Banking Scandals Prod Companies to Rethink Risk Policies

Two recent banking scandals have corporations taking a closer look at the cultural aspects of regulatory compliance and risk mitigation.

Two high profile banking scandals have many companies rethinking their policies and cultural attitudes about regulatory compliance and risk mitigation.

The most recent scandal has hit particularly close to home at Wachovia, one of the largest banks in the United States. Wachovia bank executives are accused of collaborating with fraudulent telemarketing companies that siphoned cash from unsuspecting customers' accounts.

Wachovia officials there were initially accused of allowing criminal telemarketers to use Wachovia's bank accounts to steal millions of dollars from customer accounts-many of them elderly. But documents revealed in early February in a lawsuit against Wachovia provided evidence that bank officials were not only aware of the illegal scams, but knowingly contracted with the fraudulent telemarketing companies.

The Wachovia case surfaced close on the heels of the rogue trader debacle at Soci??«t??« G??«n??«rale, one of France's largest financial institutions, which caused the bank to lose $7.2 billion in investor funds.

In the case of Soci??«t??« G??«n??«rale, a low level trader, J??«r??me Kerviel, pulled simple tricks like forging emails to hide illegal trades that for a time earned the bank tremendous profits, but which eventually landed Soci??«t??« G??«n??«rale deep in the red.

To read more about the trading debacle at Soci??«t??« G??«n??«rale, click here.

It's still unclear if others in the bank knew about Kerviel's scam, though he has claimed in statements to investigators that it's impossible his managers didn't know what was happening given the level of risk-and the amount of cash-involved in his trades.

While miles apart in their strategies and undertakings, the scandals at Soci??«t??« G??«n??«rale and Wachovia do bear some similarities.

Both were perpetrated inside the four walls of the financial institution; both required knowledge of the respective bank's policies and mechanisms to override those policies and procedures; and either the risk mitigation and compliance processes in place were fundamentally broken, or those processes didn't exist in the first place.

Financial institutions are, according to industry watchers, among the most sophisticated users of GRC [governance, risk and compliance] software in the world. They are widely considered to be far more mature in their risk mitigation and compliance controls than companies in other industries.

Yet, according to a study released Jan. 18 by Deloitte, the majority of direct compliance spending in the nation's top banks-60 percent-went to compensate staff, while only 18 percent went to capital expenses, mainly IT systems, hardware and software.