How to approach building a compliance program from scratch.
As you begin your compliance journey, it’s natural to want to dive into the compliance industry. Transaction monitoring, SARs and STRs, FinCEN and filing – you want to know the works. But in fact, the questions you should be asking are less about the industry and more about you.
Look at your company. Examine your product and service offering, size, geography, and risk level. Organize those statistics into a general company profile. They’ll be the factors you want to pay attention to. They will allow you to ask and answer the questions that will help you build your compliance team.
Have your company profile in mind? Good. Let’s get started. Here are five important questions to ask as you begin building a compliance team:
Five Questions to Ask When Building a Compliance Team
Question 1: Should I hire internally or bring in contractors?
It’s normal for compliance work to be contracted out – both small and large companies do it on a regular basis. But the desired outcome from that contracted work will differ. Smaller companies will focus on bringing on resources and temporary hires to help cover the bases. They’re looking for subject-matter expertise who can make inroads at a place where a strong compliance culture may not yet exist. For larger companies, contract work needs are often more specific: a company with a strong compliance program may simply hire additional personnel in order to cover a period of high case volume.
Long story short: don’t be afraid to get the help you need. Hiring contractors or part-time folks is fine – especially if your needs aren’t enormous, or if you’re conscious that they may change over time.
Question 2: What type of specialists do you need for a compliance team?
Before you head to the hiring board, keep in mind the following: you’re looking for skills, not job titles. You can always bring on new people, but running a compliance program without adequate skills coverage is like leaving key ingredients out of your recipe. You won’t find the end result very palatable. Make sure your compliance kitchen is well-stocked by establishing coverage in the following categories: strategic leadership, operational expertise, technical proficiency, and strong analytics.
How do you make sure you achieve this cross-disciplinary balance? First, make a few strong generalist hires, sourcing individuals who have worked in dedicated compliance teams. These are the people who check a lot of boxes, in terms of skill set. They are also the folks who can help you manage your changing needs as you build out the following, more specialized departments:
Responsible for developing and managing the compliance program, they’ll be in charge of risk assessment, policy updates, regulatory adherence, training programs, and staffing.
- Investigations Unit:
This group will be responsible for actual compliance investigations. They’ll want a strong case management setup, a structured workflow, and the knowledge that they have enough time to conduct quality investigations.
- Program Implementation:
These folks will help manage the cross-departmental functions that fall under the general compliance umbrella. This includes vendor relationships, as well as internal engineering, IT and legal teams.
- Technology & analytics:
Technical practice areas – either contracted or internal – is an increasingly important part of any compliance department. These teams will help manage systems administration, customer onboarding, monitoring, and system performance analytics.
Question 3: How do you identify strong compliance leadership?
Making the right hire for a Chief Compliance Officer (CCO) or Chief Risk Officer (CRO) position is one of the most important decisions a company joining a regulated industry can make. The ideal compliance officer has experience building a dedicated compliance function. They should also be adept at working cross-functionally across the organization to foster a culture of compliance. Most importantly, they should understand the regulatory risks of your business, as this is what will allow them to design a compliance program that is flexible yet stringent.
Lastly, compliance is a practice area that has historically been organized around deep subject matter expertise. This is still true, but today’s CCOs/CROs also need to be functional systems architects, as a modern-day compliance department will blend regulatory expertise, personnel, technology and vendor-partner relationships.
Question 4: Are you aware of changes affecting the compliance industry, and how they will affect team composition?
Regulatory technology (regtech) has grown by leaps and bounds over the last decade. Companies providing software and custom tools for compliance work are rising to meet the needs of financial institutions with an expanding list of responsibilities. Companies looking to build a forward-looking compliance program spend time developing a unified program of internally managed systems and vendor-partner relationships. This allows them to create a modular solution that assigns a maximum level of expertise and oversight into each individual compliance practice area.
Question 5: Why should I invest in a compliance team?
Building a strong compliance function is essential to your business. Compliance teams protect the company from fraud and money laundering risk, keep the company in-line with federal law (reducing the risk of poor audits and potential fines), and do the moral work of helping fight the financial crime that is fueling organized crime everywhere. Robust compliance departments are the best insurance you can get against financial crime taking place under your roof. Similarly, a strong culture of compliance helps you build better, more secure financial products and services, something that in turn improves your relationships with customers.
The amount of detail in compliance can be overwhelming. For early-stage fintechs (or for more established companies about to enter a regulated field), it can feel like there’s no way to manage the process without absorbing an encyclopedia of information overnight. But there are ways to take meaningful, achievable steps towards building a strong compliance function. The questions described here provide a simple roadmap, one that will help you quickly build a compliance team that is functional, sustainable, and prepared to scale.