Pride

This is the first of a number of short articles relating my story about driving attitude and behavioural change in managing financial crime risk in a huge international bank.

I’ll call this culture.

Sitting in my NY office, I was surprised when Reuters reported that my firm, my employer for over 3 decades, was being investigated by the US Senate and Department of Justice for wide ranging Money Laundering offences.

WTF? Surely this is an isolated compliance failure? We are a proud, conservative firm with a strong risk management culture. My clients are all big, well known & public. It can’t be anything to do with me. Surely?

I was wrong.

I’m not a Compliance guy, I’m a banker. And like most, bankers, balancing revenue with risk - credit risk, market risk, op risk, basis risk, rep risk was second nature. But Financial Crime Risk, wasn’t really in my lexicon, my consciousness. My DNA.

And, as it transpired, it wasn’t in the firms.

Some years after, I share some deep wounds with many Execs, Boards, CEO’s and stakeholders from other banks who, like me, wish they had properly understood financial crime risk earlier.

We all had a compliance department. And, of course, we had all done e-learning. But we were all still blind to the real risks and got it wrong.

This isn’t about why we got in wrong, but how we put it right.

A Pilgrims Progress

I was running the Financial Institutions Group - a chunky business comprising broadly everything we did with FI clients in the Americas with teams in the US, Mexico, Brazil, Colombia, Panama, Argentina, Bermuda and Canada.

Interesting markets, interesting clients and with hindsight, it’s no surprise that the US Regulators were very keen to know more about them. About me.

My first meeting didn’t go well. It stumped me. Scared me.

“Mr Taylor, tell me about your business.....in particular, please tell me about the inherent financial crime risk in the business. And tell me also please, do you think you manage this risk effectively?”

I didn’t know how to answer. But the penny dropped.

The meeting was the first of many as my bank became embroiled in one of the most complex financial crime regulatory enforcements to date.

My career ever since has been about learning how to answer those questions. For myself, for my bank and latterly for the industry.

They underpin everything.

If you don’t understand the underlying risks, how on earth can you hope to manage them?

There are many facets of transforming a complex organisation to facilitate effective Financial Crime Risk Management.

It’s not just about KYC.

We needed new ways to measure risk, new AML, Sanctions and Anti Bribery & Corruption policies, new implementation procedures.

New tech for transaction monitoring, screening for suspicious names and negative news, workflow and case management.

We needed to encourage sharing of information but have a better understanding of where we can’t share it.

And then there is the Data.

Gosh, is it so bad? What data do we need to clean to get the most out of our new tech? What’s the nice vs the needs to have? And how quickly can we do it? How much will it cost?

And of course, we had to address our People.

The Culture Club

Examples were made. At the top of the house, some fell on their swords and there were sacrificial lambs throughout.

The Regulators were firm. This is a First Line issue. Accountability for managing the risk, was squarely with the business.

We’ve got to train people quickly. Top to Bottom. Make them understand. Make them change. That can’t be difficult.

But it was very difficult.

Hurried communications, training and education proved expansive and wasteful.

Generic Financial Crime Risk stuff through compulsory workshops, mandatory compliance E- Learning. Take everyone out of the office for a day. That will all work.

It didn’t. So many messages. So little learned. Rapidly conceived & delivered, quickly forgotten.

It might get a tick in the box on the Control Order but it failed to engage. So how could it educate?

Our Regulators were fixated on changing people’s attitudes and behaviours. Culture.

CHANGING YOUR CULTURE. Easy to say but what does that really mean?

Regulatory Enforcement is prescriptive as to what needs to be done - and how quickly. But not at all prescriptive as to how to do it.

What does good culture look like in FCRM?

Who does it apply to?

How do you “train” it?

What does this really mean in a complex organisation where people’s roles and responsibilities are so different?

These fundamental questions must inform the evolution of an Education curriculum.

So we started again and with a much better view of the real financial crime risk in the business and in certain roles.

We worked out :

· Who’s working lives need to be different and why?

· What do people in these roles need to know?

· What behaviours must they adopt?

· And how can these behaviours be incentivised?

From this we could tailor role level education from the Board through leaders to line bankers and back office.

We built role specific learner journeys, ensuring that content was first and foremost relevant.

It engaged. It began to work.

Coaching, Workshops, Seminars, Tests, Films, Interaction, Challenge sessions. Sometimes delivered in person, sometimes digitally. But always building on a role relevant examples and themes. And reinforce, reinforce, reinforce.

We had traction. Feedback was suddenly good. Great even. It was clear that people began to understand - to care and appreciate how their roles and behaviours might need to change.

But it still wasn’t enough to get out of regulatory trouble.

Ok, so you’ve run training courses, but what has really changed? Can you evidence that you guys really care enough about this....?

And will continue to care when we are not watching so closely?

So this is another subject.

How can we measure progress? Prove that awareness, capabilities & behaviours (our culture) have changed? And changed enough? When will we “be finished”?

And after carefully identifying and educating “what good behaviour looks like” in financial crime risk management, how do we incentivise leaders and bankers to adopt them? Continuously?

Ah. Well, yes of course. That’s a bit of a problem.

Call HR?

There was no template. No reference works. No cunning Plan.

So where do we start? And where do we finish?

I’ll return to these questions.....

Nick Taylor

ntaylor@monetatraining.co.uk

At Moneta Training we offer expert education and advice for our global clients in banking and finance. Our considerable recent experience and expertise covers a wide range of risk management challenges faced by banks and financial institutions today, including (but not limited to) financial crime risk management (FCRM), anti-money laundering (AML), sanctions, countering the financing of terrorism (CFT), fraud, correspondent banking, market abuse, conduct, Basel IV, treasury, asset and liability management (ALM), emerging risks, cyber and economic risk. Please contact us to find out more.