Pain Points: Top Frustrations for Compliance, Risk Management & Internal Audit
It’s not easy to work in compliance and risk management. Some institutions may treat compliance and risk as stand-alone departments, but the reality is that they intermingle with every other department.
We asked attendees of the ABA Risk and Compliance Virtual Conference to tell us about their top compliance, risk management, and audit pain points at their financial institutions. Here are the results of our casual poll.
Top Compliance Pain Points
#1. The board doesn’t understand the complexities and implications of compliance. Compliance officers know that compliance isn’t simply black and white. It’s many shades of gray that depend on a variety of factors including the wording of the law, rule, or regulation and the nuances of a particular institution. It’s about knowing where the greatest risk is and proactively managing it to avoid compliance violations, litigation, and problems.
It’s a complexity boards don’t understand, according to 81 percent of respondents. What do compliance officers need from the board and management?
- Supportive, understanding & appreciative leadership
- Sufficient authority and autonomy
- Access to relevant information from other departments
- Adequate resources
- Independent testing to uncover deficiencies
- Transparent reporting
#2. Not enough time to manage regulatory compliance. Two-third of compliance officers say there aren’t enough hours in the day. Compliance is a time-consuming task and it doesn’t help that many compliance officers say they:
- Don’t have enough staff or resources
- Don’t have the right tools
- Don’t have the support of other departments
Compliance officers are often overwhelmed by the pace of regulatory change, a lack of centralization when it comes to compliance activities, and the ongoing struggle to break down silos and increase collaboration between departments. While some departments can operate somewhat effectively as an island, compliance exists to aid in other departments.
#3 Department heads don’t take compliance seriously. Twenty percent of respondents gave their top pain point as uncooperative department heads who don’t recognize the importance of compliance or the value it brings. They don’t realize that working with compliance can actually lead to solutions that benefit the FI.
Top Risk Management Pain Points
#1 Not properly assessing risks in each department. Once again, uncooperative departments are a common source of stress with 66 percent of respondents citing this as their top risk management pain point. Common frustrations are that risk assessments are siloed and inconsistent across departments. More broadly, risk managers worry about having sufficient data, resources, and insights to properly assess risk and that controls are regularly changing and in need of assessment.
#2 Risk managers worry that if they identify risks, they fear they’ll be to blame for it. It’s a classic case of don’t blame the messenger and a major worry for 16 percent of respondents.
#3 Board and management doesn’t leverage risk assessments to make strategic decisions. Risk managers go through the trouble to collect data, build relationships with other departments, and conduct thorough risk assessments. When they’re done they turn in their reports—and nothing happens.
Twelve percent of respondents are frustrated that the valuable tool they create isn’t put to good use. These boards and management teams see risk assessments as a check-the-box activity, and not the insightful and data-rich treasure troves that they are.
Top Internal Audit Pain Points
#1 We do internal audit but not enough internal control testing. This is a pain point for one-third of respondents. Why isn’t there enough internal control testing? Common reasons include too many audits, not enough resources, a lack of management support, the difficultly of keeping up with regulatory change, poor communication, and insufficient data. Others wish for a more robust audit plan, more specific scoping, and better monitoring.
#2 We don’t do a good job of managing the findings from internal audits. Twenty-two percent of respondents wished internal audit findings were better managed.
But it’s not all bad news: Nearly 14 percent of respondents think their internal audit program is in good shape and are confident things are being done correctly.
How to Alleviate the Most Common Pain Points
A common thread among these pain points is an acute need for board and management support as well as sufficient time and resources to get the job done. The number of risk assessments, audits, and compliance activities isn’t decreasing, and many FIs are reluctant to provide additional funding because they don’t understand the important contributions to the bottom line that risk management, compliance, and audit ultimately make by preventing costly civil money penalties, litigation, and reputation damage.
It can be an uphill battle, but it’s possible. For advice on making your case, check out How to Work With The Board & Management: 6 Tips From A Top Compliance Officer.