Viktoria AastrupHead of Compliance Retail Banking Nordea
Compliance – from a burning platform to a burning desire
Key enablers for being compliant
Governance and Oversight
People and Mind-set
Policy and Process
Technology and Data
It takes time to implement new regulatory requirements
Business as usual
Policy Upgrade
Target StateGap Analysis
Launch rebuild
Fix ‘Go-Forward’
Regulatory Compliance
Target State
Attestation
Review/ Audit
Design
Implement
Time
Maturity
Assess
Assure
Optimize
Milestone
(3-5 years)Regulatory Action
Initially driven by focus on compliance to US Sanctions
Material fines levied for historical violations
Actions also highlighted weak compliance across the broader agenda
Financial Crime remains a high priority for regulators
Regulators are driving a continued focus on Compliance
Risk culture is defined by regulators as a subset of a firms broader culture, with the Financial Stability Board (FSB) stating that global regulators are focusing on institutions “norms, attitudes and behaviors related to risk awareness, risk taking and risk management…”
Fines from regulatory violations
Judgement based supervision approach
1. The Compliance Function - the importance of a strong brand and a common identity
Compliance in its current form is still a young profession
• Is responsible for its own risk management and for operating their business within limits for risk exposure and in accordance with decided framework for internal control and risk management.
• This covers identifying, assessing, monitoring, controlling and reporting of issues related to all material financial and non-financial risks
• Nordea´s independent control functions are responsible for providing the framework for internal risk control, by designing relevant processes as well as issuing relevant policies and instructions.
• In doing so they shall ensure: effective and efficient operations;; adequate control of risks;; prudent conduct of business;; reliability of financial and non-financial information reported or disclosed (both internally and externally);; and compliance with laws, regulations, supervisory requirements and the institution's internal policies and procedures.
• The Group Internal Audit (“GIA”) function shall provide an independent evaluation of the effectiveness of risk management, control and governance processes in the first and second lines of defence.
• It performs audits and provides assurance to stakeholders on internal controls and risk management processes.
Business Areas
Financial Crime Change Programme
Group Legal
Group Compliance
Group Risk ManagementGroup Internal Audit
Responsible functions at the Nordea Group Organisation
Business Risk Implementation & Support (BRIS)
Board of Directors
Executive Management
Regulatory Change Management (RCM)
Board Audit Committee Board Remuneration Committee Board Risk Committee
First Line of Defence (1st LoD) Second Line of Defence (2nd LoD) Third Line of Defence (3rd LoD)
What differentiates a Compliance Officer from other colleagues working in the regulatory and control fields?
What’s the taste of Compliance?
- it is to a large extent up to the people working with compliance!
Differentiation
Identification
Uniformity
Branding is to be translated to function/personal PR
How does your branding strategy look like ?Proactive support and constructive challenge
The aim with using branding strategies to:
… Create a strong trademark/Brand for Compliance
… Create a common ground for values (norms, attitudes and behaviors)
… Strengthen the identity of Compliance Officers
… Strengthen the status of Compliance Officers
… Attract and retain the best talents
1. How do you work with promoting a clear identity for Compliance Officers?
2. Which distinct attributes characterise Compliance/ a Compliance Officer
3. How does the Compliance organisation differentiate from other parts in your organisation?
4. How do you work with making Compliance/the Compliance Officer role attractive?
5. What status does the Compliance function have in your organisation?
2. Training and awareness – it all starts with the WHY? Why compliance?
”People don’t buy what you do, they buy why you do it”, claims Simon Sinek, leadership- and marketing inspirer, in his TED-talk, and in his book Start With Why.
And Guy Kawasaki, previous chief evangelist at Apple, states: “If you make meaning, you will probably make money. But if you set out to make money, you will probably not make meaning – and you won’t make money.”
Everything starts with the WHY
Banks and Financial institutions are working in the trust business
Trust-worthiness
Ethical Culture
Social Purpose
Lack of Social Purpose
Criminogenic Culture
EthicalFailure
The whatManuals, processes,
infrastructure etc.
The how Training, follow
up, etc.
The whyCulture and leadership
Compliance infrastructure
Changing behaviours
requires personal buy in
Compliance by design – three pillars to attend to
A fundamental shift in values…
… driving a public demand for common responsibility
A new world for banks and financial institutions
3. Communication is an important tool in order to change culture (behaviors) – and especially HOW we communicate
Objectives
All employees should understand:• why compliance is important for us as a bank
• how compliance impacts daily work and what each individual can start working on already today, independently of position
The compliance story in Retail Banking
Being compliant gives us our license to operate, however it is also…
…about a culture and a mind-set in everything we do (not only about policies, instructions & IT)
…a long-term commitment (not a one time exercise)
…about being proactive and leading the way (not only about monitoring)
…about ensuring strong relationships with our customers (not only about internal processes)
… about contributing to a better society (not only about rules and regulations)
Why, What and How ComplianceCompliance Communication Campaign 2015/16
… and ends by explaining compliance on a more detailed and internal level
The program starts by explaining compliance from a high-level and external perspective…
Main theme “Why” compliance• Increase level of compliance awareness and understanding
• Bring insight to the social responsibility that follows by being a bank employee
Main theme “What” compliance• Explain the Nordea compliance landscape, in terms of organisational setup and responsibilities
• Clarify how each individual fits in the total Compliance landscape
Main theme “How” compliance• Explain how to be a compliance ambassador
• Explain how to include compliance into daily work
Wave IWave II
Wave III
Wave 1 Wave 2 Wave 3
• ~ 20 minute presentation• ~ 40 minute discussion
Format &
Material
• ~ 20 minute presentation• ~ 10 minutes quiz• ~ 30 minute discussion
• ~ 20 minute presentation• ~ 40 minute discussion
Objective
Brochure “Our World of Compliance” film
Compliance competition Waves 1-3
“Building a lasting Compliance culture”
film“Why Compliance”
film Quiz
Wave I: Engage Wave II: Understand Wave III: Apply
Starts from a high-level perspective
…solution is a Toolbox with examples, Q&A’s, videos to help facilitate the customer dialogue
Going forward raising awareness with PBA’s on the customer dialogue on compliance…
Follow Up from CCCP• Continue to increase level of compliance awareness and understanding
• By a teaser and a competition on the RB Intranet create awareness of the coming campaign
Introduction• Introduce the ”?” as an easy understandable symbol for the communication going forward embarrassing the BIG Q going from : ” Why compliance?”
to”How compliance?”
• Support our PBA’s in the customer dialog by meeting their need for support in specific topics .
TeaserIntro by a Voxpop
Toolbox
~ Sept/Oct ~ Oct/Nov ~ Oct/Nov
Banner on the RB Intranet
Format & Material
• Voxpop (short video with people from the streets), closing with Lennart/Viktoria reveal
• Topic videos• Animation• Q&A’s• Mailbox for PBA’s to post suggestions and topics for the Toolbox to be addressed
Objective
Our Security MarkCompliance Communication Campaign 2015/16
Simplify – and make it joyful
Use of branding strategies for Compliance
… Transfer knowledge
… Promote discussion and influence decisions
… Create interest
… Create a demand
… Change attitudes and behaviours
1. How do you work with increasing the awareness/knowledge of compliance in your organisation?
2. What do you do to spark an interest for compliance-related matters?
3. How do you work with changing the attitudes and behaviours of your co-workers?
4. How do you communicate compliance-related matters in your organisation [do you have a communication plan in place]?
5. How do you work with your Compliance-functions’ [external] trademark?
ü A strong compliance function brand will to a larger extent support and accelerate the compliance journey - changing attitudes and behaviors
ü When employees have a desire to take own responsibility and actions, to make a difference in society, you are able to establish a strong risk and compliance culture
Questions?
Thank you!