Dan J. Harkey

Master Educator | Business & Finance Consultant | Mentor

MEMORANDUM: To Executive Leadership

by Dan J. Harkey

Share This Article

MEMORANDUM

To: Executive Leadership Team, Audit Committee
From: Chief Financial Officer
Subject: Reframing Regulation and Compliance
Date: _________________________

Executive Summary

Regulation and compliance are frequently referred to as “part of the game” within organizations.  However, this characterization can be both inaccurate and detrimental. It fosters acceptance rather than encouraging thorough evaluation and critical analysis, and prioritizes perseverance over seeking efficiency improvements.

Regulations consist of rules and directives established by authorities with stakeholder input.

From a financial standpoint, regulation and compliance are concrete obligations. They encompass rules, capital requirements, operating expenses, risk mitigation measures, and opportunity costs. Accordingly, these elements warrant the same critical assessment, scrutiny, and management as any other item affecting the balance sheet or profit and loss statement.

This memo suggests a shift in perspective: viewing compliance as a system to be intentionally designed rather than a static requirement, while also highlighting areas where unchecked bureaucracy may quietly diminish both effectiveness and profits.

Restated: Unchecked bureaucracy diminished both effectiveness and profits. Write that on the chalkboard 20 times. 

Operational delays can hinder operations and significantly affect ROE.

1.  Compliance Is a Control Function, Not a Moral One

Each internal or external compliance requirement should be viewed as a control intended to address a particular risk.

For each major regulatory or internal compliance obligation, we should be able to answer:

  • What risk does this control mitigate?
  • What loss is intended to prevent or reduce?
  • What isthe all‑in cost (staffing, systems, legal, opportunity)?
  • Is the marginal benefit greater than the marginal cost?

Controls that cannot address these questions are unpriced risk transfers from the regulator to the firm and from capital policy.

2.  Risk Must Follow Authority

A recurring structural issue in regulated finance is risk–authority misalignment:

  • Rules are designed externally, but implementation risk is borne internally
  • Boards approve frameworks without full operational visibility
  • Compliance teams enforce standards without interpretive authority
  • Business units absorb penalties for ambiguitythat  they did not create

This is not a cultural issue—it is a governance failure.  In finance, risk that does not follow decision‑making authority accumulates quietly until it surfaces as a capital or reputational event.

3   Delay Is a Quantifiable Financial Cost

Regulatory and internal approval delays are often treated as usual “processes.”

They represent:

  • Capital trapped in approval cycles
  • Deals repriced or abandoned
  • Product launches deferred
  • Competitive advantage ceded
  • Systems and design are delayed
  • Creative efforts thwarted

Delay risk is seldom priced, tracked, or assigned, making it unseen but not insignificant.

Restated:  Persistent delay should be treated as operational drag with real ROE impact.

4.  Uniform Rules Create Non‑Uniform Financial Outcomes

Uniform compliance requirements are often regarded as equitable measures.   From a financial perspective, they serve as cross‑subsidies:

  • Fixed compliance costs disproportionately burden lower‑risk or smaller units
  • Low‑risk activities subsidize high‑risk ones
  • Compliance expense grows faster than assets or revenue

Uniformity makes administration easier, but it doesn’t address risk management.  When a system fails to distinguish among different risks, it is not neutral; rather, it is inefficient.

5.  Internal Bureaucracy Is Shadow Regulation

We should be candid: many internal policies now replicate the same dysfunction we criticize externally.

Warning signs include:

  • Policies with no sunset or review cycle
  • Committees whose primary function is liability distribution
  • Reporting that measures activity volume rather than risk reduction

Controls that can’t be retired or simplified are just organizational sediment that increases costs over time.

6.  Language Matters

Resignation language has financial consequences.

Instead of:

“This is just what regulators require.”

We should be asking:

“What risk does this requirement price, ands and is it priced correctly?”

This shifts compliance from inevitability to a set of instruments, something that can be modeled, optimized, and improved.

Recommended Actions

  • Inventory major compliance controls and map them to specific risks
  • Quantify total compliance cost as a percentage of revenue and assets
  • Identify controls with no clear risk owner or sunset
  • Escalate delay metrics (time‑to‑approval, time‑to‑decision) as financial data
  • Begin treating compliance efficiency as a capital discipline, not a cultural one

Closing

Markets penalize inefficiency more quickly than regulators.  Rigid compliance reduces agility without enhancing safety.

Resignation is not prudence.
Endurance is not governance.
A bureaucracy that goes unchecked isn’t conservative; it’s costly.

We need to manage regulations with the same level of diligence as we devote to capital, risk, and returns.