Another factor that may contribute to the reduction of the law is the three lines of defence that have become the accepted framework for risk management in a financial institution. [21] In this context, the company bears the risk on the front line and is the first line of defence. In the second line of defense are risk experts who are able to identify risks to the front line and help them manage and control their risks. The third line is auditing, which determines how the framework works. [22] And although risk experts have argued for years that the favourable environment for PII insurance cannot continue like this, the market has continued to resist such forecasts. “PII insurance for London-based law firms is the most comprehensive in the world,” says Butterworth. “The levels of coverage that can be purchased in London are higher than in the United States. Especially taking this into account, insurance is very inexpensive. Its impact on annual expenses has decreased and the larger the business, the better the value of the insurance premium compared to annual expenses. * Average number of people working in each area of risk management, full-time or part-time Moving to reporting relationships, we need to develop a more realistic understanding that organizational dynamics will change, if (and if) compliance shifts from legal status to risk. In a way, it`s like saying the rain is wet. If the line of command of the Chief Compliance Officer changes from Chief Legal Officer to Chief Risk Officer, who would ignore the change in organizational dynamics? But this point is barely mentioned in the literature. Since the distinction between legal, compliance and operational risks is often unclear, there will inevitably be conflicts over roles and responsibilities.
Sensitivity to organizational dynamics is important because it allows those on the playing field to discuss the issue and do what is necessary, which is to resolve it. Alternatively, if they cannot resolve it, they can escalate the dispute to a higher authority, which must also be sensitive to organizational dynamics. This dynamic should also be taken into account when high-level officials resolve the inevitable conflicts that accompany an escalation. [43] Some may look at the number of people who have worked in the risk function at different times in the last 10 years and compare it to the number of people working in the legal department. [14] Id. In more recent IRM guidelines, the Federal Reserve uses the terms compliance risk and legal risk, but does not define these terms. Irm Guidance, No. 4 above. The rise of risk management and the chief risk officer is one of the truly remarkable changes in financial institutions since the end of the global financial crisis.
According to the author, the change has contributed significantly to the safety and soundness of banks and banks. There is anecdotal evidence that this change had an unintended consequence, and the unintended consequence is a relative reduction in the role of the legal function. This unintended consequence is dangerous, especially when the reduction becomes substantial. The legal function plays an extremely important role in the operation of financial institutions. The role needs to be better understood and appreciated. The increase in the risk function should not mean that there will be a decline in the legal function. If you were to look at the financial institution 20 years ago, you might not find any risk management functions. And if you were to find a risk management function, it would probably be much smaller and with rudimentary capabilities. Most of these features had little power and even less in terms of sophistication.
If someone from that time were magically transported from yesterday to today, he or she would not recognize today`s risk management function. The risk management function of today`s financial institutions, unlike 20 years ago, is both new and up-to-date. A good balance of losses could become increasingly rare over the next decade for some companies that previously appeared as Titan. The two specters of increased surveillance by the SRA and an unstable world of technology-infused cyber threats mean that the journey of legal risk experts has only just begun. The GDPR and data protection are basically legal. I used to give data protection workshops during my paid days at Pitmans. However, you need a holistic approach and you need to work with experts, especially in the cyber field. I work closely with the IT manager in the field of cybersecurity. If that factor alone were, it would probably not lead to a reduction in the role of the legal function.
But it`s not the only one, and the lack of legal issues is significantly exacerbated by a trend in how compliance reporting in today`s financial institutions. Of course, the operational assumption underlying paragraph 1828(x) is that sharing with a regulator would be seen as promoting the interests of the financial institution. If, on the other hand, the financial institution wants to prevent the supervisory authority from consulting legal advice, asserting privilege offers an opportunity to achieve this objective. [33] When the lien is claimed, it is claimed on behalf of the bank by a bank advisor. Audit staff will often view the granting of privileges as a hostile act on the part of the bank advisor. Over time, when audit staff are regularly confronted with requests for privilege from the legal function, auditors may view the legal function as obstructive and persistent, contrasting this perception with what they learn about compliance and risk. A widely advanced explanation for moving compliance to risk is independence. The Basel Committee on Banking Supervision stated as a fundamental principle that “the compliance function of the bank should be independent”.
[27] Many proponents of independence believe that this means that the chief compliance officer must be independent of management, although the BCBS has never really said so. In fact, the BCBS stated that “the concept of independence does not mean that the compliance function cannot work closely with the management and employees of the various business units.” [28] Jo Riddick, GC and COLP for Macfarlanes, (see “Outlook” at the bottom of this page) observes: “The kind of people who lead at-risk services have become much more adept at communicating.