The front office control function may be moving past its awkward teenage years. But it still faces many challenges before it reaches full maturity.
The front office control function is growing up – and growing up is often a painful and confusing experience. On the one hand, it is now seen by tier one banks as an indispensable and valued core component of the organization; on the other, there are a lot of questions about its formation, operation and priorities that have yet to be answered. The 1st line of defence is no longer an immature infant, but it is perhaps coming to the end of the trying teenage years.
The importance of the front office control function is no longer in doubt. Operational risk failures of one kind or another have cost major banks some $320bn since the end of the financial crisis, and firms cannot afford these kinds of penalties. So, to both meet the demands of regulators and to better understand and address potential risks, the three lines of defence model is now firmly established.
So much so, in fact, that 80% of respondents to the 1LoD survey say that the front office control function has grown over the last 12 months and another 90% say that it will grow yet further over the forthcoming year. A quarter of these, moreover, expect there to be a ‘significant expansion in the function’.
Talent search is on
Three main pressures drive this continuing expansion, according to our survey: regulation, requirements of senior management, and the migration of functions from the 2nd line of defence. All three are deemed about equally important.
A little less than 5% of correspondents suggest that the front office control team will swell by more than 20% over the next year, almost 20% say by 10%–20% and 38% say by up to 10%. Over 75% feel confident that staffing levels will increase in the next 12 months.
If front office control functions are set to add still further to their already impressive headcount, it is less clear where these new people will be recruited from. Responses to this question were split. The top three most popular options were the front office chief operating office, operational risk and compliance.
Yet, asserts Simon Tuke-Hastings, a partner and head of risk, analytics and regulation at executive search firm Hammond Partners in London, it is actually highly unlikely that operational risk and compliance will prove fertile areas of recruitment.
During the first phase of the development of the front office control function, top tier banks did recruit heavily from operational risk and compliance. And it didn’t end well. “It created a major issue across the sell side in general where few got it right. You had people sitting in front of the head of a trading desk trying to influence him or her about changing the business and it became very clear they had never sat on a trading desk and didn’t understand the dynamics. They got steamrollered,” Tuke-Hastings says.
However, it is tough to bring people over from sales and trading. These are the people who have the skills and credibility to make a success of a job in the 1st line of defence, yet it is not always easy to persuade them to make the jump. Perhaps only an imminent reduction in force can provide the necessary motivation.
Tech’s got our back
Of course, the prowess and comprehensiveness of today’s cutting-edge technology is reducing the need for headcount increases and, it is hoped, will reduce it still further and at a greater rate in the near future. All senior risk officers put great store by technological advancement and we are, it appears, at a point of generational change in terms of the amount of data machines can process and the speed at which they can accomplish this.
This is particularly helpful in the area of surveillance. Trading data and dealer communications need to be watched even more closely to prevent those types of abuses that have cost banks so dear in recent years. But it is no longer necessary to listen, for example, to hours of telephone calls – machines, fed by rules-based systems, can do all that better and far more quickly.
Rupert Jolley, chief control officer at HSBC in London, told 1LoD: “The firm is making a significant commitment to surveillance, which is principally directed at the markets business. This isn’t just about meeting the needs of regulators, it’s because it’s a good way to do business. What we’re doing is consistent with the rest of the industry, and it’s expensive but I expect the investment pipeline to continue for many years.”
Dealing with data overload
Yet new systems bring a whole host of new challenges as well. The major current issue with surveillance systems is that they throw up far too many false positives, all of which require further investigation and this time the investigation has to be conducted by someone with a pulse. Most of the time these red flags turn out to be entirely innocent.
“Surveillance introduces false positives,” states Russell Dinnage, head of the capital markets intelligence practice at consultancy GreySpark Partners in London. “They are generated by what looks like misconduct or bad behaviour, but generally isn’t. Compliance spends as much time, headcount and budget responding to these alerts as they do on buying the solution in the first place. It’s a state of affairs no one is prepared to carry on with.”
Modern technology in general produces a tremendous amount of data, and while front office control functions would be impossible without this machinery, the industry is manifestly struggling to make sense of it all. It is suffocating under a thickening blanket of data. Not only do banks need a lot of data for their own compliance purposes, their clients are also asking for more and more so they can produce the proper reports for regulators.
All this has to be organized, sifted and streamlined, yet at the moment there isn’t much confidence that banks are getting to grips with it. “It doesn’t matter what advanced technology a bank wants to use, it’s no good unless proper data management and governance are in place,” says Scott Levine, a director at PwC in New York and part of the financial services digital capital markets consulting team. “There has to be a standardised taxonomy across the bank so the data can be complete and accurate for advanced technology to be applied.”
Banks also face the age-old problem of whether to build in-house or to buy off the shelf from the vendor. The latter alternative offers the attraction of speed of implementation, access to improvements and updates, and having help on hand should problems arise. On the other hand, businesses are generally so idiosyncratic than any solution has to be tailored and tweaked to suit specific exigencies anyway, so it is sometimes better to build internally from scratch.
A majority of banks are still in the implementation phase. Some 67% of correspondents to our survey said ‘in the build phase’ best described the current state of technology supporting their front office control function. Only 29% said it is ‘firmly embedded and operating a target operating model’.
Although the three lines of defence model is now widely accepted and implemented, there are often quite stark differences between banks in the way it is organized. A so-called line 1.5, and even a line 1b, occurs in some banks but not in others. Surveillance sits in the 2nd line of defence but then also sometimes in the 1st line of defence as well.
Some global institutions, such as Barclays and HSBC, have a global chief controls officer, overseeing all forms of non-financial risk across multiple divisions, group wide, and others do not. In some banks, the 1st line reports to the head of markets, and in others it reports to a group chief operating officer. No one pattern has achieved widespread acceptance, and it’s a challenge for each bank to find a model and a structure that suits them best – and then be prepared to alter it if it doesn’t work.
Buy-side and beyond
Other areas of the financial industry beyond sales and trading floors in banks will soon be wrestling with these issues – if they’re not doing so already. The regulatory searchlights are now being turned upon the buy-side. In the UK, the Senior Managers and Certification Regime is soon to be extended to 46,000 new firms in asset management, fund management, private banking, wealth management and retail banking. All will have to get to grips with the three lines of defence. Their businesses may be less complicated, but it will still be a big adjustment.
The issue that broods menacingly over the entire industry throughout all these discussions – about staffing levels, better surveillance systems, better data management and the optimal model – is that of cost. At a time when margins are being squeezed more tightly than ever before, banks must spend more and more money on non-financial risk. It’s very painful.
Yet there is no alternative. As Todd Sullivan, head of risk management for fixed income Americas, Morgan Stanley, in New York, says: “Would you care if the cost of oxygen went up? Yes, but you don’t have much choice about paying it.”
Keep calm and carry on.