Compliance is the entire organisation's responsibility

PwC Malaysia and IBBM survey calls for a review of the compliance function among banks in Malaysia

KUALA LUMPUR, 6 November 2012 – Malaysian banks need to reconsider the scope of the compliance function, and to better communicate and integrate compliance risk management processes into the business, according to a new survey by PwC Malaysia and Institute of Bankers Malaysia (IBBM) titled 'Compliance Matters'.

"The findings of the survey reinforce the importance of compliance in banking in ensuring enforcement across a variety of regulatory demands. It also reiterates the need for continuous learning and education in updating knowledge, increasing awareness and enhancing effectiveness of the compliance function," said Tay Kay Luan, CEO of IBBM.

Although almost 85% of survey respondents said that compliance should be everyone’s responsibility, the same number (85%) said that the compliance function role is not well understood - this indicates a large gap between what is ideal, and what is actually practiced on-the-ground.

Confusion over who owns the compliance role can be detrimental as it could mean things falling through the cracks or compliance not being administered effectively. This is especially true because many of the banking regulations are customer-centric, which require the support of banks’ customer-facing staff. The survey results show that the entire organisation – from the Board, to other departments, including legal, human resource, customer service and internal audit - has a formal role to play in compliance management programmes.

“As Malaysian banks continue to expand – both domestically and across the region – stronger governance and risk management will form the underlying base of their growth. Banks must relook and improve how compliance is organised and viewed within their organisations,” said Soo Hoo Khoon Yean, PwC Malaysia Financial Services Leader.

With the strong emphasis by regulators on the Anti Money Laundering Act (AMLA), most banks have  focused their efforts on AMLA-related risks (88%), to the detriment of other important areas. Market trading (e.g. insider trading or market manipulation) and customer centric activities (e.g. handling of customer complaints or communication on product risks) should also be given sufficient attention as they are key reputational risk areas – which banks can ill afford to take a chance on.

Technology is underutilised in compliance activity. The majority indicated that inadequate technological infrastructure is one of the key challenges in monitoring business compliance (81%) and compliance function activities (84%).

80% of survey respondents also acknowledged that Bank Negara Malaysia has sufficient regulations, with a good balance between compliance and business needs, and is effective in supervision and sensitive to global issues.

Foong Mei Lin, PwC Malaysia Executive Director for Regulatory Compliance said: "To fully develop compliance function effectiveness, banks need to look beyond their regulatory-centric compliance models, and adopt a customer-centric focused approach towards compliance. This is critical to the sustained growth of brand and reputation among customers and shareholders."

"Senior management is a key change agent driving the compliance culture throughout the organisation. They must establish clear roles so that there are no conflicts of interests or overlaps in responsibilities among the front line (i.e. customer-facing staff) and staff in dedicated compliance monitoring or internal audit roles," she added.

To ensure clarity on the compliance role, businesses can consider scoping it according to three lines of defence:

  • The first line of defence lies with client-facing business units, which act according to compliance policies
  • The second line of defence is the actual compliance function itself, which controls daily monitoring activities and provides oversight and advice
  • The third line of defence is Internal Audit – they provide an independent, periodic assessment of the organisation’s risk management and internal control systems.

To encourage a culture of integrity among employees, training and awareness programmes, and remuneration policies and compensation systems can help.  
Compliance officers must take a proactive approach in their roles, keeping themselves informed of regulatory developments in the country and the regions their banks have presence in. Lastly, they need to address gaps in the system by continuously engaging in transparent discussions with their staff.

The Compliance Function Effectiveness survey of Malaysia-based banking institutions is the first of its kind. It studies the positions of local and foreign banks in four areas - compliance strategy and assessment, organisation structure, measurement and improvement of monitoring/reviewing processes, and reporting.




Notes to editors:

  • PwC Malaysia and Institute of Bankers Malaysia did an online survey among Heads of Compliance and senior management from local and foreign Malaysia-based banking institutions in July and August 2012.

  • All Malaysia-based banks were surveyed, and the response rate was 65%.

  • The survey identifies the challenges faced by Malaysia-based banks in achieving and sustaining compliance, including lack of efficient organisational structures, inadequate technological infrastructure, poor communications with internal and external stakeholders, and lack of awareness of the compliance function role within the organisation.

  • The full report is available at

About PwC

PwC firms help organisations and individuals create the value they’re looking for. We’re a network of firms in 158 countries with close to 169,000 people who are committed to delivering quality in assurance, tax and advisory services. Tell us what matters to you and find out more by visiting us at

‘PwC’ is the brand under which member firms of PricewaterhouseCoopers International Limited (PwCIL) operate and provide services. Together, these firms form the PwC network. Each firm in the network is a separate legal entity and does not act as agent of PwCIL or any other member firm. PwCIL does not provide any services to clients. PwCIL is not responsible or liable for the acts or omissions of any of its member firms nor can it control the exercise of their professional judgment or bind them in any way.

About Institute of Bankers Malaysia

Institute of Bankers Malaysia (Institut Bank-Bank Malaysia or IBBM) is devoted to providing world-class education and learning services as part of its mission to develop talent in the banking and financial services industry. We aim to be at the forefront in the advancement of banking education and learning services; and are taking quantum leaps to reshape the banking education landscape through innovations in the delivery of our value propositions.

Established in November 1977 as the professional educational body for the banking and financial services industry in Malaysia, IBBM is governed by a Council comprising representatives from Bank Negara Malaysia, the Associations of Banks in Malaysia, the Association of Finance Companies of Malaysia and the Malaysian Investment Banking Association.

The role of IBBM is to facilitate the transfer of knowledge and skills through Education, Training, Information and Advisory Services.