Picking-up the regulatory perspective on the workings of the compliance function | Wolters Kluwer
  • Insights

  • Picking-up the regulatory perspective on the workings of the compliance function

    By Steve Blackbourn

    Published January 30, 2018

    The U.K. conduct regulator (FCA) has recently issued its findings of a review into the workings and operation of compliance functions across U.K. wholesale banking. Many observers might well overlook or even steer clear of this if they operate in the retail environment, but this could be a mistaken approach, as many of the thoughts and concerns can still have a relevance and interest across the U.K. industry.

    This output, exemplifies how the FCA recognises that the workings and standards across the wholesale sectors can equally have a contagion effect given the many dependencies and common participants and interests that can arise within a global and inter-connected industry. In reality, this has seen many of the practising principles, motivations and expectations of regulators become increasingly merged and more consistent in regard to securing an acceptable degree of protection, treatment and vulnerability associated with market participants and consumers.

    Scope and purpose

    The specific review covering wholesale banking involved the analysis of a questionnaire issued at the beginning of 2017 and drawing together data and information from some 22 firms representing a mix of large to medium sized and even smaller footprint organisations. The questionnaire covered a range of subject topics from basic organisational roles and structures, to the involvement of the compliance function around strategic issues and outcomes, and the employment of new and emerging technologies to support risk management systems such as assessments, monitoring and reporting etc.

    The purpose and findings behind by this review help reflect the need and expectation that whilst compliance functions should remain effective and independent in the support and oversight of the business, this relies on an appropriate level of awareness, support and attention at not just Board level but by other senior operational and executive management across the firm. It also underlines the fact that everyone in a regulated business can have a role to play in helping the firm operate to and deliver against its compliance requirements and expectations.

    An opportunity to self assess your own situation

    The review summary also contains some useful specific questions that senior-management and Board-level management might use in self-assessing the adequacy and effectiveness of their own compliance functions. This includes a range of suggested aspects for Boards and management to consider and explore, including (but not limited to):

    1.    How does the firm, through its Board and any committee(s) keep and direct its oversight on compliance related matters, mandates, functions and outputs so it remains adequately aware of and engaged on regulatory risks and status?       

    2.    The extent to which the compliance function delivers and balances the management, ownership and effective assurance on risk(s) with its role in challenging and advising the management and functions within the firm on regulatory obligations, standards and developments?      

    3.    What plans exist for the compliance function and resources to be developed in response to the evolving business and operating model(s) of the firm, and to respond to changes in business activities and new technology and solutions to meet the identified and perceived regulatory risk and exposures of the firm?      

    The Board and senior-management of all firms, of whatever type or sector, would do well to take suitable time and effort to consider the non-exhaustive list of ten (10) specific questions raised within the FCA publication, as part of their awareness, reflection and assessment of the wider themes and issues raised by the study.

    Common themes and considerations 

    Indeed, the review has highlighted issues and concerns that will certainly have a more common and wider relevance and resonance across all (or at least many) compliance functions across the financial-services industry. This includes:

    •  Proportionality of form, roles and function, with the firm having an adequate level of skilled resourcing and an efficient functional and reporting structure given the ongoing nature, scale and complexity of its actual and developing business, and the extent of any identified and perceived regulatory risks and exposures.
    •  Ownership with effective Board/senior-management engagement with Compliance as part of its leadership and direction in support of strategic thinking and business outcomes. In addition, the findings suggest compliance functions are tending to become a more defined and established second line-of-defence role with the ability to exercise authority and representation across relevant internal committees and decision-making bodies. However, firms should perhaps be prepared to adopt and willing to apply some broader strategic thinking behind how they develop and utilise their compliance functions in an effective and efficient manner, as the firms’ risk and business environment changes.
    •  Skill competence & training/awareness with the ability of the compliance function to help positively shape and add-value in influencing standards across the business and playing their active part in recognising, understanding and helping to reinforce compliance obligations and situations. But to do so, the function needs the necessary overall resources as well as suitably skilled personnel to successfully communicate, educate, promote and advocate across all levels of the organisation. For many firms the core compliance functions do not tend to be routinely outsourced, though more centralised or Group services can be established and utilised to access and support cost efficiencies.
    • A suitable articulation and internal approval of the core compliance risk & control framework elements in place across the business e.g. policies and procedures etc. But also having a realistic and dynamic approach and methodology for identifying, assessing and duly managing and reporting on the firms’ ongoing compliance status, current and evolving risk scenarios as well as handling events that duly emerge and/or arise.
    • A dynamic nature and capacity to be responsive and flexible to change, be it driven by strategy or technology etc, and driving product/service, process and systems changes etc. But this quality relates not just to the firm’s evolving risk-based assessment(s) and approach, but also the quality of any underpinning Compliance policy and Terms of Reference or working mandate etc. too. Here, compliance functions, along with senior-management vision and support, should explore how they can best benefit and interact with other internal control and defence functions e.g. Legal, Finance, Audit, Risk and HR etc. as well as various front-line services and functions too. This may provide opportunities not just for better collaboration with less overlap or duplication of effort, but a closer working alignment around common topics and concerns, and may create the potential for Compliance to contribute to a more refined and longer-term activity and solutions that go beyond the more traditional periodic plans and programmes.
    •  Embedded with regard to the visibility and interaction of the compliance functions within and across the firm and organisation, in helping to not only build and maintain the necessary business culture and values but also demonstrating an active and value-added contribution and engagement on all relevant business matters.

    Another interesting observation is that some compliance functions are being stretched in terms of their traditional role and functional boundaries to embrace issues such as behavioural change, data protection and matters involving corporate governance etc. This role or scope creep, in addition to new and emerging threats and challenges facing this area of business, is leading to firms having to invest and expand resources and/or technologies to support the necessary functional deliverables, outcomes and efficiencies. This includes the use of data analytics and electronic solutions to support monitoring or surveillance with the majority of firms’ surveyed making cyber-crime one of the top risk faced by their business and respective compliance function.

    Taking the chance to listen and act 

    Though this review output is clearly centred on the practices and observations of banking in the wholesale sector, it can still provide some important lessons and indicate issues of much wider context and consideration across the U.K. industry. In particular, this is true of some of the challenges and opportunities for addressing functional and business changes.

    This recent output does not require any firms affected directly or not to take any specific or remedial steps themselves. But the least, the senior-management along with those who operationally lead compliance functions should take the opportunity to consider the extent to which these themes and observations might apply and affect the ongoing development of their own functions.

    As evidence of the FCA’s continued interest in practices and standards within the wholesale sector it also issued in November a separate Terms of Reference on its intended study on how innovation and competition is working in regard to the broker insurance market, which will look at how the interests of various participants and clients are being met and delivered. This suggests that the U.K. conduct regulator will continue to keenly explore how firms understand and respond to all matters of conduct and compliance across both retail and wholesale settings.

    About the author: Over a 25-year career Steve Blackbourn has undertaken various operational and regulatory roles at senior-management level in a range of international financial services organisations before becoming established as a U.K.-based compliance and financial crime consultant in 2008. Steve has held key positions within a global bank assurance group, an Advanced Risk-Responsive Operating FrameWork (ARROW) supervisory inspection team at the U.K. FSA and an international life/pensions and investment organisation. Steve has worked and continues to work alongside Wolters Kluwer in delivering project-specific as well as rolling consultancy support services with mutual clients. He is also a regular monthly contributor to Wolters Kluwer Compliance Resource Network. In addition, he also works with a range of direct clients applying his broad scope regulatory-compliance and financial-crime background and skills to deliver a reliable and quality service with an emphasis on practical approach and commercial orientated solutions. 

    If this article was useful to you, we can assist with more in-depth analysis needed to understand the ever changing regulatory environment.  We’ve made OneSumX Compliance Resource Network an all-inclusive information solution. In a single, convenient location, you can quickly and accurately access all pertinent regulations, legislation and updated rulebooks. Sign up for your free trial today

  • Please take a moment and tell us what you think of our content.