Given a choice, the prospective chief compliance officers (CCOs) of the Indian banking system
would love to hear the Reserve Bank of India
(RBI) describe them the way Enobarbus had described Cleopatra: “Age cannot wither her, nor custom stale her infinite variety”. (William Shakespeare’s Antony and Cleopatra, Act II, Scene II).
The RBI seems to think the compliance officers become stale after the age of 55 and, hence, unsuitable for the position of CCO.
In The Happiness Curve: Why Life Gets Better After 50, author and journalist Jonathan Rauch writes: “Those most likely to notice the arrow of time are the people without a lot of other change or difficulty in their life. Things seem to be going well for them…They think, ‘Why do I feel less satisfied than I expected to? Why is this going on year after year? Why does it seem to be getting worse and not better? There must be something wrong with my life.’”
Do the compliance officers fall into this category? Is there something wrong with their lives? Why has the RBI fixed the age for the CCO? Rauch’s book says, “Well, there’s nothing wrong with your life, you’re just feeling the effects of time which others who may have more turbulent lives may not notice as much.”
The new norms on the role, responsibility and age limit of CCOs have created turbulence in the banking system. Before looking at the details, let’s read what author and neuroscientist Billi Gordon has written on the art of aging. “After 55 they no longer put ‘unexpected’ on your death certificate… Getting old is just not for the faint of heart… If you eat healthy and exercise, you can positively affect the quality of life as you age ... The real problem is our perspective and inability to accept it graciously.”
Is the RBI unable to accept with grace that beyond 55, one can have the ability to head the compliance functions in a bank? After all, a private bank CEO can work till 70. The CEO of State Bank of India, the nation’s largest lender, can remain in the saddle beyond 60 as long as he or she is appointed before attaining that age. Ditto for the RBI deputy governors.
In medieval times, life expectancy was approximately 30 years. Going by Gordon’s blog, life expectancy depends on culture and circumstance. Humans are living far beyond the age that evolutionary biology intended. Menopause and erectile dysfunction were not common issues in the 1200s because most people were dead by 35. Similarly, our ancestors didn’t have retirement issues because they didn’t live long enough to retire.
Gordon writes: “With age comes reflection… Then the really tough questions follow: Am I a good person? Have I been an honorable human being who has made the world better?”
The RBI has probably infused this feeling into those compliance officers who have crossed 55 but been eyeing the position of CCO.
Compliance in banks was introduced in August 1992, based on the recommendations of a committee on frauds and malpractices. Three years later, in March 1995, the guidelines on the role of the compliance officers were issued.
In 1997, on a review, the RBI advised the banks that the general manager in charge of audit and inspection should be designated as the compliance officer, reporting to the chairman. The primary responsibility was to prepare compliance certificates every quarter, incorporating all directions issued by the RBI and the finance ministry. This system was discontinued in 2000.
In April 2005, for the first time, the Basel Committee on Banking Supervision issued a paper on compliance function in banks, prescribing certain principles. Within months, the RBI called a meeting of bank compliance officers and set up a working group (with representatives from banks) to review the system. Comprehensive guidelines on compliance were formulated; the banks were to implement them in consultation with the audit committee of the board.
A decade later, in 2015, once again compliance hit the RBI radar when it introduced the so-called risk-based supervision. To avoid any conflict of interest and ensure independence of the compliance function, it was separated from audit. The RBI also made it clear that compliance is not an activity of the compliance department alone — it’s a culture of a bank.
Describing compliance as the second line of defence, an RBI discussion paper on governance in June this year said the CCO will report to the Risk Management Committee of the Board (RMCB) and be independent of the first line of defence (the risk management function) and the third line of defence (internal audit). The RMCB will select and, if needed, even dismiss the CCO for non-performance. However, RBI’s September circular, which fixes 55 as the cut-off age, states that the CCO will report to the MD and CEO and/or a bank’s board or the audit committee of the board.
Defining the CCO’s role, the June paper says the executive will have the overall responsibility for identification, management, mitigation of the bank’s compliance risk and supervise activities of other compliance staff. The CCO must have the ability to interpret and articulate compliance risk in an understandable manner and engage the board, RMCB and the bank management in constructive dialogue on key compliance issues.
The September circular lists micro details of the role. It says the CCO shall be appointed for a fixed tenure of not less than three years and can be recruited from the market. This is a senior position — equivalent to a general manager and not below two levels of the CEO.
There aren’t too many executives in the public sector banking industry who become general managers before 55. Those who meet the age criterion and become CCO will solely depend on the CEO for reappointment as they would become untouchable for other banks after 55. I wonder whether there is an age cap for CCO appointments anywhere in the world.
Incidentally, the RBI’s focus has all along been on the importance of compliance in banks, but it has never said what a CCO’s qualification should be. In the case of chief financial officer and chief information officer, it has told the banks what to look for in prospective candidates.
In April 2002, the Consultative Group of Directors of banks and financial institutions (popularly called Dr Ganguly Group), set up by the RBI to review the supervisory role of boards, had identified the company secretary as the nodal point for compliance. It had said that the banks should consider appointing a qualified company secretary as the secretary to the board and have a compliance officer (reporting to the secretary) to ensure compliance with regulatory and accounting requirements. Along with other qualifications, should the CCO also be a qualified company secretary?