by Melvyn Morrison
Nico Zwikker is the former Head of Compliance at the ABN Amro Group. He started his career as a lawyer at the Amsterdam Bar and went on to the banking industry where he has been active during the past 25 years. Zwikker has previously also held a number of senior positions, including working as a lawyer and as a risk manager. His extensive experience in compliance, reputation and regulatory risk management encompasses a wide range of business risk profiles. During the course of his career, Nico has embarked on a stakeholder management approach in dealing with regulators (including national regulators and a significant number of foreign regulators), and he is fully conversant with the fast-evolving regulatory banking and securities landscape.
Risk & Compliance Platform Europe: “How should we interpret the new regulatory requirements?”
Nico Zwikker: “In addition to talking about rules and regulations, we should also be talking about people. As has been recently highlighted in the press, the good news is that many authorities driven to tighten up inadequate supervisory regimes in the wake of the crisis are trying to include more behavioural and cultural aspects in their oversight. The bad news is that there is a compelling body of evidence suggesting that the people most likely to venture into the riskier areas of financial services are precisely those least suited to judge risk.
We are presently embroiled in the largest and most fundamental regulatory reform ever seen: it is very complex. We must therefore fully understand what we are doing and, of course, the key to this is safer financial institutions and better-managed markets. In other words, ‘Thou shalt not cause damage ever again!’ is the message that we are receiving not only from the regulators, but also from society.
Moreover, capital, liquidity, market infrastructure, consumer protection, customer centricity, accounting standards and transparency, anti-money laundering/anti-corruption, resolution and crisis management, remuneration, and culture in financial institutions are just some of the topics that need to be placed high on the agenda. We are also confronted with an enormous amount of legislation and regulation, many really serious incidents and, of course, the on-going debate about the role of financial services in a time of economic crisis, coupled with enhanced scrutiny of how risk management functioned, functions and should function.
It should therefore come as no surprise that regulators are now not only looking at risk managers, compliance officers, and Board members, but also at the overall governance structures of banks.
The regulatory initiatives impacting banking are not just local, but also European and worldwide (foreign). They also interact, so we are also being faced with an increasing amount of complexity and new challenges, and in particular, the smaller banks may well become overwhelmed by implementation issues. We are now also seeing more EU regulations instead of EU directives. In the case of an EU directive, one has the time to incorporate the new rules. However, in the case of EU regulations, they are immediately applicable. Additional guidelines and technical standards are also being provided, however these are not always easy to implement. The regulators are now also interested in your relationship with your customers, and are moving towards what they refer to as regulatory judgement, i.e. providing an opinion about what you should be doing, and they are not reluctant to impose this opinion on you. In the context of more extra-territorial dimensions, our American friends are very good at exporting their legal framework, but they are also excellent in enforcing it by, where applicable, handing out significant fines.
Even though there now appears to be more regulators, there is still some coordination work to be done, and they sometimes compete, thus creating overlaps and a paradox. Although the EU regulators (EBA, ESMA, EIOPA, COS, ECB) are becoming stronger, at the same time, forces at work at local level are also enhancing dynamic cooperation. In other words, we are trying to keep the market together, but ‘if push comes to shove’ and there is really a problem, jurisdictional implosion and fragmentation will occur. So, regardless of whether you are a compliance officer, head of compliance, or a risk manager, you still need to really understand these flows and how this works. Moreover, regulatory reform will significantly impact business and business models, and will render some models obsolete (e.g. retrocession payments in the investment fund business). Consequently, the agenda will also impact (risk) governance and risk decision-making processes. Fundamental changes in the way we view the effectiveness of regulators are also gathering pace, i.e. regulatory effectiveness is now subject to scrutiny in the public domain (e.g. the press, interest groups and parliamentary review). Members of the Board should also be more willing to accept that the regulators will be more inclined not just to challenge, but to also intervene. Furthermore, regulators will impose penalties, sanctions and other formal regulatory instruments to achieve certain outcomes. They will also adopt a forward-looking, judgement-based point of view towards the way they approach market developments. So you should expect your strategy to be challenged to an increasing extent, and the quality of your decision-making and risk management, governance, and many other aspects of your business to be reviewed.”
Risk & Compliance Platform Europe: “So just how should we proceed in order to optimally meet regulatory expectations?”
Nico Zwikker: “The enormous volume of imminent regulation is heralding fundamental change and reflects society’s call for reform. However, we also need to fully understand and embrace this reform. In other words, we should not wait, but instead, be pro-active. Regulatory change and the call for reform should be high on the agenda of every Board. A Board member should be formally responsible for driving the change agenda as part of the overall strategy of a financial institution. In terms of decision-making and achieving optimal outcomes, risk management is a strategic art, and not just a quantitative exercise. It is also important to realize that a regulator is a stakeholder. The change agenda should therefore include structured and effective communication and a transparent exchange of views with all external stakeholders (i.e. including regulators). It is better to influence the regulatory outcome than to dismiss the developments. The internal governance of the risk function should embrace all risk-related key control functions, thus enabling convergence of the risk parties. A risk manager should have social skills as well as quantitative skills, and be fully conversant with his organization, its culture, and the people who actually work there. He should also be prepared to defend the risk appetite statement of the financial institution and to challenge management decisions if the spirit of this statement is called into question. The risk manager should also be outward- and forward-looking, not inward-looking, and should understand the forces that are changing the financial services industry so that he can think ahead. It is also unwise to underfund and under-resource your risk management function, and you will need key people with the necessary skills to develop it in the future.
Although I am a compliance officer, I don’t like the enormous amount of rules, and most of them are ex-post facto, i.e. rules that have been drawn up later to alleviate the damage already inflicted. In my opinion, the rules were probably already proposed too late.
I would therefore like to conclude this article with the question: Is a bank value-driven or is it values-driven? There is an important difference. Maybe this is a pseudo-dilemma because in the future, you will perhaps be value-driven by being values-driven. This may be a very idealistic point of view, but if this is true, we are going have to look much more carefully at the people working in our industry who are setting the standards. We really need to ask ourselves whether we are leaders or followers, whether we are really taking the views of society into account or even care about our role in society, or whether we are simply more interested in making lots of money. It is extremely frustrating to have these changes imposed on us, without being able to take effective steps that are fully conducive with our new role. It is abundantly clear that changes need to be implemented; however it is less clear whether regulators, consumers and politicians will give banks and other financial institutions enough time to implement these changes themselves. At the moment, I think the mood is still one of extreme discontent: people are very angry. And personally, I don’t think that we have that much time left. Instead of implementing rules, we can improve our behaviour by applying our values. Then we can get ahead of the game because this works faster, so we should not constantly be waiting for new rules to appear on the horizon.”
Photo : Pol Leemans