The Art of Compliance
19 August 2022 | Philip Baker
There’s no point denying it. It’s a tough time to be a compliance officer. The seemingly never-ending communications from the JFSC requesting more information, telling us of additional requirements that must be adhered to, of firms failing to meet the standards, and of harsher penalties when things go wrong. All of this at a time when resources are so challenging.
If you hold a senior compliance role, it can all feel quite overwhelming, and it would be understandable if you adopted a siege mentality and cut yourself off from your colleagues and the rest of the business, because “that’s the only way I am going to get through all this work and meet these ridiculous deadlines”. I’m sure there are a few nodding heads out there!
There’s no doubt that there are times when there’s no choice but to adopt this approach as a short-term measure, but it should very much be the exception rather than the rule. Being an effective compliance officer is so much more than producing reports, meeting deadlines and knowing the codes of practice back to front. There are other skills and attributes that are, in my view essential.
In this context, I find it very helpful to think of the role of the compliance function in a financial services business as that of a service provider. It provides support, expertise, advice, training, reporting and assurance to its clients, who are the directors, senior management and other employees, whilst at the same time maintaining its independence. Thinking of compliance in this way, I think, helps you appreciate the importance of building and maintaining good relationships and of providing an excellent client service, which admittedly at times, may mean being a critical friend.
There are certain features that are present in all productive client relationships, and I have given some thought to those that I think are essential to the compliance officer in mastering that oft mentioned concept of the Art of Compliance:
Respect, understanding and empathy
You need to have respect for, and a deep understanding of the business you are serving. Not just the technical aspects, but also an appreciation of the plans they have and the challenges they face. Active compliance involvement in the business risk assessment process is very important in this regard, whilst still recognising the board retains overall accountability. This collaborative approach should help Compliance in ensuring that its work programme and monitoring activities are aligned with the risks and needs of the business.
Whilst on the topic of collaboration, when seeking information, perhaps to meet a JFSC request, surely it has to be better for Compliance and business colleagues, who may have competing priorities, to work together to agree deliverables, rather than have them imposed.
Communication
We all know that clear communication is key to any effective relationship. This starts with ensuring that there is no misunderstanding as to what the compliance function is (and is not) responsible for and how it will carry out its activities. This should be agreed in writing with the board or equivalent and shared regularly with all employees.
It’s also essential when preparing your board reporting, to present the full picture. Whilst it may be tempting to provide a good news story, you have a duty to promptly bring concerns or failings to the board’s attention as well. When reporting deficiencies, if you also have suggestions on how they can be addressed, so much the better.
Train, coach and explain
This is where the compliance function comes into its own. Activities should not be limited to providing routine induction sessions or formal anti-money laundering training. Compliance officers have an ongoing responsibility to educate employees on regulatory matters that affect them and the firm’s policies and procedures. There are a whole variety of methods that can be employed.
I am a great believer in arranging regular, informal “drop in” sessions to keep employees updated on what is going on in the world of regulation and compliance. These sessions give you a chance to add some colour to what on the face of it, can be dry subjects, by explaining for instance, why the regulator is taking certain actions or why your procedures need to be updated in response. Employees can of course record valuable CPD, and who knows, you might even attract interest from some in a career in compliance!!
Whilst it may not always be easy, ensure that you are seen as approachable and not someone who always has their door closed or rarely ventures into the office, in these days of home working.
Adaptable
Of course, compliance officers need to have a good understanding of the legal and regulatory requirements and inform the business when they can’t, or must do something.
However, the real Art of Compliance is to explore whether there may be other ways of meeting the requirements. Before anyone starts to howl in protest, I don’t for one second mean looking for ways to get round or avoid your responsibilities!! Take customer due diligence as a very simple example. Adopting a risk-based approach to meeting customer identification requirements means that there are a variety of ways to meet the objective, rather than getting fixated on a utility bill to verify an address. Just make sure you document the approach taken and why you believe it addresses the risk involved.
Be firm
It doesn’t always come naturally, however there will be times when you may need to be firm and risk being unpopular. Let’s consider this situation: the client director is keen to accept a new piece of business where there are risks that you don’t believe can be properly mitigated; or there is an urgency to proceed before all the due diligence is in place. You may be pressurised to provide your approval. These are real danger moments, and the old saying “act in haste and repent at leisure” couldn’t be more apt.
Should you find yourself in one of these situations, remind yourself of Principle 1 of the codes of practice – act with integrity and do the right thing. Remind others of the potentially severe consequences of getting it wrong, rely upon your independent judgement, try to work through obstacles if possible, clearly explain your concerns and seek senior support for your views. However, should you be over-ruled, make sure that your objections are clearly documented, and you keep records of your concerns and recommendations.
Even the most effective compliance officer won’t be able to demonstrate these attributes 100% of the time and there will always be opportunities to learn and improve from situations that didn’t go so well. Perhaps recognising and accepting this is the first very important step in mastering the Art of Compliance?