Viktoria AastrupHead of Compliance Retail Banking Nordea

Compliance – from a burning platform to a burning desire

Key enablers for being compliant

Governance and Oversight

People and Mind-­set

Policy and Process

Technology and Data

It takes time to implement new regulatory requirements

Business as usual

Policy Upgrade

Target StateGap Analysis

Launch rebuild

Fix ‘Go-­Forward’

Regulatory Compliance

Target State

Attestation

Review/ Audit

Design

Implement

Time

Maturity

Assess

Assure

Optimize

Milestone

(3-­5 years)Regulatory Action

Initially driven by focus on compliance to US Sanctions

Material fines levied for historical violations

Actions also highlighted weak compliance across the broader agenda

Financial Crime remains a high priority for regulators

Regulators are driving a continued focus on Compliance

Risk culture is defined by regulators as a subset of a firms broader culture, with the Financial Stability Board (FSB) stating that global regulators are focusing on institutions “norms, attitudes and behaviors related to risk awareness, risk taking and risk management…”

Fines from regulatory violations

Judgement based supervision approach

1. The Compliance Function -­ the importance of a strong brand and a common identity

Compliance in its current form is still a young profession

• Is responsible for its own risk management and for operating their business within limits for risk exposure and in accordance with decided framework for internal control and risk management.

• This covers identifying, assessing, monitoring, controlling and reporting of issues related to all material financial and non-­financial risks

• Nordea´s independent control functions are responsible for providing the framework for internal risk control, by designing relevant processes as well as issuing relevant policies and instructions.

• In doing so they shall ensure: effective and efficient operations;; adequate control of risks;; prudent conduct of business;; reliability of financial and non-­financial information reported or disclosed (both internally and externally);; and compliance with laws, regulations, supervisory requirements and the institution's internal policies and procedures.

• The Group Internal Audit (“GIA”) function shall provide an independent evaluation of the effectiveness of risk management, control and governance processes in the first and second lines of defence.

• It performs audits and provides assurance to stakeholders on internal controls and risk management processes.

Business Areas

Financial Crime Change Programme

Group Legal

Group Compliance

Group Risk ManagementGroup Internal Audit

Responsible functions at the Nordea Group Organisation

Business Risk Implementation & Support (BRIS)

Board of Directors

Executive Management

Regulatory Change Management (RCM)

Board Audit Committee Board Remuneration Committee Board Risk Committee

First Line of Defence (1st LoD) Second Line of Defence (2nd LoD) Third Line of Defence (3rd LoD)

What differentiates a Compliance Officer from other colleagues working in the regulatory and control fields?

What’s the taste of Compliance?

-­ it is to a large extent up to the people working with compliance!

Differentiation

Identification

Uniformity

Branding is to be translated to function/personal PR

How does your branding strategy look like ?Proactive support and constructive challenge

The aim with using branding strategies to:

… Create a strong trademark/Brand for Compliance

… Create a common ground for values (norms, attitudes and behaviors)

… Strengthen the identity of Compliance Officers

… Strengthen the status of Compliance Officers

… Attract and retain the best talents

1. How do you work with promoting a clear identity for Compliance Officers?

2. Which distinct attributes characterise Compliance/ a Compliance Officer

3. How does the Compliance organisation differentiate from other parts in your organisation?

4. How do you work with making Compliance/the Compliance Officer role attractive?

5. What status does the Compliance function have in your organisation?

2. Training and awareness – it all starts with the WHY? Why compliance?

”People don’t buy what you do, they buy why you do it”, claims Simon Sinek, leadership-­ and marketing inspirer, in his TED-­talk, and in his book Start With Why.

And Guy Kawasaki, previous chief evangelist at Apple, states: “If you make meaning, you will probably make money. But if you set out to make money, you will probably not make meaning – and you won’t make money.”

Everything starts with the WHY

Banks and Financial institutions are working in the trust business

Trust-­worthiness

Ethical Culture

Social Purpose

Lack of Social Purpose

Criminogenic Culture

EthicalFailure

The whatManuals, processes,

infrastructure etc.

The how Training, follow

up, etc.

The whyCulture and leadership

Compliance infrastructure

Changing behaviours

requires personal buy in

Compliance by design – three pillars to attend to

A fundamental shift in values…

… driving a public demand for common responsibility

A new world for banks and financial institutions

3. Communication is an important tool in order to change culture (behaviors) – and especially HOW we communicate

Objectives

All employees should understand:• why compliance is important for us as a bank

• how compliance impacts daily work and what each individual can start working on already today, independently of position

The compliance story in Retail Banking

Being compliant gives us our license to operate, however it is also…

…about a culture and a mind-­set in everything we do (not only about policies, instructions & IT)

…a long-­term commitment (not a one time exercise)

…about being proactive and leading the way (not only about monitoring)

…about ensuring strong relationships with our customers (not only about internal processes)

… about contributing to a better society (not only about rules and regulations)

Why, What and How ComplianceCompliance Communication Campaign 2015/16

… and ends by explaining compliance on a more detailed and internal level

The program starts by explaining compliance from a high-­level and external perspective…

Main theme “Why” compliance• Increase level of compliance awareness and understanding

• Bring insight to the social responsibility that follows by being a bank employee

Main theme “What” compliance• Explain the Nordea compliance landscape, in terms of organisational setup and responsibilities

• Clarify how each individual fits in the total Compliance landscape

Main theme “How” compliance• Explain how to be a compliance ambassador

• Explain how to include compliance into daily work

Wave IWave II

Wave III

Wave 1 Wave 2 Wave 3

• ~ 20 minute presentation• ~ 40 minute discussion

Format &

Material

• ~ 20 minute presentation• ~ 10 minutes quiz• ~ 30 minute discussion

• ~ 20 minute presentation• ~ 40 minute discussion

Objective

Brochure “Our World of Compliance” film

Compliance competition Waves 1-­3

“Building a lasting Compliance culture”

film“Why Compliance”

film Quiz

Wave I: Engage Wave II: Understand Wave III: Apply

Starts from a high-­level perspective

…solution is a Toolbox with examples, Q&A’s, videos to help facilitate the customer dialogue

Going forward raising awareness with PBA’s on the customer dialogue on compliance…

Follow Up from CCCP• Continue to increase level of compliance awareness and understanding

• By a teaser and a competition on the RB Intranet create awareness of the coming campaign

Introduction• Introduce the ”?” as an easy understandable symbol for the communication going forward embarrassing the BIG Q going from : ” Why compliance?”

to”How compliance?”

• Support our PBA’s in the customer dialog by meeting their need for support in specific topics .

TeaserIntro by a Voxpop

Toolbox

~ Sept/Oct ~ Oct/Nov ~ Oct/Nov

Banner on the RB Intranet

Format & Material

• Voxpop (short video with people from the streets), closing with Lennart/Viktoria reveal

• Topic videos• Animation• Q&A’s• Mailbox for PBA’s to post suggestions and topics for the Toolbox to be addressed

Objective

Our Security MarkCompliance Communication Campaign 2015/16

Simplify – and make it joyful

Use of branding strategies for Compliance

… Transfer knowledge

… Promote discussion and influence decisions

… Create interest

… Create a demand

… Change attitudes and behaviours

1. How do you work with increasing the awareness/knowledge of compliance in your organisation?

2. What do you do to spark an interest for compliance-­related matters?

3. How do you work with changing the attitudes and behaviours of your co-­workers?

4. How do you communicate compliance-­related matters in your organisation [do you have a communication plan in place]?

5. How do you work with your Compliance-­functions’ [external] trademark?

ü A strong compliance function brand will to a larger extent support and accelerate the compliance journey -­ changing attitudes and behaviors

ü When employees have a desire to take own responsibility and actions, to make a difference in society, you are able to establish a strong risk and compliance culture

Questions?

Thank you!