Banks Don’t Break Laws, Individuals Do!
Regulators are increasing their focus on individual accountability. No bank employees are free from scrutiny, including risk and compliance professionals.
15 June 2016
Banks don’t break laws, individuals do! With this mindset, regulators around the world are increasing their focus on individual accountability. Prime examples are the United Kingdom’s “Improving Individual Accountability” initiative and the US Department of Justice’s refusal to grant cooperation credit to firms that fail to completely disclose all relevant facts about individual misconduct.
Evidencing the decision-making process can be challenging. If you’ve ever performed incident management or root cause analysis, you know assigning individual accountability can be daunting and is seldom easy. All too often roles, responsibilities and procedures are not clearly documented or acknowledged. Accurate records of “who did what and when” are often left to memory, which tends to fade fast.
No bank employees are free from scrutiny, including risk and compliance professionals. In fact, one chief compliance officer was personally fined $1M for failing to have an effective anti-money-laundering program. There are many other examples of lesser fines, as well as job loss.
Do your risk and compliance programs provide evidence of the decision-making process to prevent, detect and respond to compliance violations?
A few proactive steps can help protect both you and your firm. Consider whether your current program can effectively evidence the following information related to the decision-making process involving a regulatory issue:
- Parties involved including timeline and contributions
- Related documents and files including recipients, versions and timing
- Records of related inquiries and responses
Enterprise document management systems can be used to capture and secure all this information; however, not all are created equal. Many, such as Microsoft SharePoint®, were designed for internal users and do not have the metadata sophistication to capture all the information you’ll want to store. Others, like Box® and Dropbox®, were built as consumer-grade applications and may not meet bank-grade information security standards. Key attributes to look for in an enterprise document management system include:
- Information Security that provides encryption of data at rest, in motion and while sharing with external parties
- Operational Controls that include granular access levels with supporting metadata
- Versatility to support geographically dispersed users and diversity of file types and sizes
Keep these three criteria in mind as you evaluate your risk and compliance programs and you’ll be better positioned to protect your firm and yourself in regard to individual accountability. Interested in learning more about how Intralinks can help? Visit our business solution for Regulatory Risk Management.