Regulatory Changes in Compliance Oversight within Financial Institutions
As we discussed in the fourth section, the last crisis was triggered partly by BNP Paribas’ sudden suspension of client redemptions because it was, in that moment, impossible to calculate NAV. It is interesting to note that this issue was driven by compliance considerations, with the firm citing “equal treatment of [its] investors” and claiming that the decision was “in strict compliance with regulations” for each of the funds (BNP Paribas 2007). It is unclear how many firms might have faced similar (though less extreme) circumstances and decided to continue with “business as usual.”
From 2008 to 2017, the number of SEC Registered RIAs has increased by 12.3%, as shown in Exhibit 21 (RIA in a Box 2018). The amount of compliance performed has also increased substantially in the past ten years. Recent data gathered from third-party compliance providers indicates that the cost of compliance per year in the banking industry is $270 billion (Farley 2017), and a recent cursory search on LinkedIn for “Chief Compliance Officer” showed over 400 job openings. The number of estimated compliance-related positions in investment management and banks in the United States is 30,000.
Exhibit 21
Number of SEC-Registered RIA Firms
Regulators presumably hoped that requiring the banking industry to invest in compliance oversight at the individual firm level after the financial crisis would reduce systemic risks. This regulatory requirement may have reaped real changes in a firm’s detection and management of the risks that led to the financial collapse in 2008, had these new compliance staff people and officers had the knowledge and experience to do their jobs. Unfortunately, according to our collective experiences, most compliance staff had never traded OTC securities in distressed markets and lacked even the most basic understanding of how the markets work to effectively monitor the risks lurking in OTC securities. As a result, the increase in compliance-related regulatory requirements merely creates a false sense of security and has had little impact on actually reducing systemic risk, though perhaps it helped lead to the shift of that risk from banks to insurance companies and pensions.
Given the negative, asymmetric consequences of a compliance miss, there is now a great risk of compliance tails wagging business substance dogs and creating or exacerbating risks they were meant to prevent or mitigate.