Compliance rules

FST speaks with Markus Schulz, Chief Compliance Officer at Zurich, about the challenges of a tighter, post-crisis regulatory regime.

“Compliance must be embedded in the business, so much so that employees never even think about it, it simply happens.”
-Markus Schulz

Some financial organisations are reporting a huge increase in compliance workload as a result of growing regulatory requirements. Is that something you're seeing and if so, how are you coping with it?

Markus Schulz. There are a lot of regulations coming through, however, there is one aspect that I think is critical here. Insurance is not the same as banking. Therefore, there are a lot of things that we work on with the regulators to ensure they appreciate and understand where we are the same, where we are different and where we need to take different steps to the banks.

It's not a case of one-size-fits-all and that's one of the things that we're working on quite intensively right now. More specifically, that relates to Solvency II, which is one of the aspects where we actually need to make sure that we are seen as a business individual from the banks. Of course we do need to have the right solvency levels, but insurance companies always had higher solvency levels than banks. That's why we want to make sure that we don't end up with outrageously high solvency requirements that are just unrealistic to meet.

Notwithstanding these issues, we are all for having some more market adjustment and a level playing field because some of the insurance companies currently hold higher margins while others just take advantage of lower reserve requirements.

I wouldn't quite say we're relaxed about the new wave of regulations, but there's nothing coming our way that we would not have started working on already in advance of it becoming an agenda item on an EU or US level.

What we are looking into is treating customers fairly. Customer-centricity is a real hot topic for us and has been for a long time. We have the retail distribution review and we're looking into marketing material disclosure, ease of language, ease of marketing material already and have been for years.

Is tackling these challenges more a case of optimising processes rather than simply hiring more compliance officers?

MS. We have increased here and there, but we have also reshuffled people, so we're not significantly beefing up the teams. Where you feel it most is perhaps on the solvency team where they do need some additional manpower to make sure they can implement in a timely fashion. Other than that, there's no need right now for additional resources because again we have maybe started a little earlier with some of this.

One of the big buss phrases we often hear from regulators is that they want to see compliance 'in the DNA of the organisation'. What does this mean to you?

MS. We use that expression here all the time. I introduced it around three years ago when I started in this position because we also used it at my previous employer. Compliance cannot be an activity that's pushed on to the business from the outside. Compliance must be embedded in the business, so much so that employees never even think about it, it simply happens.

You want to have people doing the right thing automatically and not because someone stands behind them telling them what to do and how to do it. Of course that takes time.

Have the events of the last few years had an impact on these kinds of efforts?

MS. Absolutely, you do see a difference with the economic downturn. You feel people getting a little more nervous about all of that and of course they have more pressure to deliver more with less.

I think right now we're feeling it more than ever and then of course there is the risk that people may take a shortcut or are maybe not be as compliant as they were before, but that requires a little bit more monitoring than you had to do a year ago or two years ago.

The other side of compliance is demonstrating to the regulators that you're working towards these goals. What do you have to do to satisfy these requirements?

MS. I guess it comes down to having a solid compliance approach, a solid compliance programme and of course having the right monitoring, oversight and quality assurance on your programme.

Quite often I've seen companies that establish a new compliance programme by sending out a policy and then basically that's it. But that's not it. You cannot just send out the policy saying, "We have a new compliance programme on this topic." There's much more required to it, even down to testing. So you have to have the first line really embedded into the DNA. Compliance needs to help translate what it actually means in day-to-day life and assist in adjusting the processes adjusting the processes.

Then you need to test it regularly and monitor, maintaining oversight from a compliance perspective. Then you have to audit regularly to test that the first line and the second line is really doing what they're saying they're doing. If you can demonstrate that, and you have that approach and process in place with the regulators, then they are normally quite satisfied with it.

From the outside that sounds like quite a lot of work that has to be done on the inside. Is it something that takes a lot of time and effort to get all those things running in the way that's going to satisfy regulators?

MS. It is a lot of time and effort, particularly if you do it as an ad hoc one off task. However, if you embed it as a regular task and a regular activity right from the outset it is much more simple to keep an eye on.

I'll give you an example: if you implement a new compliance process with the business and establish right away the right key risk indicators, with maybe a dashboard or a report that you create on a monthly basis - hopefully automated where you can - thereafter you only monitor this report and only go back to the business if you see certain indicators pointing in a direction. That's what we call a desk space monitor. You don't have to go anywhere, rather you can just look at the report on your desk.

Does this kind of work ever hamper agility in business? Does it get in the way of core activities?

MS. We have those complaints from the business all the time. If you're not doing it right, you will be seen by management as an impediment to the business and that you're slowing things down. Of course there is that risk, but on the other hand we have seen how expensive it can become if you don't get compliance right the first time. I'd rather have it right first time in rather than just trying to clean up the mess when things go wrong.

People understand that and see the value of it now, but you have to fight over and over again, particularly when you hire new people, maybe because they're not familiar with your way of doing things.

Do you think that businesses are really seeing the need for increasingly stringent compliance and risk controls, compared to the more relaxed rules that were around previously?

MS. I would say that they believe some of it is over reaction. So there you have to have a proper reason to make them understand that they have to do it. That can be a real challenge. 

But ultimately they are as sceptical as they have ever been. You still need to invest the same amount of time and effort to convince people that this is the right thing to do. However, once but once they're convinced they just get on and do it.

Is there any way that you can spin these activities into something that genuinely benefit the business or are they always going to be a necessary evil related to regulation?

MS. Of course we like to say that we bring an added value. We have seen in some cases that compliance has helped to prevent business losses or has helped the business to differentiate itself in the market.

You need to find those cases within the organisation and you need to use them as examples. However, at the same time you need to be aware of all the cases where there are complaints about how compliance has actually caused them to lose business.

You need to be aware of both sides because the argument will come back your way. As much as you want to use it positively, you always have people who are cynical by nature who will look as long as it's required to find gaps in a programme and try to show you how you have actually helped them not to get business.

There is a lot of talk of  the need for greater transparency in the way financial institutions manage processes relating to risk and compliance. Is this an issue that you are looking at?

MS. My background is in banking and there they've been dealing with various regulatory requests related to transparency, such as cross-border payments for a while  Now of course there are other times where transparency's being used  -in remuneration or in commissions, for example.

But if you look at my current role in this company then this is not so much a big topic for us because we look at tax transparency. Regulators want to have transparency to be able to identify tax evasion. That's not a big issue for us because we don't take on the kind of the clients that want to evade tax to start with.

That's why we have actually implemented a lot of things already that may make us a little less popular than some of our competitors. We definitely lost some business because of that where competitors have a different approach to transparency, but our view is that if the customer has a problem with that level of transparency we don't want to have the customer in the first place, they can just go somewhere else. We don't want to have the customers where you might find later on that they were involved in tax evasion. It might bring profit in the short-term, but the long-term risks aren't worth it. 

Insurance is a long tail business. It's not something that you do five years and you're out. Therefore you really need to think about your reputation in the long-term.

More generally you've said that you've been ahead on the curve with regulation and compliance at Zurich and that you'd been working before the rules came down. So what are your priorities going forward over the next 18 to 24 months?

MS. Solvency II must be number one priority for everybody. Of course another big topic is bribery corruption and data privacy. These are things we're working on and they're not new. We've working on them for a little while, but I certainly think they will be a dominant point on the agenda for the next few weeks, months or maybe even years.

Moving together?

Schulz responds to the news that the G20 plans to allow different territories to implement regulation at different times, according to individual economic needs.

With the recent G20 meeting talking about the new financial regulations and basically agreements were met, but they came to the idea that different territories will be able to implement them at different times depending on their ability to do so. Do you think that's going have any major impact on the financial business in general if different territories are employing different regulations at different times?

MS.I think it will have significant impact.  I think it has to be a level playing field.  Let's say that you move forward with something and they do it a very draconian way, but on the other hand the US doesn't agree. I think one of the big debate points is right now is the so-called transaction tax?

The US says no way and particularly continental Europe says that is a great idea. Let's say continental Europe moves forward, while Switzerland, UK and the U.S. don't. What's going to happen?

The vast majority of the institutional trades would move away.  They would move to Switzerland, to Zurich, to New York or away from Frankfurt, Paris, Amsterdam and other places.  Capital has so much free movement and the financial services industry is the only really, truly global industry because you're it's not tied to one location like other industries. 

That's why I think if you don't have regulations that are equal and create a level playing field, then everybody loses. If people want continue to trade they will trade and they will not stick in Germany and pay the taxes on that transaction if they can get the same transaction for free in Switzerland or London.

I don't think we will ever resolve this particular topic because some believe it's not a good idea and that it will hamper the recovery. Therefore you will not get everyone around the table agreeing to it because they are just fundamentally different views out there.

There are similar issues with the remuneration of executives. If Germany goes forward and says the maximum earning of a CEO can be €500,000 and Switzerland decides they can earn whatever the market allows, where do you think the companies and the talent is going to go? 

If one country tries to really press forward with the new regulations by themselves I think this is purely a political power game because ultimately I cannot believe that any major country would be so stupid to do something in isolation.  It would harm them so badly.  Unless it's the US and they believe they have such a large power and market that they don't need to care much. I can't believe that others will do it.