Building a Culture of Compliance Differentiating the First Line of Defense Risk and compliance must be enforced by every member of the organization, but different people have different levels of responsibilities. If we look at the total defenses an organization puts up against compliance violations, we can divide the defense into three lines. So, what are the ‘three lines of defense’ when referring to compliance and risk management? The first line is typically management, the second line is an independent compliance or risk management team, and the third line is of course the internal audit. Dividing the defense into lines is important because it illuminates the different responsibilities that they have. Think of a garrison that is guarding a fort. The goal of everyone in the fort is to defend from external attacks, but the way they carry out this responsibility is different within each line. The soldiers here are the first line of defense and if an attack comes, they are the ones who deal with it. The second line of defense will be the troop leaders, who must ensure that the soldiers are positioned in a way that allows maximum visibility. The third line will be the government or state to which the soldiers belong, and they must ensure that the garrison has the resources and support they need to put up a good defense. When we look at banks and financial institutions, first line management staff are the primary owners for compliance risk, but they are not fully engaged in the process as it does not demonstrate a net improvement in their P&L. This arrangement clouds the priorities of the management team and increases the workload on the second line of defense, which comprises of dedicated risk and compliance professionals. Every organization wants their first line of defense to address as many compliance issues as possible, but without the way to demonstrate the importance in terms that may be reflected in an P&L, that may be difficult. Organizations need to understand that while the second line of defense is focused on compliance, the first line’s focus is elsewhere. Compliance is just one facet of their job role. Compliance is also complicated and requires a lot of focus and due diligence. When an employee has many job responsibilities, it is easy to see why one of the toughest ones to fulfill may not always be completed. How using technology can help you encourage the first line to "want" to be compliant Technology changes the game for the first line of defense. Technology solves the core problem which results in compliance not being enforced by the front line – inconvenience. But it also can solve the perceived notion that a technology compliance solution can in fact have a positive impact on the P&L. If compliance remains complicated to enforce, the first line will have to choose between due diligence and doing their job. Compliance management systems make compliance functions so convenient that this roadblock is completely removed. A Thompson Reuters report says that in 2018, 61% of firms are expecting an increase in their total compliance budget for the year. A significant portion of this budget increase is focused on implementing new technological solutions to support the first line of defense to safeguard their compliance and risk programs. The first line of defense is the most important in the compliance process as the goal is to ensure the compliance issues remain small. Giving managers technological options can assist them to make decisions that align with their valued goals. When managers see how solutions can be presented through technology, those decisions can have a positive impact on the outcomes being made. An organizational culture can provide options in a manner that can deliver better results. Bridging the gap between compliance and the first line of defense The disconnect between compliance and the first line team results in many compliance related issues. This disconnect happens when the goals of the first line and the compliance department are often not aligned. While they are both aligned with their organizational goals, their focus is on different things. The compliance department is trying to comb through as much information as possible to meticulously weed out any compliance violations or conflicts. Their performance is measured by how well they enforce compliance. The first lines performance is measured by how quickly they can gain clients and how quickly they can deliver services to customers. This different prioritization of job responsibilities leads to compliance violations. The first line is trying to perform at the highest efficiency possible. If they focus more on compliance, then their efficiency and thus the main metric which is used to measure their performance suffers. Thus, compliance violations become an emergent phenomenon in such organizations. Technology is a great way to bridge this gap between compliance and the first line team. Once a compliance management system is implemented the first line managers have a direct way of interacting with compliance requirements. Compliance is no longer something they must think about – it is a system that is performing right in front of them, and one they can interact. The speed of compliance improves so efficiently thanks to technology that the first line can enforce compliance without negatively affecting their own performance. The implementation of the system also allows organizations to create new KPIs. Performance can be tracked more comprehensively thanks to the system which keeps track of every action taken, and compliance related KPIs can be introduced. This allows organizations to align both the first lines needs and the organization’s compliance needs. Being considered a consultant in the first lines' eyes Compliance technology changes the relationship between the compliance professionals within the organization and first line managers. It allows compliance professionals to act as consultants who can help the front-line quickly eliminate compliance violations and understand compliance problems. If a front-line employee is confused about a topic, they can simply flag it in the compliance management system, and the relevant compliance professional will be automatically notified. First line employees can also freely interact with compliance professionals through the system. These systems also have the option of leaving notes and having discussions right within the system. Thus, whenever the first line managers need help, all they need is to access the system and start a discussion. Compliance systems also empower the second line and allows them the opportunity to act as consultants. Compliance and risk professionals are some of the busiest people in the organization. They don’t just have to ensure compliance is enforced, they also must manually maintain the compliance and risk framework. They must keep manual records, distribute records as needed, verify information, ensure everyone has the same version of a file, and have to seek information from hundreds of different spreadsheets and documents. Compliance technology automates these tasks by creating a digital compliance framework that maintains its own integrity. The menial administrative tasks are all automated. Compliance professionals thus have the time to do meaningful work that helps the organization. They are available to act as consultants because the administrative time has been removed from their routine. Looking Ahead Organizations need to ensure that their first line of defense has access to resources that help it eliminate compliance issues. This approach is the most efficient approach because it eliminates compliance conflicts before they even make it into the organization. If organizations want to improve their defenses against compliance conflicts they need to ensure that they provide the right systems and technologies to their employees. When you integrate a technology solution that encourages engagement from the front line, adds support to the second line, and ensures your meeting or exceeding compliance expectations from third line auditors, you are in fact building a culture of compliance within your workplace. CONTACT US Office Address: Contact: 1101 S. Capital of Texas Hwy Sales@360factors.com Building J, Suite 202 866-385-2341 Austin, TX 78746 www.360factors.com