Numerous laws, regulations, rules and guidelines applicable to regulated business activities, including investment firms, financial institutions, collective investment schemes, trustees, CSPs or VFA service providers, emphasise the importance of being in compliance with the regulatory obligations and having in office at all times a Compliance Function that possesses the required skills, knowledge, expertise and authority to discharge its role.
At a time when the regulated businesses are being constantly required to invest in human resources, processes, and innovative technology solutions to support the Compliance Function, building up a sound compliance team impacts the return on the cost-pressure faced by the business, as well as the integrity of its internal policies and procedures.
On these premises, we have summarised some of the tips that we are giving to our clients, or that we are implementing ourselves when appointed as compliance officers of regulated entities, in order to navigate the increasing compliance demands coming from the regulators and/or internal stakeholders.
Part of a series of brief articles on different aspects of the Compliance Function, the present summary delves into some key remarks in terms of the skills, knowledge, expertise and authority that the Compliance Function, and in particular the compliance officer, shall possess in order to properly discharge the obligations allocated.
These requirements should be established by the entity’s policy explicitly acknowledging that the senior management should take them into account when appointing the compliance officer. As a rule of thumb, one should:
- Emphasise the integrity and ethics when establishing the Compliance Function and install a judgement-based culture that is not limited to the simple obedience of the appointed officers.
- Comply with the letter of law but do not devalue the spirit of the law and, when applicable, the flexibility to how to deliver compliance.
- Acknowledge that compliance is for the entity in its entirety and every staff member should comply with the regulations. Hence, it is fundamental to define properly the role of the Compliance Function, determine its authority in the internal policy, and pin down its responsibilities.
Professional skills of the Compliance Function
Professional ethical standards, personal integrity and skills are required in order to be deemed fit and proper to carry out the role of compliance officer. In terms of skills, we have identified the following as relevant abilities that inherit the potentiality of ensuring an adequate Compliance Function:
- Good understanding of the application of the relevant laws, rules and regulations to the specific business activity;
- Negotiation skills;
- Project management;
- Communication skills;
- Understanding of behavioural economics and competition theory;
- Ability to anticipate and properly identify the challenges of entering into new markets, carrying out new activities or targeting new jurisdictions;
- Analytical skills;
- Ability to act as an adjudicator;
- Good understanding of technology and being abreast of innovative solutions applicable aside or instead of traditional systems.
While a capabilities matrix is not per se a guarantee for success, it is a start point. Combining the compliance traditional skills with the emerging challenges for innovation is definitively a step forward in understanding the changing role of compliance and its demands and applying it to your own business reality.
Technical Knowledge of the Compliance Function
It goes without saying that all levels of compliance shall have the required technical knowledge to ensure compliance with the applicable laws, rules and regulations. This know-how is developed by recurring to continued investment and innovation. Whether recruiting externally or investing in in-house training, a structured and well-planned approach is necessary, to avoid even higher financial penalties and regulatory actions for lack of compliance.
The technical knowledge is crucial for the effective performance of the tasks assigned to the Compliance Function. The Compliance Function should be knowledgeable of at least the national applicable laws, regulations, and guidelines which the activity of the company is subject to. He or she should also have knowledge of all applicable regulations, directives, delegated and implementing acts adopted at EU level as well as of all applicable standards, guidelines and reports issued by ESMA and other competent authorities, as far as these are relevant to the activity carried out by the company. Regular training should be provided to maintain this knowledge and update it properly.
To ensure that the Compliance Function has the required knowledge, different options may be adopted prior to the appointment and during the carrying out of the function. For example, the senior management, at recruitment stage, may consider assessing the qualifications of the potential candidate carrying out a thorough analysis of educational and employment background. Another option might be to subject the appointment of the Compliance Function staff to the successful pass of an exam or interview. The purpose is to strengthen the position of the Compliance Function within the company.
Expertise of the Compliance Function
In our dealing with clients and compliance officers, we are noticing that there is an increasing competition between regulated entities to recruit compliance staff that already possesses the required expertise, or a certain level thereof, and is ready to develop new capabilities as applicable to the particularities of the new working environment. We have seen the Compliance Function being entrusted to auditors, former supervisors, and legal consultants. At the same time, considering the escalating human resources costs and given the actual difficulties of recruiting compliance professionals externally, companies often decide to go for staff move or hire newly graduates and enhancing the training activities to grow their own experts. In house.
In any case, the responsibility to ascertain the expertise of Compliance Function staff shall lie with the senior management. Thus, it is important that the employment background of the Compliance Function is evaluated at the appointment stage. Past professional experiences should be analysed to ensure that the Compliance Function has sufficient level of expertise as to be able to assume responsibilities for the role as a whole and ensure its effective performance. In light of the fact that the Compliance Function is involved in the development and implementation of the internal policies and procedures (for example the remuneration policy, product governance policies and procedures etc), the Compliance Function should be in a position to provide compliance expertise and advice about all strategic decisions or new business models in the area of services and activities carried out by the company.
The Compliance Function should prove sufficient professional expertise in order to be able to assess the compliance risks and conflicts of interest innate in the firm’s business activities. The required professional experience may have, amongst others, been obtained in operational positions, in other control functions or in regulatory functions. In some cases, the professional experience is only taken into consideration if it has been acquired during a minimum period of time and provided it is not outdated. However, it is not sufficient that a person has acted as a compliance officer of a previous license holder. Rather the proposed compliance officer should have experience with the regulated services being offered, with the particular financial instruments as applicable and with the target clients of the regulated entity.
The appropriate expertise required may differ from one company to another, as the nature of the compliance risks that company encounters could differ. A newly employed compliance officer may therefore need additional specialised knowledge focused on the specific business model of the company even if he or she has previously carried out the compliance role for another entity. Once again it is the responsibility of the senior management to review frequently, at least once a year, the performance of the Compliance Function and enables its adequate training in tandem with the progression of the engagement as Compliance Function.
Authority of the Compliance Function
With regards to the authority criterion, it is important that the recommendations posed by the Compliance Function to the management of the entity are duly considered and are taken on board. The Compliance Function shall also be consulted on a regular basis by the management board and other staff of the company on any material decision they take so that they can ensure that they are being compliant with the applicable rules, policies and procedures implemented by the company.
As anticipated, in order to be confident in providing the requested assistance and advice the Compliance Function should be conversant and familiar with internal processes of the company as well as with the applicable laws, rules and regulations.
From a regulatory point of view, it is good practice to evidence in writing any compliance recommendations presented by the Compliance Function to the management board, which we understand that on occasions may be communicated verbally and informally. It is important thought that such advice is also made formally either during a board meeting or simply documented in writing in a durable manner.
Furthermore, it is necessary to establish and maintain a certain level of independence of the Compliance Function from the management control. In this respect the company shall ensure that the necessary authority, resources and all relevant information is given to the Compliance Function and he or she is enabled to carry out the allocated tasks independently from the influence of the decision-making organs of the company.
We have noticed that the scale and the complexity of the role of the Compliance Function in the regulated activities in general, and the financial sector in particular, is changing fast. These changes bring along the risk of having the Compliance Function attention and time spread in different areas that not always reflect the actual role and objectives. Alongside this, a variety of reporting lines implemented require the compliance professionals to be proactive and to possess adequate capabilities to enable more effective compliance.
Therefore, the regulated entities shall put into place well planned recruitment, training and development arrangements to attract and retain compliance professionals with the right mix of skills, knowledge, expertise and authority to discharge their obligations as determined in the role description established in the internal policies and procedures.
The information contained in this write up is provided for general informational purposes only. It does not, and is not intended to, constitute legal advice on any subject matter. You should not act or refrain from acting on the basis of any content included in this write up without seeking legal or other professional advice for your individual situation.