They’re Too Big to Fail, But What About Too Small?
In the Compliance world there is Too Big to Fail… you know, the global financial institutions that are so large that some question whether they are even capable of fully understanding and detecting all of the different ways that their institutions can be “gamed” by fraudsters, money launderers and other ne’er-do-wells.
But what about institutions that are the other end of the spectrum? Small Financial Institutions, Smaller Financial Services Firms and smaller businesses, whether they are start-ups or just small well-run businesses, also have need for knowledgeable subject matter experts in areas of money laundering compliance, sanctions compliance, trade compliance, FATCA, FCPA, etc., etc. Many such firms have two handicaps in meeting the variety of regulatory requirements and operational risk management efforts of their larger brethren:
• Lack of knowledge/understanding, and
• Lack of Financial where-with-all to bring in such subject matter experts.
First, let’s briefly discuss lack of understanding/knowledge: Here the issue is one centered in the issue of “good enough is well, ‘good enough’”. Many smaller firms fail to realize that their firms are just as prone to be “gamed” by the bad guys as a larger firm. Smaller firms are attractive targets because of the perceived lack of need coupled with experience and financial limitations.
They often mistakenly cling to the notion that “we know our customers and they would never do anything wrong”. Compounding the problems of this naïveté with a strong over-reliance on the over-stated idea of “using a risk-based approach”, many firms do not perform a truly independent review of their compliance programs from top-to-bottom to determine where gaps or potential flaws may exist. Smaller organizations similarly fail in the areas of fully protecting their intellectual property and critical information assets as well. It is interesting to note that a number of the penalties issued by the US Treasury’s Office of Foreign Asset Control over the past 12-24 months have involved civil money penalty assessments against smaller firms (both banks and corporate) for sanctions-programs violations.
FFIEC guidelines and sound business practices alike clearly call for all institutions to perform regular independent reviews of their compliance programs. In addition to more stringent AML and Sanctions Compliance regulations, the passage of Dodd-Frank further punctuates the need for this by imposing a wide range of additional regulations that affect large and small institutions and businesses alike.
This brings us to the reality of the second issue of lack of financial where-with-all to place themselves in a position of obtaining the right resources to help them accurately not only identify legitimate gaps but to also remediate those flaws in a satisfactory manner. This merely reinforces the faulty notion of damned if you do and damned if you don’t.
So what should a small financial services firm or start-up business do? They can’t ignore the regulations requiring compliance and they can’t ignore the problems due to the keen awareness caused by limited resources.
One solution is to bring in the right consultants in perhaps a different way. Training can be provided in a pooled manner by sharing the costs among several firms. Another way might involve bringing on subject matter expertise providers as advisors to your firm, or to your Board of Directors. Core Systems providers in the financial sector and other software systems providers to the marketplace are bringing on subject matter experts to help firms to address compliance issues that smaller firms face. These are well-intentioned efforts in the right direction. However, because these firms also have a vested interest in selling their products to these smaller firms (namely, their software and/or their data services), a reasonable question arises as to how truly independent are they in providing advisory services to smaller firms?
Yet another way might involve outsourcing parts of your program requirements to firms with demonstrable expertise in these areas. This can be done but it requires that the firm definitely contract with firms possessing the right resources on hand to help manage these services as a “partner” with smaller firm clients.
Whatever ways you choose to address these issues, as a smaller or even a moderately sized organization, know that there are more options available than you might be aware of. If we can help direct you, please do not hesitate to call on us to help provide clarity from the complexity of such situations.