MiFID: Compliance increasingly strategic among Financial Intermediaries
The function reports to the Board of Directors in 42% of cases or to the CEO (15.5%) and also enjoys greater budget autonomy (46.4%).
More than 75% of intermediaries believe the compliance function can play a driving role in innovation processes concerning the provision of investment services.
These are the findings of an SDA Bocconi study, in collaboration with SIA-SSB and AICOM, on the evolution of the compliance function
and compliance risk in investment services 84 domestic and international firms took part in the study, including banks, asset management companies, stock brokerage firms and, for the first time, also insurance companies.
More than 75% of intermediaries believe the compliance function can play a driving role in innovation processes concerning the provision of investment services.
These are the findings of an SDA Bocconi study, in collaboration with SIA-SSB and AICOM, on the evolution of the compliance function
and compliance risk in investment services 84 domestic and international firms took part in the study, including banks, asset management companies, stock brokerage firms and, for the first time, also insurance companies.
- Download Press Release
MiFID: Compliance increasingly strategic among Financial Intermediaries (54 KB)
Milan, 5 June 2009 - The compliance function, a mandatory body demanded by the Bank of Italy, CONSOB and ISVAP to control risk of non-compliance with the external and internal "rules of the game", is increasingly taking root in the corporate structure, both in the organizational chart and in the system of internal controls, enjoying a certain degree of autonomy and independent budgets more commonly than in the past.
This is, in summary, what emerges from the study carried out by the "Claudio Demattè" Research Department at SDA Bocconi, in collaboration with SIA-SSB and AICOM (Italian Compliance Association) on the evolution of the compliance function and compliance risk in investment services over the course of the implementation of the European Community's MiFID directive.
The study, which continues and expands on the study carried out in 2007, involved in total 84 intermediaries (55 with Italian and 29 with international operations) including banks, asset management companies, stock brokerage firms and, for the first time, also insurance companies. In recent years the compliance function has become mandatory for banks (Bank of Italy regulation of July 2007), investment management firms (joint CONSOB-Bank of Italy regulation of October 2007) and, of late, for insurance companies (ISVAP regulation of March 2008).
The research was divided into four areas of study: the positioning of the compliance function in the organizational structure; the roles assigned to the compliance function; the methods of measurement, transfer and mitigation of compliance risk in the area of investment services; and the means of interaction between the compliance function within the company and the outside environment.
Compared to the first edition of the study, a clear adaptation to the regulatory provisions is seen, in terms of positioning of the compliance function in the corporate organizational chart and in the internal control system. The average size of the function however remains substantially unchanged, comprising of between 1 and 5 "full time" staff in 64% of the cases studied. The autonomy of the function is guaranteed in 46.4% of cases by the existence of an independent budget (against 31.4% in 2007).
Two years ago only modest attempts to raise the position of compliance were noted, while the evidence in 2009 confirms the widespread trend to giving the function the same level of dignity and independence afforded to internal audit. Nearly half (42%) of the interviewees had opted for direct reporting to the Board of Directors or the Chief Executive Officer (15.5%).
With regard to the responsibilities and duties assigned to the compliance function, in 82% of the intermediaries there exists a detailed and formalized description of the allotted tasks. Not defining the powers of the function could constitute not simply a formal shortcoming, but could also reduce the substantial contribution of the function to the governance of compliance risk.
At organizational micro-structure level, still only 44% of cases possess dedicated technological applications, a situation largely unchanged from the previous study. Overall, as the new study also reveals, the use of IT - both in qualitative and quantitative terms - and the related investment policies indicate a compliance function - save for a small number of exceptions - still at an initial stage.
In the current study, the slowdown in the meeting of costs appears to be generalized and what emerges is an overall picture of uncertainty and caution compared to the investments to be made in the function. The economic crisis in the sector has led to a reduction in all costs, but in the light of recent events and in the opinion of the study's authors, organizations should not drastically decrease those costs relating to compliance.
The element that characterizes the risk management process and outlines its potential organizational impact is the objective associated to the entire activity. With regard to the priorities assigned to the compliance function, the proportion of intermediaries which assign to them the task of minimizing civil, administrative and criminal sanctions remains largely unchanged (29.8%). There is a rise from 20.3% to 33.3% in those that consider it of increasing importance to improve the corporate reputation. 23.8% of the sample faithfully takes up the definition of the Basle Committee, later adopted by the Bank of Italy, indicating the desire to avoid sanctions and minimize damage to reputation.
The study concerning the adoption of a model to measure compliance risk has seen an increase on 2007, albeit marginal, in the number of intermediaries which have implemented a method for estimating losses due to non-compliance. In 2009, in fact, the proportion of the sample stating that they have carried out at least the phase of the qualitative and/or quantitative risk measurement process grew from 42% to 46.8%. In contrast, only 15.5% of the sample firms declare that they use tools to manage compliance risk. This figure appears modest, but not if compared to the total absence in 2007.
Few of the interviewees operating in the domestic market use a "dashboard" for the purpose of control and management of compliance risk, while little more than half of interviewees with a predominantly international orientation (51.9%) assert that they make use of them. Where present, this summary tool is generally seen as a must for the top management and control bodies.
76% of the intermediaries operating in the domestic arena and 78% of the intermediaries operating at international level consider that the compliance function can play a driving role in innovation processes concerning the provision of investment services. It was found that while compliance acknowledges its role, corporate processes are often still too poorly structured to support it.
With regard to the role of the compliance function in the MiFID implementation process, the results of this study also reflect the clear interpretation of the role, prevalently in terms of its consulting (52.4% of the sample) and driving (47.6%) tasks, less evident in the implementation phase (14.3%). The driving role is especially evident in organizations operating internationally. On this front there is probably a learning curve in the inherent potential of the compliance function role still to be experienced by certain domestic firms.
This is, in summary, what emerges from the study carried out by the "Claudio Demattè" Research Department at SDA Bocconi, in collaboration with SIA-SSB and AICOM (Italian Compliance Association) on the evolution of the compliance function and compliance risk in investment services over the course of the implementation of the European Community's MiFID directive.
The study, which continues and expands on the study carried out in 2007, involved in total 84 intermediaries (55 with Italian and 29 with international operations) including banks, asset management companies, stock brokerage firms and, for the first time, also insurance companies. In recent years the compliance function has become mandatory for banks (Bank of Italy regulation of July 2007), investment management firms (joint CONSOB-Bank of Italy regulation of October 2007) and, of late, for insurance companies (ISVAP regulation of March 2008).
The research was divided into four areas of study: the positioning of the compliance function in the organizational structure; the roles assigned to the compliance function; the methods of measurement, transfer and mitigation of compliance risk in the area of investment services; and the means of interaction between the compliance function within the company and the outside environment.
Compared to the first edition of the study, a clear adaptation to the regulatory provisions is seen, in terms of positioning of the compliance function in the corporate organizational chart and in the internal control system. The average size of the function however remains substantially unchanged, comprising of between 1 and 5 "full time" staff in 64% of the cases studied. The autonomy of the function is guaranteed in 46.4% of cases by the existence of an independent budget (against 31.4% in 2007).
Two years ago only modest attempts to raise the position of compliance were noted, while the evidence in 2009 confirms the widespread trend to giving the function the same level of dignity and independence afforded to internal audit. Nearly half (42%) of the interviewees had opted for direct reporting to the Board of Directors or the Chief Executive Officer (15.5%).
With regard to the responsibilities and duties assigned to the compliance function, in 82% of the intermediaries there exists a detailed and formalized description of the allotted tasks. Not defining the powers of the function could constitute not simply a formal shortcoming, but could also reduce the substantial contribution of the function to the governance of compliance risk.
At organizational micro-structure level, still only 44% of cases possess dedicated technological applications, a situation largely unchanged from the previous study. Overall, as the new study also reveals, the use of IT - both in qualitative and quantitative terms - and the related investment policies indicate a compliance function - save for a small number of exceptions - still at an initial stage.
In the current study, the slowdown in the meeting of costs appears to be generalized and what emerges is an overall picture of uncertainty and caution compared to the investments to be made in the function. The economic crisis in the sector has led to a reduction in all costs, but in the light of recent events and in the opinion of the study's authors, organizations should not drastically decrease those costs relating to compliance.
The element that characterizes the risk management process and outlines its potential organizational impact is the objective associated to the entire activity. With regard to the priorities assigned to the compliance function, the proportion of intermediaries which assign to them the task of minimizing civil, administrative and criminal sanctions remains largely unchanged (29.8%). There is a rise from 20.3% to 33.3% in those that consider it of increasing importance to improve the corporate reputation. 23.8% of the sample faithfully takes up the definition of the Basle Committee, later adopted by the Bank of Italy, indicating the desire to avoid sanctions and minimize damage to reputation.
The study concerning the adoption of a model to measure compliance risk has seen an increase on 2007, albeit marginal, in the number of intermediaries which have implemented a method for estimating losses due to non-compliance. In 2009, in fact, the proportion of the sample stating that they have carried out at least the phase of the qualitative and/or quantitative risk measurement process grew from 42% to 46.8%. In contrast, only 15.5% of the sample firms declare that they use tools to manage compliance risk. This figure appears modest, but not if compared to the total absence in 2007.
Few of the interviewees operating in the domestic market use a "dashboard" for the purpose of control and management of compliance risk, while little more than half of interviewees with a predominantly international orientation (51.9%) assert that they make use of them. Where present, this summary tool is generally seen as a must for the top management and control bodies.
76% of the intermediaries operating in the domestic arena and 78% of the intermediaries operating at international level consider that the compliance function can play a driving role in innovation processes concerning the provision of investment services. It was found that while compliance acknowledges its role, corporate processes are often still too poorly structured to support it.
With regard to the role of the compliance function in the MiFID implementation process, the results of this study also reflect the clear interpretation of the role, prevalently in terms of its consulting (52.4% of the sample) and driving (47.6%) tasks, less evident in the implementation phase (14.3%). The driving role is especially evident in organizations operating internationally. On this front there is probably a learning curve in the inherent potential of the compliance function role still to be experienced by certain domestic firms.
"In a relatively short time and with some differentiation by size of firm - explains Paola Musile Tanzi, Head of the Financial Brokerage and Insurance Area of SDA Bocconi and supervisor of the study - Compliance has achieved the position in organizational charts which the regulations assign to it, namely as an autonomous and independent corporate function. Now, however, to enable it to perform a truly strategic role, able to spread the values of compliance throughout the company, it is necessary to pay attention to the interaction between the compliance function and the business and between the compliance function and the personnel. The only sporadic presence of compliance in the New Products Committee and the limited presence of compliance principles in the corporate incentives system may be indicators of a compliance function still seen in a more formal than substantial sense."
"The results of the study come at a particularly important time for the sector. - says Carlo Tresoldi, Chairman of SIA-SSB - "As required by the supervisory regulations issued by the Bank of Italy in March 2008 regarding corporate organization and governance, each financial intermediary is bound to present by 30th June an organizational model adequate to ensure the efficiency of the management and the effectiveness of the controls. Also in the future, in the light of the recent financial crisis and in line with the indications of the Governor of the Bank of Italy, intermediaries will be required to comply with the regulations and principles of transparency, with increasing repercussions on the compliance function".
"The crisis in the financial system and the consequent collapse of confidence in markets can also be attributed to somewhat unethical behavior which in some cases is immoral and illegal. - comments Claudio Cola, AICOM Chairman - The setup of the compliance function within financial firms, recently demanded by the major control authorities, is a response which brokers must make in whole without hesitation or delay. Indeed, an effective internal control system does not merely mean complying with laws and supervisory regulations but rather concerns the efficiency of the financial stability and the very profitability of the firm. This study offers a clear picture of the compliance function and of its interconnections with the various corporate bodies and functions; an invaluable picture to understand the current scenario and chart a roadmap of consolidation and growth."
© Copyright 2007 - SIA S.p.A. - P.I. 10596540152
"The results of the study come at a particularly important time for the sector. - says Carlo Tresoldi, Chairman of SIA-SSB - "As required by the supervisory regulations issued by the Bank of Italy in March 2008 regarding corporate organization and governance, each financial intermediary is bound to present by 30th June an organizational model adequate to ensure the efficiency of the management and the effectiveness of the controls. Also in the future, in the light of the recent financial crisis and in line with the indications of the Governor of the Bank of Italy, intermediaries will be required to comply with the regulations and principles of transparency, with increasing repercussions on the compliance function".
"The crisis in the financial system and the consequent collapse of confidence in markets can also be attributed to somewhat unethical behavior which in some cases is immoral and illegal. - comments Claudio Cola, AICOM Chairman - The setup of the compliance function within financial firms, recently demanded by the major control authorities, is a response which brokers must make in whole without hesitation or delay. Indeed, an effective internal control system does not merely mean complying with laws and supervisory regulations but rather concerns the efficiency of the financial stability and the very profitability of the firm. This study offers a clear picture of the compliance function and of its interconnections with the various corporate bodies and functions; an invaluable picture to understand the current scenario and chart a roadmap of consolidation and growth."