Big banks and small banks
By Alain Bozzi, Chief Compliance Officer, Societe Generale
There is a tendency to believe that small banks will create compliance problems for larger banks. This isn’t necessary the case: big banks and small banks face the same regulatory rules.
Some small banks may be very specialised in a specific area of banking and may have a great deal of expertise. They may be very well organised in a particular activity, matching the quality of a larger institution. If a small institution knows the regulatory environment of its business very well, it will not create a significant compliance risk.
A big compliance issue for small banks is having adequate resources to cope with regulations. They need to ensure they have staff with adequate experience in this area; however staff turnover can be a major problem for small banks. It is very difficult to maintain compliance knowledge when this knowledge relies on a limited number of staff.
Larger banks must ensure that they know how their smaller bank counterparts are organised in terms of the processes, procedures and controls they have in order to deal with compliance issues.
Large banks and small banks working together to increase controls and reduce risk is a key factor for each party when it comes to regulatory compliance. Regulators increasingly expect this from the industry. We must make sure we can benefit from each other’s expertise and ensure all parties benefit from working together.
The tools used to conduct compliance risk assessments are very important. It shouldn’t be assumed that small banks are inferior to large banks in this respect. A large bank with fragmented IT systems could easily face problems to assess the consolidated compliance risks. In some cases, such as in Eastern Europe and Africa, smaller banks have avoided IT fragmentation, implementing solutions based on the latest technology without going through various development stages.
One of the most important aspects of compliance is knowing what your counterparty bank is doing in terms of business with its customers, in which geographies and for what kind of products. If you are dealing with a small, niche bank it is more likely that the bank will know its customers very well. The larger the bank, the more diverse and potentially complex its customer base, geographical activities and product range will be. Therefore, there could be bigger issues in understanding the bank and what it is doing.
Control functions are crucial for compliance. If a bank has good control functions, including regular reviews and internal and external audits, it doesn’t matter if the bank is small or large. Compliance strategy and governance comes from the top, so if a bank has management that is aligned on compliance, it is more than likely there will be less risk associated with that bank.
Big banks and small banks have to identify risks and qualify what risks they can live with. However, if an incident occurs at a big bank it can call on external experts to help it. Due to resource constraints, this isn’t always the case for small banks, and it will often take longer for such banks to work through issues.
The first obligation for each entity of a bank is to work within the local legal and compliance framework and ensure they are compliant. Large banks such as Societe Generale will have a global Compliance team, but each local Compliance Manager will be responsible for implementing a set-up consistent with the local laws. No matter what size a bank is, it must have compliance programs that are commensurate with the local obligations in terms of regulations.
On an international basis, banks also have to ensure they are compliant with regulations such as sanctions. Banks must ensure they have the right level of understanding of the various local, and international, regulatory obligations. This is particularly the case if a transaction is done in US Dollars – US laws must be adhered to, even if the transaction is not undertaken in US territory.
Larger banks tend to be more able to deal with the extra-territoriality of laws than smaller banks. In emerging markets, there tends to be less maturity when it comes to compliance, therefore it is often much more difficult for banks in these countries to deal with extra-territoriality. This creates a barrier for emerging markets banks, as larger banks don’t have the risk appetite to deal with them. Over the past few years, many larger banks have ‘de-risked’, pulling out of activities in these markets. Larger banks need to make sure that banks in these regions can develop international compliance standards and reach the appropriate level of maturity.
For small banks, compliance can be very difficult as they often don’t have the resources to develop high level of risk and compliance activities. Often senior management is not aware of compliance matters. Small banks often view larger banks as very bureaucratic when it comes to doing business, not realising many of the questions they are asked are due to risk judgements.