- English
- Deutsch
- Español
- Français
- Italiano
- Pусский
For many years, compliance failures in banks were treated as technical or operational issues — problems to be fixed by hiring better specialists, enhancing controls, or upgrading systems.
That thinking is now outdated.
Today, when a bank faces serious regulatory breaches, the FCA is rarely just asking what went wrong in Compliance. Increasingly, it is asking: What did the Board know, when did it know it, and what did it do about it?
This shift reflects a fundamental change in regulatory philosophy. Compliance is no longer seen as a standalone function operating in isolation. It is viewed as an extension of governance, culture, and leadership effectiveness.
From Operational Weakness to Governance Failure
Repeated compliance breaches rarely occur because a single policy was flawed or a single individual failed. They are more often symptoms of deeper issues, including:
- Poor information flow from Compliance to the Board
- Inadequate challenge by Non-Executive Directors
- Misaligned risk appetite
- Tolerance of unresolved issues over extended periods
- Commercial priorities consistently overriding control concerns
When these conditions exist, the problem is no longer operational — it is structural.
And structural problems sit squarely at board level.
Why the Board Is Now in the Regulatory Spotlight
The FCA’s increasing focus on Senior Managers and Boards is not coincidental. Under the SMCR regime, accountability has been deliberately shifted upwards.
Boards are expected to:
- Set the tone for compliance and conduct
- Ensure effective escalation and decision-making
- Act decisively on emerging risks
- Provide sufficient independence, authority and resources to control functions
Where this fails, regulators are far less willing to accept the narrative that “Compliance didn’t escalate” or “the controls were insufficient.” The more uncomfortable question becomes: Why were those weaknesses allowed to persist?
The Implications for Hiring and Leadership
This evolution has profound implications for how banks think about compliance leadership.
Hiring a strong Head of Compliance or MLRO is necessary — but it is not sufficient.
Without:
- Genuine board engagement
- Clear ownership of remediation
- Visible support for difficult decisions
- A culture that welcomes challenge
even the strongest compliance leader will struggle to be effective.
Worse still, when governance is weak, senior compliance appointments risk becoming symbolic rather than substantive — made to reassure regulators rather than to drive real change.
What Strong Boards Are Doing Differently
In institutions that manage regulatory relationships well, a different pattern emerges.
Strong boards:
- Treat compliance updates as strategic, not procedural
- Ask forward-looking questions, not just retrospective ones
- Demand root-cause analysis, not just issue closure
- Hold executive management accountable for sustained remediation
- Ensure compliance leaders have direct, unfiltered access to the board
These are not technical improvements — they are leadership behaviours.
Why This Matters More Than Ever
As regulatory scrutiny continues to intensify, the cost of weak governance is rising sharply:
- Greater personal accountability under SMCR
- More intrusive supervisory interventions
- Increased use of Section 166 reviews
- Higher reputational and financial damage
In this environment, compliance failures are no longer simply failures of controls. They are failures of oversight, ownership and leadership.
Final Thought
Banks that still view compliance as a “function to manage” rather than a “responsibility to own” will continue to struggle — with regulators, with remediation, and increasingly, with attracting credible compliance leaders.
Because today, when compliance fails, it is rarely just Compliance that has failed. It is the Board.
