23 Jul The changing role of compliance by navigating the challenges
The combination of the global financial crisis that started to emerge in 2008, continuing challenges in respect of the mis-selling of PPI and, more recently, misconduct in relation to LIBOR and foreign exchange benchmarks has put the spotlight on governance, culture and standards across the whole of the financial services industry, and particularly on banks. The political, regulatory and supervisory responses to this have been far-reaching and intense, leaving few aspects of the regulatory landscape and the governance of regulated firms untouched. As part of this, the role of the Chief Compliance Officer (CCO) and the Compliance Function more generally is subject to ongoing and significant change, particularly in the UK.
Both the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) emphasise the importance of “judgement-based supervision”. In short, this means looking beyond compliance with the letter of regulation (which of course remains important) and asking normative questions about whether or not a course of conduct is the right thing to do, even if it is currently not prohibited by the regulations. Although judgement-based supervision is not new, it is clear that its application still has a long way to run and the increased prominence being attached to it raises risks relating to supervisory predictability, consistency and the use of hindsight. All of these pose particular challenges for the CCO.
Simultaneously, the focus on the importance of firms ? having the right culture to deliver compliance with regulatory obligations in the broadest sense reinforces the principle that compliance is an issue for everyone in the firm, not only the CCO. Moreover, culture is not something that can be “managed” or “mitigated” through controls. Too much emphasis on controls can lead to a culture where something not expressly prohibited is viewed as acceptable. The focus needs to shift to promoting behaviours which encourage all staff to take responsibility for doing the right thing all of the time. This is a positive development in that it reinforces accountability within the business (the first line).
But it also raises some questions about where the CCO’s role starts and finishes. If compliance is for all in the firm, what is the Compliance Function for?
The introduction of the Senior Managers Regime (SMR) and the Senior Insurance Managers Regime (SIMR) will be important in this regard. Not only will they reinforce the role of the senior management team as a whole in delivering compliance with regulatory requirements but they will also mandate clarity around each senior manager’s role and responsibilities.
The significant preparatory work which implementation of these regimes requires of some firms will provide clarity in many areas which have remained “grey” for years. If implemented rigorously, this should minimise any scope for uncertainty or misunderstanding around the boundaries of the CCO’s responsibilities. These new frameworks will also reinforce the need for Non-Executive Directors (NEDs) on the Board Risk and Audit Committees to take a strong and direct interest in the CCO and the Compliance Function.
All that said, clarity in and of itself will not deal with the many challenges faced by the CCO in terms of the breadth of the role.
Although conventional solutions such as recruitment and training will continue to play a key role, we are seeing CCOs looking to adopt more innovative approaches and solutions. Key among these is greater (and better) deployment of technology to support the CCO and the Compliance Function, taking advantage of the pace with which new applications and solutions are being developed and also reflecting the cost pressures which firms face (e.g. to use shared services, low cost environments, etc.). However, technology is no panacea – in order to achieve a return on the potentially significant investment needed firms must first have a foundation of effective compliance policies and processes.
The range of skills needed by the CCO and the Compliance Function is both broadening and deepening at a time when competition to recruit compliance professionals is high.
Against this background this paper explores some key areas of change that we are seeing take effect across our network of clients, looking specifically at:
- changing supervisory expectations, including the move to more judgement-based supervision in the UK and the consequences for the CCO and the Compliance Function;
- the role of the CCO as part of the overall senior management team of the firm and the need
to satisfy multiple demands from different stakeholders; and - how CCOs can respond to the changing environment and the tools and techniques available to support them.
In summary: while the challenges facing CCOs have undoubtedly risen, given increasing demands from both regulators and from internal stakeholders, we see a range of innovative approaches in relation to people, processes and technology which can support CCOs and Compliance Functions in navigating through them successfully.
