Opening Address by Mr Lee Boon Ngiap, Executive Director, Monetary Authority of Singapore at The Institute of Banking and Finance's Seminar on “Best Practices in Compliance” on 31 March 2009
1 Good afternoon, ladies and gentlemen.
2 It gives me great pleasure to join you at this seminar on compliance organised by the Institute of Banking and Finance.
3 In recent years, compliance has emerged as a distinct branch of risk management within the financial system. Like the other risk management disciplines, an effective compliance framework calls for international financial institutions to put in place a dynamic compliance programme that is responsive to market and regulatory developments. With the global regulatory community now thinking hard about how to strengthen rules in light of the still evolving financial crisis, these are challenging times for compliance professionals.
4 As new rules are introduced, compliance professionals will need to keep abreast of these changes and respond by making adjustments to the compliance practices in their organizations. The focus of today’s seminar on "Best Practices in Compliance" is thus appropriate and timely. I am sure that the presentations and discussions will provide valuable ideas on enhancing compliance risk management practices in this period of heightened uncertainty in the financial markets and in the operating environment.
5 My remarks today will focus on what supervisors see as the key elements underpinning a sound and effective compliance risk management framework.
6 First, board and senior management must set the right tone at the top. This is essential to ensure that a top-to-bottom compliance culture is embedded into a firm’s day-to-day operations. Compliance will be most effective in a corporate culture where board and senior management lead by example in emphasizing standards of honesty and integrity.
7 To create appropriate compliance risk controls, board and senior management must ensure that business line management remains engaged in the compliance process. To this end, compliance risk management must be seen as the responsibility of everyone, and not just the responsibility of the compliance function. In an increasing number of firms, this sense of responsibility is reinforced by factoring compliance ratings into performance measures for business line managers.
8 Second, a firm’s compliance function must be independent. The head of compliance should not have direct business line responsibilities. This is an important safeguard which is critical to the compliance function’s ability to effectively assess a firm’s compliance with policies, procedures and regulatory requirements. The compliance function must be able to report irregularities or non-compliance with rules or guidelines to senior management, without fear of retaliation.
9 However, this does not mean that the compliance function should adopt an adversarial approach in their dealings with business units. A good working relationship between the compliance function and business units can help identify compliance risks at an early stage. Indeed, constant reassessment of risks and controls and communication with business units is necessary to foster a compliance programme that is able to pro-actively respond to changes in the operating environment.
10 Third, a firm’s compliance function must have enough resources to carry out its responsibilities effectively. This is more than just a body count but requires firms to have staff with the relevant qualifications and experience to adequately monitor and assess compliance risks. Financial institutions should have regular and systematic training programmes to upgrade the skill-sets of their compliance staff and keep them up-to-date with developments in laws, rules and standards.
11 Finally, the internal audit function should perform periodic independent reviews of the effectiveness of the firm’s compliance risk management framework. Such reviews should be welcome as a complement to the responsibilities of the compliance function, as it would provide useful independent insights into the adequacy of the firm’s governance structure and processes for managing compliance risk. This should strengthen the firm’s ability to continually enhance its risk management capabilities and make sure that the system of internal controls has no gaps.
12 To conclude, let me assure you that supervisors do not underestimate the challenges faced by financial institutions in effectively managing compliance risks. Recent events and the changing financial landscape indicate that the demands on the compliance function will grow. Financial institutions that do it well will be able to strengthen the long term integrity of their business franchise and enhance its value. MAS on its part will continue to engage the financial industry in ensuring that proportionate rules and the right incentives are in place, and in setting clear supervisory expectations that take into account practical considerations.
13 On that note, I wish all of you a fruitful discussion ahead. Thank you.