• Skip to main content
  • Skip to footer

SILO Compliance

  • Why SILO?
  • Demo
  • FAQ
  • AML Grey Matters
  • Contact Us
You are here: Home / AML Grey Matters / What Compliance Managers Should Report to the Board: Interview with a Board Member

What Compliance Managers Should Report to the Board: Interview with a Board Member

Due to time constraints and other speaking engagements, we were unable to host an AML Compliance Grey Matters webinar in October or November. In lieu of a broadcast, we are providing a transcript of an interview with a Cayman Islands-based retired attorney-at-law and a current and former board member of several AML regulated companies. In order to speak openly, our interviewee asked to remain anonymous.

Compliance professionals are often required to provide periodic reports to their senior management. But what should be included in a report? What does a business’s management need to know about its AML compliance status?

Management is responsible for navigating the business through difficult economic, regulatory, and market conditions. Compliance is just one facet of the business, but like all the others it has to function smoothly.

As a former compliance officer, I remember writing lengthy update reports to my senior managers. I now realise that those reports were likely not even read.

This realisation is not a criticism of my manager. After almost a decade of running my own business and being responsible for strategy, cash flow, customer acquisition and retention, and many other obligations, a detailed report from any one of the departments not run by me would likely go unread. Too much detail is unnecessary for management. I know that now.

So, what do managers need to be able to demonstrate to regulators that they are fully informed? And how do they encourage a culture of compliance?

To get some answers, I reached out to a Cayman Islands based current and former board member of several AML regulated companies. In order to speak openly, our interviewee asked to remain anonymous.

As a board member, what do you expect from compliance?

“I’m very aware of two things when it comes to compliance. First, compliance is also about reputational management. Both are critical to a business so making sure that the Board are able to oversee compliance is pretty important. Second, sh*t only seems to flow uphill! If compliance is not doing its job, it will become apparent and soon be; very much a Board problem.

That said, it’s not just compliance issues that can become explosive issues. Boards are also navigating the company through the strategic challenges that each business faces in its sector including increased regulatory scrutiny in all areas. Additionally, we could be looking at new acquisitions or being an acquired target by another. Anything related to AML compliance is likely going to be a seemingly minor point on a lengthy agenda. Unless it’s a huge problem that could cause the company reputational damage.”

Interesting. You want to ensure compliance is doing its job, so you don’t have to deal with the fallout. In your opinion, what do you look for in a compliance manager or MLRO so you can later avoid having to deal with messy compliance issues?

“Companies come in all sizes, and so do compliance teams. Compliance may be one person, or it could be a large team. Larger teams often have an MLRO report to a Chief Risk Officer. And the Chief Risk Officer could either be on the Board or reports directly to the Board. Smaller firms often have the compliance officer and MLRO and CRO duties performed by the same person, who may report directly to the Board.

That said, when I’m joining a Board, I want to know that the person in the MLRO/CRO role is someone with good relevant experience and qualifications and has good instincts for assessing if something isn’t quite right.
We’re also looking for someone proactive. The regulatory landscape is moving quickly. It’s not uncommon that even the regulators are still finding their feet and are often reactive to external pressure. An MLRO/CRO must be able to anticipate the pressures and be proactive and quickly implement new changes.”

Good suggestions. And as to the regular reports to the Board? What do you want to see in those? What would you read?

“It’s important that the Board gets a regular update on status of key compliance metrics. Such as number of new clients onboarded, number of clients that may have been rejected during the onboarding process or as a result of a failure to provide relevant information. But for the most part, Board members are not reviewing to the same level of detail lengthy reports from compliance. Most Board members are not compliance trained and are likely to assume the MLRO/CRO has a better understanding of compliance issues and is dealing adequately with operational matters. It is the MLRO/CRO’s job to raise any operational issues that may need the Board’s attention.

What I would like to see, however, is a quarterly presentation from the MLRO/CRO on anything that is keeping them up at night. During this presentation, I want the compliance officer to speak their mind. This presentation is when I’ll get helpful information. And, as a Board member, I’m then better informed on what we need to do to act.”

And what if compliance is keeping you up at night? What do you do if you suspect someone on the compliance team, such as the MLRO, is not performing well?

“Should it ever arise that the MLRO/CRO is not up to the job, I’m going to want to see management deal with the problem sooner rather than later while being cognizant that any change could impact our ability to keep operational matters flowing.

If the problem is simply that the MLRO/CRO lacks some technical skills or needs additional support, then I want them to get those extra resources. I am aware of a situation of an entity needing to move an MLRO sideways – much to their relief – when the Board realized that the individual was out of their depth in the role. But they had excellent skills otherwise.

Don’t let someone flounder – either give them the tools and training they need or move them off that position. And it’s perfectly okay to ask for help or to be transferred out of the role. It’s not for everyone.”

What other input can compliance provide to the Board or senior management of their company? I once observed that marketing activities resulted in new clients that weren’t passing the compliance requirements in a company. It begged the question of why compliance was not consulted before the company spent marketing dollars in a particular high-risk jurisdiction.

“Absolutely, and the same can apply with respect to M&A activity. If say you are looking to acquire another company, part of our due diligence will be to send in our own compliance team to audit the target company’s compliance. Their assessment could help determine the valuation of the business because if we’re going to get rid of half of the client portfolio because it’s too risky or non-compliant, then that can de-value the company.

There’s also the question of ensuring a strategic review of compliance remains part of the mindset of strategic decisions. For example, suppose the company is considering entering new markets, jurisdictions, or offering a new service or product. In that case, I want to hear from compliance what kind of clients we can expect if we move forward. What will that mean for our risk? What’s the regulator like in that new jurisdiction?

Thank you very much for spending an hour with me and providing me with your perspective. Any final words of guidance for a compliance professional that reports to the Board?

“As you suspected, some board members don’t want overly detailed reports, if the point can be made more succinctly. But remember, my perspective is mine alone – others may be different. If you have a board member who has in-depth experience of AML regulations or has been assigned the responsibility to oversee compliance, they may well want to see more detailed reports. But don’t assume that all Board members are reviewing them from the same level of experience or knowledge.

Effective communication is key when it comes to keeping your board informed. Keep your reports brief, clear and to the point. If you need to show backup materials or data, attach them as appendices. You don’t want to be wordy. Or overwhelm management with information they don’t need or can’t use to navigate the business.

If you do overwhelm them, the risk is that when you really need the Board to act on an issue, your need goes unheard because your report was unread or skimmed over with a cursory glance. And as I stated before, boards are sometimes dealing with potentially explosive issues that can result in reputational damage to the business.

It’s the compliance officers job to make sure any potential issues are reported to the board efficiently and timely, with the objective that the Board can then help you out before there is any reputational damage to the company.”

With many thanks to our guest for spending an hour with me discussing this topic.

If you have a topic that you would like our team to research and present or you can be a guest on a future broadcast of AML Grey Matters, please contact me at kimberly@silocompliance.com. 

December 9, 2021 · Kimberly Smith · Filed Under: AML Grey Matters, Software Resources Tagged With: Free AML Compliance Training Webinars

Sign Up for AML Grey Matters

Subscribe Now

Footer

What Is SILO?

SILO is an easy-to-use application that enables you to archive and retrieve your client due diligence materials; to risk-rate and monitor your clients; to run the necessary reports on them; and to train your staff. It is, therefore, the ideal application to meet all your AML obligations.

Navigation

  • Why SILO?
  • Demo
  • FAQ
  • AML Grey Matters
  • Contact Us
  • Privacy Policy
  • Cookie Policy & Consent

Contact Us

+1 501-422-8030
info@silocompliance.com

Follow Us

SILO Compliance on LinkedIn

Copyright © 2022 SILO Compliance Ltd. All Rights Reserved. Powered by Kanga Studio.

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of all the cookies. Read More
.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
_GRECAPTCHA5 months 27 daysThis cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement1 yearSet by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent1 yearRecords the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
CookieDurationDescription
__cf_bm30 minutesThis cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
na_id1 year 24 daysThe na_id is set by AddThis to enable sharing of links on social media platforms like Facebook and Twitter.
ouid1 year 24 daysAssociated with the AddThis widget, this cookie helps users to share content across various networking and sharing forums.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
CookieDurationDescription
_ga2 yearsThe _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_117971909_11 minuteSet by Google to distinguish users.
_gcl_au3 monthsProvided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid1 dayInstalled by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
uid1 year 24 daysThis is a Google UserID cookie that tracks users across various website segments.
vuid2 yearsVimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
CookieDurationDescription
__ss1 dayThis cookie is set by SharpSpring, a marketing automation platform. This is used for tracking visitors and form submissions.
__ss_referrer1 hourThis cookie is set by SharpSpring, a marketing automation platform. This is used for tracking visitors and form submissions.
__ss_tk25 yearsThis cookie is set by SharpSpring, a marketing automation platform. This is used for tracking visitors and form submissions.
_fbp3 monthsThis cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr3 monthsFacebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE1 year 24 daysGoogle DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
IDSYNC1 yearThis cookie is set by Yahoo to store information on how users behave on multiple websites so that relevant ads can be displayed to them.
koitk10 yearsThis cookie is set by SharpSpring, a marketing automation platform. This is used for tracking visitors and form submissions.
pa_crosswise_ts2 yearsThe pa_crosswise_ts cookie is set by Perfect Audience for advertising purposes based on user behavioural data.
pa_google_ts2 yearsThe pa_google_ts cookie is set by Perfect Audience for advertising purposes based on user behavioural data.
pa_openx_ts2 yearsThe pa_openx_ts cookie is set by Perfect Audience for advertising purposes based on user behavioural data.
pa_rubicon_ts2 yearsThe pa_rubicon_ts cookie is set by Perfect Audience for advertising purposes based on user behavioural data.
pa_twitter_ts2 yearsThe pa_twitter_ts cookie is set by Perfect Audience for advertising purposes based on user behavioural data.
pa_uid2 yearsThis cookie is set by prfct.co. This cookie is used across the websites that use same ad network to display ads to the other advertisers in the network.
pa_yahoo_ts2 yearsThe pa_yahoo_ts cookie is set by Perfect Audience for advertising purposes based on user behavioural data.
personalization_id2 yearsTwitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
test_cookie15 minutesThe test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
uuid23 monthsThe uuid2 cookie is set by AppNexus and records information that helps in differentiating between devices and browsers. This information is used to pick out ads delivered by the platform and assess the ad performance and its attribute payment.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
CookieDurationDescription
A31 yearNo description
SAVE & ACCEPT
Powered by CookieYes Logo