Compliance officers are a much more collaborative group of professionals than lawyers.  Compliance officers share information with colleagues about compliance experiences, best practices and strategies.  The compliance industry benefits from this sharing of information.

On occasion, however, this sharing of a company’s performance in one area can lead to unfair judgments by a recipient of the information.  For example, one company may conduct an in-depth due diligence on every third party, while another may target due diligence reviews based on risk ranking and exclude some candidates from an in-depth due diligence and conduct a basic level due diligence on lower risk candidates.  Compliance officers who share information have to be careful to distinguish between their respective companies’ risk profiles and not use such a comparison as a means to judge their performance.

On the other hand, there are some basic requirements where such a comparison is warranted.  A board of directors should receive compliance training every year – no ifs, ands or buts.  If one company conducts such training, the other company should be doing so.  To take an even more basic example, every company has to have a code of conduct – and if a company does not, they should remedy that omission.

The same analysis applies to surveys.  A recent survey of financial institutions conducted by Alix Partners on AML and Sanctions compliance (here) contains informative results that support some of my general concerns about ethics and compliance programs – board members do not receive adequate training and compliance officers are continuing to struggle with lack of adequate resources.

The key findings from a global survey of a variety of financial institutions found that:

• 20 percent of the respondents do not train their boards on AML and sanctions compliance;
• 54 percent of the respondents identify automated transaction monitoring and filtering programs as their top priority investment;
• 55 percent of the respondents identify sanctions screening as a top priority investment;
• 8 percent of the respondents do not have a formal AML or sanctions compliance program;
• 32 percent of the respondents consider their AML and sanctions compliance program budget inadequate or severely inadequate;
• 35 percent of the respondents do not conduct annual independent reviews of their AML and sanctions compliance program.

Considering that financial institutions are heavily-regulated and face significant risks, these results are surprising and raise serious concerns about the industry’ commitment to compliance.

The failure to train a board on compliance is inexplicable and sends the wrong message to managers and employees in a company that does not conduct training for its board.  While I know that board members are busy there is no excuse and CCOs have to push this issue when reporting to the board.  Very few boards are familiar with strategies and practices for conducting oversight and monitoring a compliance program.  A CCO needs to explain to the board the legal and code risks, mitigation strategies, and how the board should conduct oversight and monitoring of the company’s compliance program.

Despite claims that companies are committed to their compliance program, the failure to allocate adequate resources is a continuing trend in the financial industry and will eventually become the focus of enforcement and regulatory actions.  It is surprising to say the least that one-third of the respondents noted that they operate compliance with inadequate or severely inadequate resources.