It's not surprising to most of us who have run banks in the past to see so many City institutions being fined and warned about breaches in money-laundering rules and inadequate anti-bribery and corruption risk assessments.
On the surface the regulations seem obvious and just an added step in the professionalisation of City working habits. Why wouldn't banks want clean and transparent business activities, free from the proceeds of crime and corrupt business practices?
But it is tough to change the culture and working habits of most financial institutions, especially when their leaders are playing catchup and gained no experience of how to operate under these regulatory practices in the early parts of their careers.
Most financial services firms are led by people who started work in a much less-regulated environment and therefore don't always understand the environment on the shop floor today. The Financial Services Authority was only created in 2000 and prior to that we had a lot more self-regulation. An executive in their mid-40s was probably just beginning their career when the UK began introducing anti-money-laundering legislation in the early 1990s.
Because success in their early days required less paperwork and fewer checks and controls, they often have a difficult time empathising with staff – or fully comprehending how much responsibility is now on their shoulders. Bankers who are in charge of client relationships are expected to understand a plethora of products and services, be expert in sensing dodgy clients, and be near legally precise record-keepers. Oh, and they are often expected to operate a profit centre as well, making money for the firm and racking up hefty bonuses for themselves at the same time.
In the boardroom and on executive committees, senior management has seen the cost of oversight in meeting regulatory costs skyrocket. And in that period, once sleepy compliance departments have gone from small teams to large operating divisions with chief risk officers sitting on the top management committees and direct access to non-executive directors. Audit committees have moved from annual external audit oversight to more thorough overall risk committees and in some banks they have risk committees that now operate independently of the audit committee.
