Insight # 59 : These are the voyages...New Models & Global Operations

How to Roll Out a Regional PMO Compliance Function

Regulators across the globe continue to roll out major programmes of regulatory initiatives in financial services to reinforce the regulatory framework in response to the financial crisis.

For UBS, the hit was a $1.5 billion settlement over charges around manipulating Libor interest rates, fraud, and paying bribes to brokers. For JPMorgan it was a $2.6 billion settlement to the U.S. government around ignoring evidence of fraud in connection with Bernard Madoff's Ponzi scheme.

And the list of eye-watering fines, settlements, and charges goes on and on. Global banking firms' compliance functions are vitally important - for two main reasons: "The fines pack a financial punch and put companies' reputations at risk," explains Conrad Trinidad, Senior Consultant for Asia Pacific at Pcubed.

With the onset of new and more complex regulations and regulators challenging existing risk and governance models, Trinidad says many recent clients are continuing to invest heavily in building up their compliance infrastructure and improving risk cultures within their institutions.

"We continue to see executives beefing up headcount to help manage and deliver compliance initiatives," he explains. Pcubed was recently engaged by a large global bank's senior management to set up and run the bank's regional Compliance Project Management Office, for example.

Many compliance functions are focused on implementing strong compliance programs across the organization. But they often fall short in terms of the extensive project management expertise needed to streamline and deliver such a major programme of work in an increasingly challenging regulatory environment.

"The regulatory landscape is always changing," Trinidad says. "There's more focus from compliance to deliver on risk management, stress testing, anti-money laundering regulations, capital adequacy, and strengthening areas on data protection, cross-border activities, MIS, and monitoring and surveillance. Regulators continuously set intensive and intrusive inspections and audits on these commitments."

The Dodd Frank Act, signed the Act into law in 2010 in response to the financial crisis of 2008, has created a new regulatory climate in the United States, setting up new federal monitoring agencies and introducing new legislation, including rules designed to regulate derivatives and limit speculative trading.

In the UK the Financial Services Authority has recently imposed a number of high profile fines on companies for failing to abide by market manipulation regulations. Oil-rig manufacturer Lamprell PLC, for example, was recently hit by a £2.4 million fine related to systems and controls failings leading to breaches of the Listings rules. In the process, the FSA has formulated a new system for prescribing financial penalties in future market misconduct cases, set between zero and half a percent of an organisation's total market capitalisation.

Data protection is another area of focus for many organizations. A large number of banks recently have been punished for allowing data theft to occur, for example. Earlier this year South Korean regulators fined three credit card companies for their role in the country's largest-ever theft of financial data; information on more than 20 million people had been stolen and sold to marketing firms.

The high penalties at stake make the risk of market manipulation another area of focus for 2014, Trinidad says. "Wall crossing necessitates particularly strict procedures to be in place to ensure that potential insider information is only disclosed in tightly prescribed circumstances," he explains.

Trinidad offers two areas of advice for structuring an effective program management office to deal with compliance projects.

Set Up the PMO Engine

A recent client had been falling behind in its commitments on regulatory goals as a result of missed deadlines, unclear dependencies, and the absence of a comprehensive progress reporting infrastructure. A major challenge has been working with resources in other functions (lines of business, technology, legal, internal audit, and human resources) spanning 14 territories in the region and across the global organization to achieve compliance goals and deliver accurate management reporting.

Today, regional compliance functions run hundreds of projects and regulatory commitments alongside their own business area activities. Trinidad points out that while compliance teams may recognize the importance of a strong project management culture of delivery and due diligence, they often find a shortage of project management skills within their organization.

To address the gap in this environment, Pcubed rolled out a strong, "fit for purpose" PMO to provide program management leadership, structure, governance, and communications. Among the deliverables for the PMO: a reporting structure, project management guidance, and direct support for the appointed compliance project manager and the relevant stakeholders across the region.

"We have expanded the client's existing PM methodology and rolled out supplementary PM governance and oversight and checkpoints to ensure that projects are tracked and reported accurately, thus enabling the PMs to get the necessary support and escalation to the PMO and senior management for intervention and help," Trinidad says.

Seek Transparency and Visibility

According to Trinidad, it's the job of the PMO to monitor project risks and issues and overall project health. To succeed, the work environment must be transparent. Enabling regular communication and accurate management reporting enhances visibility of on-going projects and strengthens the dependency management among global, regional and country projects.

This is an area where Pcubed continuously offers added value to its clients, he says. "Our compliance dashboards offer quick wins to organisations that have previously struggled to pull together the required project management information."

While any effective dashboard is intended to provide management report data consolidated in a simple, real-time format, these highlight crucial parameters such as the top five issues and risks that need continual monitoring, a list of action items highlighted with regulators, and major regulatory changes coming up for each quarter.

Articulating the Value

Firms are rethinking and strengthening their compliance approach in the new regulatory environment with the support of an effective compliance PMO, says Trinidad. This dedicated PMO function empowers the compliance function by identifying and mitigating risks to ensure delivery of projects and commitments from three angles:

  • Rolling out a comprehensive PMO oversight that provides a reporting structure, project management guidance, and support for the appointed compliance project owners and stakeholders;
  • Establishing relevant management reporting for senior management and stakeholders in the region by providing visibility on project health, dependencies, risks, and milestones; and
  • Establishing clear communication channels to senior management to effectively manage regulatory commitments and risks.

Regulatory changes will continue to shape the competitive environment of the financial services industry. An effective compliance function will outfit organizations with the operational flexibility to support banks with their due diligence, successfully overcoming regulatory censures and protecting their reputations worldwide.

For further information on this article and Pcubed, please email