We live in an era of rapid regulatory changes. The pace of new financial legislation and tough enforcement actions by regulators is intensifying and the regulatory considerations are a crucial part of any major decision. In this atmosphere, the compliance executives are becoming a more and more dominant figures within the industry’s corporate landscape.
Rod Martenstyn, the former CEO (and more importantly the Compliance Officer) of GKFX and the former CFO and Head of Compliance at FINSA Europe, weighs in on the aspects of the modern compliance officer.
If one would ask a random member of a firm’s executive management or board about what a compliance officer does, I guarantee many would give a vague or even wrong answer. I certainly remember compliance officers being historically referred to as business prevention officers (‘BPOs’) or tick-box personnel. Nothing could be further from the truth.
To counter these widely-spread misconceptions, I have put together a few of my musings on the role of the compliance officer and how to be a progressive and value-added compliance officer.
Protector of the license
As someone (who used to work at the FCA) once told me when he recruited me for a Head of Compliance position, I was there to a) protect the license and b) to have a commercial mind. These are quite simple statements, but they have always stuck in my mind and should form the basis of any compliance officer’s modus operandi.
I was once asked what the most important function in an FCA-regulated firm was. Some would say sales and marketing. Others would say the tech department. However, my answer would always be compliance. Simply put, if you lose your FCA license then you have no business, no matter how great your business model and strategy are.
A firm’s compliance infrastructure should underpin its identity and strategy. The image of the firm is a result of your sales and marketing efforts, which may attract clients, but if that house is built on poor structural foundations (compliance), it will ultimately crumble and fall.
Be prepared for things to come
Additionally, being ahead of the competition by being prepared for future regulation can lead to financial benefits for the firm. For example, I thought CP 16/40 was expected and quite frankly long overdue for the industry.
A progressive and value-added compliance officer should have anticipated this 18 months earlier and prepared their firm for such measures being introduced and ensured their firm was fully compliant with both its conduct and prudential risks. It would have saved their company the cost of a skilled person report (section 166), potential voluntary requirement (‘VReq’) situations or legal fees associated with an FCA enforcement case.
One Bank to Rule Them All: Atlas Bank Outlines 2020 StrategyGo to article >>
Similarly, how many of you compliance officers have considered the intended new capital requirements regulations and how it would affect your Pillar 1 calculations in 18 months’ time. Would your firm need more capital, would it free up capital which could be used for your firm’s expansion?
Also, do you have a project plan for SMCR implementation for next year? Have you looked at the 2018 client money rules update that allows the investment of client money in >30-day term deposits (which generates significantly more income to your firm than the pence generated in say a Barclays’ client money current account)? A progressive value-added compliance officer should be forward thinking and commercially minded.
A compliance officer should not be just someone who has his head stuck in COBS and SYSC rules carrying out their compliance monitoring programs. Yes, this is important for helping to protect the firm’s license, but it is only a part of being a compliance officer.
Conduct risk is only part of compliance
I have met many compliance officers who are like a walking rule book when it comes to COBS and SYSC. This is great, however, when I ask them a question on terms such as prudential risks, CRDIV, CRR, market risk, counterparty credit risk, ICAAPs, Pillar 2, and ICGs, I’ve often received blank looks or responses such as “oh the FD does that, the Head of Risk does that, speak to him/her over there”. I’m quite dumbfounded when faced with that reaction.
When the FCA sends information requests to firms about SREPs and ICAAPs, they typically email the compliance officer (since they are the holder of the CF10 function). This should be a clear message to a compliance officer that they need to understand the prudential risks of the firm, know how their firm’s regulatory financial model works, Pillar 1 and Pillar 2 calculations, and how to document the ICAAP, all in addition to the conduct risks.
If you are called up for a three-hour FCA interview for a CF10, CF10a, or CF1 function at a new firm, you will be asked about both conduct and prudential risks of the firm. These two categories of risk are of equal importance to a firm, and the compliance officer needs to embrace both, i.e., step out of their COBS/SYSC comfort zone, and fully understand the firm’s regulatory financial model and ICAAP.
Relations with the regulator
I need not remind compliance officers about Principle 11, but it is becoming increasingly important in today’s regulatory environment. Having the attitude of “being under the radar, we don’t need to contact them” is hardly proactive and does not sit well with regulators. They want openness and transparency, and by not being in frequent dialogue with them, you are only putting your firm at risk of future rubber glove treatment at the hands of the regulator.
A challenger with solutions, not a binary yes/no bureaucrat
A true progressive value-added compliance officer should also be someone who challenges senior management when they are looking at new products/strategy, etc. If they just accept something from management while knowing that from a compliance view, it smells a bit “iffy” and could put the firm at risk, they are not doing what is expected of them. As the holder of a CF10 function, in the eyes of the FCA or of the owners of your firm you need to fulfill your duties to the fullest.
This doesn’t mean you should become a “computer says no or yes” type of compliance officer, rather if you have the iffy situation, then find the solution that makes the firm fully compliant and meets management’s objectives. Being commercial and fully compliant should not have to be mutually exclusive.
Rod Martenstyn is the CEO & Founder of OSS Consult Ltd