Compliance, the dictionary says, is the act of submission, yielding, or acting in accord. It is a process which, in order to be effective, must be set as a policy and start being implemented at the organization’s top level. Compliance best operates in a corporate culture that emphasizes standards of ethics and integrity, as well as paying attention to rules and regulations. The best compliance policy is that the board of directors, CEO, and senior management lead by example.
For any practical purpose, compliance is an act of management. The same is true of lack of compliance. Failure to consider the impact of management actions, in terms of observance of rules and regulations, on the firm’s share- holders, bondholders, customers, employees, the general public, and the mar- kets, can result in reputational risk as well as in compliance risk– which is the risk of:
● Legal, and/or
● Regulatory sanctions.
The aftermath can be material financial loss, as well as business loss. Because of the wider damage which can be created, all the way to business risk, compliance is not just the responsibility of a specialist compliance staff working for the com- pany. Everybody in the organization must perform his or her part of a corporate compliance function.
An integral part of the mission of the task force on IFRS implementation (see sec- tions 2 and 3) is to instill at all levels of the organization the compliance prin- ciple. This is equally true of accounting standards, financial reporting models and practices, and regulatory capital requirements – where such requirements exist, as is the case in the banking industry.
On the other hand, rules and regulations to which companies are subject, and to which they should be compliant, must not be contradictory. For instance, during
2003 and 2004 the Basel Committee’s accounting-related activities focused on resolving differences of view on the International Accounting Standards Boards’ fair value option. Agreement was reached in early 2005, and IASB has now approved and issued a final standard which addresses BCBS’ essential concerns.
Basel has also taken an active interest in the IASB’s project to enhance financial instrument disclosures. Financial reporting transparency will include greatly enhanced disclosures of financial risks, as well as exposure risk related to man- agement practices. This is broadly similar to the principles and requirements under Pillar 3 of Basel II.1In this manner, credit institutions cannot say that there has been a bifurcation in rules to which they must comply.
Also for the reason of creating a homogeneous group of rules and regulations to which banks must comply, the Basel committee has been actively engaged in the developments associated to the Public Interest Oversight Board (PIOB). Its mis- sion is to act as regulator of the accounting and auditing profession, as well as to oversee global standard-setting activities undertaken by the International Federation of Accountants (IFAC).
Moreover, in response to a rapidly growing need for guidance in the domain of compliance, in April 2005 the Basel Committee published a guidance paper on principles and practices for compliance, within the regulated banking environ- ment. Its focal points are those of:
● Maintaining an effective compliance function, and
● Adopting structures, procedures, and controls appropriate to the entity and its risk appetite.
Because the responsibility for compliance starts at the vertex of the organization, whether we talk of new accounting rules, transparent financial reporting, or maintenance of capital adequacy, the entity’s board of directors is the first party responsible for overseeing the management of compliance risk. The board should also approve the bank’s compliance policy, and establish a permanent and effective compliance function.
In terms of IFRS implementation and compliance to its directives, the board should regularly assess whether the company is effectively managing its com- pliance risk, and what kind of corrective action has been taken in case of non- compliance by a department or subsidiary. Moreover, the day-to-day oversight of
compliance function should be independent from operational management. This concept of independence involves four related elements:
● The compliance function should have a formal status within the organization.
● There should be a compliance officer with overall responsibility for coor- dinating the control of compliance risk.
● Compliance function staff must have access to the information and per- sonnel necessary to carry out its duties, and
● The head of compliance, and his or her staff, should not be placed in a position where there is possible a conflict of interest between compliance responsibilities and any other duties.
The message the reader should retain is how much is down to personal account- ability in assuring compliance, and in controlling possible deviations. In spite of advances with models (see section 5), and with information technology, we sim- ply do not have the means for modelling the majority of events pertaining to compliance, even in a coarse way. Moreover, there is often lack of detail in the different steps to be taken for compliance reasons, and as Mies van der Rohe, the architect, used to say: ‘God is in the detail.’
Sparse data and algorithmic insufficiency prevent us from handling compliance issues to any great extent through computers. Some people may dispute the argu- ment. I would be the first to say financial engineering has made great strides, but the complexity of the instruments and of compliance rules has also increased by leaps and bounds.
For instance, as the Bank for International Settlements points out in its 75th Annual Report, the explicit incorporation of systemic objectives into the design of prudential standards is a relatively recent phenomenon, even if its need has been recognized for some time. Standards that limit the scope for excessive risk- taking at the level of macroprudentialthinking reflect the notions that:
● Behaviour and rules that are individually rational may lead to undesirable aggregate outcomes, and
● Retrenchment from risky positions in response to elevated measures of market risk may be a prudent approach from the perspective of an indi- vidual institution, but a generalized sell-off could trigger a self-reinforcing chain of actions leading to high market volatility.
Input from IFRS accounting can reinforce the risk methodology a financial insti- tution or any other equity uses by presenting risk control with a more reliable
and analytical input. The new accounting input, including fair value, can be instrumental in improving the quantitative and qualitative tools employed for:
● Valuing financial instruments, and
● Measuring risk to the bank’s net profit as well as its equity.
Both regulatory capital and economic capital calculations would profit. For starters, economic capital is a metric designed to estimate the amount of finan- cial staying power needed to absorb the potential losses arising from exposures to outlier risks at any given time. This must be computed to a statistical level of confidence determined by the board, with the aim of remaining at the highest creditworthiness.2For instance, among well-managed banks,
● Internal limits, and
● Exception reports
are expressed in terms of the economic capital usage. They calculate economic capital covering credit risk, market risk, operational risk, liquidity risk, and other exposures. Models used for credit risk compute the probability of default of individual counterparties; correlations of losses associated with individual counterparties; and the loss that the institution would incur as a result of default(s).
The relevance of these references to IFRS compliance is self-evident. Ifthe bank property implements the new accounting standards through solid project man- agement (discussed in Chapter 6) and by means of a high level task force, thenit would no longer be that easy to cook the books (though this can always happen if top management condones it, even worse, requests it). When accounting data and statistics are clean, other things being equal, risk control becomes so much more effective.