Skip to main content

compliance costs

A former regulator’s take on AI, Big Tech, and RCM

A former regulator’s take on AI, Big Tech, and RCM

By Blog

Rick Bonhof. Managing Consultant, SynechronWe recently sat down with Rick Bonhof, a managing consultant who leads the Amsterdam regulatory change and compliance practice within the business consulting arm of Synechron—a leading digital transformation consulting firm that accelerates digital initiatives for banks, asset managers, and insurance companies around the world.

In his role, Bonhof oversees a team of experts who help clients build the regulatory framework that enables compliance. As an advisor for the digital-first firm, Bonhof is hyperfocused on making compliance more efficient through the use of technology, leveraging emerging tech such as machine learning and existing systems such as GRCs.

Prior to Synechron, Bonhof served as a supervision officer for Dutch regulator Autoriteit Financiële Markten (AFM) at the height of the 2008 financial crisis. After spending seven years crafting and executing supervisory strategy for AFM, he decided to redirect his work from supervising firms to actually helping them become compliant with regulation. And so, after witnessing how Synechron helped a number of financial institutions get back on track with EMIR (the EU equivalent of Dodd Frank in the US), Bonhof transitioned to the firm.

During our sit-down, Bonhof shared his blended supervisory-consultative perspective on a variety of topics—from the role of regulatory change management during the COVID-19 pandemic to how Big Tech will shape the future of financial services.

Editor’s note: This interview has been lightly edited for clarity.

Setting the Record Straight on Regulators

Touching on his experience as a former regulator, Bonhof kicked off our conversation by sharing what he wished compliance professionals knew about regulators, and what he wished he had known as a regulator. 

When I made the switch from regulator to consultant, I realized that a lot of financial firms are afraid of regulators. But the reality is that regulators are people too and most are not out to fine you. What I think compliance professionals sometimes forget is that if you’re able to explain to regulators why you made certain decisions and how you implemented certain requirements, they’ll listen to you.

“A lot of financial firms are afraid of regulators. But the reality is that regulators are people too and most are not out to fine you.”

My advice to compliance professionals is to document their interpretation of the rule and why they applied the rule in a certain way according to their interpretation, so they have all of the information they need when it comes time to talk to regulators.

On the flip side, what I wish I had known as a regulator was, no matter how simple a request for information may seem on paper, it doesn’t actually mean that there’s a clearcut way to gather requested information or to implement a new rule. Many financial institutions do not start out as multinational global-spending institutions—they grow through mergers, acquisitions, and restructuring.

So there’s a whole collection of teams that suddenly need to contribute to this “one simple request,” making it not so simple after all.

Managing Regulatory Change in the Time of COVID 

Bonhof has long emphasized the importance of having a well-documented regulatory change management (RCM) strategy, especially when it comes to major events such as financial crises, election years and of course — the COVID-19 pandemic.

When it comes to regulatory change management, my mantra has been “take control, be in control, and demonstrate control.” 

“Take control” is about understanding what your obligations are, understanding the impact of them, and then implementing and enforcing a compliant process.

“Be in control” is about understanding where your firm is in terms of compliance with the requirements, and revisiting both its requirements and compliance processes frequently. You should not only be control testing your processes to understand whether your firm is compliant with existing rules, but also monitoring whether there’s a change coming that could impact compliance with those rules. And, if there is a change on the horizon, then you need to go back to “take control” and proactively act on it.

Lastly, “demonstrate control” is about being able to take the evidence that you have and explain both internally and externally to what extent you comply with those measures.

How to Avoid Dropping the Ball on RCM

In Bonhof’s view, the biggest mistake that firms can make when implementing RCM best practices, is to treat them as a one-time solution. 

Most regulatory change management processes are driven by a regulatory change implementation date. Let’s say that a firm has to comply with X, Y, and Z by January 1, 2021. What I’ve found (and even been guilty of myself) is that many firms focus solely on making that milestone without the end result in mind. So once the firm does reach it, everyone sort of drops the ball and says, “We’re done, we made it.” But that’s the wrong approach because 2021 does not mark the end of implementing that change, it actually marks the start of it. 

What I’ve found (and even been guilty of myself) is that many firms focus solely on making [a] milestone without the end result in mind.

Firms are expected to be compliant with that new rule, and need to have a roadmap that accounts for what comes after that date. Firms often put makeshift technical solutions in place to meet the deadline, but then what happens is the technical solution silently becomes the structural solution. The result is that there’s no roadmap beyond that point to account for new data that needs to be tracked or changed, resulting in an issue of data quality and therefore explainability. 

COVID Response: Swings of the Regulatory Pendulum

To Bonhof, regulatory change management has never been more important as the pandemic response continues to fold. While he and his team have seen the easing of certain regulatory requirements, they have also seen the mounting impact of others.

On the one hand, the regulatory response to the pandemic has been to suspend certain requirements in order to alleviate the burden of regulation. However, at the same time, we’ve also seen an increase in requests for financial firms to implement certain risk measures from regulators such as the European Securities and Markets Authority

For example, we had an “intelligent lockdown” in the Netherlands that prohibited us from going to the shops or the cinema. As a result, this (like other lockdowns across the globe) had a large impact on service providers, as many businesses had outstanding loans with financial institutions and were suddenly not able to make good on those loans. This has led to a tipping of scales with regulators adding more capital reporting requirements, while continuing to suspend or delay implementation of other regulatory requirements. For example, ESMA deferred the final two phases of its bilateral margin requirements to provide additional operational capacity for counterparties to respond to the immediate impact of COVID-19. 

On the Importance of Innovation in IRM

While regulators have been more forgiving during the pandemic, they have also become increasingly more aware of all of the possible gap—bringing the topic of Integrated Risk Management (IRM) to the fore. Here’s Bonhof’s take on IRM.

Integrated Risk Management allows you to identify what risks exist within your firm, define a response to those risks, and then determine whether your firm is within that risk appetite. Ultimately, IRM combines all of those processes and rolls them up into a multi-level process chart where you can prioritize risks and pinpoint which ones are of the highest risk to your firm. 

IRM is such a hot concept right now because regulators are putting more emphasis on it.

As part of Synechron’s FinLabs RegTech accelerator suite, I’ve actually had the opportunity to work on automating parts of IRM. Knowing how effective your controls are is a key part of integrated risk management, so we built an intelligent control testing environment that maps a firm’s individual control statements into a decision tree that automatically runs against a data set to help firms quickly pinpoint whether a control is effective or not. This advancement frees up compliance teams’ valuable resources so they can focus on remediating any deficiencies.

These types of innovation are becoming more important as Integrated Risk Management continues to gain more traction. IRM is such a hot concept right now because regulators are putting more emphasis on it. For example, ESMA recently published a consultation paper that assessed the suitability of the management at financial institutions, which concluded that the highest levels of management (including at the board level) need to understand their firms’ requirements, how they are complying with them, and what the state of the firm’s risk management looks like.  

Clash of the Titans: Big Banking vs. Big Tech

As an innovator in his own right, Bonhof is naturally drawn to industry disruptors. In particular, he has been following the rise of digital banks and believes that it’s only a matter of time until Big Tech enters into the banking industry as well.

The rise in digital banks has served as a catalyst for digital transformation in the industry at large. In order to stay competitive with digital banks, traditional banks have worked to provide digital services to their customers. For customers, having a digital bank account becomes more of a commodity because it opens up a whole ecosystem of additional services around it. 

For digital banks, their competitive advantage is that they’re not burdened by a chain linked system of legacy tools or processes, so they can get it right immediately. Digital banks can be more nimble when it comes to things like digital client onboarding processes and company reporting. On the other hand, it’s difficult for digital banks to achieve the same scale as larger banks. Plus, they’re bound to face the same kind of regulatory requirements as incumbent banks and will need to comply with them, lessening some of their initial competitive edge.

When Big Tech enters the market, it will drive a significant change that some incumbent banks will likely not be able to transition through and will lose traction within the market. 

What I’m really curious about is when Big Tech will officially enter into the banking space. Today, we have Apple Pay and Google Pay, but I think that it’s just a matter of time before they’re adding banking services to their offering. At that point the market will change. Digital banks just mark the beginning of the banking industry’s digital transformation. When Big Tech enters the market, it will drive a significant change that some incumbent banks will likely not be able to transition through and will lose traction within the market. 

Financial Firms and Regulators to Step Up Their AI Game

With the high likelihood of Big Tech companies entering the market in addition to other innovations in financial services, Bonhof is encouraging the industry to direct its focus toward emerging technologies such as Artificial Intelligence (AI) now, before it’s too late.

I think regulators really need to step up their digital game. They need to understand the tech component that goes into digital banking. AFM just compiled an insightful trend report where they spoke around their fears about Big Tech entering into the financial market. Today, Big Tech is predominantly supervised by privacy watchdogs. But, if Big Tech entered the financial market tomorrow, financial market regulators would not always be allowed to share information with those supervisory agencies, so that would make supervision really difficult. 

Regulators are just now issuing responses around the use of AI, which center around the concepts of explainability and trustworthiness. Together, they are two sides of the same coin because they help explain the decisions that come out of algorithms and apply fair principles that limit their biases. However, I still think that we have a ways to go and that regulation around the use of AI will only continue to increase in the future as the digital market matures.

The Role of AI in Regulatory Compliance

According to Bonhof, the role of AI is not just limited to the mechanics of digital banking. It applies to regulatory compliance too.

We recognize that regulators are starting to provide guidelines around AI, so we are changing the way that we advise our clients about AI. AI was once the new and exciting thing to talk about. Now it’s the means to an end. We’re looking at where AI models can help firms improve explainability in their compliance processes. 

AI was once the new and exciting thing to talk about. Now it’s the means to an end.

Using robotics (or AI) helps automate certain regulatory compliance processes such as horizon scanning, and makes the outcomes of those processes more predictable and reliable. AI allows teams to focus less time doing the monotonous work of running these processes and more time on investigating outliers. Instead, the “robot” leads the processes and identifies areas where there are inconsistencies that require the review of compliance experts.

On Implementing RegTech: Final Advice

So, what’s Bonhof’s advice to firms that are looking to implement new technologies in their compliance programs? “Be really clear about what you want to achieve in your compliance program and therefore what you want the technology to achieve.”

First, you need to understand where you are and where you want to go. For instance, if your firm was just fined by a regulator, then you’ll likely need to find a solution that can help you become more compliant. On the other hand, if your organization is in a good place but needs to become more efficient, then it’s likely you’ll need a different tech stack than the firm that was recently fined. When you understand what you want to achieve by adding technology, then you can better pinpoint the right type of technology solution for your compliance program.


If you’d like to learn more about Synechron, visit their website. To learn more about Rick Bonhof, connect with him on LinkedIn

If you’d like to contact an Ascent team member, you can do so here. Stay tuned for our next interview from the lines of defense. All interviews will be featured in our monthly Cliff Notes newsletter, which you can subscribe to below.

Subscribe to Cliff Notes

The Not So Hidden Costs of Compliance

By Blog

The average financial firm has six lines of business to monitor, with each having their own set of goals, restrictions, and regulatory requirements.

To keep up with the rising tide of regulation, firms often have little choice but to throw more people, time, and resources at the problem, which can add up quickly. In this article, we highlight the growing costs of compliance – and non-compliance – for financial firms.

What Financial Firms Spend on Maintaining Compliance

How can one calculate the cost of compliance? One option, perhaps the most straightforward, is to look at the grand sum total for key markets in the industry. The Asian-Pacific, European, Middle Eastern and African, Latin American, and North America markets spend about $181 billion per year on maintaining financial crime compliance. That number is impressively large —even incomprehensible – but it hides the burden placed on each individual firm.

50 percent of respondents to a Risk Management Association survey said they spend 6-10 percent of their revenue on compliance costs. Large firms report that the average cost of maintaining compliance runs approximately $10,000 per employee. Global banks and large brokers that have upwards of 20,000+ employees could end up spending a staggering $200 million+ in compliance every year. While smaller firms like RIAs and broker-dealers may spend less overall, the burden of regulation can still act like a regressive tax that disproportionately eats a larger portion of their bottom line.

Though startling, even these numbers show only a static snapshot. They fail to capture the acceleration of regulatory change and the level of regulatory complexity, which have both exploded over the last decade. Regulatory change has increased 500 percent since the 2008 global financial crisis and, unsurprisingly, has heightened regulatory costs in the process. Compared to pre-crisis levels, retail and corporate banks have seen operating costs spent on compliance shoot up 60 percent.

Cost of Regulatory Compliance

Regulatory change has reached such a superhuman pace that many firms simply cannot keep up. Instead of making informed decisions based on a deep understanding of their specific compliance requirements, Risk and Compliance teams are too often forced to make a best guess based on a fragmented and incomplete view of their regulatory environment. However unintentional,  this often leads to compliance failures and increased costs of non-compliance.

What Financial Firms Pay for Non-Compliance

The cost of non-compliance is most notoriously understood via the jaw-dropping fines issued by regulatory agencies every year. U.S. banks alone have been fined a staggering grand sum of $243 billion since 2008. s. 

The pace of these fines shows no signs of slowing down. 

In 2019, the Securities and Exchange Commission (SEC) alone issued 862 enforcement actions, ordering those in violation to pay more than $4.3 billion combined.

But fines actually represent the smallest cost of non-compliance for firms. Over a 12-month period, the average fine for an enforcement action is $2 million, compared to the average cost of business disruption due to an enforcement action at $5 million, the average revenue lost at $4 million, and the cost of lost productivity at $3.7 million.

In total, firms spend almost $15 million on the consequences of non-compliance. That’s 2.71 times higher than what firms typically pay to stay in compliance by building strong compliance programs. 

This difference, while dramatic, should not be surprising. After all, the system is designed to incentivize firms to comply or risk being heavily penalized. Therein lies the compliance conundrum: in an environment where the pace and complexity of regulation is increasing to a point where people cannot possibly keep up, how can firms expect to avoid the expensive consequences of non-compliance? 

‘Expense’ does not only refer to monetary loss. The true cost of non-compliance is the reputational damage that it can cause both for your organization and your compliance personnel alike. 

A study from ECGI showed that stock price reactions of negative press were 9x larger than the penalties themselves. 

According to a Deloitte survey, 87 percent of executives rate reputational risk as more important than other strategic risks. These executives say that the areas of their business that were impacted the most after a negative reputational event were revenue (41 percent), loss of brand value (41 percent), and regulatory investigations (37 percent). In line with these concerns, a study from ECGI showed that stock price reactions of negative press were 9x larger than the penalties themselves. 

Legislation in recent years such as the Yates Memo in the U.S., the Senior Managers Certification Regime (SMCR) in the U.K., and the Banking Executive Accountability Regime (BEAR) in Australia have made it clear that senior executives can be held personally liable if their firm is found to be non-compliant.

READ ARTICLE: The Evolution of Personal Liability


Preparing for the Next Normal

As financial firms prepare for whatever the future might hold, many will be looking to trim costs wherever they can. Yet in one department — Risk and Compliance — costs are clearly continuing to rise. As Boards continue to scrutinize compliance even further, businesses should consider the right balance of people, process and technology that will allow them to make the most of their resources. 

READ ARTICLE: How Ascent Helps Financial Firms Slash Compliance Costs


Unleashing Wealth Managers with the Power of RegTech

By Blog

Wealth management, like every sector of the financial industry, has come in for its share of regulatory attention in recent years. Whereas the challenge of leveraging “big data” to find hidden insights dominated conversations among wealth management professionals ten years ago, industry discussions today center around complying with KYC (“know your customer”) rules and defending the suitability of investment recommendations.

As regulatory requirements have broadened and deepened across asset classes and jurisdictions, they have inflicted an increasingly heavy tax on wealth managers to ensure compliance and to keep their clients (and themselves) out of trouble.

In many ways, the growth of the regulatory burden constitutes the hidden underbelly of the FinTech boom. Distilling opportunity from an ocean of data is one thing. Exploiting that opportunity while staying on the right side of regulations can be quite another.

New RegTech ventures have stepped into the breach to support wealth managers in meeting regulatory compliance obligations. Here are a few of the ways they’re changing the wealth management landscape.

Untangling Complex Regulations to Unleash Business Potential

Regulatory text constitutes a dense, confusing stew of proscriptions and obligations written in a language foreign to most readers. Digesting and making sense of a single requirement applicable to a single asset class in a single jurisdiction takes time, patience, and a patience for complexity.

There simply aren’t enough hours in the day for individual wealth managers to absorb and implement regulation on their own, try as they might. And so, ingrained and intractable regulatory complexity inflicts a dual risk: for any given trade, an asset manager risks non-compliance with the regulations he or she knows about, and also risks not knowing about all of the regulations that may apply. 

Enter AI-driven compliance management solutions like Ascent.

Ascent is leading the way in the development of a new class of technology that teaches machines to parse and analyze regulatory text. What takes humans hours to (barely) absorb takes an AI-driven algorithm mere minutes to dissect and analyze.

These solutions hold the promise of revolutionizing wealth management by substantially reducing the risk of non-compliance and ignorance of regulatory applicability. In time, they will be able to tell wealth managers, in advance of a trade and in plain language, exactly which regulations apply to an investment strategy and exactly how to execute it in compliance with the law.

In so doing, RegTech solutions will enable FinTech/big data to achieve its full potential, freeing managers to pursue investment strategies without the fear of non-compliance. 

READ ARTICLE: How Ascent Simplifies Regulatory Change Management with Automation


Facilitating Compliance Management

RegTech also has its sights set on facilitating core compliance management tasks. For example, there are already solutions on the market (and more in the pipeline) to automate anti-money laundering efforts, such as conducting multi-jurisdictional screening of customers and identifying the beneficial ownership of investment vehicles (even those formed offshore). By building data networks that increase investor transparency, RegTechs promise to take the guesswork and relative risk out of doing business with a new customer in a new jurisdiction.

Likewise, RegTech solutions can help marry two related and increasingly-important regulatory functions: KYC data collection and suitability analysis. Not only can they facilitate and automate the collection of critical KYC information directly from new customers and from third-party data networks, compliance management solutions can also parse that information and derive insight about whether an investment strategy fits an investor’s profile and long-term objectives. 

Finally, RegTech continues to develop new and better ways to streamline compliance reporting. Existing and emerging solutions generate reports automatically, making filing much more efficient. Increasingly, RegTech delivers value for wealth managers by developing tools that recognize and flag issues (trading patterns, capital flows, etc.) that will likely attract regulatory scrutiny, giving firms the opportunity to tackle a thorny problem before an inspector from the SEC or FCA comes calling.

READ ARTICLE: Exam Time? Tips from a Former Regulator on How to Prepare


Speeding Up and Adding Precision To Rule-Making

The same compliance automation solutions that help asset managers understand and comply with regulations will also soon be put to use crafting and testing new regulations. New technology will help eliminate the vexing problem of inconsistent or contradictory provisions by giving regulators and other stakeholders the ability to see an entire body of regulations from “30,000 feet” and to model how changing regulatory text here will have an impact on obligations over there. They will also create a more streamlined process of collaborative rule-making, linking all stakeholders together and giving them the tools to track and analyze proposed amendments in real-time.

In facilitating insight, efficiency, and collaboration in rule-making, RegTech solutions also hold the promise to do something greater: they will help develop regulators develop rules that actually address market conditions as they exist at the time of a final rule issuance, instead of the conditions that existed when the lengthy rule-making process began (but have since evolved). This will in turn allow for less costly, more precise rules, eliminating market inefficiencies that result from overbroad rules that throw the proverbial baby out with the bathwater by inhibiting legitimate investment much more than they prevent illegitimate practices. 

READ ARTICLE: Ascent Selected by GFIN for Regulatory Cross-Border Pilot


Ascent Leads the Way

At Ascent, we strive to develop regulatory change management and compliance management solutions that free wealth managers and other financial industry professionals from the time-consuming, expensive task of regulatory compliance, so that they can do what they do best: build relationships, develop business, and implement the wisdoms gleaned from their technology backend.

LEARN MORE: Click here to learn about Ascent Solutions.


Enjoy this article? Subscribe for fresh thoughts designed to help you stay at the forefront of compliance and technology.


A Rapid Fire Review: The Evolution of Personal Liability

By Blog

These are the realities of personal liability and compliance in the financial sector: 

75 percent of CCOs are concerned about their own personal liability or that of their CEOs. (DLA Piper)

>> Between 2018 and 2019, global regulators levied a near record $10 billion worth of fines against banks. By summer 2020, these same regulators had already issued $5.6 billion in fines against financial institutions. (Fernergo)

>> And yet, 57 percent of senior-level executives rank “risk and compliance” as one of the top two risk categories they feel least prepared to address.

These stats are not without cause. Over the years, personal liability and regulatory fines have taken a foothold within the industry as bad actors have violated a range of institutional rules and guidelines.

Corporate misdeeds have long had a tendency to stoke the fires of popular resentment against business leaders. Yet, in the century following the industrial revolution, policymakers failed to hold corporate executives’ feet to the fire for their wrongdoing despite the public’s blood-lust. 

Instead, criminal prosecutors and regulatory enforcement agencies pursued corporations, leaving the job of disciplining (or not disciplining) C-suite executives to their corporate boards.

Today tells a different story. Banking and financial services executives – especially Chief Compliance Officers (CCOs) – face a shifting and unpredictable morass of statutory and regulatory guidelines that threaten personal liability for illegal acts. It can be difficult, and not to mention nerve-wracking, to predict what the norm will be tomorrow. 

READ ARTICLE: The State of the Industry

But to understand the ins and outs of personal liability, it is important to understand its history.

Here is a rapid fire review of the evolution of policymaking around personal responsibility, from the laissez-faire attitudes about executive culpability that dominated most of the 80s and 90s to the more severe policies that loom over executive conduct today.

Here’s a brief timeline:



Savings and Loan Crisis Exposes the Underbelly of Deregulation

The election of President Ronald Reagan in 1980 ushered in an era of deregulation in financial services.

Legislation passed during this wave of anti-regulatory fervor transformed the historically conservative Savings and Loan (S&L) business in particular; it simultaneously expanded institutional lending authority while easing loan-to-value requirements and reducing regulatory oversight.

The ostensible purpose of deregulating S&Ls was to help them attract capital in order to “grow” their way out of problems caused by a high interest rate environment. S&L deposits soared, but the banks also began making risky, speculative loans.

As the loans defaulted, S&Ls began to founder. Depositors panicked. On the verge of collapse, the industry received a series of federal and state bailouts costing taxpayers hundreds of billions.

Perhaps even more significant than the financial devastation, the Savings and Loan crisis inflicted a lasting civic cost. The public lost trust in policymakers and financial institutions.

High profile scandals involving politicians and investors who reaped millions from the run-up and meltdown only added to the public perception that deregulation had unleashed business leaders’ worst impulses and that they needed to be reigned in.



Worldcom Wounds the Accounting Industry

The early 2000s subjected the public to another wave of corporate upheaval.

Enron’s meltdown exposed a litany of business malfeasance, from manipulation of energy markets to accounting tactics akin to a game of three-card monty.

The bursting of the dot-com bubble wiped out billions in retirement accounts. Tyco collapsed amidst tales of its CEO’s lavish and gaudy excess.

And then came Worldcom, the largest accounting scandal ever.

Worldcom had grown into a telecommunications giant through debt-fueled acquisitions. As dot-coms shuttered and demand for its services dried up, Worldcom began hemorrhaging money.

To hide the bleeding, its executives began cooking the books with the help of accounting giant Arthur Anderson and with the tacit acquiescence of Wall Street banks and rating agencies.

When the fraud came to light, Worldcom filed for bankruptcy and its CEO went to jail (joining executives from the aforementioned Enron and Tyco).

The Worldcom scandal inflicted lasting damage on the public’s perception of accounting firms, ratings agencies, and large banks as would-be “honest brokers” who ought to sound an alarm over wrongdoing.

Instead, Americans began to see those firms as being in-cahoots with their corporate clients, no matter the collateral consequences for the public.

Washington responded to the public outcry by passing the Sarbanes-Oxley Act, strengthening disclosure and penalties associated with accounting fraud.



Financial Crisis Prompts an Over-correction

Deregulated financial commerce, however, continued unabated, with Wall Street capitalizing on a massive run-up in residential real estate values spurred on by an explosion in issuances of derivative financial products.

When the real estate bubble burst, it took financial institutions down with it and put millions of families on the street when they became unable to afford mortgages on overvalued property.

The disaster fueled deep public resentment of Wall Street and of the government’s failure to police bank executives who had received millions in bonuses as borrowers lost their homes.

The most immediate consequence of the financial crisis from a policymaking perspective was passage of the Dodd-Frank Financial Reform Act in 2010, which re-imposed regulatory strictures on financial institutions that might have prevented the bubble and collapse.

It also imposed the so-called “Volcker Rule” that required finance industry CEOs to certify their firms’ compliance with the law’s prescriptions (although the rule didn’t take effect until 2015).

Many saw Dodd-Frank as a half-measure that mended the proverbial fence after the horse had already escaped the corral. Financial institutions chafed at what they viewed as overzealous and unnecessary guardrails on their industry.

The public, in contrast, wanted to see a bank executive go to jail and grew ever-more outraged when none did.



SEC Enforcer Ceresney Signals Focus on Individual Prosecution

Regulators took notice of the simmering public anger.

In a speech that put corporate executives on high alert, then Co-Director of the Securities and Exchange Commission’s (SEC) Division of Enforcement Andrew Ceresney told attendees at the 2013 International Conference on the Foreign Corrupt Practices Act that “[a] core principle of any strong enforcement program is to pursue culpable individuals wherever possible” and lauded the “great deterrent value” of individual prosecutions.

A core principle of any strong enforcement program is to pursue culpable individuals wherever possible.

The SEC, he said, explores “whether an action against an individual is appropriate” in every case it brings against a company.



Yates Memo Signals DOJ’s Prioritization of Business Leader Prosecutions

To address criticism of the Department of Justice’s own lack of individual prosecutions stemming from the financial crisis, then-Assistant Attorney General Sally Yates issued a now-famous memo to all Department AAGs and United States Attorneys in September 2015, directing them to prioritize holding individual business leaders accountable for corporate wrongdoing.

Yates made clear that as an explicit condition of receiving credit for cooperating with law enforcement investigations into their misdeeds, corporations would need to disclose the names of all individuals within the corporation involved in criminal or civil misconduct.



The UK Joins the Fight for Individual Accountability

Moves toward holding financial executives personally responsible for corporate wrongdoing were not limited to the United States.In Britain, Parliament passed the Senior Managers & Certification Regime, which imposed personal accountability for financial services firms’ misdeeds onto senior management and even certain non-executive employees.



DOJ’s FCPA Enforcement Policy Echoes Yates Memo in Targeting Compliance Professionals

Four years after Andrew Ceresney spoke at the annual Foreign Corrupt Practices Act conference, Deputy Attorney General Rod Rosenstein announced a new FCPA enforcement policy that ratcheted up the risk for corporate CCOs.

Rosenstein did not mince words about who would bear the brunt of the new policy, predicting it would “enhance our ability to identify and punish culpable individuals.”

In essence, the new policy provided that so long as corporations voluntarily disclosed the nature and extent of an FCPA violation, including the names of individuals involved in it, prosecutors would likely decline prosecution of the corporation.



Trump Administration Reforms Seemingly Ease Pressure on Other Executives

While the Trump administration dialed up the pressure on compliance professionals in the context of the FCPA, it simultaneously eased tensions for other leaders of financial firms.

In 2018, the administration loosened some of the Dodd-Frank regulations that had bedeviled small and mid-sized banks and financial firms, and DAG Rosenstein announced modifications to the “Yates Memo” policy of requiring corporations to name all individuals involved in misconduct.

The DOJ policy instead required disclosure only of those “substantially involved in or responsible for” criminal conduct and to identify all wrongdoing by individuals in civil matters.



Biden Administration Expected to Reinforce Dodd-Frank Regulations

In contrast to the Trump administration, 2021 will usher in a new era of regulatory oversight when the Biden administration takes office. As a former leader within the Obama administration that signed Dodd-Frank into law, President Elect Biden is expected to reinforce the federal law.

While the Trump administration focused on reducing its regulatory burdens to increase competition and consumer choice, the Biden administration will likely focus more on protecting consumers from the trickle-down impact of bad actors by bolstering and adding to regulation. This move could put the personal liability of executives and CCOs under renewed scrutiny.


Regulators Crack Down

So, what are the consequences of the steady march (until recently) toward holding executives and compliance professionals personally accountable?

In some cases, compliance officers and other executives have endured significant personal hardship. 

1. The SEC recently charged former top executives at a well-known global bank with misleading investors about the bank’s financial performance. This resulted in the former CEO paying a $2.5 million penalty to the SEC, a $17.5 million penalty to the OCC, and being permanently banned from the banking industry. But this retribution was just the tip of the iceberg. Due to the extraordinary misdeeds of these executives, the global bank paid $3 billion in penalties to the Justice Department (DOJ) and the SEC, and $185 million to the Consumer Financial Protection Bureau (CFPB) to settle the charges.


2. In another case, the SEC charged an investment firm and its Chief Compliance Officer with multiple violations of the Investment Advisers Act. As a result of her actions, she was ordered to pay $45,000 and was barred from practicing in the field indefinitely. Additionally, her firm was ordered to pay $1.7 million in fines.


3. Meanwhile, the Commodities Future Trading Commission (CFTC) ordered one CCO to pay $150,000 for engaging in fraudulent acts and making false statements to a self-regulatory organization. He was permanently prohibited from trading (soliciting or accepting funds intended for) commodity interests for himself or others, and from registering with the CFTC.

And those are only a few examples from a long list of misconduct. CCOs see these as cautionary tales and worry about the uncertainty of not knowing how the next case might turn out. 

How will personal liability take shape under a new administration? Only time will tell.

Technology as a Shield

For now, a CCO’s best strategy is to enforce the rules within the organization and focus on demonstrating compliance in every way possible. By today’s standards, this often requires implementing technology to help keep a better system of record and support compliance teams in their explanations to regulators. In fact, the DOJ recently issued guidance that requires corporate compliance programs to use robust technology and data analytics to assess their own actions and those of any third parties.

READ MORE: What is RegTech?

This is where regulatory technology (RegTech) such as Ascent can help.
To learn more, we recommend reading this article that shows how RegTech (and regulatory knowledge automation in particular) can help fortify your compliance program. You can also contact us.

For more about the intersection of technology and compliance, sign up to receive our monthly Cliff Notes newsletter below.