Muhammad bin Ibrahim: Future proofing compliance - responsibility and response-ability

Keynote address by Mr Muhammad bin Ibrahim, Governor of the Central Bank of Malaysia (Bank Negara Malaysia), at the 9th International Conference on Financial Crime and Terrorism Financing (IFCTF) "Future proofing Compliance: Responsibility and Response-ability", Kuala Lumpur, 4 October 2017.

The views expressed in this speech are those of the speaker and not the view of the BIS.

Central bank speech  | 
09 October 2017
PDF version
 |  4 pages

"Compliance, Past and Future"

This is an important and serious gathering. I am encouraged to see many leaders and key compliance officers of the financial industry here at the International Conference on Financial Crimes and Terrorism Financing, signifying the industry's commitment to a safer and more secured financial system.

It is worth repeating that public trust and confidence in the financial system cannot be compromised. The cost of financial crimes and terrorism financing are staggering. Based on the United Nations Office on Drugs and Crime (UNODC), money laundering transactions are estimated to cost economies between 2% to 5% of global GDP. This equals to USD1 to 2 trillion annually. It is a humongous amount. Beyond monetary terms, these activities have destructive consequences for the lives of many, especially the poor and underprivileged.

We must do better on this if we really want to 'future-proof' our financial system. Three points are worth mentioning on compliance:

  • First, it is not the end, it is a means to an end;
  • Second, it should be viewed within a broader context of a financial institution's responsibilities to society; and
  • Third, it should be approached in partnership with other key participants in the financial system.

Compliance as a means to an end

The past decade has been a turning point for compliance. Arising from major systemic failures of governance, regulators have since elevated the importance of compliance. For good reason, this has led to tighter regulations, greater scrutiny and stronger enforcement. The industry has in turn, invested heavily in their compliance function. It is estimated that some firms could spend up to 10% of their revenues on compliance within the next few years. This is by no means an insignificant amount.

Yet, as we have seen over the recent years, this has not put a stop to money laundering and terrorism financing. A case in point is a major bank in the Asia Pacific region which is being investigated for more than 50,000 violations of money laundering and terrorism financing.

Perhaps we need to take a step back and question if the industry has the right understanding of compliance. If the motivation for the increased compliance is merely to abide strictly by the rules and follow the book, thus avoiding scrutiny from regulators, this is misplaced. If this is the case, then indeed the rules are just 'burdens', rather than instruments to assist banks' operations and safeguard confidence in the financial system.

Compliance therefore, is merely a means to an end. It is a process that enables us to achieve certain outcomes. Having the right controls in place merely gets us to the starting line. The real race is in creating and sustaining an environment where everyone in the organisation is involved in preventing the systematic abuse of the financial system.

This process is not a sprint, but a marathon of endurance and perseverance.

To drive the point, someone once asked, "How many compliance officers does it take to change a lightbulb?" The answer is three, one to change it, one to check it and one to check it again, and file a report. This illustrates how compliance can often be seen as an end to itself, forgetting that it should be focusing on the end game, the quality of light emitted.

From the regulator's perspective, rules have progressively evolved from detailed prescriptions in the past, to standards and best practices today. This is due to the rapid pace of innovation, increasing complexity of financial services and the realisation, that a 'one-size-fits-all', micromanaging and prescription-based approach is not an optimal approach in regulation. Thus, institutions have more latitude in implementing these standards at the micro level. This in turn means that the board and the senior management are now placed with greater accountability and responsibility in this area.

This approach also benefits the industry as they are not hamstrung to introduce new and innovative products and services. The intent is also to improve the time-to-market. However, it comes with a responsibility. Financial institutions are expected to apply the standards judiciously and proportionately. This should take into account risks within their business activities and strategies, and the role and relationships within the broader financial system. Another issue organisations face in the conduct of their businesses arises from principal-agent relationships. Establishing clear behavioural norms with the right combination of controls and incentives, to shape the desired behavior is key. For all the above, the compliance function can play a meaningful role in this process.

Compliance in the context of broader responsibilities to society

As the theme for this conference suggests, compliance is a responsibility. What I have said so far has focused on perspectives from the point of view of individuals within the industry. However, compliance must also be viewed in relation to the broader financial system and society itself. A key lesson from the global financial crisis in 2008 was that individual behavior, even though well intended and rational from an individual's point of view, can cause massive damage at the aggregate level.

In many ways, the complexity of rules that apply to the financial system is a reflection of its important role in the economy and society. An efficient, productive and resilient financial system supports and contributes to economic growth and the overall well-being of the people. In contrast, financial busts can have a destructive impact on the broader economy, impacting the livelihood of ordinary people. This is the painful lesson from the history of financial crises.

Despite the huge amount of resources being invested in compliance, we still uncover many banking, market manipulation and rigging scandals. These cases illustrate again that rules, although necessary, are not sufficient to maintain the integrity of the financial system. These cases have damaged the confidence and trust of society in the system.

One solution for this is a stronger focus on ethics and professional standards to take into account how actions impact the wider society. In other words, financial institutions must recognise and embrace their role as responsible corporate citizens. This means:

  • Establishing a framework that promotes ethical behaviour and decisions;
  • Going beyond what the letter of the law permits, to understanding and complying with its 'spirit'; and
  • Seeking opportunities to add value and contribute to the well-being of society.

Viewed from this perspective, the values of a responsible citizen are antithetical to money laundering, terrorism financing and illegal behavior. Anyone who is a responsible citizen will not engage in these activities and will actively seek to eradicate them. With no shortage of recent examples of financial institutions that have flirted with questionable conduct, it should also be very clear by now that involvement in illegal activities is fundamentally incompatible with the trust the public expects.

Compliance in partnership with others

In today's world, no one has a monopoly on knowledge, power and competence. It is not solely the job of the regulator to ensure the integrity of the financial system. The industry needs to be an active and responsible partner. All parties have a stake to ensure that the system is not only functional, but thriving.

Bank Negara Malaysia will continue to remain firm in ensuring the orderly conduct of the financial system. We expect financial institutions to adhere to strong compliance and corporate governance standards. We have not hesitated to impose hefty fines when circumstances warranted such actions. Between 2015 to June 2017 a total of RM115.8 million of fines and penalties were imposed for breaching our regulations and affecting the integrity of the financial system.

Moving forward, effective January 2018, the Bank will publish enforcement actions taken against financial institutions and intermediaries for non-compliance with rules and regulations. This aims to further increase the impact of enforcement actions as a credible deterrent. 

We are also working in partnership with the industry and other agencies to ensure that the integrity of our financial system remains intact. For example, over the last three months, a total of 415 names of individuals who were involved in facilitating financial scams was shared among the industry players. This is a joint initiative by the Association of Banks in Malaysia and supported by the Royal Malaysian Police and Bank Negara Malaysia. To coordinate and expedite actions against the operators of financial scams, a taskforce led by the Attorney-General's Chambers has also been established under the National Coordination Committee to Counter Money Laundering.

Our regulatory approach will continue to strike a right balance between innovation and the stability of the system. We are ready to adapt regulations to support emerging technologies and changing business and operational models when they bring clear benefits to our financial system and economy, and when the risks are well-understood and managed. New requirements for e-KYC solutions that were recently released for industry feedback are an example of this. We will also be releasing guidelines for digital currencies by the end of this year to address risks associated with money laundering and terrorism financing.

Last but not least, let me state that Bank Negara Malaysia values our cross-border partnerships with financial intelligence and law enforcement agencies. We will continue to cooperate constructively with our counterparts, including through our membership in the Financial Action Task Force (FATF), to safeguard the integrity of the global financial system. This partnership at the international level is increasingly critical as money laundering and terrorism financing transcend borders. More importantly, our efforts are to secure the future of our economy and the trust of our people by effectively preventing abuses of the financial system for criminal purposes. 


In my remarks, I have outlined that to "future-proof'' compliance, we must change the way we think about the subject. I also emphasised that a narrow focus on rule setting and micro managing would likely fail.

Instead, compliance needs deep understanding. It needs to consider incentives, ethics and professional conduct. It needs to leverage on mutually reinforcing partnerships. It needs to fulfil its responsibility to contribute to the well-being of society. After all, compliance is an enabler, it is not the end outcome that we seek.

This is how we should future-proof our financial system and compliance. On that note, I wish all of you a productive conference.