In order to promote ethical behavior in their day to day operations in the organization, the banks should appoint ‘Ethics/conduct officers’ who shall serve as a central point to identify and collect information of unethical behavior/conduct on part of employees at any hierarchal level of the organization.
These officers will garner information mainly through customer complaints, incidents of frauds, seeking depositors and customers’ feedback directly through phone or in person, surprise visits of branches etc.
The banks may develop/revise their existing policies to further define the role and responsibilities of ‘ethics/conduct officers’ and the process through which they will perform their duties.
A coordinated action plan may then be devised to address the systemic gaps to encourage employees at all levels to act with integrity, in an ethical manner and in the best interest of depositors and other stakeholders.
The SBP mentioned that the ethical practices like transparency, integrity, honesty, and compliance go hand in hand when it comes to financial industry and this area has emerged to be an essential element of overall compliance culture in any bank or financial institutions.
While all instances of non-ethical behavior may not essentially be instances of non-compliance of banking laws, however, Banks must ensure that its employees at all hierarchal level remain committed to demonstrating superior ethical practices in their dealings with depositors, customers, regulators and all other stakeholders, it added.
These instructions were the part of Guidelines on Compliance Risk Management aim to promote enabling ‘compliance culture’ in banks and strengthen the effectiveness of compliance function by adopting structured and risk focused approach.
Guidelines on Compliance Risk Management
SBP has advised banks/ microfinance banks and institutions to develop their risk compliance functions, policies, and procedures by the end of 2017.
In this regard, the central bank, in line with best international practices, has developed guidelines on ‘compliance risk management’ to provide banking industry a uniform and systematic approach for identification, assessment, and management of compliance risk.
At present, the structure, scope, depth and breadth of compliance function (CF) varies among FIs and there exists a wide gap between the understanding of ‘compliance risk’ and its management in the industry and the related ‘regulatory expectations’.
Hence the increasingly complex nature of banking operations owing to wide spread use of technology, product innovations and competitiveness in the industry, FIs have confronted significant risk management and corporate governance challenges, particularly with respect to ‘compliance risks’ that transcend business lines, legal entities, and jurisdictions of operation.
The guideline stated the financial institutions are free to choose any risk management method/standard/process that suits the objectives of this guideline and is in line with FIs’ overall risk management strategy, structure and complexity. However, the FIs are strongly encouraged to implement an entity wide ‘Three Lines of Defense (TOD) model’ of risk management to identify and manage their compliance risks.
The banking industry in Pakistan in last over a decade has experienced significant changes in market dynamics in which it operates, on both regulatory as well as consumer front. These changes include major structural changes fostered by SBP leading to a more competitive, service oriented, financially sound and technologically advanced banking industry and its constituent Financial Institutions (FIs). Such structural changes have entirely reshaped the scope, complexity, outreach, and nature of FI’s business activities.
The Board of Directors of the FI has the ultimate responsibility of guiding and overseeing the design and implementation of the enterprise wide compliance risk management program in the FI. In order to fulfill its responsibilities, the board can make a sub-committee.
Keeping in view the process involved, banks or financial institutions should meet the requirement by June 30, 2018.