For many Compliance Officers and Managers, having a vision of providing the very best compliance service that is possible for their firm each and every day, is commendable and noble, provided they understand how and where their firm stands. The first step is identifying the high-level activities and then to tease out from that data the more detailed aspects and responsibilities of exactly where compliance is or could be impacted. This will then help with future audits or regulatory visits, as well as provide compliance and the rest of the business exactly where everything fits in.
This activity, although vast and sometimes complicated, is a fundamental necessity to ensure that the foundations of any compliance department and all the ideas, policies, controls, processes and procedures that you implement are not ‘built on sand’.
To start this it would be advisable to take a new notebook and cover the following rough sections;
- each entity within your group including appointed reps, introducer appointed representatives or other subsidiary or joint-venture partners that your firm may have entered into business with.
- each business unit and support departments within each entity.
- external service providers including anything that maybe outsourced from IT to Para-planning, Legal to Banking.
- the regulatory jurisdiction in which you are operating, for most this will be the UK and at most Europe however many firms these days offer offshore investment services
- Within your jurisdiction you need to identify all of the regulators and any standards or best practice setting, parties that may contain a quasi-regulator status as well as the obvious legislation, regulation and code etc.
- product services and specific business activities across the range from front, middle and back office, as well as any general insurance, mortgages, financial and investment planning
- common documentation used within the businesses across all entities for regulatory matters such as disclosure, financial promotions et cetera and any other relevant areas that may apply in the periphery
Now your list may look something like this for a medium to large organisation, perhaps a group.
- Digital Banking & Self Service
- Mortgages & Savings
- Banking, Insurance & Investments
- Customer Strategy & Marketing
- Lending Control
- Operational Risk & Controls
- Branch Network (Split regionally or by jurisdiction; i.e. IOM, CI etc)
- Centralised Distribution Services
- Subsidiary or AR Financial Planning Solution Firms
- Group Intermediary Sales
- Financial Performance Analysis
Finance & Specialised Support (internal or external/outsourced)
- Reporting & Tax (Financial & Regulatory, Trading etc)
- Group/Legal & Compliance (GC)
- Internal Audit
- Business Protection
- Business Continuity Stakeholders (telephony, WAR site, utilities etc)
- Secured Credit Risk
- Commercial Credit Risk
- Unsecured Credit Risk
- Data, Systems & Organisation (internal, external exposures, shared or JV)
- Compliance Oversight, complaints
- IT Framework, Storage & Data Protection
- Operational & IT Strategy
- Business Transformation
- Customer Service & Operations
- Business Continuity
- Enterprise Development
- Group Services
- Digital Development
People Management – Corporate, Customers and Staff
- Operational Governance & Risk Management
- Business Partnering & Operations
- Corporate HR
- Customer Experience/Journey
- Corporate Communication & Corporate Social Responsibility
- Strategy & Planning (Disaster Recovery/Business Continuity)
Beneath these headline activities you will obviously have the “Heads of Department” or regulatory responsibility type of functions, most of whom, under the impending Senior Managers & Certification Regime (SMCR) will more likely be “Certified Persons” and reporting to a Senior Management Function (SMF) of the above. It is worth noting that people in these positions with SMCR will fall under the definition in the Code of Conduct Rules, COCON 1.1.2d a certification employee employed by a relevant authorised person, even if the certification employee has not been notified that COCON applies to them or notified of the rules that apply to them”. A point most worthy of remembering.
You will gather from this exercise that the requirements to be a good Compliance Officer or Manager takes you beyond the normal scope of compliance into legal, marketing as well as governance, company secretarial and office management. As it’s in your interest to leverage these additional areas from a relationship point of view, it is often best not to approach these with all guns blazing.
In gathering this information and immersing yourself in the knowledge of these other departments you will find that others will be asking you why you need to know how the IT system works, a subordinated loan is treated for the owners or even just how the HR recruitment process works, and you need to be confident in your response that by having even a broad understanding of the firm’s involvement will help put your own activities into context and therefore assist you in identifying compliance risks or potential breach areas.
If you need help in any of these areas, please contact us on 020 8087 2377 or email email@example.com.
At LS Consultancy, we offer a complete solution with a range of cost effective, regulatory compliance services including copy advice and copy development which are uniquely suited to supporting firms.
Why Not Download our FREE Brochures! Click here.
Call Us Today on 020 8087 2377 or send us an email.