Professional Documents
Culture Documents
PAGE DOC
Un i t 5
Learning Objectives
Introduction
The role of the Compliance function (or the Compliance department, or compliance
team: these terms are all also used) is very wide, because it has to mirror all the different
business activities in which the firm is engaged. Its more traditional role as a technical
function has evolved so that today its responsibilities include providing advice, expertise
and support to all business areas, alongside monitoring and reporting, and being the
point of contact with the regulators. In this unit we will look at the various aspects of the
role in some detail.
1. The educator
Although education and training are provided by the training or learning and
development functions, technical input into these programmes is essential,
because the Compliance function is a subject-matter expert (SME).
There is more to this than just technical expertise such as knowledge of the
regulations and legislation that apply to financial services companies.
One of the roles of the Compliance function is to provide input into training, but
we have to ask ourselves what this really means. Training takes many different
forms, and there are many different terminologies used, including:
coaching
computer-based training
workshops
135
Unit 5 What is the role of the compliance function?
classroom training
mandatory or statutory training
ad hoc updates.
Also, we need to identify the audience for the training. It is needed not only by
new recruits to a firm, but also by all employees to keep their skills and knowledge
up to date, especially as and when there are changes that affect the firm. These
changes could be in regulation, guidance, markets, products and services – the key
is to remember that they need to be the subject of training updates because of
their potential impact on the firm’s compliance. Employees in different roles need
different levels and depth of detail in their training.
It is also important that managers attend or at the very least show support for
the training sessions, as they will be responsible for ensuring compliance with the
policies and procedures. This also reinforces the message of ‘tone from the top’.
The first stage of training comes at the start of a career in the firm. This induction
training is the opportunity for the Compliance function to explain the importance
of compliance with regulation, but without going into any great technical detail. It
presents the opportunity to explain the firm’s approach to compliance, the culture
and ethics it requires of all employees, and the basic behaviours expected while
working for the firm.
Later training is likely to be more technical and focused on the needs of the
specific role. If this role is in a risk management or compliance capacity, then the
technical content will be substantial. In other roles that are subject to regulation
(for example, selling regulated products, complaint handling, claims management)
then the training will have to cover the regulatory requirements for the area
concerned and link these to the work procedures to be followed.
136
Unit 5 What is the role of the compliance function?
Mandatory training is completed on a regular cycle, and covers the subjects about
which all employees have to be aware, in their roles. Examples of mandatory
training include sessions on bribery and corruption, anti money laundering,
sanctions compliance – those subjects where the firm has a responsibility to ensure
that all employees are aware of their individual responsibilities. The challenge
facing the Compliance function in providing the materials for this training is
to keep it interesting and current. If the same material is used year after year,
completing the training will soon become a ‘tick box’ exercise.
63. http://www.mas.gov.sg/~/media/MAS/Regulations%20and%20Financial%20Stability/
Regulatory%20and%20Supervisory%20Framework/Risk%20Management/RMG%20
Internal%20Control_1%20Apr%202013.pdf – Internal Controls.
137
Unit 5 What is the role of the compliance function?
employees may not. This does not mean every employee must be able to recite
all the regulatory rules or principles with which an organisation has to comply.
Rather, they should have an understanding of the broad principles. For example,
they should appreciate why it is important for complaints to be taken seriously.
Overview training can often be included at an introductory level within induction
programmes, giving new employees a clear understanding of the importance of
the regulatory environment in which the firm operates.
The second stage is to agree the training objectives. These will be heavily
influenced by the regulatory risk appetite of the business. Certain firms will wish
to achieve basic compliance with the rules but nothing more. Others will want
to achieve best practice, while the best businesses will want to exceed both
rule and best practice requirements and actively promote the benefits of ethical
business conduct.
Reduce the ‘authority gradient’ between you and the trainees. A training
session is not an exercise in demonstrating your knowledge. If the
perceived gap between you and the trainees is too large, your message
will not be absorbed.
Avoid lecturing. Instead, encourage audience participation. The more you
personalise a training message, the more likely it is that the message will
form part of a trainee’s long-term memory.
Where appropriate, explain the reasons ‘why’. Do not simply train in a
process or a system; instead, provide some context and enable the audience
to understand the background. With this understanding comes buy-in, and
in turn, a willingness to comply.
Make the training session relevant to the role of the participants by using
examples from their area of expertise.
Attention spans are very short. If you speak for longer than 20 minutes
without audience participation, most of what you are saying will not
be absorbed.
Encourage all training contributions by praising.
Use visual aids whenever possible. Most of what trainees learn comes from
what they see and not what they hear.
138
Unit 5 What is the role of the compliance function?
Make the training fun! If trainees are enjoying themselves they will pay
greater attention.
Finally, care should be taken to ensure that training is effective and current.
Training content should take into account any changes in the market, products,
legislation or regulation.
Systems and procedures work only if people make them work. Their effectiveness
is dictated in part by the prevailing culture of an organisation and the attitudes
among employees that the culture engenders. Training plays a vitally important
role in the creation of a healthy compliance environment.
The type of education that the Compliance function needs to provide can be
subdivided into technical education and behavioural education (including ‘hard’
technical knowledge skills and ‘soft’ personal skills respectively).
139
Unit 5 What is the role of the compliance function?
The technical education will be based on interpretation of the rules and principles
that apply, according to the product or service being offered. It will be tailored to
the audience, and the method of delivery will vary according to the scale of the
education required. For example, any changes in regulatory responsibilities could
require a wide programme of technical education for large numbers of employees,
whereas changes in some of the technical requirements in already established
regulated activities are likely to result in a specialised briefing to a small number of
SMEs in the relevant business areas.
2. The adviser
2.1 Planned advice
Planned advice is given when changes, updates and amendments are known,
so that the business can plan any adjustments it needs to make, and assess their
impacts on its operations.
By being proactive and considering the impact of change, the Compliance function
can offer the advice that business areas need to help them to respond. This ensures
that compliance is maintained in product and operational areas, or in complaint
handling, for example.
One of the critical roles of advisory activity is to prompt business reviews. If the
regulator announces new measures derived from outputs of previous thematic
reviews, then the Compliance function may liaise with the business areas in order
to decide whether risks within the firm are likely to arise from the proposed or
announced changes.
140
Unit 5 What is the role of the compliance function?
firm is in a position to be more proactive and less reactive, and therefore able to
exploit any new business opportunities that arise as a result of the new conditions.
It is essential to be aware of what is on or just over the regulatory horizon. This role
could be allocated to a specific team or individual in the Compliance function or, in
those firms operating the ‘three lines of defence’ model (see Unit 6, section 2.1.2), to
the risk oversight teams.
This is advice given in response to specific and immediate questions and queries,
no matter what their origin. Quite often, a large part of the compliance
professional’s time is taken up answering these types of query, but they are an ideal
opportunity to train and educate the person asking the question. We will discuss
further the skills and qualities that are required by the Compliance professional in
sections 7.2 and 7.3 of this unit.
Compliance Officers are more able to respond to ad hoc queries if they are aware
of the context, in business terms, of the questions they are being asked.
141
Unit 5 What is the role of the compliance function?
3. Providing assurance
3.1 Monitoring plans
In order to ensure an up-to-date assessment of the risks that the company faces
and the efficiency of the control systems that it has in place, a monitoring system
must be implemented. In most jurisdictions monitoring is also a regulatory
requirement.64 An effective monitoring programme generates the essential
information that a Compliance function requires to keep the board apprised of the
effectiveness of the compliance control framework in place.
Many firms make the mistake of concentrating their efforts on monitoring controls
that ‘react’ to errors that have already occurred. In large part this is because of poor
planning, and as a result they expend valuable resources on ‘firefighting’ to rectify
events that, with better planning, could have been avoided.
Example
A fund management company is responsible for the calculation of the daily net
assets value (NAV) of an equity fund. Each daily calculation affects the price on
that day and on all subsequent days. Owing to inadequate monitoring, the fund
management company fails to identify a material error on a particular dealing
day in January 2014. The effect of this is that all subsequent dealing prices are
incorrect. The error is revealed in October 2015, during the 2015 annual audit. It
was missed during the 2014 audit. The error results in:
This example illustrates how ‘resource hungry’ an error can be. It also demonstrates
the importance of not relying solely upon other control functions to monitor
compliance. The entire scenario could have been avoided had a real-time
monitoring system been in place.
64. In ‘principles-based’ jurisdictions, regard should be had to both the broad regulatory
principles and international best practice.
142
Unit 5 What is the role of the compliance function?
In Unit 6, section 1.2 we will look more closely at the methodology of risk
management, but for now let us just assume that the Compliance Officer has
identified the compliance risks inherent in the business and now needs to quantify
and evaluate them to assess the likelihood and severity of loss (often referred to as
probability and impact) should the risk materialise.
A possible outcome could be acceptance of the risk; for example, because the
impact of any loss would be small; it is unlikely to happen; or it is inherent in
running the business. Alternatively, the outcome could be the implementation of
controls for the risk.
3.1.3 Self-assessment
This form of dialogue is essential. Compliance staff are not usually as familiar
with work processes and the interface between service provision and compliance
controls as the individuals who work with them on a daily basis. The key to a
successful self-assessment exercise, therefore, is the engaged involvement of
business units.
143
Unit 5 What is the role of the compliance function?
product vulnerabilities
distribution channel vulnerabilities
client risk factors
legislation/regulation and any upcoming changes
relevant rules and guidance
market developments and indicators
industry best practice.
The level of detail provided will depend on who needs the information and for
what purpose; for example, managers responsible for day-to-day compliance will
expect to receive a far greater level of detail and on a more regular basis than
the board. The board should regularly receive reports on risk in general and on
compliance risks in particular. Frequency will depend on the size and nature of the
firm and its risk profile, but the regulator will expect to see the board exercising its
influence in this area.
The escalation process should provide for appropriate trigger points and reporting
thresholds to ensure that serious issues are identified on a timely basis.
Firms are required to notify staff how to escalate matters of concern internally.
Nonetheless, if the concern is not taken seriously, employees should also be aware
of the need to ‘blow the whistle’ externally – that is, to report it directly to the
regulator or relevant authority. Whistle-blowing is covered in further detail in Unit
8, section 11.
Routine reporting will usually be based on robust MI, and should be reliable (for
example, based on sound collection systems), timely (sufficiently recent and regular
144
Unit 5 What is the role of the compliance function?
3.2.1 Ownership of MI
In larger firms, MI is collected at business function level and collated, analysed and
interpreted by the Compliance function. This analysis forms the basis of the reports
that will be presented to senior management – for example to the Risk Committee
and Audit Committee.
The role of the Compliance function is to confirm the validity of the data, and to
ensure that it is accurate and represents evidence of the control of those risks
that are agreed to be the most significant to the business. For these reasons, the
Compliance function owns the data it supplies. It is important to evaluate the
appropriateness of the MI.
Does it provide data on those risks that constitute critical elements of the
firm’s risk appetite in its business activities?
Does it provide enough information for the board committees and the
board itself to make the necessary strategic decisions that will ensure
continued regulatory compliance? Sound decisions cannot be made on the
basis of incomplete information.
Is there too much information? If so, it will lose impact and relevance, and
key messages could be lost.
3.2.2 Timeliness of MI
Systems solutions that are set to filter and collate data take away much of the
manual analysis from this task, but ultimately the Compliance function needs to
use its skills and experience to assess the validity and usefulness of the MI.
145
Unit 5 What is the role of the compliance function?
4. Relationship management
In order to achieve regulatory objectives, it is essential for the Compliance function,
and therefore the employees and management of the function, to identify,
establish and manage key relationships. The benefits to both the Compliance
function and the firm in achieving this should not be underestimated. It can be
crucial in establishing a strong culture of compliance and mutual respect.
Regardless of the broader reporting structure, the head of compliance must have
direct access to the board.
146
Unit 5 What is the role of the compliance function?
147
Unit 5 What is the role of the compliance function?
Open and honest feedback will help a Compliance function to improve the quality
of the service it provides, which in turn should help the firm as a whole.
protecting investors
maintaining confidence in the financial system
preserving market stability.
The first of these is a consumer conduct objective, whereas the second and third
are part of the market conduct agenda.
Is the provider secure so that customers can access their money when they
need it?
Can the provider be trusted to look after their investments so that they will
get back the sums invested (and any return due on them)?
If something goes wrong, for example the provider goes out of business, will
their investment be protected? Would they be eligible for compensation?
Regulators set conduct of business rules designed to provide customers with all the
information they need, both pre-and post-sale. These disclosure requirements are
at the very heart of consumer conduct requirements as customers must either be
able to rely upon any advice received from an authorised firm, or be given sufficient
information to be able to make a fully informed decision themselves. Failures in
disclosure have been the underlying cause of many of the mis-selling scandals.
148
Unit 5 What is the role of the compliance function?
Regulators must then supervise authorised firms and monitor their activities to
ensure that they are meeting the required standards; regulators have powers
to investigate and take enforcement action against firms that fail to meet the
required standards. Rules and supervision levels vary according to the type of
product or market sector in which a firm is operating, with more risky products
generally attracting more stringent rules and closer oversight by the regulator. But,
at their heart, the rules all focus on ensuring that the right amount of balanced
information, highlighting the risks, is provided to the customer as part of any sale,
redressing the issue of information asymmetry (see Unit 1, section 3.1.1).
Given the very diverse nature of the customer base, it is usual to weight the
protection in favour of those who are least experienced, such as individual
customers dealing on their own account, and small businesses, which also enjoy a
high level of protection. Substantial businesses and experienced investors investing
their assets are expected to have some knowledge and understanding of the
transactions they are undertaking.
5.1.1 Examples
The penalties for mis-handling complaints can be severe. Examples have been seen
in the UK. In January 2011 the then UK regulator, the FSA, fined RBS and NatWest
£2.8m for responding inadequately to more than half the complaints reviewed by
the FSA. The cost of mitigation actions and the reputational damage done would
have been considerably more than this. More recently, in July 2013 the Financial
Conduct Authority (FCA) fined Policy Administration Services Limited (PAS)
£2,834,700 for poor complaints handling between June 2009 and September 2011,
including failing to identify the root causes of recurring issues and put them right.
149
Unit 5 What is the role of the compliance function?
time limits
resolution
escalation rights
root-cause analysis.
It is important that all customer complaints are handled promptly. Effective and
timely handling of a complaint can defuse situations that might otherwise escalate.
Therefore, documented procedures should specify time limits within which
complaints should be resolved.
A firm should aim to resolve complaints within the shortest period of time possible,
while also meeting the required standards of quality. Time limits should be
prescribed within internal procedures in line with regulatory requirements. At the
expiry of such limits, an organisation should issue one of the following:
At the end of the investigation period, complainants who remain dissatisfied with
the outcome may refer their case to the regulator or other independent body
established to complete an impartial review (often known as an Ombudsman).
Compliance teams must make themselves fully aware of the prescribed time
periods for resolving complaints, and at which prescribed points complainants
must be made aware of their future referral rights.
150
Unit 5 What is the role of the compliance function?
with the time that it has taken for the phone to be answered, is he making a
complaint that should trigger the formal complaint-handling procedure?
Regulatory expectations are that firms must determine their own approach to
conduct and conduct risk – which consequently places consumer interests and
market integrity at the heart of the firm’s approach.
Firms publish their codes of conduct externally and internally. There are other
ways in which firms can communicate their conduct expectations and these are
a fair measure of how seriously conduct is taken at senior levels within the firm.
Other examples that are used include; training and guidance, including but not
restricted to annual refresher training, and conduct standards being introduced
early in the career of new recruits; key information messages describing and
illustrating the core components of good conduct; and we must not forget the
importance of boards and the senior management establishing the ‘tone from
the top’, which sets out the cultural and conduct agenda for the firm.
Individual employees can therefore review and understand the conduct standards
that are expected of them by their firms because they may be required to sign
up to and agree with set codes of conduct, and will be receiving regular updates
and keynote messages from senior management. This needs to be supplemented
by employees thinking for themselves about what conduct means to them.
Is the action or proposed action legal and does it meet regulatory standards?
Does it comply with the letter of internal policies and procedures?
Does it comply with the spirit of internal policies and procedures?
How would it look if it was reported in the media? Would it appear to be
wrong, or would it make you embarrassed?
Other resources that are available for employees to use to help them understand
their firms’ approach to conduct include:
151
Unit 5 What is the role of the compliance function?
an advice line, which may help employees to feel secure about discussing
conduct concerns and possible conduct risk implications.
Contributory factors feeding into the conduct risk definition include answers to
the following questions.
How complex is the product, and how does this relate to the sophistication
of the end consumer?
Is the product actively requested by the consumer, or is it just an add-on
or ancillary product to add to an existing portfolio?
What other suppliers are there competing in the market, and what is the
size of the market?
Is it easy for the consumer to withdraw from any contract with no
negative consequences?
Can the impact of poor conduct be measured for both the customer and
the company?
How important is the product for the firm’s overall business?
How profitable is the product?
The importance of the value chain means the following processes need to
be reviewed.
152
Unit 5 What is the role of the compliance function?
Commercial benefits
The role of business in an open market economy system is to create wealth for
shareholders, employees, customers and society at large. No other human activity
matches private enterprise in its ability to marshal people, capital and innovation
under controlled risk-taking, in order to create meaningful jobs and produce goods
and services profitably – profit being essential to long-term business survival and
job creation. Examples of the commercial benefits that can be gained include
the following.
Firms can effectively reduce their costs of compliance by being more proactive and
less reactive as this is more efficient.
Reputation
Firms can enjoy the benefits of improvements to their reputation in the eyes of
consumers through the reduced risk of high profile actions being taken against the
firm. This leads to a likelihood of increased sales opportunities, not only with new
customers, but also with existing customers as the company continues to be the
product or service provider of choice.
Finally, there is the reduced possibility of negative publicity, which could in turn
lead to consumer boycotts and a damaged public image.
A link between good conduct, well managed conduct risks, and corporate social
responsibility can be established. The International Chamber of Commerce (ICC)
has considered the links between business conduct and making a positive and
responsible contribution to society.
153
Unit 5 What is the role of the compliance function?
Growing numbers of firms have been adding environmental and social indicators
to their economic and financial results in reports that are often titled as social
reports or sustainability reports. Indeed, sustained profits and good conduct are
mutually supportive and an increasing number of companies view corporate
responsibility as integral to their systems of governance. The ICC prefers the
terms responsible business conduct or voluntary corporate initiatives to
corporate social responsibility. Whichever term is preferred, it is part of the
requirements for doing business in today's global economy.
Market forces, the demands of customers, and scope for pre-empting government
legislation, all provide further incentives. Responsible business conduct may
improve long-term profitability and the ability of companies to obtain a greater
share of world markets. These positive consequences of the exercise of corporate
responsibility make it a farsighted and profitable business policy.
Market conduct can be defined as the interaction between the firm and the
markets within which it operates. It is often linked very closely with market abuse
as it tends to be market abuse cases that cause the most damage to confidence in,
and the stability of, financial markets. Market abuse is examined in Unit 9, section 7.
There are many rules and plenty of guidance related to market conduct. How can a
firm ensure that it is not only meeting its regulatory obligations, but also observing
industry best practice?
Most firms take a three-step approach. Firstly, the firm has policies in place,
outlining the regulations, staff responsibilities and obligations to ensure that these
are met. These policies should include, as a minimum:
154
Unit 5 What is the role of the compliance function?
Secondly, the firm provides training to all staff, and additional training in higher-
risk areas, where appropriate. The purpose of this is to ensure that employees
understand the policies, and their responsibilities and obligations.
Finally, the firm must ensure that there is a robust monitoring plan in place so that
if there are breaches of market conduct requirements, or if incidents of market
abuse take place, the firm is able to identify these, and report them to the regulator
as soon as possible.
Market confidence is at the heart of a stable financial services system. This makes
it the cornerstone of regulation and it is closely linked to the other core objectives,
particularly consumer protection. To be confident, a customer or investor needs to
trust that the market is operating fairly. Confidence in the market is critical to the
viability of national and global economic interests. Like other markets, financial
markets are dependent on customers doing business with them. The markets rely
on the conduct of transactions, for example customers depositing their money
in a bank account, paying bills, borrowing money on a residential mortgage or
unsecured personal loan, using their credit cards, trading stocks and shares, taking
and laying off financial risks, and investing for the future.
If customers lose confidence in the market, they will stop doing business with
financial services companies. When this happens, it is not just the financial services
industry that is affected; the whole economy suffers.
Consumer confidence can be affected very quickly and can be lost easily.
Confidence can be lost in seconds but restoring it takes time, in some cases, years.
During the global financial crisis we have seen well-established names such as
Bear Stearns, Lehman Bros and the UK’s HBOS destabilised in a matter of days, their
strong track records and sound reputation providing no immunity from consumer
and investor concerns in prevailing conditions. Market confidence can no longer be
viewed solely in terms of the local (i.e. national or regional) market.
The recent financial crisis provides a rich source of examples but it is not the
only incidence of loss of market confidence. Over the years the financial services
industry has been rocked by a series of financial scandals that have adversely
affected confidence in the market or the regulatory system on a national or
international basis.
In 1995, Barings Bank, one of the oldest and most respected names in British
banking, collapsed after an employee, Nick Leeson, accrued losses of over £800m.
The losses arose from unauthorised derivatives trading by Leeson, who was based
in Singapore but managed from London. The cause of the collapse was attributed
to a lack of systems and controls, in particular of appropriate oversight of trading
activities. This led to a regulatory review of systems and controls, including senior
management responsibilities.
155
Unit 5 What is the role of the compliance function?
firms have robust internal controls and risk management practices to cope
with the risks they take from day to day
firms have sufficient liquidity (in other words, money in the bank) to meet
their obligations as they arise
senior managers responsible for running the firm meet appropriate tests of
honesty and personal integrity, competence, skill and experience.
In Europe:
156
Unit 5 What is the role of the compliance function?
In the US, there was a sense of shock that a firm such as Lehman Bros – established
in 1850 and perceived as one of the pillars of the investment community – could be
allowed to fail. Yet no rescue package was forthcoming. As an investment bank, its
failure, while shocking, did not directly affect the average man in the street and was
therefore not expected to significantly reduce wider market confidence.
Compare the Lehman Bros case with that of Fannie Mae (short for Federal National
Mortgage Association) and Freddie Mac (short for Federal Home Loan Mortgage
Corporation). The collapse of these mortgage guarantors would have had a
potentially catastrophic effect on market confidence. The US government therefore
stepped in to guarantee the businesses. Fannie Mae and Freddie Mac do not lend
directly to homebuyers but buy mortgages from approved lenders and sell them to
investors. Between them they guarantee or own roughly half of the US mortgage
market. Almost all US mortgage lenders, large or small, rely on Fannie Mae and
Freddie Mac to some extent. Both continue to trade under the watchful eye of
the regulator.
157
Unit 5 What is the role of the compliance function?
The Basel Committee was of the opinion that the proposals would also require a
more detailed dialogue between the regulatory supervisors and banks. This, in turn,
would have implications for the training and expertise of the regulatory supervisors
of banks. This was regarded as an important issue, and one which should not be
underplayed, for supervisors’ ability to perform their role effectively would depend
to an extent on their experience and training.
The BVI Financial Services Commission (FSC) issued its amended guidelines for
its Approved Persons Regime in March2009, as amended in December 201365.
The following extract explains clearly the purpose of the guidelines and the
expectations and duties required of senior persons in financial services firms
regulated in that jurisdiction.
These Guidelines are designed to assist the Financial Services Commission in the
consideration and approval of applications for the appointment of senior officers,
including applications relating to the approval of actuaries, auditors and other
independent officers pursuant to any financial services legislation. These Guidelines
outline senior officer duties and responsibilities and incorporate a set of rules
governing the process and procedure for the approval of senior officers of a regulated
person and actuaries, auditors and other independent officers.
A suitable candidate for a senior officer position must be qualified and have
appropriate experience. In order to be appointed as a senior officer, a candidate must
demonstrate a high level of competence and integrity. Before granting approval of
an application for a senior officer, the Commission must be satisfied that the person
to whom the application relates is fit and proper in accordance with the criteria
established in Division 2 of Part II of the Regulatory Code, 2009. The Commission
exercises judgement and discretion in assessing fitness and propriety and takes into
account all relevant matters including honesty, integrity, reputation, competence,
expertise, experience, capability and financial soundness. These criteria have equal
application to the consideration of applications for the approval of actuaries, auditors
and other independent officers, whose qualifications and experience are generally
covered under their respective applicable financial services legislation.
65. http://www.bvifsc.vg/Portals/2/FSC%20Approved%20Persons%20Regime%202009%20
%282013%20Consolidated%29.pdf
158
Unit 5 What is the role of the compliance function?
The Commission holds the regulated person directly responsible for the conduct of its
senior officers, including the performance of their duties, and hence the importance
of recommending suitably qualified persons to be approved for appointment as
senior officers. Therefore a candidate for approval as a senior officer must be familiar
with the business activities of the regulated person, relevant legislation governing
the conduct of the regulated person, and the structure of internal controls within the
regulated person. The candidate must also have the knowledge and professional
competence to efficiently conduct the business of the regulated person.
In the extract, the FSC refers to the firm as the ‘regulated person’ so it can be seen
that their Guidelines refer to both firms and to individuals.
The Basel Accords are the work of the Basel Committee on Banking Supervision
(BCBS), a committee of banking supervisory authorities established by central bank
governors of the G10 countries in 1974 (see Unit 3, section 1.3.2). Its Core Principles
are a framework of minimum standards for sound supervisory practices that are
considered universally acceptable.
Following its introduction in July 1988, Basel I (as it has since become known) was
adopted by banking systems in more than a hundred countries. Under Basel I every
bank was required to have a minimum solvency ratio of 8%. This means that its
capital had to be at least 8% of its risk-weighted assets. Where the ratio dropped
below the required level the bank concerned was required to reduce its lending or
increase its share capital.
6.2.2 Basel II
The New Capital Accord (Basel II) was published by the Basel Committee in January
2001 following extensive discussion and consultation by the Committee dating
back to June 1999, when it was recognised that since the first accord was drafted
there had been considerable advances in the way in which banks managed their
risks, with a more risk-based approach being in evidence.
Governors of the G10 central banks also believed that international capital
had become dangerously low owing to erosion resulting from the increasingly
competitive environment in which the banks now operated. Their deliberations led
to the conclusion that, to ensure an adequate level of capital in the international
banking system, banks could no longer build business volume without ensuring
that there was adequate capital available to support it. The Committee was also
keen to create a more level playing field across the financial services sector.
The New Accord seeks to improve on the existing rules by aligning regulatory capital
requirements more closely to the underlying risks that banks face. It intends to promote
a more forward-looking approach to capital supervision, one which encourages banks
to identify the risks they may face, today and in the future, and to develop or improve
159
Unit 5 What is the role of the compliance function?
their ability to manage those risks. It will be more flexible and better able to evolve with
advances in markets and risk management practices.
The overriding aim of Basel II was to make the international financial system more
stable, by putting in place incentives for banks to:
The new rules would also allow supervisors to stipulate more stringent disclosure
requirements, ensuring the soundness of the financial system while, at the same
time, increasing the role played by the markets. Although the 8% ratio requirement
would be unchanged, it was argued that this single measure was no longer suitable
because it failed to take account of variations in risk management across the world.
Consequently, it was decided that a more risk-sensitive framework was required
which would reflect the technological developments that had taken place in
recent years.
The aim of the Basel II Accord was to improve the measurement of risk, which
is the denominator of the capital ratio. While the market risk measure remained
unchanged, the enhancements to credit risk meant that some banks would be
allowed to use their internal ratings to calculate the minimum required regulatory
capital to be set aside.
It was expected that all three pillars would have implications for the G10 banks,
investment firms and specialist institutions, such as the asset management
industry, in the European Union. At the time it was issued, there was some
concern that the new regulations might lead to transference of business from
banks to non-banks.
160
Unit 5 What is the role of the compliance function?
From the supervisory perspective, the Accord was expected to place greater
emphasis on internal risk assessment, requiring supervisors to ensure that
consistent risk-management standards were being applied across all financial
firms. This point was underlined in the following explanatory note appended to
the Accord document, which read:
The role of the supervisors is ‘to ensure that each bank has sound internal processes in
place to assess the adequacy of its capital based on a thorough evaluation of its risks’.
From a practical point of view the implications of the changes applicable to the
supervisory function were very significant and possibly onerous. For their part,
banks were expected to ensure that robust internal capital assessment processes
were in place and that these set realistic targets for capital adequacy in line with
the level of risk involved. Furthermore, credit assessment procedures would need
to be sufficiently robust to stand up to external scrutiny from the regulators. The
past practice of ‘box-ticking’ would be replaced with more in-depth probing by
regulatory supervisors.
Although banks were generally in favour of the new regulations, Basel II has come
in for a considerable amount of criticism from the time it was been conceived to
the present day. Critics were sceptical from the beginning, for a variety of reasons,
including the following.
In view of the fact that risk estimates were to be based on past loss experience,
it was feared that banks would hold too little capital when the economy is
growing and too much in a downturn. Consequently, lending levels would not
be restrained sufficiently in boom times, while the reverse would apply during
periods of recession.
6.2.3 Basel III and the fourth EU Capital Requirements Directive (CRD4)
161
Unit 5 What is the role of the compliance function?
It has been described by Jaime Caruana, general manager of the Bank for
International Settlements, as a ‘fundamental turning point in the design of
financial regulation‘.
Some argue, however, that it does little more than build on the regulatory
framework that has dominated international banking standards since the mid-
1980s. Nonetheless, it undoubtedly attempts to rectify some of the most significant
shortcomings of the earlier Accords, such as the issue of the neglect of liquidity and
the fact that banks were under-capitalised in the lead-up to the crisis.
The measures on liquidity are arguably one of its most radical steps. By introducing
international standards, in parallel with the Capital Accord, the Basel Committee
has fulfilled an ambition it has long held. In the past it was hampered by factors
such as the amount of time and effort devoted to negotiating the capital standards,
the divergent views of its members concerning control of the liquidity risk and the
differing structures of money markets. The Committee has now proposed a set of
global minimum liquidity standards that are intended to make banks more resilient
to short-term problems in accessing funding. There are to be two standards, the
Liquidity Coverage Ratio and the Net Stable Funding Ratio.
This ratio requires banks to have sufficient high-quality liquid assets to withstand
a 30-day stressed funding scenario, as specified by their regulator. The Basel
Committee published the full text of the revised Liquidity Coverage Ratio (LCR)
following endorsement on 6 January 2013 by its governing body, the Group of
Central Bank Governors and Heads of Supervision (GHOS). The LCR is an essential
component of the Basel III reforms, which are global regulatory standards for bank
capital adequacy and liquidity, endorsed by the G20 Leaders.
As intended, the LCR was introduced on 1 January 2015, but the minimum
requirement begins at 60%, rising in equal annual steps of 10 percentage points
to reach 100% on 1 January 2019. This graduated approach is designed to ensure
that the LCR can be introduced without disruption to the orderly strengthening of
banking systems or the continued financing of economic activity.
162
Unit 5 What is the role of the compliance function?
proportion of the capital base has to be formed by capital with the best loss-
absorbing capacity. At the same time, the Committee has more than doubled the
minimum core Tier 1 capital requirement from 2% to 4.5%, while Tier 2 capital,
comprising instruments such as subordinated debt, is subject to a tightening in
terms of amount and qualifying conditions.
In reality, the capital requirement will be higher than the headline figure suggests,
owing to the conversion factors that apply to each of the tiers. For example, the
capital conversion buffer has to comprise entirely Tier 1 capital. This effectively
increases the core Tier 1 requirement from 4.5% to around 7%.
A bank that fails to meet the capital conversion requirement will be faced with
restrictions on its ability to distribute earnings in the form of dividends or bonuses
until the buffer is restored. The regulator will impose these restrictions.
Core Tier 1 will also be subject to a counter-cyclical capital requirement, which has
the potential to further increase the requirement at the height of an economic
boom, possibly reaching a figure approaching 9.5%. The actual level of the buffer
will be decided by the regulators but the concern is that they may not have
sufficient independence to impose such stringent measures.
Another issue that concerns some commentators is that the methodology for
calculating the capital requirement is somewhat suspect. This is expressed as a
ratio of capital (the numerator) to assets (the denominator), with lower-risk assets
being subject to a range of discount factors. Whether banks hold sufficient capital
depends on whether the denominator is a true reflection of the risk involved.
Furthermore, banks can choose how they calculate the denominator, using either
rating agency assessments or their own internal credit-assessment systems.
163
Unit 5 What is the role of the compliance function?
In July 2011 proposals for the Fourth Capital Requirements Directive (CRD4) were
adopted by the European Parliament and closely reflect the Basel III framework.
As Basel III is not law, but rather an evolving set of international standards, its
recommendations will need to be transposed into EU law and the national law
of EU member states. The Commission’s legislative proposals on CRD4 seek to
transpose the Basel III standards into EU law, in the form of a directive and a
regulation. The regulation details the prudential requirements for credit institutions
and investment firms and covers the following aspects.
Capital – CRD4 increases the minimum amount of their own funds that
banks are required to hold, as well as the quality of those funds.
Liquidity – CRD4 improves the short-term resilience of the liquidity-risk
profile of financial institutions (the exact composition of which will be
determined after an observation and review period in 2015).
Leverage ratio – this limits an excessive build-up of leverage on credit
institutions’ and investment firms’ balance sheets (the ratio is to be subject
to supervisory review which will be closely monitored prior to a binding
requirement in 2018).
164
Unit 5 What is the role of the compliance function?
This new Capital Requirements Directive not only covers some areas of the
previous one, CRD, but also includes the following new elements.
These proposals replaced CRD (2006/48/EC and 2006/49/EC) and entered into force
on 1 January 2014 with full implementation by 1 January 2019.
In December 2010, the Committee released Basel III, which set higher levels for
capital requirements and introduced a new global liquidity framework. Committee
members agreed that they would implement Basel III from 1 January 2013,
subject to transitional and phasing-in arrangements. In November 2011, the
Committee published the rules text that sets out the framework for the assessment
methodology for global systemic importance and the magnitude of additional loss
absorbency that global systemically important banks (G-SIBs) should have. The
requirements were introduced on 1 January 2016 and become fully effective on
1 January 2019.
165
Unit 5 What is the role of the compliance function?
In January 2013, the Basel Committee issued the full text of the revised Liquidity
Coverage Ratio (LCR). The LCR underpins the short-term resilience of a bank’s
liquidity risk profile. As discussed in section 6.2.3 above, the LCR was introduced as
planned on 1 January 2015 and will be subject to a transitional arrangement before
reaching full implementation on 1 January 2019.
In January 2014, the Basel Committee issued the final text of the Basel III leverage
ratio framework and disclosure requirements following endorsement by its
governing body, the Group of Central Bank Governors and Heads of Supervision
(GHOS). Implementation of the leverage ratio requirements has begun with bank-
level reporting to national supervisors of the leverage ratio and its components,
and public disclosure began with effect from 1 January 2015.
In January 2014, the Basel Committee issued proposed revisions to the Basel
framework's Net Stable Funding Ratio (NSFR). In line with the timeline specified
in the 2010 publication of the liquidity risk framework, it remains the Committee’s
intention that the NSFR, including any revisions, will become a minimum standard
by 1 January 2018.
There are six-monthly updates each April and October, and these give progress
reports on each jurisdiction’s implementation of all elements of Basel III. These can
be found at: http://www.bis.org/publ/bcbs281.htm
Gaining universal acceptance of the new proposals has proved challenging, for as
Mervyn King, when Governor of the Bank of England, suggested in a speech to a
New York audience in the autumn of 2009, the amount of capital that would be
needed to provide reasonable assurance against another major systemic problem
would be regarded by the industry as ‘wildly excessive’.
166
Unit 5 What is the role of the compliance function?
At best, it is likely that some compromises will have to be made along the way.
The Committee is well used to this but its ability to achieve agreement with
a greatly expanded membership will make the task even harder, especially as
there will be a greater disparity in maturity of the regulatory systems across the
jurisdictions represented.
We have already looked at the financial crisis timeline in Unit 1 section 1.2: here we
will develop this by identifying how it changed regulations and their focus, where
senior management responsibilities have been emphasised, and therefore the
impacts this has on the roles and responsibilities of the Compliance function.
In 2009, the Turner Review was issued in the UK. The report and the subsequent
discussion paper from the regulator at that time, the FSA, was a useful contribution
to the volume of literature on the causes of the banking crisis. Moreover, these
documents provided a very clear indication of the regulator’s thinking as to how
UK, EU and International financial services regulation should change in future. Lord
Turner pointed out that:
While some of the problems could not be identified at firm-specific level, and while
some well-run banks were affected by systemic developments over which they had no
influence, there were also many cases where internal risk management was ineffective
and where boards failed adequately to identify and constrain excessive risk taking.
167
Unit 5 What is the role of the compliance function?
Some analysts66 commented that the Turner Report did not address the
following points:
It went on to underline the need for the regulators in general to change their
approach to supervision and regulation of the banks. Furthermore, the review
argued that completion of implementation of the FSA’s Supervisory Enhancement
Programme (SEP) was an integral part of this process. The programme required:
Looking beyond the UK, Turner urged closer cooperation between central banks
and regulators across the globe and advocated increased cross-border supervision.
The review also suggested that there should be a European banking regulator to
supervise pan-European banks.
168
Unit 5 What is the role of the compliance function?
Serious concerns were expressed about what Turner referred to as the ‘shadow
banking’ industry. He recommended that this should in future be subject to the
same regulatory requirements as the rest of the financial services sector.
Turner recommended that credit rating agencies should have to be registered. This
would enable them to be supervised by the regulator. The review also supported
EU legislation to address issues relating to the agencies’ governance and conduct.
One particular area of concern relates to conflict of interest, where agencies had in
the past provided good ratings even though it was evident that the risk levels were
high. An example of this is the favourable ratings given to Icelandic banks such
as Landsbanki.
6.3.6 Mortgages
Turner proposed a limit on the amount lent in the UK for property transactions. This
could be linked either to the value of the property being purchased or applied as a
multiple of earnings. Under new rules introduced by the FSA, homeowners would
have to provide a larger deposit from their own resources. In practice, lenders’
appetite for high loan-to-value mortgages had already disappeared by this time, so
larger deposits were already being required.
Turner acknowledged that this would have an impact on first-time buyers and
therefore accepted that it would be sensible for the proposals to be debated
in detail with the mortgage providers and other interested parties, rather than
to rush ahead with any regulation. Account would also need to be taken of the
contemporary low activity in the property market.
The Turner Review and its proposals for a reform are extremely wide-ranging and
place the FSA at the forefront of the international agenda on strengthening the global
169
Unit 5 What is the role of the compliance function?
The key to getting this right is the interaction of capital, of liquidity and of managing
risk effectively. As always, the detailed discussions which will flow from this report are
going to be vital as we need to ensure that the new framework is appropriate for small
banks as well as the larger institutions and that the UK retains its attractiveness for
foreign banks.
The Turner review sets out a clear roadmap for future reform of the system. We need
banks which are simpler, more transparent and once again capable of attracting
private capital.
...has come up with targeted proposals that deal with specific failings and risk to the
system as a whole, rather than responding to the wilder calls for action against banks.
His dispassionate, forensic approach has much to recommend it. A rush to legislation
risked a repeat of a Sarbanes–Oxley type over-reaction, which would simply have
compounded the effects of the recession.
[the CBI is] cautious about the review’s proposals on liquidity and product regulation.
Rushing ahead with requirements for bank liquidity could put the UK out of step with
other countries and force firms to manage their reserves on a country-by-country basis,
which would be a blow to the UK’s competitiveness.
170
Unit 5 What is the role of the compliance function?
Compliance starts at the top. It will be most effective in a corporate culture that
emphasises standards of honesty and integrity and in which the board of directors and
senior management lead by example.67
Read the guidance Compliance and the Compliance Function in Banks published
by the Basel Committee on Banking Supervision in April 2005. What message does
the paper convey? How does this compare with the situation in your firm? Are you
surprised that it was written as far back as 2005?
The Compliance function is managed by the Compliance Officer, but all compliance
professionals (compliance managers, compliance analysts, etc.) have key
responsibilities, required knowledge and skill sets, which are set out below.
In the financial services sector the position of Compliance Officer requires specific
authorisation from the regulator. Anyone wishing to perform this role must go
through the proper application process and is subject the Fit and Proper rules.
It also means that such persons are personally responsible for any regulatory
sanctions if they do not perform their role to the appropriate standards.
67. Basel Committee – Compliance and the Compliance Function in Banks, April 2005.
68. Final Notice – Greenlight Capital (UK) LLP http://www.fsa.gov.uk/library/communication/
pr/2012/007.shtml.
171
Unit 5 What is the role of the compliance function?
The Compliance Officer must have sound regulatory knowledge covering a variety
of topics. While specialist team members may retain the more detailed knowledge
of the rules, the Compliance Officer must still hold a sound understanding of the
objectives, principles and management of compliance. This is not only important
for maintaining personal credibility but also enables the Compliance Officer to
apply such knowledge to more strategic decision making.
172
Unit 5 What is the role of the compliance function?
Sound business acumen will not only enable them to apply regulatory
requirements appropriately, but will also enhance their credibility with colleagues
in other parts of the company.
Compliance Officers must have the ability to analyse and interpret data gathered
for a number of purposes, for example when undertaking compliance reviews
and monitoring activities. This is key to being able to quantify the level of
regulatory and compliance risk to which the business is exposed and to assist in
implementing improvements.
The Compliance Officer must also have good investigative (including questioning)
skills, for example when dealing with customer complaints or with a regulatory
review or investigation. These skills are usually called upon when something has
gone wrong.
These two skills complement each other. Again, they have a material impact on the
credibility of the Compliance Officer and level of respect, and therefore acceptance,
at a senior management level. Compliance Officers must be able to demonstrate
173
Unit 5 What is the role of the compliance function?
a good understanding of the market and business in which they operate in order
to exercise good judgement as to the best way to achieve compliance. Failure to
do this may result in the development of impractical solutions. It is also imperative
that the Compliance Officer appreciates, and is sympathetic to, the commercial
pressures faced by the business.
It is the Compliance Officer’s role to advise senior management on how the firm
can safely recommend and market products, and balance compliance with the
commercial pressures it is facing. To do this effectively the Compliance Officer must
understand the business structure and its operations, the type of client to whom
any new product will be sold, and the business’ risk appetites, to enable them to
provide suggestions for a practical solution.
If a policy is sent out with no explanation of how to implement it, it could easily
be ignored and cause the compliance team and the firm issues at a later date.
The ability to listen to the needs of the business is vital. Too often, compliance
policies are implemented in isolation, without input from the people who are most
affected and therefore without addressing any objections or concerns.
We have already discussed the ‘tone from the top’ but it is equally important to
engage staff at middle management level as it is they who will have the closest
day-to-day relationship with the operations of the business, such as traders,
advisers, brokers, etc. The aim of a Compliance Officer is to facilitate the ethical
culture through the organisational chain. Keeping an ear to the ground can be one
of the best ways to get a feel for how the business operates and how its culture is
174
Unit 5 What is the role of the compliance function?
working in practice. Engaging and supporting the line managers and listening to
the practical issues they face can assist the Compliance Officer in tailoring advice
appropriately and offering effective and pragmatic solutions.
A good listener tries to avoid dominating dialogue with colleagues. The more
closely a Compliance Officer listens, the more information is absorbed and, indeed,
the more information colleagues may offer. This allows the Compliance Officer the
opportunity to provide focused and relevant advice and guidance through better
understanding of the issues and the objectives/agenda of the speaker.
Verbal communications
When engaging with others, Compliance Officers may find themselves having
to draw on all their communication skills to ensure that the desired outcome is
achieved. How the message is conveyed is often as important as what is actually said.
175
Unit 5 What is the role of the compliance function?
Written communications
7.3.3 Influence
Compliance Officers need to be able to take their place alongside the most
senior managers in any firm. Whether or not they have a direct reporting line
into the board, they must have access to it. They need to be able to exert influence
at this level and to be taken seriously as business partners. One of the most
important skills required of Compliance Officers is the ability to operate at this level
and hold the respect of their peers, such that they are able to contribute positively
to the organisation’s strategy and key decision making. This level of influence is
vital if Compliance Officers are to be successful in their role and embed a culture of
compliance within the company.
In the course of assessing the governance and culture of a firm, regulators will
often look at how the Compliance Officer is perceived in order to seek reassurance
that the individual has the necessary respect to carry out the role effectively.
176
Unit 5 What is the role of the compliance function?
While pragmatism is vital, there are occasions when a Compliance Officer has to
make regulatory recommendations or provide advice to business lines that may
conflict with accepted business practices or be seen as obstructive by the firm. For
example, the implementation of compliance report recommendations often places
additional burdens on managers to comply within tight timescales.
A Compliance Officer must therefore have the ability to manage people, projects
and significant meetings involving individuals at all levels.
This suggests that during recruitment it is perhaps the personal skills that
should be given priority. Nonetheless, it is fairer to say that in the overall context
of the full requirements of the role, they may all be of equal importance.
177
Unit 5 What is the role of the compliance function?
Learning outcomes
be aware of the different forms of training and the stages of the training
process, and understand your responsibility for maintaining employees’
core competence in meeting regulatory requirements
be aware of the difference between ‘hard’ and ‘soft’ skills and the
importance of both
appreciate the importance, for achieving compliance objectives, of
thoroughly understanding the work and objectives of all the firm’s
business units
know the responsibilities of a Compliance Officer for advising other
business units, both on a planned and ad hoc basis, on regulatory and
compliance matters
appreciate the importance of monitoring business activities and be able
to advise business units on how to go about this
know what and when to report to the board so that the directors can
fulfil their responsibilities for ensuring regulatory compliance
be able to identify the key relationships, both internal and external, in
the Compliance Officer’s work, understand the importance of each
for carrying out the role effectively and know how to develop and
maintain them
be able to explain the significance of conduct of business regulation,
and how to meet the objectives of protecting investors, maintaining
public confidence in the financial system and preserving market stability
be able to explain the Compliance Officer’s role in helping the business
to comply macro-prudential and micro-prudential regulation
understand the close relationship between prudential regulation and
corporate governance, and the role of the ‘fit and proper’ requirements
for the firm and its employees
be able to outline how and why the various Basel Accords have been
developed, what their aims have been and the effects that these and
CRD4 have had
understand the role of the modern Compliance Officer in the GRC context,
and the wide range of skills, technical knowledge and personal qualities
necessary to perform the role effectively.
178