Compliance: Taking on a Strategic Role

According to recent research conducted by SIA-SSB, together with the ‘Claudio Demattè’ Research Department of the SDA Bocconi Business School and the Italian Compliance Association (AICOM), the compliance function is becoming increasingly strategic for the financial industry. The second annual study focused on the evolution of the compliance function and compliance risk in investment services over the course of the Markets in Financial Instruments Directive (MiFID) implementation by the European Union.

The study centred on the development of the compliance function in the financial market and the effect of applying MiFID regulations. The research investigated the following four areas:

  1. Compliance function’s position in the company’s organisational structure.
  2. Role assigned to the function.
  3. Measurement, transfer and compliance risk mitigation methods in investment services.
  4. Interaction of the compliance function within and outside the company’s structure.

The 2009 research, which was performed in Italy, broadened the spectrum of financial intermediaries that were interviewed. The 2008 study appraised 35 intermediaries, namely banks and investment intermediaries, while the 2009 survey involved 84 subjects, including banks, asset management intermediaries, stock brokerage firms and, for the first time, insurance intermediaries. The results are a meaningful indicator and also provide a valuable picture for other European countries in addition to Italy: 29 of the 84 financial players involved in the study have more than 50% their business abroad. In general, the results mark a clear step forward compared to last year’s study and outlines a number of interesting trends.

The 2009 research found that 75% of the interviewees believe that compliance can play a key role in pushing forward innovation around investment services. Results also found that, while the 2008 survey registered only modest attempts to elevate the compliance position, evidence published this year shows that the compliance function is gaining increasing prominence in the corporate structure, both in the organisational chart and internal control system.

In nearly half of the respondents, the compliance function reports directly to the board of directors (42%) or directly to the chief executive officer (15.5%); it also enjoys greater autonomy, with 46.4% of organisations confirming that they decided to provide the function with an independent budget (compared to 31.4% in 2008). Clearly, the recent domestic regulatory changes have played a major role in the function’s evolution: the compliance function became mandatory for banks, investment management firms and insurance intermediaries between July 2007 and March 2008.

Compared to last year’s results, the research indicates a strong adaptation to a more accurate positioning of the compliance function within the organisational business structure. Yet the average size of the function has remained virtually unchanged: 64% of firms have between one and five full-time equivalents (FTEs). Within this average, however, the range extends from less than one FTE to departments with hundreds of FTEs devoted to the compliance function.

With regards to the responsibilities and duties assigned to the compliance function, the survey found that 82% of the intermediaries have a detailed and formalised description of the allotted tasks. This does not only represent a formal procedure, but steers the function’s contribution towards compliance risk governance.

The 2009 survey shows that cost cutting seems widespread: the crisis has forced company’s to limit expenses, including compliance. Nevertheless, many feel that drastic cuts should not be attempted in light of the main causes of the current crisis. For example, expected budget costs and the overall pessimism of financial intermediaries have created uncertainty with regards to needed investments. Extreme cautiousness does not seem justified, considering expected challenges facing intermediaries.

Looking at the micro-structural level, the situation remains relatively unchanged in comparison with 2008: only 44% of intermediaries have implemented dedicated technological applications. This survey confirms that the use of IT is still at an early stage, both in qualitative and quantitative terms.

One of the most interesting facts arising from the survey concerns the financial players’ objective with regards to compliance activity as a whole. Those who believe the main task of the compliance function is to minimise civil, administrative and criminal sanctions remains substantially unchanged at around 30%; while those who consider it essential for improving the corporate reputation rose from 20.3% to 33.3%. A further 23% of the sample faithfully adheres to the Basel Committee’s definition, indicating a desire to avoid sanctions and reduce damage to reputation.

The survey also revealed a small increase in the number of intermediaries who have implemented a method for estimating losses due to non-compliance. The proportion of the sample that has carried out at least the qualitative and/or quantitative risk measurement process phase grew from 42% to 46.8%. In contrast, only 15.5% of intermediaries declared that they were equipped with tools for managing compliance risk. The figure may seem quite modest but it reflects a positive trend, as compared to two years ago when it was zero.

The number of firms operating domestically that use a dashboard for monitoring and managing compliance risk is still quite low, while over half (51.9%) of intermediaries with international operations say that they use dashboards as a summary document.

According to the study’s results, intermediaries give the compliance function within the MiFID implementation process mainly a consulting (advisor) and pushing (initiator) role, 52.4% and 47.6% respectively, while a smaller percentage (14.3%) recognises to the function the role of implementer. The pushing effort is particularly evident in organisations operating internationally, while the internal consulting approach seems to be mainly preferred by domestic operators. This points to the fact that certain domestic intermediaries may still face a learning curve in the inherent potentials of the compliance function.


The 2009 research shows that the compliance function has achieved the position that the regulators have assigned to it within the organisational charts: as an independent corporate function. Nevertheless, some further steps are essential to enable the function to perform a truly strategic role, allowing each financial operator, bank, investment firm or insurance to maximise its reputation/competitiveness in the marketplace through efficiency and control.


Related reading