Banks are stepping up action on compliance in wake of the global financial crisis
No banking or financial organisation likes surprises, particularly unpleasant ones. And while risk management and compliance professionals have always played a key role in the banking and finance industry, ever since the global financial crisis rocked markets worldwide, issues relating to risk and compliance have been increasingly under the spotlight.
To cope with issues such as money laundering, funding and liquidity, geopolitical risks, regulatory changes, and cyber-security, banks and financial organisations are ramping up their risk and compliance capabilities.
According to recruitment agencies and those familiar with the risk and compliance environment, in addition to bolstering internal strengths, banks and financial institutions are also buying new technology, outsourcing non-sensitive functions, and paying for independent reviews and training. HSBC’s recent earnings report said its spending on compliance had nearly doubled between 2010 and 2012, part of a strategy the bank refers to as its global standards campaign.
Philip Quinn, managing consultant for banking and finance at recruitment firm Kelly Services, has noticed that recent recruitment activities in the risk and compliance space has been robust, with high-volume hiring requirements from mainland banks.
He says that when recruiting, employers are looking for people with experience in the banking and finance sector. Of particular interest are professionals who have worked with regulatory bodies. “Expertise in regulatory compliance and strong comprehensive experience working with the regulatory bodies in Hong Kong is always required,” he says.
With more risk factors being built into regulation and compliance rules, Quinn says banks are grooming junior staff to provide a pipeline of future talent. They are also searching for senior talent who have the relationships and experience of dealing with the regulatory bodies.
Teresa Huang, managing director and head of legal, compliance and secretariat for Hong Kong and Mainland China at DBS Bank (Hong Kong), says the importance of risk and compliance management grows by the day. “Our legal and compliance, risk management, and technology and operations departments work closely together to ensure the end-to-end management of the various risks we face,” she says. These risks include legal, compliance, financial-crime and reputation risks.
Huang says the bank’s focus on risk and compliance is not only in response to higher expectations from regulators, customers and the bank itself, but also due to new risks arising from changes to the traditional banking model.
“While the shift from’ having customers come to the bank’ to ‘bringing banking to customers’ via the internet and mobile devices yields exciting new opportunities, it also creates room for risk, such as fraud,” says Huang.
She says data privacy, anti-money laundering and cyber-security are also areas requiring close attention. Equally important, Huang says, is customer and product suitability, and ensuring a correct sales process.
David Lynch, DBS Bank (Hong Kong) managing director and head of technology and operations, Hong Kong and Mainland China, says technology increasingly plays a key part in the DBS compliance, risk management and IT security framework.
“There are some brilliant innovations emerging in the areas of identity management, authentication and risk analytics,” says Lynch. “We are using technology to stay at the forefront of these trends to enhance security and customer convenience without compromising privacy,” he adds, noting that DBS also tests the use of new technologies to support compliance, risk and information security.
“While the full-scale adoption of such technologies often depends on wider industry and regulatory acceptance, there are a lot more solutions coming to the market,” says Lynch.
Cyber-security risk is a growing concern for most financial institutions, says Peter Koo, Deloitte national leader for security, privacy and resiliency for Greater China. “Although most of Hong Kong banks’ technology systems are safe from cyber-security attacks, they still rate the risk of cyber incidents as a priority,” says Koo.
He says since former US National Security Agency contractor-turned-Russian émigré Edward Snowden raised the allegation of possible monitoring of 75 per cent of Hong Kong IT systems, threats of cyber-security attacks have loomed again. He recommends that banks and financial institutions conduct regular “health checks” on their IT systems, whether internally or with the help of external expertise.
Also, as customers move from over-the-counter transactions to internet and smartphone transactions, he says education programmes are needed to remind them to guard their sensitive information, such as user authentication.
Often cited as the gold standard among risk and compliance professionals – and eagerly sought by banks – chartered financial analysts (CFAs) are equipped with the knowledge and skills to play a fundamental role in managing risk and regulatory compliance practices, says Paul Smith, CFA managing director for Asia-Pacific at the CFA Institute. “About 15 per cent of the programme focuses on risk and compliance,” says Smith, adding the CFA programme links theory and practice with real-world investment analysis and portfolio management skills, and emphasises the highest ethical and professional standards.
As new risk and compliance requirements are implemented by regulators, Smith says the CFA curriculum is tailored to reflect best practices. “There is an obligation for chartered holders to always do the best for their clients and bring attention to any bad practices or wrongdoing,” he says.
Meanwhile, as regulations continue to evolve Mark Enticott, managing director of talent recruitment firm Ambition Hong Kong, says risk and compliance is on the radar of every bank and financial organisation. “Risk and compliance is not an area where financial organisation can afford to get it wrong,” says Enticott, who expects risk and compliance recruitment to remain active for the foreseeable future.
For instance, Enticott observes that Hong Kong and mainland banks are recruiting risk and compliance professionals at a ratio of three to one compared with international banks. He says that although experienced risk and compliance experts are in big demand, employers prefer to hire within the industry.