In Today’s World Of Imperfect Regulation, The Smart Compliance Money Goes To Strategic Risk Mitigation

Tuesday, October 21, 2014 - 11:50

Recent news headlines share common themes and raise cautionary flags for harried legal, risk and compliance professionals:

  • The 2014 Nobel Memorial Prize in Economic Sciences was awarded to a professor whose career has been focused on the premise that financial markets and most industries are inherently inefficient, and that today’s global regulatory schemes do not work;
  • Several big banks reporting their third-quarter results yet again wrote off hundreds of millions of dollars to cover legal expenses tied to settled and ongoing matters from the financial crisis;
  • The chairman of one large global bank told regulators from multiple government agencies that having a single U.S. regulator would benefit all parties by improving focus and shoring up resources, while eliminating expensive and unnecessary duplication – and help address a desperate need for training regulators;
  • Testimony at the ongoing Starr International Co. v. U.S. trial over the 2008 bailout of American International Group revealed that the Federal Reserve Bank’s approach to regulating industries in financial crises was defined partially in a secretive “Doomsday” philosophy.

What does all this mean for legal, compliance and risk executives in the front and back offices – most notably corporate counsel and their staff? One thing is for certain – the status quo is a surefire recipe for disaster.

Financial institutions and companies in regulated industries worldwide are being pummeled with regulatory challenges and changes impacting their reputations on an almost daily basis. Thomson Reuters calculates that there are over 125 changes a day impacting financial services companies, which are pushed by the 460-plus global regulators covered by our content team. Organizations often are so overwhelmed that they go from one firefight to another without addressing the more systemic legal, risk and compliance issues. Executives in these departments increasingly are on the hot seat – facing demands from their management, government regulators and stakeholders to come up with solutions that are viable both economically and operationally.

Banks have poured billions of dollars into infrastructure (people, processes and technology), yet there is little tangible to show from it. What’s more, the forecast calls for ongoing, heightened regulatory change. Corporate counsel and compliance officers in the trenches need to understand proactively how they can implement strategic business-centered processes that transcend compliance and incorporate risk mitigation into every aspect of their organization.

What can corporate counsel do to mitigate the risks associated with all this change? A three-part prescription – encompassing people, processes and technology – follows:

Make sure that you have visibility into the central casting of your larger risk ecosystem

  • Who plays what roles within your organization – are the right people doing the highest-value work at the right time?
  • How do these groups and people share information, plan, communicate, etc.?
  • What are the roles played by third parties, e.g. outside counsel, consultants, auditors, regulators and investors?

Ensure that you can predict the present

  • Do you understand your current risk and compliance ecosystem, both internal and external?
  • What are the interwoven processes and dependencies that can trigger compounded risk, particularly impacting reputation?
  • Are your compliance and risk programs front and center in the business and strategic planning processes?

Get up to speed on technology posthaste

  • You probably did not go to law school to become a tech guru. Guess what? All corporate counsel today need to be comfortable not just with people and processes but, critically, with the role that technologies play in systemic risk management.

Today’s risk mitigators must do much more than merely interpret and apply the law reactively. They also have to be business leaders, as well as project managers and process engineers, if they expect to stay ahead of the curve in regulatory change management. Deep knowledge of your business and its processes and technologies will position you to persuade management that committing resources to create a well-rounded compliance and risk-mitigation program is both a best practice and a front-office priority.

Dave Curran is Global Director of Risk & Compliance at Thomson Reuters and works with clients to help address and mitigate systemic regulatory, compliance, risk and related challenges. Curran is a senior executive and lawyer who has deep experience at the intersection of business, law, technology, compliance and risk management, and preparedness. He has been on all sides of regulatory change – as general counsel/chief compliance officer, advisor, counselor and technology services provider – and has helped many companies navigate the complex waters of regulatory change through technology-driven process improvements.

Please email the author at with questions about this article.