As reported by the Wall Street Journal, Thomas Haider the former Chief Compliance Officer of MoneyGram Inc, has been personally fined $1 million due to compliance failures of his former employer. This is a rare, but increasingly common, case of a compliance officer being held responsible for the company’s failure to follow prescribed anti-money laundering laws.
In what appears to be a “shoot the messenger” approach, the compliance officer is being personally punished, rather than the board level executives who ultimately hold responsibility for the company’s failure.
This is a lesson to all compliance officers to be very wary of potential compliance failures within an organization. The end result of such actions will be to pressure compliance officers into an “insider threat” mode whereby they will need to amass data on potential failures and at the merest whiff of potential trouble must either have immediate and serious attention from senior management, and failing that become a whistle-blower to outside regulators and enforcement.
The end logic of such an approach would be to change the role of the compliance officer from one of internal employee of the organization to one that involves an employee of the responsible regulatory regime being embedded within the organization.
This may not be such a bad end-game given that the last few months have seen increasingly more reporting regarding the problem within the banking industry as extending “beyond just a few bad apples“. If indeed the entire industry standard of behavior is broken by a culture of corruption and greed, then perhaps it is time to surgically insert the anti-bodies directly into the sick institutions.
In any case, every compliance officer should ensure that they have the authority and resources to perform their duties. This means both good quality and adequate staff as well as all of the access and tools that they require to complete their mission. If this is not the case, it would be advised make a very visible audit trail of the lacking resources or inappropriate organizational support so that any attempt to hold the compliance officer responsible for any failures could be clearly documented as a problem of senior management, where the ultimate responsibility for compliance failures should be placed.