Banking compliance teams have emerged from the back office and moved into the heart of business. Alison Hewitt, retail business risk director at Lloyds Banking Group, speaks to Rod James about the reasons behind this shift and the need for fresh thinking in the digital age.
Over 20 years ago, the banking compliance landscape was a different scene to the one we see today. The compliance team would lurk in the background, analysing laws and regulations, formulating policy recommendations and ensuring the accurate maintenance of data.
Major legislation was introduced infrequently and, when it was, its passage was slow. Regulators often allowed more than a year for new rules to come into place, enabling comprehensive preparation and implementation. That changed in the late 1990s, when banks began to rapidly expand their range of operations, blurring the boundaries between themselves, brokers and insurance companies.
This led to the steady accumulation of regulations to ensure transparency and fairness for the customer. Then a series of high-profile compliance failures, which reached a nadir during the financial crisis, caused the spotlight to be shone on the area with more intensity than ever. New reforms are highly complex, expensive to implement and need to be put in place more quickly. A lot of these changes are there to empower the consumer.
Banks must provide all necessary information about the opportunities and risks associated with a financial product, and ensure that any issues of contention are properly addressed. Simple deposit agreements can now reach close to 100 pages, including reams of regulations covering privacy and third-party information-sharing.
Compliance transformation
For chief compliance officers such as Alison Hewitt of Lloyds Banking Group, it is an increasingly complicated situation. Voted CCO of the Year at Thomson Reuters' 2011 compliance industry awards, Hewitt has overseen a process of considerable transformation at the part-state-owned institution.
Although she acknowledges that things have become more difficult in the wake of the financial crisis, she thinks the challenges are easy to overstate.
"I'd certainly agree that the pace of change has increased over the past two or three years," she says. "But regulatory change is far from new. Compliance functions have always had to respond to events, although now the changes span the whole gambit of our business - from prudential compliance right through to conduct risk and how we treat our customers."
Like most other financial institutions, Lloyd's Banking Group has had a difficult few years. In 2008, it had to accept £20bn in state aid and recently announced that it had put aside £3.57bn to compensate customers who may have been missold payment protection insurance. Events such as these have led European regulators to place greater emphasis on conduct risk and many of Hewitt's resources have gone towards developing new frameworks on this front. This process is built on a change of priorities; compliance should be less about whether a process was followed correctly and more about whether the outcome is beneficial.
"Compliance has a reputation as being a bunch of people with clipboards," Hewitt explains. "We are moving to a more proactive, holistic sense of compliance. If a customer had a complaint, was it handled in the right way? We believe this is quite an innovative approach to handling risk within what is essentially a large retail bank."
Compliance role reassessed
For the new approach to work effectively, there needs to be a rethink in the way the compliance function relates to the rest of the bank. Hewitt wants her 300-strong team to take a more hands-on role. The oversight unit consists of centralised teams that deal with areas such as regulatory liaison and financial crime, along with a range of sub-units co-located within the organisation. This is complemented by a quality assurance team, charged with closely monitoring performance across the entire shop floor.
"Effective compliance begins by partnering with the business," Hewitt explains. "We have a valuable role at the planning stage, helping the business build the right control environment to deliver good customer outcomes the first time round; for example, we now have much more interaction with our credit colleagues in putting together effective models.
"I tend to use the analogy of being on the football pitch. The traditional view is that we are in defence, reacting to events. I expect us to be alongside the strike force, supporting it but also challenging it."
A significant reason for compliance's move into the heart of the business is the speed afforded by new technology - a factor that contributed so significantly to the banking crisis. With trades being processed in microseconds and deals closed within hours, compliance teams need a much deeper insight into daily operations.
The bank has no cross-organisational risk management system but rather, as is to be expected from such a large organisation, a number of systems attuned to specific business requirements. Compliance looks to involve itself in the development and operation of these systems.
"As you can appreciate, there is no single system that allows you to press a button and retrieve management information from across the group," Hewitt explains. "The compliance function works closely with IT in the development of individual systems to ensure that we are delivering compliantly at the point of sale, but also that we can extract the relevant management information to support monitoring and reporting, as well as business performance."
Although Lloyds Banking Group has made progress in responding to the challenges posed by new technology, bigger questions remain relating to the wider role of technology in the banking industry. Hewitt believes that the bigger picture has yet to be properly mapped out and she would like to see the compliance function at the forefront.
"Compliance and the business need to figure out how to lead the agenda," she says. "In this fast-moving age, we can no longer afford to stand back. In terms of thought leadership, we are very keen to work with our business to look at how digital technology can be adapted to meet the needs of customers today and how compliance can play its part. There is a broader discussion that needs to happen."
Risk functions
On the whole, Hewitt is pleased with the progress her team is making and the more high-profile position it is taking. Although compliance has always had a place in the boardroom, it now plays a significant role in helping achieve Lloyd's Banking Group's wider strategic goals.
"All risk functions, including compliance, have a seat at the table at the very top of the organisation," she says. "Boards and non-executive directors have an increased interest in risk management within all financial institutions and they are very receptive to the advice we can give.
"Alongside the regulatory agenda, compliance is a lynchpin that aligns the group's vision with granting a fair and sustainable outcome. This alignment isn't driven by regulatory change. It's just the right thing to do for the bank and its customers."
At the time of going to press, eurozone debt fears are causing the FTSE to slide to its lowest level since August 2011. Banks are taking the brunt of the impact, with Lloyds Banking Group seeing 4% shed from its share price in one day of trading. With the foreseeable future plagued by economic uncertainty, and the genuine threat of EU collapse, the compliance function will have its hands full.
When it comes to compliance, Hewitt uses the analogy of being on the football pitch: "The traditional view is that we are in defence, reacting to events. I expect us to be alongside the strike force, supporting it but also challenging it.”
Alison Hewitt took up a new role as retail business risk director at Lloyds Banking Group in May 2012. Before this she was group compliance and conduct risk director. In 2011, Hewitt was voted Chief Compliance Officer of the Year at the Thomson Reuters Annual Compliance Awards. She has been with Lloyds since 2006.
