When Banks Mass-Hire Compliance Officers

Nearly every financial services firm from the global banking giants of Wall Street to the small community banks of Main Street is drowning in new regulatory requirements these days, forcing many to significantly expand their compliance staffs.

According to recent analysis conducted by the American Bankers Association, which represents the nation's $13 trillion banking industry, financial firms of all sizes increased the number of their full-time compliance employees in 2013 compared to 2011, when the ABA last conducted the survey.

Some banks that have faced regulatory problems are hiring massive amounts of compliance professionals. JPMorgan, for example, announced in September that it would hire as many as 2,000 risk and compliance staffers.

While banks are certainly increasing compliance staff, mid-size banks still have relatively small compliance departments compared to the giant banks, such as Bank of America or Citigroup. Depending on the degree of regulatory complexity, banks in the $1 billion to $10 billion range “might still be in a position of having five or fewer compliance people full time,” says Richard Riese, senior vice president of the ABA's Center for Regulatory Compliance.

Where those numbers grow exponentially, Riese says, is at banks above $10 billion in assets, where compliance responsibilities are often divided among several departments. Within these larger financial institutions, “there are a lot more people who would probably identify themselves as spending full time in compliance,” he says.

There is “a lot,” however, and then there is JPMorgan Chase and HSBC. Both banks recently revealed that they would be hiring thousands more full-time compliance staffers. JPMorgan, which banking regulators have had on speed-dial over the last few months as they work with the bank to settle various charges, said it will add 3,000 employees to its risk and control staff to focus on legal and regulatory matters, while assigning an additional 2,000 employees to focus on risk and compliance efforts inside their business units.

Susan Wright, HSBC's head of financial crime external relations, recently announced similar efforts. “Our [compliance] resources have increased substantially. I can't give the exact figure, but JP Morgan's number is very similar to where we will be,” Wright stated in remarks at a financial crime conference hosted by the British Bankers' Association. She said the new job positions will bring HSBC's total compliance staff to more than 5,000, almost two percent of its global workforce.

Such massive recruitment efforts are “definitely unique and very non-traditional,” says Jack Kelly, managing director and co-founder of executive recruitment firm The Compliance Search Group, which specializes in the recruitment of compliance professionals at Wall Street banks. “I've never seen a firm come out publicly and state that they plan to hire that large an amount of people,” he says.

David Symes, managing director of London-based Compliance Recruitment Solutions, also says he's never heard of any company hiring that many compliance employees before. “It's very unusual,” he says.

Quality vs. Quantity

Such recruitment efforts are even more unusual compared to other Wall Street banks. “The economy is still fragile. A lot of people are worried about the government shutdown. Wall Street, itself, is not really hiring many people,” says Kelly.

One of the few areas they are hiring in is compliance. “So when they look to hire, and they view it as a cost, they're not rushing,” Kelly adds. As a result, the realistic timeframe to hire a mid-level person with 5 to 10 years experience is easily three to four months, he says.

In the case of JPMorgan and HSBC, “what they're doing on a massive scale, it's hard to fathom how they could do that efficiently and quickly and really make the right decisions,” says Kelly.

Recruiting a compliance staff of thousands is not without its challenges, but those challenges have less to do with the actual number of potential employees and more to do with the expertise of the staff, says Stuart Rosenthal, managing director of compliance and recruitment search firm Rosenthal Consulting. Any large company can hire thousands of employees, he says, “but are they really hiring senior enough people that know what they're doing?”

The entire point of bringing on more compliance employees is to hire quality people to do quality work, Rosenthal says “To do the kind of hiring announced by JPMorgan and HSBC, it's hard to get quality people,” he says. “If you're just hiring people who are rubber-stamping things, it's inefficient.”

“To do the kind of hiring announced by JPMorgan and HSBC, it's hard to get quality people. If you're just hiring people who are rubber-stamping things, it's inefficient.”

—Stuart Rosenthal,

Managing Director of Compliance,

Rosenthal Consulting

Symes agrees. “I've seen companies laying out lots of money trying to put right a problem in a hurry, but inefficiently.”

These same companies typically have suffered a financial fine and reputational damage, Symes adds, “all of which could have been avoided had they hired the right quantity and quality of resources and talents beforehand.” From a practical standpoint, to hire thousands of compliance employees, particularly if they're going to take on advisory, auditing, or monitoring roles, the minimum amount of time the hiring will take to do it effectively is six months, he says.

At the same time, no company wants to bring on more compliance employees than it actually needs, because you then raise the risk of creating redundancies, says Riese. “That's just not efficient,” he says.

Specific Roles

Then there is the question of where HSBC and JPMorgan plan to place all these new compliance employees and how those roles and responsibilities will be delegated. According to one compliance officer at HSBC, “they don't know where these hires are going to be,” says Rosenthal.

What the compliance officer said is that “he hopes they're not all going to be in the United States,” Rosenthal adds. “He thinks they already have too many compliance people spread across the company, and it's an inefficient environment.”

As far as how those compliance functions will be divided, HSBC stated in its 2013 interim report issued in August, that it has increased its “regulatory and financial crime compliance” workforce by a headcount of over 1,600 employees.

Specifically, HSBC spelled out three main areas of compliance that it plans to focus on. These include:

Customer due diligence: developing an integrated framework to manage financial crime risk more effectively across the complete customer lifecycle. This includes know-your-customer programs, affiliated due diligence programs, and other areas, such as tax transparency;

Financial crime compliance: creating a consistent, flexible, and scalable compliance organization and the financial crime risk controls to make sure that all DPA and other regulatory obligations are met. “This includes implementing a comprehensive anti-money laundering and sanctions compliance program globally.”

Financial intelligence: building our capabilities in the capture and use of customer and transactional level data to identify suspicious transactions, activity or connections.

HSBC: GLOBAL STANDARDS

Below in excerpt from its interim report, HSBC explains its global standards.

We believe that implementing Global Standards gives HSBC a distinct competitive advantage. We continue to build a more sustainable business model by investing in best-in-class risk and compliance capabilities, while de-risking operations in higher risk areas.

The Group's specific program to enhance Global Standards with respect to financial crime risk continues to make progress. With a focus on managing execution risk, the various work streams have been consolidated under a governance framework.

A Global Standards Execution Committee, reporting to the Global Standards Steering Meeting (‘GSSM' – part of the Group Management Board) and the Financial System Vulnerabilities Committee, provides execution controls based on the direction and priorities set by the GSSM. Under this governance structure, a global deployment approach has been developed to manage execution risk and oversee a prioritized implementation program. The three primary areas of focus are:

Customer due diligence: developing an integrated framework to manage financial crime risk more effectively across the complete customer lifecycle. This includes Know Your

Customer programs, affiliate due diligence program and work on areas such as tax

transparency and bearer shares;

Financial crime compliance: creating a consistent, flexible and scalable Compliance organization and the financial crime risk controls to make sure we meet all DPA and other regulatory obligations. This includes implementing a comprehensive anti-money laundering and sanctions compliance program globally; and

Financial intelligence: building our capabilities in the capture and use of customer and transactional level data to identify suspicious transactions, activity or connections. Streamline processes and procedures.

We have put in place a structure to manage the bank globally, moving from a federated business to a globally driven business model. Our aim is to continue to streamline, globalize and simplify our processes and procedures to generate sustainable savings. This will release capacity to further invest in growing the business. If we are successful in executing our strategy we will be regarded as the world's leading international bank.

Source: HSBC.

“We are also reinforcing the status of compliance and standards as an important element of how we assess and reward senior executives, and rolling out communication, training, and assurance programs to ensure that our staff understand and meet their responsibilities,” HSBC's interim report stated.

The announcement to hire massive numbers of compliance staffers could be an effort by these banks to convince regulators that they are taking compliance seriously after big problems. HSBC's compliance restructuring follows a record $1.9 billion settlement that the bank reached with the U.S. Department of Justice for anti-money laundering and sanctions violations. The settlement included a record $1.2 billion forfeiture as part of its deferred prosecution agreement reached with the Justice Department for violations of the Bank Secrecy Act, the International Emergency Economic Powers Act, and the Trading with the Enemy Act.

JPMorgan announced the restructuring at a time when the Securities and Exchange Commission was investigating the bank amid allegations that it hired the children of Chinese officials to help boost its business operations in China. That investigation came in the same month that the government was investigating the bank's $6 billion trading loss in the “London Whale” derivatives trading scandal. With JPMorgan it's “more about how they're running—or not running—their company,” says Symes.

The difference between HSBC's compliance efforts compared to that of JPMorgan is that JPMorgan is “more likely throwing resources at the [compliance] issue just to prove that they're doing something, whereas HSBC is specifically allocating resources at specific areas,” says Symes.

“Then you need people looking at all these accounts to make sure nothing inappropriate is going on. A lot of these big banks have technology systems, but you still need that human element,” Kelly adds. In addition, you'll probably see more compliance people devoted to developing policies and procedures, and in other areas such as training, testing, and monitoring, he says.

Both JPMorgan and HSBC declined comment.

“The regulators are breathing down their neck,” says Kelly. “Clearly they're under the gun,” he says, “to do something pretty significant to show the regulators, media, politicians, investors, and customers that they're making great strides to do everything they can to ensure that they are a top-tier shop.”

Boosting compliance staff as a show of good faith is one way to get into the public's good graces. “Doing something as big and bold as that, I think that sends a big message that they're going to put a lot of money, a lot of manpower behind it,” says Kelly. Whether they come through with it or not, I don't know. It could be a great PR move.”