Compliance function has attracted a lot of great financial industry experts because it is perceived as a function that plays an important role within any regulated entity, is always needed, and offers great learning opportunities. Many FinTech compliance “newcomers” have asked me whether or not they should do CAMS certification to be able to get ahead.

My position – it won’t help you get ahead and it definitely won’t help you to get things done in FinTech. Yes, you could definitely come across a few interesting people or a couple of helpful case studies, but fundamentally, the ideology and core principles of the old-fashioned compliance scholars are no longer working in real FinTech life.

So – what’s wrong with the institutional top-down compliance approach? 🤔

Traditional compliance assigns responsibility to the “tone at the top”, removes responsibility for risk management from compliance stating that “business must own their risks” and describes compliance as an advisor, providing feedback and reporting to the senior management. According to this outdated theory, compliance can only be blamed or found guilty if it did not detect some risks or irregularities and/or did not warn or escalate the issues accordingly.

What’s wrong with this theory in the new world? – Well, it’s not working. Every single time we read about the fact that some high-profile bank had been fined by their regulator for money-laundering breaches or excessive risk-taking, you will see and hear the same story: compliance and risk identified and escalated the issues or potential risks well in advance and repeatedly, the problem was discussed by the board and various committees and then the was a collective decision to go ahead and do (or allow) the activities that happened. Assigning responsibilities to the top and isolating compliance from business decisions does not produce better compliance or better business outcomes.

Traditional compliance scholars will tell you that the key to compliance success is to make sure compliance gets adequate resources and more senior management attention. What’s wrong with this? Ask any CEO and/or CFO of any financial institution or even a smaller FinTech (off the record, obviously) and they will tell you how they spend a disproportionate amount of time in compliance-related, audits, risk reviews, and similar meetings, where they learn nothing new, decide very little and don’t see things improving. Compliance costs grow exponentially, and more and more resources are allocated to hire more people and deploy more tools in compliance and risk, but it does not seem to reduce the number of backlog issues, audit findings, or unresolved problems. The more resources traditional companies and scale-up FinTechs invest into compliance, the more new issues they identify that need to be solved. Compliance functions already got substantially more resources, investments, tools upgrades, and headcount, but it does not reduce the number of issues, breaches, or audit findings.

People who consider CAMS certification are usually at their mid-career level and hope to become team leaders, directors, or heads of a function. To be promoted, get a salary increase, and be successful at this level, it’s essential to be able to deliver and get things done. In any function. Nobody cares how much you know about laws and regulations. The company ultimately cares about the added value and results from your team or function delivers.

Traditional compliance certification training won’t teach you modern project management skills or project prioritization skills or pragmatic risk-taking skills. They teach you “how to be on the safe side”, “protect your back” skills, and “better safe than sorry” strategies. When you don’t get things done and cannot prioritize available resources and won’t help your company achieve its strategic goals, objectively speaking, you add zero value to the company. If all you did last year was successfully identify and escalate 150 extremely high risks within your business, accurately track the (past-due) status of 500 unresolved audit issues, and submit 25,000 pages of reports and explanations to auditors and regulators, while your company declined several new partnerships, delayed new product launches and stayed out of SLAs with respect to customer onboarding times, that’s sad and unfortunate. 🤦

If the volume of unresolved compliance issues grows, the business gets frustrated with its compliance leadership, and compliance gets frustrated business leadership, the CCO or Head of Compliance will move on to take a new job, hoping that things will be different next time in a different company, the old team will be in limbo for a few months before their next leader arrives, and then the cycle repeats.

Does it look like a happy path and a great career to you? – It does not sound happy or successful to me.

What are your thoughts on this? 💭