetic recruitment activity with rising salaries in the compliance market. They are tired of prolonged tensions with the front office and top management, which often sees them as an overhead rather than a function to help mitigate risk. This can subsequently affect their self-esteem and lead to chronic feelings of desperation.
According to the Thomson Reuters 2015 Annual Cost of Compliance Survey, 59 percent of compliance officers expected personal liability to increase overtime. Greater liability is expected to have an impact on resources. In addition, “two-thirds (67 percent) of respondents to the Thomson Reuters personal liability survey reported that the focus on accountability will have an impact on the ability to recruit and retain skilled senior staff.”1 For example, some top-level positions are difficult to fill as most think that no paycheck could match the risk of going to “jail.”
It is important that regulators handle the question of personal liability with more attention. Although it is natural to hold senior individuals accountable for breaking the law, nobody wants to see the good guys leave as an act of exhaustion and take with them all their knowledge and skills. Perhaps regulators should push the board of directors and senior management to emphasize a stronger culture of compliance across all three lines of defense, which would catalyze a better level of AML engagement. This would foster a better collaboration and prevent compliance professionals from individual accountability and from asking the question of whether it is worth their personal reputation to remain with the organization.
What can compliance officers do to protect themselves against personal liability?
Some professionals are seeking lawyers, asking for more protection in their employee contracts and requesting banks to pay for liability insurance coverage in this daunting exercise of assessing business risk appetite against their own. Before getting into a legal battle field, there might be other alternatives to consider such as having good communication with regulators, understanding all relevant regulatory changes, keeping records of all documents exchanged and understanding their business organization. Compliance officers also need to substantiate their decisions and have a clear picture of their responsibilities to avoid negative legal exposure. Another option is to hire skilled consultants to support them in keeping up-to-date with regulatory knowledge and regulatory obligation awareness.
Where is the right balance?
On December 1, 2015, New York Governor Andrew M. Cuomo announced that the New York State Department of Financial Services proposed anti-terrorism and AML regulations that impose increased compliance requirements and more significantly, hugely stretched personal liability for senior compliance officers. The proposed rule would require an annual certification by the chief compliance officer, or functional equivalent, of the covered institutions. An additional rule increasing criminal liability for AML/BSA officers is certainly not what professionals were expecting.
After the recent terrorist attacks in Brussels, Paris and the San Bernardino shootings, the world has been anxious and on alert mode, expecting higher global enforcement actions against terrorist financing and money laundering. Financial institution compliance officers are feeling the pressure in the fight against terrorist organizations (i.e., the Islamic State of Iraq and the Levant) and are answering the call by reporting suspicious activities to the authorities.
The question is, “Where is the right balance?” Should we prosecute the fighters of financial crime or should we empower them more, so that they can keep doing their jobs without feeling vulnerable?
Both regulators and compliance officers need to work harder to achieve the right balance in this current environment. Regulators may want to handle the issue of personal liability with a less radical approach while disseminating a stronger culture of compliance; whereas compliance professionals may want to apply better methods in managing their individual accountability risk in order to avoid any regulatory disturbance.
- “Thomson Reuters Personal Liability Report Shows Increased Pressure on Companies’ Compliance Officers,” Corporate Compliance Insights, November 10, 2015, http://corporatecomplianceinsights.com/thomson-reuters-personal-liability-report-shows-increased-pressure-on-companies-compliance-officers/