“Balancing risk and compliance is very much about setting the right framework”
As part of the knowledge exchange in the lead up to the Compliance and Conduct Risk in Financial Services Forum (June 21-22, London), Ethical Corporation sat down with Helle Meineche, Head of Group Compliance at Danske Bank.
Ethical Corporation: Where do you feel most progress has been made, and where is there most still to be done?
Helle Meineche: Generally speaking, we see a lot of progress in the Nordic countries on code of conduct. One area to mention, just as an example, is gifts and hospitality, where many companies, including financial institutions, during recent years have set up strong frameworks to mitigate the risk of people coming into a non-compliant conflict of interest situation, or bribery or other forms of fraud. The key components of such a framework are, firstly, a policy set by senior management and anchored at the top of the organisation, and secondly an IT toolkit that all employees are required to use whenever they receive or give a gift or hospitality. It’s also important for managers to get easy access to this system to ensure that their employees comply with the gift and hospitality policy, so they can take any necessary actions, as well as for the Compliance function to monitor and report to senior management about compliance risks related to the gift and hospitality environment in the company.
Historically, Nordic countries have had less problems with bribery than other countries. Therefore, the Nordic countries have also moved a bit more slowly towards gifts and hospitality framework regimes compared to, for instance, the UK. But as the world becomes a smaller place and companies operate across borders and work closer together, and major compliance incidents in other parts of the world have an impact on industry standards in the Nordics, we are now starting to see a lot of companies in the Nordics setting up such frameworks.
EC: What do you think will impact conduct risk the most in the next 12 months, and also over the next three to five years?
Helle Meineche: Anti Money Laundering (AML) definitely takes up a lot of time and resources, so that’s a key focus for many financial undertakings, as well as for us, over the next 12-24 months. First of all, because of a greater focus on AML from regulators across the Nordic countries, but also because of new AML regulations coming into force in the near future. Furthermore, data protection regulation is expected to have a considerable impact on conduct risk during the coming years. Growing customer expectations for services and facilities based on new technologies are also expected to impact business conduct risks in the upcoming years; for example, risks related to data theft.
EC: How do you establish what everyone’s role is when drawing up and implementing a conduct risk strategy?
Helle Meineche: You can do a lot to build awareness and understanding of the role that leaders and managers have when it comes to conduct risks and other compliance risks. Part of building this awareness and understanding is to make leaders and managers understand that they are responsible for managing conduct risks within their own business areas. There are a number of methods available for building this awareness and understanding. One of these is to have ongoing communication with leaders and managers. Within larger organisations it may be challenging to achieve this level of communication with all leaders and managers, at least on an individual basis, and therefore it is recommended to have a stakeholder management model in place.
As regards policies supporting a financial undertaking’s conduct risk strategy, such policies should be implemented through activities involving everyone affected. Such activities could be e-Learning and other training activities, business operating procedures built on the overall conduct principles regulated in a conduct risk policy set by the Board, for instance, and other activities that aim to get leaders, managers and their employees to take active responsibility for the conduct risk strategy of their company.
Reminding people of their role towards a code risk strategy is a never-ending task which should be taken very seriously by the people accountable for establishing and implementing the conduct risk strategy of any company. Building a robust and effective conduct risk management culture is a long haul, but it must be done.
EC: How do you know if you’re successfully implementing a good strategy? How do you establish your KPIs, and your measuring and reporting methods?
Helle Meineche: To a large extend it is about numbers, whether that’s numbers of conduct risk incidents or other KPIs around conduct risks, such as the number of customer complaints. These KPIs should be endorsed by senior management and, if possible, integrated into performance measurement systems.
EC: How do you balance Risk and Compliance?
Helle Meineche: Balancing risk and compliance is very much about setting the right framework. In other words, it’s about having a robust risk acceptance policy and procedures, but also about having a remuneration scheme that doesn’t encourage people to take risks beyond the set risk appetite. Regulation on bonuses and remuneration is very strict in the Nordic countries, so it could be that individuals have less of an incentive to take undue risks or to bend the rules in pursuit of optimal gains. Even in high-street banks the people working on the frontline often have fixed salaries, so they would never consider taking more of a risk just to get more money in their own pockets.
EC: How do you address the issue of conflict of interest, and transparency, in cases of whistleblowing?
Helle Meineche: To address the issue of conflict of interest in cases of whistleblowing, it is important to have in place a whistleblowing scheme, which should be easy to access, and which allows staff to report anonymously to an independent function, for instance to the Compliance function. In case the concern is about Compliance, a secondary whistleblowing channel must be available. Compliance (of whatever function is responsible for managing the whistleblowing scheme) should keep building awareness of the whistleblowing scheme throughout the organisation and encourage people to use it in the event that they have any concerns of possible wrongdoings. It’s also very important to build trust about the fact that the system really is secure and anonymous, as well as trust about the fact that using the whistleblowing scheme is a powerful alternative for reporting any suspicions of poor conduct.
Helle Meineche will be speaking at the upcoming Compliance and Conduct Risk in Financial Services Forum (21-22 June, London). Download your brochure for the event here to find out more about the other industry experts you could meet, learn from and network with.compliance risk strategy conflict
June 2016, London
The 2nd annual forum brings together leadership from Compliance, Conduct risk and European Regulators to deliver a holistic view on how compliance and conduct risk are each changing financial services.