Library of Compliance
06 February 2023
While the banking sector increasingly pursues futuristic platforms and business models that matches customer experience to digital enablement, much of the work to support this momentum is happening behind the scenes in compliance libraries.
These libraries, which contain thousands of regulatory requirements, are not the most glamourous expression of digital banking, but they are the bedrock on which the institutions will have to rely to have any chance of becoming Bank of the Future.
The banks once built their own compliance libraries to manage risk in their products and operations, but the trend is now for legal advisers such as Ashurst to build them.
Our version, which we share with retail banking clients, is called the Compliance Obligation Register (COR). It was never a replacement for the banks’ internal libraries, but more a way of the firm staying ahead of regulatory and legislative obligations that the banking sector has to deal with.
Our COR is constructed on an Excel spreadsheet, and it also operates as a platform and can be exported as a csv file. It is broken down into the thematic headings that affect a retail bank and maps a compliance process with the specific obligations slotted into the map. This allows a bank to use it with their own GRC system and measure their risk performance against benchmarks.
The COR allows for a ‘risk’ view of banking operations and it has a future-looking outlook that we call ‘risk tomorrow’ – this includes material risk such as penalties and criminal sanctions, regulatory impact on a class of products and processes, and ongoing legislative actions such as ‘trial period’ regulation that requires monitoring and feedback to the government.
We can track audit trails of accountability and materiality, and the register is constantly updated.
The COR grew out of a project to map regulation for a major bank. However, we also saw the value in having our own register and our own platform was completed three months ago. It has become Ashurst’s ‘single source of truth’ for banking regulation and is now also a valuable tool for our clients because it brings obligations into the operational environment. We also have versions for the insurance and superannuation sectors.
The market has reference guides for banking regulation but they are libraries of regulation itself, not the ‘operationalised’ register that applies action points to products, processes, governance and approval chains.
An ‘operationalised’ approach has become necessary as banking has digitised. The regulatory response to digital platforms has been to require ongoing and continuous accountability for even the smallest detail of a product or service.
The emerging accountability regime now reaches from the executive levels of Australian banks to the personal interface between customer and teller. Such obligations are voluminous, expensive and they carry legal and financial risk, so they must be embedded in the business – top to bottom – and they must operationalise the processes to deal with risk.
It’s crucial that bank personnel who see a mistake in wording on a mortgage web site have an effective process for rectifying the mistake, especially when those obligations exist across different operating divisions. In the above example there might be obligations on a branch officer, the home loans division, the in-house legal counsel and the IT people.
One of the strengths of the COR approach has been the ability to make accountability seamless – or as seamless as it can be in a large retail bank – by bringing all of the accountable parties onto one platform where the obligations are mapped and everyone can see where they fit in the accountability chain.
While the COR can reduce risk and regulatory expense for a bank client, it doesn’t ‘dumb-down’ the obligation environment. The COR carries detailed guidance notes on regulation and brings in ‘risk tomorrow’ issues such as the initiatives that continue to emanate from the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry.
Digital banking certainly means more data and greater speed, and it also means greater risk and more regulation. In this environment our three-month old Compliance Obligation Register is already growing and developing, and we believe such registers will be a standard feature of financial services risk-management in the near future.
Author: Silvana Wood, Partner.
The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.