In the difficult conditions of the Western sanctions policy against our country, compliance control is becoming one of the important tools in the banking sector management system. What is compliance? What do foreign business partners pay attention to when it comes to compliance procedures in Russian companies? And what benefits do they give? Let's try to figure it out.
Appearance story
It all started with Russia's accession to the WTO (World Trade Organization). There are many changes that are not visible to the armed eye. For example, international standards on the implementation of standards for combating money laundering, corruption, financing of terrorist organizations and other areas of the compliance system began to apply to domestic companies and organizations (what compliance is described below).
What is compliance?
This is the observance by commercial organizations of laws, standards and rules in force on the territory of the country aimed at preventing corruption. In other words, compliance is the conformity of the activities of any organization to the complex of codes and rules that are provided for by the regulators of the corresponding sector of the economy. Today, the organization has a compliance control system is a necessity in doing business to prevent risks (in particular, raider attacks) and protect the company's reputation. That is, this is a kind of foundation on which the control system of any organization is built, and one of the most important parts of management.
Modern realities are such that non-compliance with compliance rules leads to loss of business. However, adjusting this system to the internal routine and rules is actually extremely difficult.
What is the point?
Any modern organization in the course of its activities involves several types of control over technical, human and administrative resources in order to comply with standards and requirements. They are formed even when creating an enterprise by drawing up statutory documents and developing management principles for organizations. But with the increasing complexity of business processes and the "growing up" of an enterprise, it is becoming increasingly difficult to comply with established norms and rules.
The growth of technological processes, the expansion of the assortment of products and the introduction of a new one, increased efficiency, expansion of the staff require a complex management system.
Why comply
On the one hand, you can show good results, and on the other hand, you can’t get checked by regulatory authorities and get serious penalties and other troubles. This is the so-called regulatory risk, which leads to a loss of market share, a decrease in demand, sales volumes, etc. In parallel with this, legal risks also appear . For example, in the event of a decrease in financial activity indicators, the borrower may request the repayment of the debt ahead of schedule.
It turns out that the rules and regulations that originally appeared in the organization must be followed. And you also need a person who is responsible for introducing technology for the new norm or rule that has arisen before they begin to be applied, making it possible to continue the development of the business, but in compliance with the established norms and requirements. In foreign countries, this function is performed by a special compliance manager.
System Document Requirements
Any new order or decree must go through a series of steps before implementation. It:
- Appearance (project development).
- Approval (signing of a drafted document).
- Entry into force.
- Transformation (planned or sudden change of parameters).
- Cancel a document (with the advent of a new one or for another reason).
Forming new activities of the organization by analogy with existing ones is the task of the manager responsible for compliance (translated from English - compliance, compliance, agreement). And this means that this employee must have a large set of skills, knowledge, participate in the creation of a documentary base and oversee staff training issues. He can also justify additional budgetary expenses for the introduction of a new administrative document, if necessary.
Determination of compliance for the banking sector
In this branch of business, the concept of "compliance" involves the provision of information to the parent organization - the Bank of Russia, and in strictly agreed terms. As well as the exception of attracting financial and credit organizations and their employees to any type of illegal activity.
What is compliance control in banks? This is a set of specially defined functions, which are divided into mandatory and optional. The former include legislative norms, non-observance of which leads to a loss of reputation and almost always to penalties. The second include orders of the organization’s management and functions, the performance of which is related to the expectations of business partners.
Considering the described features, the security service should deal with the management of the compliance system in the bank. But in reality, this system is almost always multi-level, so most of its functions are distributed among structural units.
Implementation Features
Compliance control in Russian banks is regulated by Bank of Russia Regulation No. 242-P, No. 06-29 / PZ-N and a number of other documents.
They indicate that in the performance of the functions of this system every employee of a credit organization should be involved within their job descriptions and competencies. A separate employee is responsible for the implementation of the system.
The construction of the system pursues the following goals:
- Countering fraud and corruption.
- Identification of risks associated with non-compliance with external (internal) standards (these are compliance risks).
- Compliance with international standards and Russian laws.
- Response to complaints from customers.
- Compliance with information security principles.
To implement the described functions in banking organizations, personal information systems and platforms should be used that make it possible to systematize the monitoring process and subsequent analysis.
The task of automating compliance control in banks (which is described above) is currently a priority for most banks. In addition, this system requires a clear organization of the company - potential problems should be identified and addressed in real time and as soon as possible.
Principles of the banking system of compliance control
The person responsible for implementing the system in the bank (manager) attracts employees and organizes work to comply with external rules and requirements, internal and to identify compliance risk (this is a priority task in compliance control).
The basic principles of the system are as follows:
- The compliance policy implemented by the bank must be approved by the board of directors, which, in turn, evaluates its effectiveness at certain intervals.
- The organization must allocate the necessary amount of resources to the system.
- The manager responsible for the operation of the system is obliged to organize the training of personnel involved in compliance (what compliance is described above).
- The person responsible for the implementation and operation of the system must have a high status in the company (for example, directly report to the head or be a member of the executive bodies).
- Some of the tasks of compliance control can be performed through outsourcing (in this case, the control is carried out by the responsible manager or the head of the banking organization).
The implementation of system functions sometimes encounters resistance within the bank. Most often, this occurs, for example, because of the decision to cut off one or several not trustworthy partners or clients, which at first glance contradicts the financial interests of a banking organization.
But at the same time, the work of compliance (in translation from English, as mentioned above, is compliance, compliance, consent) is aimed at protecting the bank's reputation, and therefore at its financial success. In addition, the introduction of this system simplifies interaction with partners from abroad, since the main point among their requirements is the existence of a compliance policy recognized as the norm in almost all countries.
Compliance Policy
It is developed by almost every banking organization. It consists in the following. This is the policy:
- Corporate behavior (that is, a general document designed to regulate the behavioral standards and job responsibilities of employees).
- Anti-corruption and financing of terrorist organizations (a document designed to prevent the penetration of funds acquired or earned by dishonest means, and the financing of terrorism).
- Aimed at resolving a conflict of interest (documents setting behavioral standards in the event of a conflict of interest.
- Interaction with regulatory authorities and regulatory authorities (minimizes possible difficulties and ensures effective and complete interaction).
- Control of transactions and purchase of securities.
- Receiving complaints from customers and taking retaliatory measures.
- Confidentiality of data and their non-disclosure (so as not to harm the organization).
- Due customer identification.
The list is pretty general. Each organization has the right to add or remove any of the described activities.
Compliance at Sberbank
In one of the largest banking organizations in the country, each employee is involved in compliance functions within his job description.
The implementation of the functions of this system requires the automation of all banking processes. Sberbank for this actively collaborates with CIO offices. An example is the Oracle-based IT platform. It makes it possible to systematize the processes of monitoring the financial condition and optimize the structure of the organization of the bank.
A few years ago, a law came into force according to which all banking organizations in the world are obliged to transfer to the tax service of America all the data on the accounts of its taxpayers. Sberbank has introduced such a product, and will further adapt it to the Russian market.