Compliance is often perceived as a function that’s essential to the running of a financial services (or other similarly regulated) business but it is not always seen as a key to unlock strategic benefit or business growth.
Let’s start with an allegory.
When learning to walk, a stumble will be a learning experience but it is unlikely to cause a serious injury. Later on, when pedalling a bicycle furiously downhill, a tumble can have more serious consequences. The first few months of a startup can be compared with learning to walk and a couple of missteps are practically expected. Later on, as the company gains size and momentum, the need to exercise caution grows commensurate with the size and pace of the business.
Compliance is the way we mitigate risk at all stages of the business and it is designed to scale with the business by taking the precautions that are appropriate to the stage in which the business finds itself. Naturally, there is more to compliance than the bare requirements that are placed on a company by the legal framework. Proper precautions consider regulatory requirements as a starting point and build up from there.
Building a compliance process requires a thorough understanding of the business and the risks it is facing. Knowing the risks places the business in control. This is why compliance and business growth go hand in hand because a business that can properly assess risk – and operate in a way that accounts for it – is a business that is in control of its every step.
The compliance function must be entirely aware of the business model and growth plans to function effectively. Equipped with this knowledge and a thorough understanding of the industry landscape, compliance can protect the business model, the interests of the team, and contribute to the longevity of the business. After all, a company can’t grow if it is making steps that aren’t compliant with the regulations that govern its operations. Even more perilous is the company that forges ahead blind to the risks it is facing.
Another way of seeing this is that a company that is compliant with all regulations is one that travels along a trajectory that is designed to seize control of risk rather than be exposed to it – and this is a strategy that is significantly more likely to build sustainable growth.
The laws and regulations prescribe the minimum required for a company to operate within its area of practice. Of course, the compliance function ensures that the company operates on the right side of the law, but this strict view of compliance simply allows a company to maintain its existing reputation. There is much more to be achieved with a strategic compliance function than simple reputational maintenance.
Let’s take a look at an example of the way we approached our onboarding process for iPaymix and Paymix Pro. We considered the typical security requirements as a baseline and built biometric authentication and NFC technology on top of that. An understanding of the technologies that are robust enough to shore up our security platforms as well as knowing what would be acceptable to our client base provided us with a significantly higher level of safety to our customers while being well ahead of the regulatory expectations.
As technology advances there is a simultaneous increase in security threats, but also an improvement in the tools at our disposal to deal with these threats. This means we must have the agility it takes to remain several steps ahead of the market.
For instance, our transaction monitoring model from 2021 wasn’t as useful to us in 2022 because of our own business growth. We needed to remain aware of our new risks and to step up our risk models accordingly. This is not only a function of our business by volume but also of the industries we were exposed to in 2022 that we hadn’t been dealing with just a few months prior.
As we approach a new industry we do so with caution, with the compliance function forming a first line of defence. We endeavour to explore the full context that the industry presents us with before committing to offer our full range of services to it. With compliance sitting on onboarding meetings and by piloting an industry with specific clients, we take the time to obtain a reasonable view onto the landscape we are about to explore.
When speaking about understanding a market, we deal with a broader context than simply the strict assessment of a transaction-based analysis. While a surgical approach can give specific insight, there is a need for a broader understanding of the way the business works and an understanding of the many moving parts across the industry.
This allows us to understand the market, to properly assess risk, and enter the enterprise with a degree of control. And entering a new segment when properly in control is essential to enabling sustainable growth in that industry.
So far it should be apparent that appropriate compliance gives control over risk but this ignores a fundamental aspect of the function. As mentioned above, compliance derives its objectives directly from the business strategy and, in our case, is an essential pillar of our environmental, social, and governance principles.
Assessing the risk of an industry we could possibly be working with is also done in terms of our fundamental principles. If there is a chance that a client or a supplier, for instance, would operate in a space that directly violates what we stand for, it is duty of compliance to flag this risk. Banking has, for too long, considered operational risk as the primary concern but for an enterprise to grow in the right direction it must be true to its set of core values.
