Working in the financial services industry, we are all bound to have heard colleagues ask these questions, or something to this effect at one time or another. We may have even asked them ourselves.
- Is my Compliance Department too expensive?
- What do all these Compliance members of staff do?
You are right to ask these questions, but have you ever looked at what these role holders are actually doing for you and the firm?
The Regulators now expect financial services firms to have a Three Lines of Defence arrangement in place. They also don’t expect there to be any conflicts between those Three Lines. This means that Compliance should be performing a Second Line of Defence role, and therefore should not be stepping into the responsibilities of the First Line of Defence.
The First Line of Defence, the business, is normally happy to pass on some of their responsibilities to the Compliance department. By delegating their responsibilities to Compliance it means that they do not have to get down to the detail or write the processes and procedures themselves. They are happy to have it done for them, but at the same time they are the first to raise questions about the cost of the Compliance department.
The norm now is for Compliance departments to be split into three areas, but it is dependent upon the size of your firm:
- Advice and Guidance
- Regulatory change or upstream risk
The important thing is to make sure, where possible, that the Advice, Guidance and Regulatory change resources are independent of the monitoring resource. You cannot effectively monitor an area that you have helped to implement.
How is your Compliance department structured?
The next time you question the resources employed and the cost of your Compliance department, it may be worth investigating it further.
Are they sticking to their Second Line of Defence roles? The most common time that Compliance steps outside of their responsibilities relates to the implementation of projects. So often Compliance are expected to lead projects and then end up monitoring and recording decisions, taking minutes, when it should have been done by the business. For those of you who hold client money, look at how you implemented the new CASS rules especially Policy statement 14/9. In the majority of cases the Compliance involvement went way beyond their remit.
Are the business performing their roles or passing the responsibility onto Compliance? Where does the responsibility for file checking and supervision reside? Compliance is there to perform a risk based monitoring programme, not to be responsible for tasks that should be performed by the business management or supervisors who should be taking responsibility.
To ensure that you are getting it right, and fully understand where responsibilities should sit within your firm to avoid any conflict, talk to us at FSTP. We have helped numerous firms resolve a range of compliance issues, whilst helping to streamline their processes making the Compliance department more effective.
Maybe it is the beginning of the end for people questioning the cost of Compliance.