Professional Documents
Culture Documents
Neither The Management Centre nor the author shall be liable for
any loss of profit or any other commercial damages resulting from
‘Important Disclaimer use of this study guide. Any links, quotes etc are for information
By reading this study guide, the purposes only and are not warranted for content, accuracy or any
readings supplied with it and using any other implied or explicit purpose.
software provided you acknowledge
We regret that the authors are unable to enter directly into any
that this is an educational product
correspondence relating to, or arising from this Study Guide. Any
leading towards an MBA. You should
comments on this work would be welcome and should be
not construe anything contained in this
addressed to:
study guide, the readings supplied, the
presenter’s comments or through use
The Chartered Banker MBA Office
of the software supplied as investment
The Management Centre
or other professional advice. This
Bangor Business School
study guide is not a substitute for
Bangor University
professional advice which takes
College Road
account of your specific circumstances.
Bangor
No responsibility can be accepted by
Gwynedd LL57 2DG
Bangor University or the author or the
presenter for any loss occasioned by
any person acting or refraining from
acting on the basis of any information
contained in this study guide. You
make fair use of any material contained
in this study guide, the associated
readings and the software supplied for
the purpose of education. The written
consent of the university should be
obtained for any commercial use of
the materials supplied to you as part
of this module. Nothing here should
be construed as criticism express or
implied of the organisations discussed
in the study guide, their management
or their employees.
No part of this study guide may be
reproduced, stored or introduced into
a retrieval system, or transmitted in
any form or by any means (electronic,
mechanical, photocopying, recording
or otherwise) without the prior written
permission of the University’.
Notes
Personal Profile:
Sharon Ward MSc FICA Fellow CEA
Member of Bangor University
Adjunct Faculty
A former senior compliance practitioner in the UK, highly qualified
and with extensive practical business experience across a number of
financial services disciplines, Sharon is Chief Examiner for Governance,
Risk & Compliance (GRC) at the International Compliance Association
(ICA) and a regular tutor/contributing author for International
Compliance Training’s (ICT) professional education programmes.
A regulatory compliance specialist, Sharon is also involved in a number
of compliance related projects, including working with the Journal
of Business Compliance, where she was an Editor and Member of the
Editorial Board. She lectures on a wide range of GRC related topics, has
contributed to key industry initiatives and is the author/contributing
author of a number of professional education texts. A Fellow of the
ICA, Sharon is also a qualified Chartered Educational Assessor. She
holds an MSc in Financial Regulation & Compliance Management and
is currently undertaking further studies in related areas.
Contents
Unit 3 – Integrated compliance 1
Aims 1
Learning Objectives 1
Bibliography/Reference 35
Learning Objectives
On completing this unit you will:
• Be aware of current and emerging factors within the regulatory compliance
environment that are impacting on the activities, focus and approach of the
Compliance Function
• Appreciate what a compliance culture is, why it is necessary and the role of
those involved in its creation and development
• Distinguish between different assurance, control and oversight functions and
understand their role in supporting the activities of the Compliance Function
• Appreciate how compliance, risk management, corporate governance and
ethics work as interrelated disciplines to support the ongoing development of
the compliance culture
• Identify and understand the significant benefits that effective regulatory
compliance can bring to regulated firms and to the wider industry.
In addition to material available via regulators websites and those of the influential Notes
bodies or industry publishers introduced and referred to throughout this Module
thus far, there is also a good deal of research being carried out by academics on a
host of related topics. Depending on the area of interest, such research considers
different elements of the financial services and regulatory environment, either
directly or indirectly, addressing issues that impact the priorities/roles of the
different stakeholders within it, including compliance. It is useful to maintain an
awareness of the output of such research, through reference to the websites of the
Professional Bodies for Compliance such as that of the International Compliance
Association for example, which provide access to a wide range of such material, or
to a professional journal in a related area such as the Journal of Financial Regulation
and Compliance1. It can also be useful to note other quality research journals or
websites providing details of research undertaken – these can be specific to related
topic areas such as those for law, risk, economics or policy, for example, or perhaps
more general in their spread and thus enabling identification of a wide range of
relevant research topic areas - the LSE Research Online website2 is particularly
useful in this regard. Such material provides an indication of current research and
commentary in a wealth of related issues from a range of academics working and
publishing in this area and will support the more practitioner led and industry
derived content that is largely the basis of this Module.
Examples of current and emerging topics relevant to the Compliance field are
set out below, demonstrating the wide ranging nature of influencing factors.
Their relevance for different aspects of the Compliance Framework as discussed
in the previous Unit should be contemplated as we move on to discussion of the
benefits of an integrated approach to compliance. These examples are presented
in no particular order; given the wide range of potential influencing factors these
are indicative only and it is incumbent upon the Compliance Function within any
individual organisation to identify those that apply to their particular firm:
• Technological developments – Ongoing developments in this area impact
on the regulatory environment to a significant degree, not only in respect of
the products and services arising therefrom but also the speed with which this
is happening. Change arising from this continues unabated and consequently,
developments in this area remain on the regulatory radar. Those tasked
with monitoring adherence to regulatory requirements within firms need to
be vigilant to potential challenges arising in this regard, ensuring systems
and approaches are sufficiently robust to meet these. Financial technology
(FinTech) activities are a useful example of technological developments being
harnessed to a positive purpose, helping to enable/support/enhance provision/
innovation of financial services. The Enabling the FinTech Transformation:
Revolution, Restoration or Reformation speech by Mark Carney, Governor of the
Bank of England, in June 2016 notes how new technology will be harnessed
in terms of challenges faced as a central bank. Regulators are clearly keen to
harness the benefits of technological development (RegTech3 – regulatory
technology – being a good example of this) not least to support monitoring
of activities, on the negative side the challenges arising from the continued
shifts in this area can leave regulation in danger of playing catch up and thus
widening opportunity for less effective regulation of the industry overall, with
resulting consequences of all stakeholders. Firms are particularly vulnerable
1 http://www.emeraldinsight.com/toc/jfrc/24/4
2 http://eprints.lse.ac.uk/
3 https://www.fca.org.uk/firms/project-innovate-innovation-hub/regtech
Notes to such developments being used by criminals, with financial crime being an
unfortunate growth area which the industry has to mitigate against with the
assistance of all stakeholders. In the UK, Project Innovate and the Innovate Hub
are examples of regulatory focus in this area, the regulators making clear4 their
interest: ‘how can regulation foster innovation in financial services?’ and make
the point with reference to the EY Fintech adoption index comment on the
‘pace at which the digital landscape is evolving and the scale of the challenge for
us as a regulator to bear in mind when we think about both the risks that financial
innovation may bring and how to balance that against creating unnecessary
barriers to the many opportunities.’ Innovation and technology appear in the
FCAs priorities for the year 2018/19 as per their Business Plan. Note also their
Cyber and Technology Resilience: Themes from cross-sector survey 2017-20185,
published in November 2018.
• Outsourcing – This activity generally involves the contracting out of a business
process to another party. Increasingly firms are opting to outsource aspects
of the Compliance Functions activities, either in whole or in part. A recent
survey6 noted that ‘a quarter of firms have opted to outsource at least part of their
Compliance Functionality. Two reasons cited are lack of in-house compliance skills
and the need for additional assurance on compliance processes.’ Other reasons
given were cost, board request, increase in litigation, need for technology
solutions, removal of administrative functions to enable compliance staff to
focus on regulatory requirements and workload management. Potential risks
arising from outsourcing are on the regulators radar, for example a National
Exam Program Risk Alert7 was published by the US Securities and Exchange
Commission’s Office of Compliance Inspections on this topic which noted ‘a
growing trend in the investment management industry: outsourcing compliance
activities to third parties, such as consultants or law firms’ and observed ‘certain
compliance weaknesses associated with registrants that outsourced their CCOs8, as
described in this Risk Alert‘, encouraging firms to evaluate their approaches. In the
UK, the FCA published guidance on this topic, for example the recent Guidance
for firms outsourcing to the ‘cloud’ and other third party IT servicescloud9. The PRA
also have clear expectations in respect of this topic and in 2015 fined Raphaels
Bank for Outsourcing failures10 stating ‘You can delegate or outsource work but you
cannot delegate or outsource responsibility. Raphaels put its safety and soundness at
risk by failing to have adequate controls in place over their outsourcing.’
• Whistleblowing – A contentious topic for many and a regulatory requirements
in many jurisdictions, debate continues around this subject. For example,
reference is made to this in the Credible Deterrence In The Enforcement of Securities
Regulation11 paper from IOSCO referred to in Unit 1, which states ‘Whistleblowers
are a useful source of information and intelligence. Reporting can be enhanced
4 In https://www.fca.org.uk/news/speeches/uk-fintech-regulating-innovation for
example
5 https://www.fca.org.uk/publication/research/technology-cyber-resilience-
questionnaire-cross-sector-report.pdf
6 Thomson Reuters Cost of Compliance 2016 – note https://www.refinitiv.com/en for
source material and current surveys
7 https://www.sec.gov/ocie/announcement/ocie-2015-risk-alert-cco-outsourcing.pdf
8 Chief Compliance Officers
9 https://www.fca.org.uk/publications/finalised-guidance/fg16-5-guidance-firms-
outsourcing-%E2%80%98cloud%E2%80%99-and-other-third-party-it
10 https://www.bankofengland.co.uk/news/2015/november/pra-fines-raphaels-bank-for-
outsourcing-failures
11 http://www.iosco.org/library/pubdocs/pdf/IOSCOPD490.pdf
when jurisdictions provide legal protection to whistleblowers to prevent them from Notes
being adversely impacted or prejudiced as a result of providing information.’ This
paper cites useful examples from the US, the EU and New Zealand, highlighting
the US decision to reward eligible individuals who come forward with high
quality information. In September 2016 the FCA began a consultation into
Whistleblowing in UK branches of overseas banks: CP16/2512 stating that
‘Individuals working for financial institutions may be reluctant to speak out about
bad practice for fear of suffering personally as a result. Mechanisms within firms
to encourage people to voice concerns – by, for example, offering confidentiality
to those speaking up – can reassure whistleblowers.’ This followed production in
2015 of the FCAs new rules on whistleblowing13 when it was commented that
‘Whistleblowers play an important role in exposing poor practice in firms and they
have in the past few years contributed intelligence crucial to action taken against
firms and individuals. It is in the interests of the industry and regulators alike that
wrongdoing is identified and addressed promptly. For individuals to have the
confidence to come forward, it is vital that firms have in place adequate policies
on dealing with whistleblowers and that a senior manager takes responsibility
for overseeing these policies…These rules are designed to build on and formalise
examples of good practice already found in parts of the financial services industry
and aim to encourage a culture in which individuals working in the industry feel
comfortable raising concerns and challenge poor practice and behaviour.”
• Data protection/security – Increasingly an area of concern for business,
with numerous data breaches being a regular feature of recent times, efforts
to address weaknesses in this area are an ongoing issue within the financial
services industry. Given the global nature of the industry and indeed worldwide
commerce, concerns are not restricted to national level, with some important
initiatives undertaken by international bodies. For example, IOSCO produced
Guidance on cyber resilience for financial market infrastructures14, which referenced
audits and compliance as an important elements of the markets cyber resilience
framework, requiring ongoing assessment and measurements to ensure its
effectiveness. In December 2015 BCBS produced a report Progress in adopting
the Principles for effective risk data aggregation and risk reporting15 covering a
range of topics including lessons learned around effective implementation
and their relevance for ensuring effective compliance management. National
regulators take these topics seriously, with clear direction provided in their rules
and guidance around what is expected of firms in this regard, such as that from
the UKs FCA.16
• Extraterritoriality – The extension of jurisdiction, to incorporate offences
committed outside a countries territory, extraterritoriality issues are
increasingly presenting challenges for international Compliance Officers. The
need to ensure compliance not only with the laws and regulations pertinent
to the home jurisdiction plus those of overseas subsidiaries, but also taking
into account extraterritorial laws of other countries and their consequences/
impact for both home and overseas subsidiaries, is increasingly challenging
and risk are increasing. There have been several fines imposed as consequence
of violations, for example in respect of the US Foreign Corrupt Practices Act
12 https://www.fca.org.uk/publications/consultation-papers/whistleblowing-uk-
branches-overseas-banks
13 https://www.fca.org.uk/news/press-releases/fca-introduces-new-rules-whistleblowing
14 http://www.iosco.org/library/pubdocs/pdf/IOSCOPD535.pdf
15 http://www.bis.org/bcbs/publ/d348.pdf
16 https://www.fca.org.uk/firms/financial-crime/data-security
Notes (FCPA) (such as Siemens $800 million in 2008, BAE $400 million in 2010, Total
SA, a French energy firm, $245 million in May 2013). OFAC sanctions are
another area of relevance for financial services business, with the possibility
of financial transaction prohibitions and freezing assets that fall under the
jurisdiction of the US.17 Again, numerous fines for contravention of these (for
example ING $619 million, Barclay $298 million, Credit Suisse AG $536 million
all in 2010). The impact of the UK Bribery Act 2010 has also been significant,
with implications for companies, boards and management; the 2016 case of
Sweett Group Plc18 provides useful insight into its wide application.
• Sanctions/Prohibitions – OFAC sanctions were referred to under
extraterritoriality issues, above, but maintaining awareness of sanctions
and prohibitions in place are a wider issue in and of themselves, linked to a
number of activities undertaken in respect of compliance with international
and national regulatory requirements. Ongoing awareness and appreciation
of business implications is required. An up-to-date awareness of countries and
individuals appearing on relevant lists, feeding this into the overall approach is
important on a number of levels, not least to protect the firm from regulatory
censure in one form or another. Note also the anti-bribery and corruption area
in which developments are ongoing; the UKs Bribery Act 2010 is particularly
notable given its extraterritorial reach. The work of Transparency International19
(TI) is useful to consider, with its focus on anti-corruption. Note particularly its
Transparency Index. Its People and Corruption: Europe and Central Asia 201620
published in November 2016 makes for illuminating reading.
• Cost of Compliance – Costs in respect of compliance have always been an
issue for this area of business, though increasingly the costs of non-compliance
have become better recognized. That said, balancing compliance costs against
corporate profitability is an ongoing consideration for all concerned, with both
regulators and regulators taking a keen interest in this. The previously mentioned
Cost of Compliance 2016 survey noted that the majority of regions expected that
compliance budgets would increase in the coming year, some by as much as
100%. The development of technology in support of compliance activities (the
aforementioned RegTech, for example) may go some way to alleviating this but
can be no substitute for effective personnel and the costs that arise therefrom.
Linked to the wider costs of compliance, findings the right individuals for
compliance roles is becoming increasingly challenging. Though reports indicate
the recent rocketing growth in roles in this area has levelled off somewhat,
vacancies remain in many key positions due to lack of availability of ‘high quality
compliance officers with deep experience’, as noted in the Cost of Compliance 201621,
which went on to say ‘there is a lack of good compliance skills in the market place,
which has driven up the costs of senior compliance professional in particular and
may in turn make it harder for firms (and indeed regulators) to keep hiring ever more
compliance staff’ Expectations are that costs in this area will continue to rise. A
17 https://www.treasury.gov/about/organizational-structure/offices/Pages/Office-of-
Foreign-Assets-Control.aspx
18 https://www.sfo.gov.uk/2016/02/19/sweett-group-plc-sentenced-and-ordered-to-pay-
2-3-million-after-bribery-act-conviction/
19 http://www.transparency.org/
20 http://www.transparency.org/whatwedo/publication/people_and_corruption_
europe_and_central_asia_2016
21 Thomson Reuters Cost of Compliance 2016, ibid. note also most recent report https://
legal.thomsonreuters.com/en/insights/articles/cost-of-compliance-2018-report-your-
biggest-challenges-revealed
recent compliance recruitment trend report22 commented on a fall in the number Notes
of vacancies compared to previous years, largely as a consequence of the wider
economic and business environment but also that ‘the three lines of defense model
is changing the background and experience of the type of candidates that companies
are prepared to consider.’ There is an increased emphasis on communication skills,
the ability to engage and have management skills, leading to those who have
these being increasingly in demand, the report noting that of those surveyed
‘71%...thought the value of their skills was increasing’.
• Focus on Outcomes – Increasingly, regulators are focusing on outcomes, i.e. the
output of an approach, rather than simply the input. In practical terms, this has
implications for any business subject to regulation by that regulator, as the shift in
approach extends beyond a mere tweaking or adjustment of business activity, to
a much more fundamental overhaul. That is because the focus is less on process
but on consequences of that process, which brings into play wider issues such as
corporate culture and, particularly relevant to our focus in this Module, changes
to the role of Compliance as a consequence. This will be discussed further in
this Unit. In the UK, regulators have issued commentary on what they mean
by an outcomes focused approach. For example, note the FCA Our Supervision
Overview23 speech which sets out a clear position on this, linking this to their
general approach: ‘Our approach…is to be a regulator that is judgement-based,
pre-emptive and pro-competitive and prepared to be tough when things go wrong.
This approach though is based on an outcomes-focused philosophy. I would like to
explain further what this means and in particular what I mean by outcome-focused.
Regulatory philosophy has coined various phrases such as ‘principles-based’,
as opposed to ‘rules-based’; ‘intrusive’ as opposed to ‘light touch’ and ‘credible
deterrence’ as opposed to the ‘Governor’s eyebrows’. These may seem like variations
on a theme but they do in reality encapsulate quite different approaches and this is
true for an outcome-focused approach. What it means is that we are fundamentally
interested in what consumers actually experience as outcomes and then try to fix the
causes of what is leading to outcomes that are not, or may in the future may not be,
fair…This means at the firm level, particularly for the large firms that have the biggest
consumer and market footprint, we are looking at how the interests of the customer
and market integrity are at the heart of how their business is run – this means our
focus is on the firm’s business model, culture and front-line activities such as product
governance and less on second-line controls. This focus on how the business is run,
rather than how it is controlled, is a fundamental change and is directly linked to
our outcome-focused philosophy.’ Though Outcomes is not now a new approach
within the UK regulatory framework, continued focus on this topic as evidenced
by the content of the FCA’s most recent business plans24 makes clear this is still a
key factor in their regulatory stance.
• Worldwide and national events – In an interconnected world the shifting
political and global climate has relevance for businesses operating in multiple
jurisdictions and sectors; events such as the recent presidential election in the
US, debates around EU membership across Europe, various crises in countries
across the globe, all have relevance for the regulatory environment at multiple
levels. Ongoing awareness and consideration is important.
22 http://www.barclaysimpson.com/Compliance-Compensation-mtr-2016
23 Clive Adamson, Director of Supervision, the FCA, June 2014 https://www.fca.org.uk/
news/speeches/our-supervision-overview
24 https://www.fca.org.uk/publication/corporate/business-plan-2016-17.pdf and note
most recent plan https://www.fca.org.uk/publications/corporate-documents/our-
business-plan-2018-19
related topics in the context of our subject focus in this Module. Conduct is Notes
an ongoing priority in financial services, at both a national and international
level, with increased focus on this topic emerging in the wake of the fallout
from the global financial crisis towards the end of the last decade. Risk
prioritisation of this area alongside culture continues, with Deloitte placing
these at numbers one and two respectively in their prediction of key strategic
regulatory issues that the financial services industry will face in the coming
year33. Regulators around the world are prioritizing activities in support of
improved conduct through a variety of different mechanisms. Many sources
of guidance on this are provided, such as that from the PWC website stating
that ‘The conduct agenda at its simplest is about how customers are treated, how
firms behave towards each other and how they operate in the market. Managing
conduct risk is different to managing compliance and operational risks. Firms
can make good use of their three lines of defence models but they also need to
ensure that ‘doing the right thing’ for customers is front of mind at all levels of
the business... A significant area for firms is the impact of digital and social media
in managing conduct risk… However digital is not an environment that can be
controlled and conduct is critical to managing reputational risks…Without the
right level of senior involvement in the conduct agenda firms will always run the
risk of a surprise. Managing conduct risk is an opportunity to get better outcomes
for customers and that can only help businesses long term. It is the sensible
thing to do when well executed.’34 A recent Conduct Risk report produced
by Thomson Reuters35 looking at how financial services firms are managing
conduct risk has identified distinct industrywide trends against which firms
can benchmark their own progress. It identified that a high proportion of
firms do not have a separate working definition of conduct risk however
‘there appears to be international agreement about the main components‘
(culture, ethics, integrity, corporate governance, tone from topic, etc. all as
noted in this Module) and ‘perception of senior individual accountability for the
delivery of conduct risk has sharpened’, with board level focus remaining high
and more than half of firms ‘having a senior manager responsible for conduct
risk’. Increase in costs related to this are expected, both in terms of time and
resources. It pertinent to note the finding that ‘the Compliance Function is
leading on both the ownership of and accountability for conduct risks’.
• Uncertainty – Lack of certainty in a number of areas – political, industry driven,
economic or indeed arising from many other issues – has relevance for the
Compliance field, presenting a host of challenges for those involved. Given
the likelihood of continued uncertainty in a number of regards, this is a factor
which compliance Professionals will continually need to take into account in
the short, medium and longer terms, considering potential relevance for and
impact upon a whole host of factors relating to their function, their firm and the
regulated environment more generally.
33 https://www2.deloitte.com/uk/en/pages/financial-services/articles/regulatory-top-ten.html
34 PWC website http://www.pwc.co.uk/industries/financial-services/insights/the-conduct-
area.html
35 https://risk.thomsonreuters.com/en/resources/special-report/conduct-risk-
report-2016.html Compliance and risk practitioners from more than 260 financial
services firms across the world, including banks, brokers, asset managers and insurers
took part in the survey – note most recent report https://legal.thomsonreuters.com/
content/dam/ewp-m/documents/legal/en/pdf/reports/culture-and-conduct-risk-2018.
pdf?
Notes Self Evaluation Question 1: Think about each of the above topics and reflect on
their relevance for compliance, risk and governance activities within regulated
firms and within the regulatory environment overall. Now consider this in light
of your own regulated firm: from a Compliance perspective, which of these
topics would you prioritise focus on and why?
Suggested reading:
1. Read the Serious Fraud Office The Nature of Compliance36 speech September
2015
2. Locate the G30 Occasional Paper 89 The Digital Revolution in Banking37
by Gail Kelly, published in 2014. Note its exploration of the March of
Digitization, comments around the Transforming Bank and the Implications
for Policy section, giving consideration to the implications of these shifts
both for the regulator and regulated firms.
3. Review the Understanding the costs of compliance 2006 research paper38
4. Examine the KPMG The Cost of Compliance39 2013 paper
5. Access the FCA Handbook section SYSC 18.3.1, noting the requirements in
respect of Whistleblowing
6. Access the 2016 Ponemon Cost of Data Breach Study40 published by IBM
security. Consider the findings at a global and country specific level within
the context of their relevance for ensuring effective compliance within
regulated firms.
7. Examine the findings of the BCBS December 2015 Progress in adopting the
Principles for effective risk data aggregation and risk reporting report, focusing
specifically on the lessons learned regarding effective implementation and
their relevance for ensuring effective compliance management.
8. Locate a sample of the papers referred to in the above section of this Unit.
Reflect on the content of each within the context of the main objectives of
the Compliance Function.
36 https://www.sfo.gov.uk/2015/09/08/the-nature-of-compliance/
37 http://group30.org/images/uploads/publications/G30_DigitalRevolutionBanking.pdf
38 http://logic.stanford.edu/POEM/externalpapers/understanding_the_costs_
of_c_138098.pdf
39 http://www.kpmg.com/dutchcaribbean/en/Documents/Publications/The-cost-of-
compliance-v2.pdf
40 http://www-03.ibm.com/security/data-breach/
41 Indeed it has and searches under the topic in relation to management and organisation
will prove fruitful in identifying a range of interesting texts. As regards financial services,
banking specifically, the previously referenced Changing Banking for Good has this topic
at its core, whilst a recent publication Mehran et al (2016) provides a useful range of
articles focusing in on this theme within the context of a range of GRC topics.
42 A recognized leader in the development of management education who invented
the concept known as management by objectives, a management consultant and
educator who influenced the practical foundations of modern business.
Note http://www.drucker.institute/about-peter-f-drucker/ for further information.
43 http://webarchive.nationalarchives.gov.uk/20101007090736/http://www.fsa.gov.uk/
pages/Library/Communication/Speeches/2010/1004_hs.shtml
This is a great advance on the old system whereby shortcomings were identified Notes
at a later stage by either the Compliance Function, other assurance functions
or, worse, by the regulator. Notwithstanding, the board and senior management
retain overall responsibility for compliance. As such, they are encouraged to set
the “tone from the top” in supporting the activities of the Compliance Function
and promoting an effective organisational culture to do so. How it and other
parts of the business can work effectively together in pursuit of these and related
objectives will be discussed later in this Unit.
Alongside this, the activities of the Compliance Function and how they perform
them are an important aspect of developing an appropriate culture within the
business. This is vital if the board and senior management are to meet their
compliance responsibilities and if the business is to properly benefit from
regulatory compliance.
Self Evaluation Question 2: Consider the general culture in your firm – how
would you describe it?
Self Evaluation Question 3: How might a Code of Conduct impact positively on
the general culture of an organisation?
Suggested reading
1. Read and compare the approach set out in a series of speeches from the
UK regulator on the topic of culture within the industry over recent years
and their expectations of those in regulated firms in respect of this: Hector
Sants, FSA, Can culture be regulated? October 2010; Martin Wheatley, FCA,
Modelling integrity through culture44 November 2013; Martin Wheatley, FCA,
The commercial importance of culture to industry45 December 2014; Culture
in financial services – a regulators perspective46 speech by Andrew Bailey,
May 2016; Peter Andrews, FCA, Culture in UK banking – regulatory priorities47
October 2016
2. Note the issues covered in the Accountability, from debate to reality48
speech by Martin Wheatley, FCA, July 2015. Consider alongside Personal
Accountability49 by Tracey McDermott, FCA, December 2015
3. Note the series of G30 reports focused on a range of supervisory, governance
and culture matters, including Toward Effective Governance of Financial
Institutions50 published in 2012, A New Paradigm: Financial Institution Boards
and Supervisors51 in 2013 and, most recently, Banking Conduct and Culture:
A Call for Sustained and Comprehensive Reform52 focusing on the role of
these topics in the governance of the worlds largest financial institutions,
including good practice guidance and recommendations.
44 https://www.fca.org.uk/news/speeches/modelling-integrity-through-culture
45 https://www.fca.org.uk/news/speeches/commercial-importance-culture-industry
46 https://www.bankofengland.co.uk/speech/2016/culture-in-financial-services-a-
regulators-perspective
47 https://www.fca.org.uk/insight/speech-culture-uk-banking-regulatory-priorities
48 https://www.fca.org.uk/news/speeches/accountability-debate-reality
49 https://www.fca.org.uk/news/speeches/personal-accountability
50 http://group30.org/publications/detail/155
51 http://group30.org/publications/detail/162
52 http://group30.org/publications/detail/166
Notes 4. Reflect on the keynote speech made by Gabriel Bernardino, the Chairman
of EIOPA Solvency II implementation – beyond compliance53 in March 2016
at a conference titled ‘The Launch of Solvency II’. Note his comments
regarding ‘the convergent implementation of the new risk-based regulatory
framework across the European Union.’, going on to discuss the importance
of supervisory convergence: ‘it is essential in order to achieve three
fundamental objectives: Firstly, to ensure that European Union regulation is
applied in all Member States; Secondly, to guarantee a level playing field and
prevent regulatory arbitrage in the internal market; Thirdly, to safeguard a
similar level of protection to all policyholders and beneficiaries in the European
Union. Given the current differences of supervisory cultures and practices
between Member States, I appreciate that our new journey might turn into an
“Odyssey”. But it is the right “Odyssey” for us to be undertaking. The European
Union has to have a common supervisory culture and this is precisely why
EIOPA and the European System of Financial Supervision (ESFS) were created.
We are decisive and fully committed to enter this new journey for the sake of
a more coordinated and more robust financial supervision in Europe. In the
coming five years one of our main priorities will be to increase convergence
towards a European supervisory culture. A risk-based culture that: Aims to
ensure strong but fair supervision; Is based on a forward-looking approach
to risks; It takes into account that it is always better prevent than repair.
Prioritizes the dialogue with market participants in order to better understand
their business models, strategies and underlying risks; Promotes early enough
awareness and supervisory action in order to protect policyholders and
mitigate possible disruptions in the market.’
5. Access the Report of the Parliamentary Commission on Banking Standards
Changing Banking for Good54 if you have not already done so, and note the
specifically the sections on standards and culture.
6. Review the PRA Rulebook and FCA Handbook, noting the guidance provided
that relates to compliance culture.
53 https://eiopa.europa.eu/Publications/Speeches%20and%20
presentations/2016-03-03%20IVASS%20Solvency%20II%20Conference.pdf
54 http://www.parliament.uk/documents/banking-commission/Banking-final-report-
volume-i.pdf
Overall, the board of a regulated business is responsible for the business and
risk strategy of the organisation, including how its structure is organised, its
financial soundness and its governance.
• As regards compliance matters, essentially, the board of directors are
responsible for overseeing the management of compliance risk. They
approve the compliance policy and ensure that the effectiveness of the
compliance risk strategy is regularly assessed.
• Senior management are responsible for the management of compliance
risk, for establishing and communicating a compliance policy, ensuring it
is adhered to and advising the board accordingly.
• These requirements are underpinned by a range of requirements (spanning
primary legislation, regulatory rules and standards, market conventions, codes
of practice, etc.), including corporate governance obligations, that set out clear
expectations regarding the manner in which business affairs are governed.
• The task of ensuring that the compliance policy set by the senior
management of the business is applied on a day-today basis is undertaken
by the Compliance Function, headed by the Compliance Officer.
Notes • The Compliance Function is part of the overall risk management process
within the regulated business and the function’s primary task is to ensure
effective systems and controls are in place to adequately measure and
manage the regulatory risks the firm faces. In so doing, this function assists
the business in achieving key elements of its business objectives and also
in avoiding regulatory censure. Dependent upon the size and nature of a
particular business, a separate risk management function might be in place.
• Through regulator auditing of the Compliance Functions activities,
Internal audit is one of the main mechanisms by which senior management
can be provided with assurance that the activities of the Compliance
Function are achieving their objectives and, in so doing, support the
board’s overall risk strategy.
Each aspect of risk assurance has a particular purpose and some organisations
will have distinct functions covering these areas, whereas others, whilst having a
separate Internal Audit function in accordance with requirements as discussed in
Unit 2, might combine areas, such as the compliance and risk functions. As ever,
the approach taken is less important than how appropriate that approach is for
that particular business, as the focus should always be on ensuring it achieves its
intended aims.
As discussed previously, applicable regulatory requirements, such as the regulators
expectations of the UK firms they regulate, must be taken into account. The
objectives of the assurance functions should therefore be expected to closely
align with the overall strategic objectives of the business. In effect, the assurance
functions are the means of providing support for, and checks of, the systems and
controls in place that allow the firm to meet their overarching goals.
Self Evaluation Question 4: Compare and contrast the focus of the corporate
governance requirements, the Internal Audit role and the objectives of the
Compliance Function. Note the complementary aspects of these.
Self Evaluation Question 5: Risk assurance activities work towards which
general aims?
Suggested reading
Revisit the Basel Committee on Banking Supervisions paper The Internal Audit
Function in Banks55 2011. Note the references to the Compliance Function and
how this is supported by the activities of internal audit.
55 http://www.bis.org/publ/bcbs223.htm
Notes The single most important relationship the Compliance Function has internally is
that with the board, as is made clear in the introduction to the Basel Principles:
“Compliance starts at the top. It will be most effective in a corporate culture that
emphasises the standards of honesty and integrity and in which the board of directors
and senior management lead by example. It concerns everyone within the bank and
should be viewed as an integral part of the bank’s business activities”. Essentially, the
board set the tone as to how compliance is viewed. How effective Compliance is
will be heavily influenced by the board’s view and how this is perceived by the
rest of the business. Put simply, if the board are clearly seen to view Compliance as
important, necessary and of benefit to the business, this will be the view generally
reflected throughout the organisation; conversely, if the board are known to view
Compliance as a ‘necessary evil’, unimportant or even as a nuisance, this will be
mirrored by the rest of the business.
In order to be effective and achieve its goals, therefore, the Compliance Function
needs to have the respect of the board and maintain positive relationships with
it subsequently. At the outset, being clear on the fundamental requirements to
the effective formation of the Function (in terms of independence, resources and
so on) and then ensuring the board remains up to date with the progress of the
Function in its pursuit of its objectives or where challenges to this are arising,
alongside recommendations for addressing these. The most effective way to do
this is through ensuring communication is appropriate, targeted and meets their
expectations, providing necessary interaction and information in a succinct and
timely manner that gives value. Essentially, the board want to view the Compliance
Function, and the Compliance Officer in particular, in the same way as the Regulator
wants to view the board of a regulated business, i.e., as being competent in their
role, aware of requirements and keen to work effectively to ensure these are met.
If the board has confidence in the Compliance Function, based on their dealings
with them, this in turn will foster growth in the positive perception of the benefits
Compliance brings to the business as a whole.
1. In July 2007 the FSA issued a Dear CEO letter entitled Managing Compliance
Risk in Major Investment Banks - Good Practices56. Review this and consider
the following:
• Note the FSA’s observations on good practices based on their work with
major investment banks in London in the light of what you have learned
in this Module thus far and what you understand the current areas of
focus under the FCA are. Note the list of good practices presented in a
number of categories within the Appendix: Defining “Compliance risk”
and responsibilities; Compliance Culture; Governance; Compliance risk
assessment process; Compliance monitoring/desk reviews; Evaluating
compliance performance.
• Read the Defining “Compliance risk” and responsibilities section through
carefully noting the good practice observed in respect of the clear
understanding between the Compliance Function and the business.
Consider this in light of your understanding of the approach taken by
both the FCA and PRA.
• Consider how the good practices observed clearly demonstrate
effective relationship management between compliance and business
functions.
• Read the Compliance Culture section in the Appendix through carefully
noting the good practice observed.
2. Reflect on the issues noted in that letter and compare these to points
on the following topics noted in some of the other suggested readings
referenced in this Unit:
• Culture
• Governance
• Risk
To what degree do you consider there have been notable development in
approach within these areas and what do you believe are the consequences of
this for the regulatory and thus compliance environment?
56 http://webarchive.nationalarchives.gov.uk/20081231120336/http://www.fsa.gov.uk/
pubs/ceo/compliance_risk.pdf
Suggested reading
1. Access the sections of the PRA and FCA websites that set out how they
regulate and note reference to relationship management. Consider the
many different ways in which each regulator provides information and
guidance together with opportunities for support to the firms it regulates.
2. Research Trade Associations and Professional Bodies linked to the banking,
compliance and risk management professions. Note the opportunities
available for relationship development and the various means of doing so
(conferences, panel discussions, consultations, online discussions, etc.).
Notes As noted already, the attitude and approach of senior staff can have a defining
impact on how Compliance is viewed, and subsequently upon how the need for
adherence to its requirements is perceived. Such views are reflected in the actions
of the business and the Compliance Function must work to challenge potential
issues and address shortcomings as they arise. As mentioned earlier, this can be
achieved through communication and training activities, which are intended to
enhance understanding of compliance requirements, embed focus within the
compliance strategy and provide opportunity for discussion and clarification:
• Communication - Whether written or verbal, communication plays a vital role in
supporting the Compliance message. Clear, concise and appropriately worded
communications that meet the needs of the target audience are essential. For
example, the tone and language appropriate for communication in a board
report differs from that appropriate for communication of a regulatory update
to business management or a guidance note for new sales staff. Compliance
personnel need to ensure they tailor their communications appropriately.
Likewise, consideration should be given to verbal communication,
encompassing the types of issues discussed in Unit 2 regarding the behaviours
and skills necessary to be an effective Compliance professional. Drawing on
these skills to ensure any communication, in whatever format, is appropriate will
go a long way towards enhancing the Compliance message and overcoming
any potential hurdles.
• Training - Training is an essential medium through which the Compliance
Function can simultaneously deliver the Compliance “message”, increase
staff knowledge and develop relationships with the business. For example,
the Compliance Function has a solid understanding of the needs of the
organisation (issues such as products and services, business priorities, etc.)
and are able to align their training focus to incorporate these alongside the
pertinent regulatory requirements, the training will have far more meaning
and, consequently, more benefit. Linking generic issues to topics about
which individuals have actual experience is an effective method of ensuring
understanding and compliance training that keeps this in mind will be
likely to be more appropriate and effective for the target audience. Training
requirements, linked to the compliance and business objectives, should of
course continue to be reviewed to ensure they remain up to date and therefore
relevant.
As we have seen throughout this Module, the approach of the Compliance
Function has evolved positively over recent years and moved away from a directive
and monitoring stance, towards more of a consultative and facilitative method of
working with the business. This revised method helps embed compliance and
develop the culture beyond merely complying.
Self Evaluation Question 8: Who within the business do you believe should be Notes
involved in addressing barriers to the effectiveness of the Compliance Function
and why?
Self Evaluation Question 9: Consider how the monitoring activities of the
Internal Audit and Compliance Functions might overlap and what problems
might arise if these are not effectively coordinated.
Suggested reading
Read about the UK Department of Business, Skills and Innovation (BIS)
consultation on Executive Remuneration57 and consider the implications for
corporate governance issues
57 http://www.bis.gov.uk/Consultations/executive-remuneration-discussion-paper
58 Compliance and the Compliance Function in banks, previously discussed in unit 2.
Notes The issue of ethics features regularly on the UK regulator’s radar. As long ago as
2002, the FSA published An Ethical Framework for Financial Services59 focusing
on this topic. Subsequent to this, the FSA’s ‘Treating Customers Fairly initiative’,
launched in the mid 2000’s, whilst focusing on customers, has ethics at its core.
In June 2010, Hector Sants, Chief Executive of the FSA, raised this issue again,
questioning the regulator’s own role in relation to it: “Some of the causes of the
crisis were deeply rooted in behavioural issues that resulted in actions and decisions
that with the benefit of hindsight, were not the ‘right’ ones. A firm’s culture plays an
important role in influencing the actions and decisions taken by individuals within firms
and in shaping a firm’s attitude towards their customers.”60 More recently, there has
been renewed focus on these topics such as the Changing Banking for Good report
arising from the Parliamentary Commission on Banking Standards findings and the
Senior Manager and Certificate Regime (SM&CR) regime, which have cultural and
conduct change at their heart. In supporting regulatory and wider objectives in
these areas, compliance activities and ethical considerations are intertwined.
Self Evaluation Question 10: Principles for Business Principle 1 states that a firm
must conduct its business with integrity, whilst the first Statement of Principle
for individuals requires that an approved person must act with integrity. This
focus on integrity is clearly seen as important. Why is this?
Self Evaluation Question 11: Why are ethics important in financial services?
Suggested reading
In considering the relevance of culture in supporting the aims of the Compliance
Function or otherwise, it can be useful to note developments on this topic
as they apply to a particular jurisdiction. The following provides a sample of
resource on this topic linked to the example UK regulatory Framework:
1. Read the speech given by Davies, H., Chairman, FSA, Are words still bonds?
How Straight is the City? 2.11.98. Think about the points noted therein, consider
these in light of the issues raised in this Module and your understanding of
regulatory environment and the various factors that impact upon it.
2. Locate the An Ethical Framework for Financial Services61 FSA Discussion
Paper published in 2002. Read it through, examining the various scenarios
included together with its overall focus and purpose.
3. In June 2010 the FSA published CP10/12 focusing on Competence and
Ethics62. This consulted on proposals to strengthen and refocus elements of
the TC sourcebook, to modernise the regulatory qualifications requirements
and to make changes to the Statements of Principle and Code of Practice
for Approved Persons (APER) under the approved persons regime. Policy
Statement 10/18 was published in December that year. Familiarise yourself
with both of these, considering their focus as you do so.
59 http://www.fsa.gov.uk/pubs/discussion/dp18.pdf
60 http://www.fsa.gov.uk/library/communication/speeches/2010/0617_hs.shtml
61 http://webarchive.nationalarchives.gov.uk/20130403122646/http://www.fsa.gov.uk/
library/communication/speeches/1998/sp18.shtml
62 http://www.fsa.gov.uk/pubs/cp/cp10_12.pdf
4. Read Hector Sants speech Do Regulators have a role to play in judging culture Notes
and ethics?63 June 2010 and, in the context of the issues discussed in this
Module, consider the issues raised.
5. Review Creating an ethical framework for the financial services industry64,
a paper by professor Julia Black London School of Economics and Karen
Anderson, partner, Herbert Smith Freehills LLP in January 2013. Note the
links between this and the An Ethical Framework for Financial Services paper
referred to above. Consider what an ethical financial services industry
would look like.
6. Refer again to the speech by Martin Wheatley, FCA, Modelling integrity
through culture65, November 2013 and Note Getting culture and conduct
right – the role of the regulator66, by Jonathan Davidson, FCA, July 2016.
Again, in the context of issues discussed in this Module overall, consider
the issues raised.
7. Read Good conduct and market integrity67 June 2014 and Ethics and
Economics68 March 2014, both speeches by Martin Wheatley, FCA, again
in the context of the issues discussed in this Module overall. Consider the
issues raised and any developments in approach that are apparent.
8. Note the FCAs proposals for new measures to maintain the focus of firms
on culture, announced in September 2016.69 These ‘new measures are
part of the FCA’s continued focus on culture and build on initiatives which
further help the FCA identify and assess key senior individuals. The FCA has
confirmed final rules on regulatory references, which clarify the information
that firms are required to share with one another as part of recruiting to key
roles. The FCA will also consult on: Guidance for Senior Managers on the ‘Duty
of Responsibility’; A new requirement for UK branches of overseas banks to tell
their UK based employees about the whistleblowing services offered by the
FCA and the PRA; Extending the conduct rules to all non-executive directors of
banks and insurers.’
63 http://webarchive.nationalarchives.gov.uk/20130403131641/http://www.fsa.gov.uk/
library/communication/speeches/2010/0617_hs.shtml
64 http://www.lse.ac.uk/collections/law/projects/lfm/LSE%20HSF%20discussion%20
paper_d3%20ethics%20in%20financial%20institutions.pdf
65 https://www.fca.org.uk/news/speeches/modelling-integrity-through-culture
66 https://www.fca.org.uk/news/speeches/getting-culture-and-conduct-right-role-regulator
67 http://www.fca.org.uk/news/good-conduct-and-market-integrity
68 https://www.fca.org.uk/news/speeches/ethics-and-economics
69 https://www.fca.org.uk/news/press-releases/fca-proposes-new-measures-maintain-
firms-focus-culture
Focus within business can tend towards the impact upon the ”bottom line”, Notes
therefore for many it can be difficult to assess the benefits of a function which
is not profit producing. However, the immediate business benefits to having an
effective Compliance Function, i.e., avoiding the problems that arise from not being
compliant, can indeed be easily linked directly to the bottom line, many of which
relate to a fundamental business risk, i.e. reputation:
• Financial loss from regulatory censure and fines, leading to reputational
damage
• Further financial loss from loss of business arising from the reputational
damage.
The true cost of a regulatory fine to a business is, of course, significantly more than
the cost of the fine itself, due to the remedial action necessary as a result and the
reputational damage and subsequent business loss.
Whilst ensuring general awareness and understanding of the impact of non-
compliance is necessary and important, rather than focusing on this negative, the
Compliance Function is better served by embedding an awareness of the upside
of compliant behaviour for the business and of the advantages to the gained from
this. For example:
• Having a focused assurance function supporting the business ensures risks are
managed more effectively, resulting in fewer errors and the resulting need for
rework, thus reducing overall costs
• Awareness of regulatory developments will allow early adaption of approach/
focus, thus reducing costs arising from last minute alterations or changes in
approach
• Fewer breaches, so less time wasted investigating errors
• Involvement with product and/or service development at an early stage will
help ensure outputs are “right first time”
• Improved understanding gained through improved information will lead to
improved decision making within the business generally
• Improved management information to the board will assist them in their
strategic decisions
• Embedding a positive attitude towards compliance will result in a more
collective approach towards the requirements, reducing the cost of centralised
compliance
• General improvement in staff attitude and behaviours arising from knowledge
that the organisation within which they work takes a compliant and ethical
approach to their activities.
In addition to such internal advantages, there are external gains to be had (i.e. from
outside of the business). Compliant behaviour and a reputation for it has many
benefits, such as:
• Enhanced trust in the firm, thus enhancing the firm’s reputation
• Positive influence on consumer decisions as to which firm they do business
with
• Positive influence on the views of other firms with whom a firm does business
• Reduced likelihood that the firm will be used for financial crime purposes, as
there will an awareness that systems and controls are in place to prevent this
and that the attitude of the firm is strongly against it.
Notes • In his paper reflecting on reputation and how it interacts with risk in its many guises
Smith-Meyer (2015) references an interesting recent text focusing specifically on
Reputation Risk70. He highlights focus within this text on how perception of both
reputation and risk may be biased, based on each stakeholders perceptions of
both themselves and other stakeholders. Smith-Mayer positions this as a central
issue for consideration in developing mechanisms for managing this – and
indeed gaining the benefits from that effective management. This harks back to
the issue raised at the outset of this text and one that has resurfaced throughout,
demonstrating the importance of considering the position of all stakeholders in
developing an effective approach.
Self Evaluation Question 12: How might the culture within a firm, and its values,
as evidenced by its behaviour, influence the relationship they have with their
regulator?
Self Evaluation Question 13: How should information about the benefits of
regulatory compliance be communicated to the business?
Suggested reading
1. Review the Costs of Compliance report by Europe Economics71, June 2003,
identifying the topics relating to how a compliance culture can be of
benefit to the firm.
2. Case Study Review: Part 2 of the FSA report on the failure of RBS72 provides
an interesting range of points relating to Management, Governance and
Culture and the impact of this on the events that unfolded. Access this
report and consider these points. Now revisit the HBOS case discussed in
Unit 2. Consider the findings in each and the relevance for regulatory and
compliance activities and approach.
3. Consider the issues raised in The Rising Cost of Non-Compliance: From the
end of a career to the end of a firm73, English, S. & Hammond, S., Thomson
Reuters, November 2014
70 Bonime-Blanc, A., The Reputation Risk Handbook: Surviving and Thriving in the Age of
Hyper-Transparency, DO Sustainability, Oxford, UK, 2015
71 http://www.fsa.gov.uk/pubs/other/cost_compliance.pdf
72 http://www.fsa.gov.uk/static/FsaWeb/Shared/Documents/pubs/other/rbs-
part2management.pdf
73 http://thomsonreuters.com/en/articles/2014/rising-costs-of-non-compliance.html
Suggested reading
Review the Enhancing Financial Stability by Improving Culture in the Financial
Services Industry74 October 2014, by William C. Dudley, President and Chief
Executive Officer, Remarks at the Workshop on Reforming Culture and
Behavior in the Financial Services Industry, Federal Reserve Bank of New York,
New York City
74 https://www.newyorkfed.org/newsevents/speeches/2014/dud141020a.html
The Compliance Function plays a pivotal role in financial services regulation. Notes
At a time of such significant change in the regulatory field, the part played by
Compliance in assisting businesses through difficult times is even more important
than ever. Those tasked with working in this key area of business or in supporting
their work will benefit from recognizing the many advantages to be gained from
adopting a positive stance in relation to this within our financial services industry;
putting compliance at the heart of business is vital to help ensure both regulated
firms and the regulatory environment is better placed to weather the financial
services storms that inevitably lie ahead.
Suggested reading:
1. Given the regulatory change in the UK earlier this decade, focus on the
Compliance role is even more timely, as emphasised in a speech75 made
in the final year of the former regulators operations which made clear that
the new regulatory approach would “represent a real challenge to firms
and compliance areas” not only due to the practical impact of having two
supervisory teams, but because the regulator is “looking for a more strategic
approach to how firms handle the conduct agenda and conduct risk” which
effectively means that they will “go well beyond the traditional control structure
in (their) work and compliance areas will need to adapt to this”. This makes clear
the pivotal role that this UK regulator expects the Compliance Function to
have within regulated firms going forward. Reflect on this and consider how
developments in the UK regulatory environment have impacted on the
Compliance role.
2. Locate and review the October 2016 paper issued by the UKs Banking
Standards Board (BSB) Exploring the role of professional bodies and
professional qualifications in the UK banking sector76
Notes 11. Ethics and integrity are important within financial services as they are necessary
for the achievement of the main regulatory objectives. Reputation is vital for
all concerned. Even if an individual is not a direct participant in the financial
services marketplace, they are affected by it indirectly in a number of ways
and having integrity and ethical behaviour as central components within that
market place has wider implications for all.
12. The following extract from the FSA’s An Ethical Framework for Financial Services
provides a useful overview of the interrelation of these topics:
13. Via communication, either directly via training and relationship management
or written via the compliance policy plus the procedures and activities that
support them.
14. In the same way firms suffer for being non-compliant, the non-compliant Notes
behaviour of those firms will have a pervasive effect on the regulatory
environment as a whole, for example:
• Impact on the reputation of the jurisdiction
• loss of business, as compliant businesses will be concerned about doing
business there
• Increased likelihood of the jurisdiction being targeted by those interested
in financial crime, which in turn would impact further on the jurisdiction’s
reputation.
15. A firm intending to carry out regulated activities within the UK must be
authorised by the relevant regulator or be exempt in accordance with the
regulations. When authorising a firm, the regulators will assess a number of
factors in an attempt to ensure that the firm will not present a challenge to that
regulator achieving their own statutory objectives, i.e. that any newly authorised
firm will meet certain conditions intended to support the UK financial system,
act in a manner encouraging confidence in the UK marketplace, contribute an
appropriate degree of protection for consumers and not be used in connection
with financial crime.
Each regulator will therefore undertake a “risk assessment” of the firm applying
for authorisation, using an approach called the Firm Risk Assessment Framework
and in doing so will consider a number of factors, one of which will include
assessing whether the firm is “fit and proper” to undertake business in the
jurisdiction. This encompasses the requirements set out under the Principles
for Business (PRIN) in the FCA Handbook, which themselves should underpin
the approach of the firm’s board and senior management in relation to key
activities, including adherence to regulatory requirements. The Compliance
culture supports this.
16. This can be summed up in a single word: reputation. Ensuring regulatory
compliance is a priority within a regulated business enhances that firm’s
reputation with the regulator, whilst having regulated firms that meet the
standards set by the regulator – both initially and on an ongoing basis –
enhances the reputation of that jurisdiction in the eyes of all stakeholders and
indeed the wider world.
17. The Compliance role will become even more important, as emphasised in a
speech77 which made clear that the new regulatory approach would “represent
a real challenge to firms and compliance areas” not only due to the practical
impact of having two supervisory teams, but because the regulator is “looking
for a more strategic approach to how firms handle the conduct agenda and conduct
risk” which effectively means that they will “go well beyond the traditional
control structure in (their) work and compliance areas will need to adapt to this”.
This makes clear the pivotal role that this UK regulator expects the Compliance
Function to have within regulated firms going forward.
Notes Bibliography/References
Armour, J., D. Awrey, P. Davies, L. Enriques, J. Gordon, C. Mayer, and J. Payne
Principles of Financial Regulation, 2016, Oxford
BCBS, Compliance and the Compliance Function in Banks, 2005
Black, J., The Development of Risk Based Regulation in Financial Services: Canada,
the UK and Australia, A Research Report, 2004, ESRC
Black, J. The Rise, Fall and Fate of Principles Based Regulation, LSE Law, Society and
Economy Working Papers 17/2010
Bonime-Blanc, A., The Reputation Risk Handbook: Surviving and Thriving in the Age
of Hyper-Transparency, DO Sustainability, Oxford, UK, 2015
Brunnermeier, M.K., Crocket, A., Goodhart, C., Persaud, A. and Shin, H. The
Fundamental Principles of Financial Regulation, 2009
BSI, Compliance Framework for regulated financial services firms, 2011
Cooper, J., The integration of financial regulatory authorities –
the Australian experience, 2006
ESMA, Guidelines on certain aspects of the MiFID Compliance Function requirements,
July 2012
Goodhart, C.A.E. The boundary problem in (financial) regulation, 2008, National
Institute Economic Review, 206, pp.48-55
Heady, C, and Myles, G.D., Incentivising Compliance with Financial Regulation, 2016,
FCA Occasional Paper 25
IOSCO, The Function of Compliance Officer, 2003
IOSCO, Compliance Function at Market Intermediaries, March 2006
ISO, Compliance management systems, 2014
Levine, R., The Governance of Financial Regulation: Reform Lessons from the Recent
Crisis, 2012, International Review of Finance, 12(1), pp. 39–56
Llewellyn, D., The Economic Rationale for Regulation78, FSA Occasional Paper
Series 1, 1999
Mehran, H., Morrison, A. and Shapiro, J. Corporate Governance and Banks: What
Have We Learned from the Financial Crisis? Federal Reserve Bank of New York Staff
Reports, 2011, no. 502
Mehran, H., Introduction and Appendix to Behavioral Risk Management in the
Financial Services Industry: The Role of Culture, Governance, and Financial Reporting,
2016, Economic Policy Review, Issue Aug, pp. 1-2, 2016
Tansy-Martens, L., Good Practice Guide: Globalising your ethics programme,
2010, IBE
Taylor, M. W The Road From “Twin Peaks” – And The Way Back. 2009
78 http://webarchive.nationalarchives.gov.uk/20081112204942/http://www.fsa.gov.uk/
pubs/occpapers/OP01.pdf