This is our moment
The moment for the front office, 1st line controls industry has arrived. It is no longer a gleam in the eye of an eager regulator; nor is it yet a mature function with a long past.
But it is now an established and important aspect of the financial services industry, to which both senior management of banks and regulators look to ensure that the unhappy events of 2008/09 are never seen again.
This report represents what we believe to be the first independent publication to cover the 1st line of defence in all its glory. In it we hope to provide an authoritative and engaging overview of where the function stands at this point in its development, and also cast an eye to the future.
The timing of this report is apposite: we are at a point of inflexion in the history of the control function. What regulators are demanding from financial services in terms of evidence of the rigour of non-financial risk processes and also personal accountability for heads of businesses becomes much more onerous rather than less.
In the next year or so, for example, in the UK the Senior Managers and Certification Regime (SM&CR) will be rolled out to another 46,000 firms across the length and breath of the industry, and its message is clear: Heads of the business are responsible for non-financial risk and the most serious failures thereof meet with condign legal redress.
This pattern is echoed across the globe. Other regimes are known, for example, to be looking at the SM&CR with great interest. No sector of the world nor of the industry can escape this attention. And no serious bank or asset management firm anywhere in the world thinks it worthwhile to cut corners where control of risk is concerned. The 1st line of defence is at the heart of the zeitgeist of the industry in the second decade of the 21st century, and the control officer has come of age.
At the same time, the need to do more and more to provide reassurance both internally and externally that risk and control frameworks are robust arrives at a time of generational shift in the powers of technology. What can be checked and monitored by machines is now infinitely greater than even five years ago. Data can be managed, trades monitored and personal behaviour overseen with a degree of both comprehensiveness and celerity that would boggle the mind of a compliance officer ten years ago.
Moreover, we are only at the frontiers of what is made possible by artificial intelligence and machine learning. The next few years will yield even more exciting – and bewildering – possibilities. Wrestling with what can be done and at what expense will loom large in all debates about risk over the next few years.
We’d like to thank our sponsors first of all, but also the many people in the industry to whom we spoke for insights, comment and illumination, and who gave of their time so willingly and generously. We hope you find the following pages stimulating and provocative.