On the 22nd August 1485 King Richard III died battling his enemies at the Battle of Bosworth, becoming the last King of England to die in a battle on home soil.
His defeat signalled the end of the York versus Lancaster House ‘War of the Roses’ and at least according to the playwright William Shakespeare, his valiant efforts to defeat the Lancastrians on that day were grievously undermined by the loss of his horse, Surrey.
The King understood that his power, effectiveness and influence on the battlefield, and therefore the war, relied upon him having a horse to be seated upon during the fighting. King Richard knew that his efforts alone could not save the day, he needed help, and in Act V, Scene IV of the play Richard III, Shakespeare wrote those famous words ‘A horse! a horse! my kingdom for a horse!’
In my musing over recent continuing enforcement action of large and small international firms, most recently Deutschebank AG, I have been struck by the frequency with which regulators draw attention to firms having in place a lack of appropriately trained and qualified risk and compliance staff, and of how this is a persistent contributing factor to a succession of firms failing to meet the required standards of compliance performance.
Put simply, some firms are failing in part not because of a lack of awareness of what is required to be done to meet legal, regulatory and ethical standards, although undoubtedly there have been some regrettable examples of leaders not understanding their full role and responsibility, but because informed leaders cannot execute their plans due to a lack of ‘soldiers’ on the ground.
Here are some of the highlights of just some of the relevant findings from my review of enforcement action spanning fourteen years between 2003 and 2017 in the UK and USA:
- 9th December 2003 – Abbey National plc is fined by the UK FSA (now FCA) £2,000,000 for money laundering deficiencies and a breach of Principle 3 ‘Senior Management Arrangements, Systems and Controls Sourcebook’. The regulator noted that: “Any failure by Abbey National to provide adequate resources to its central MLRO function may have contributed to the breach…The recruitment of additional staff to the central MLRO function in June 2003 has resulted in, amongst other things, a significant reduction in the SARs awaiting internal consideration and, where applicable, reporting to NCIS.”
- 5th May 2010 – Alpari (UK) plc is fined £140,000 by the FSA again for a breach of Principle 3 and the regulator stated “(Alpari failed to) resource its compliance and anti-money laundering area adequately, in line with the growth of Alpari” and furthermore that Alpari “failed to provide him (the MLRO) with adequate support in the roles.”
- 4th March 2015 - Bank of Beirut (UK) Ltd is fined £2,100,000 and has new account opening restrictions imposed for 126 days. In his defence the Compliance Officer alleges that he had insufficient resource to execute a plan of remediation that was required to be performed.
- 30th January 2017 - Deutsche Bank AG is fined by both US and UK authorities for failing to have in place controls to identify $10 billion of suspicious transactions conducted between Russia and the UK. In its assessment of what went wrong the New York State Dept. of Financial Services noted that a lack of resources contributed to widespread failings: “These deficiencies were exacerbated by Deutsche Bank’s ineffective and understaffed (Financial Crime, AML units and Compliance) Units.”
This is a simple snapshot of large and smaller firms who have been sanctioned, and what is increasingly apparent to me is that a reoccurring theme in these regrettable failings is that the lack of resource undermines the operational effectiveness of the firm’s systems and controls framework.
What is less clear, and which I believe is worthy of further enquiry, is just why senior management repeatedly throughput this period of history fail to appropriately resource the very controls that are designed to safeguard their own positions, the health of their company and the welfare of wider society itself from the menace of the criminals and terrorist financiers.
I have spent more than three years travelling internationally helping to inform risk and compliance staff to keep abreast of international regulatory and legal change, and it is my view that the risk and compliance staff have never been more informed of these responsibilities than they are today. The persistent challenge it appears, is ‘negotiating’ and securing appropriate support, buy-in and the budgets to finance the implementation and maintenance of programmes of risk management.
This is best demonstrated by a passage that I have taken from the report provided by the Chairman of the US Senate Permanent Subcommittee on Investigations, Carl Levin, from 17th July 2012 titled ‘U.S. Vulnerabilities to Money Laundering, Drugs, and Terrorist Financing: HSBC Case History’ in which it is stated that very senior AML managers had felt compelled to resign their positions because they were unable to secure the appropriate staffing levels:
“In 2007, HBUS fired its long-time AML head after she raised resource concerns with the HNAH Audit Committee; an AML director hired in 2009 left after being denied the authority and resources he considered necessary to do his job.”
Interestingly, and by no means an isolated example, it appears that the senior management of HSBC were more inclined to invest in providing the resources that were required, only after the regulator intervened: “after the OCC issued its lengthy Supervisory Letter criticizing multiple aspects of HBUS’ AML program, bank management began to significantly increase AML staff and resources.”
When analysing past performance, I always choose to analyse my own personal performance first, and to identify how I can improve outcomes. Maybe it is time to look again at AML leadership training and development, and to reflect upon how well risk and compliance professionals are encouraged to develop and enhance their communication, negotiation and influencing skills. The truth is that most of the development that I have experienced has focussed on knowledge, rather than skills.
The advent of the era of the ‘risk based approach’ and a culture of ‘just in time’ management of operations which invariably leads to a reluctance to release the purse strings until the very last moment (or else a regulator requires it!), appears to me to support a requirement for risk professionals to become more ‘commercially savvy’ than ever before. The lessons from history confirm that whether we are on a battlefield in Bosworth, or in a modern boardroom, you need to secure the resources needed to support you in your endeavour, or else you are more likely to fail.
So please do remember Richard III when considering your personal development plan and those of your staff, and in keeping with the historical tone to my ramblings today let me leave you with a simple English proverb that can be considered to be a shield and a sword as you plan your next management engagement and are seeking more investment in your area of control:
“For want of a nail the shoe was lost. For want of a shoe the horse was lost. For want of a horse the rider was lost. For want of a rider the message was lost. For want of a message the battle was lost. For want of a battle the kingdom was lost. And all for the want of a horseshoe nail.”