Be a Dynamic and Effective Compliance Officer

The role of the compliance officer is a scary job with difficult and growing pressures.  It is nonetheless an exciting and challenging role for someone who desires to be in the middle of what is making things happen and keeping things rolling.  Before taking a position, it is advisable to meet the CEO and the CFO and understand the business.  Do not just walk into a can of worms where you would be required to do the clean up.

The compliance officer is a gatekeeper whose role is to stop and prevent wrong doing in the firm.  The compliance officer is there to maintain the integrity of the firm and be the first line of defence against fraud, market abuse, misconduct.  The compliance officer is there to demonstrate the firm’s discharge of its duties of due care, skill and diligence.  The role is usually mandatory under financial services regulations.

Get support from the Top

Imagine not having the full support of the Board and they keep overriding your policies, you will be ineffective.  You definitely need that tone from the top that will help propel the message of compliance and risk.  Senior management generally have the fear factor of personal liability and criminal allegations, this empowers you to be able to mandate a culture of compliance.  Your power and authority also comes with the pressure to ensure that the firm is not put at risk.  If senior management don’t listen to you when you put your foot down, the firm will be at serious risk.  You should not limit your capacity to bring issues to the Board; as such your reporting structure should facilitate direct access to the Board.

Market your programme

It is not enough that you are telling the Board that everything is fine and in order.  The Board needs to be familiar with the compliance programme and understand its effectiveness.  To bring compliance high up the agenda, you have to market compliance to the Board and demonstrate to them that a strong compliance culture will help the firm to gain competitive and strategic advantage.  You need to engage with the Board so that near misses in risk are quantified and communicated.  Ask yourself how often you report to the Board, does the Board act on your recommendations, how often do you detect problems rather than it being discovered by regulators, how reliable is your report that deficiencies have been rectified?

Create a positive culture

Having a compliance manual is not enough to prevent a breach of rules. The whole compliance programme has to penetrate to those who are likely to get the firm in trouble and those who will get the firm out of trouble.  Apart from regular real time monitoring, there has to be ongoing reinforcement of compliance behaviour.  You have to harness personnel from other units like HR, Internal audit, Accounting, Risk management, IT, Legal to help facilitate compliance so as to drive it down to the employee on the line who can put the firm at risk.

Know the business

You would need to be able to give advice pretty much on the spot but be careful with people who just want to cover themselves at your expense; they give a few sketchy facts and request drive-by compliance opinions.  Make sure you get the full facts before forming a view.  You need an up-to-date knowledge of products and a thorough knowledge of the business.  If you don’t know what makes the business tick or the style of the firm, you cannot add value.  You need to keep abreast of changes in regulation, in the organisation and in the industry. 

Have Authority

It is important that you have the authority to remedy any inappropriate conduct so that you can sanction, hire, fire, reward and penalise.  What would drive effectiveness of your compliance programme is the ability to link compliance directly to the manager’s salary.  Once you tie remuneration to compliance so that risk assessment feeds into the performance appraisal and the pay/bonus of the managers, you can reward those who are complying and penalise those who are not.

Have stature and credibility

Use your authority to request information and get yourself involved in significant discussions and decisions. You have to be at the table both with senior executives involved in strategic planning and other managers implementing. This will give you credibility, authority and stature. Your stature would be strengthened by your capacity to shape decisions around compliance.  You also need the cooperation of all employees when investigating issues.

Be Visible

You need to have a face and be visible.  If you and your compliance programme are discrete, people may not let you know what is going on.  You need to make people feel free to phone you on your hot line.  You need to get out into the field and the business lines.  People should feel free to raise questions and concerns without being shut down.  You need to establish a dialogue otherwise your compliance manual will just sit on the shelf and gather dust and people will be breaching the rules and not letting you know what is going on.

Be accessible 

You should be introducing yourself to people so that your first contact with them is not to say they have breach a rule but to say that they can feel free to come and get any guidance from you.  It’s about winning the hearts and mind of people so that later on you can challenge them if they contravene a rule.  Every interaction with the business must add value; it is not just about saying “No” or being a showstopper, it is about giving people options.

Be approachable

Don’t see people as coming to you with problems; see them as coming to you for guidance.  You have to be open, interested and informative ready to explain, advice and help. You are not there just to approve, check and sign-off papers, you are there to be more of a consultative business adviser that translates legal obligation into business solutions effectively and efficiently as part of a change management strategy to protect the brand and enhance the reputation of the firm.

Build strong relationships

You should be embedded into the business units and know the business inside out. Watch out for the flipside of this which is that you can develop such strong relationships that perspective becomes clouded and your ability to address compliance issues becomes hampered by friendships.  This can creates difficulties for you to report up as you are obligated to do because you have lost objectivity.  Make sure you find the balance.

Be tenacious

It is important to understand the pressure that the business units are facing e.g. traders handling time sensitive transactions may overlook compliance.  You should be pragmatic yet ensure that oversights do not recur.  Business units must take responsibility and not pass the buck, your role is to measure the process as set and look for full compliance whether or not any risk has crystallised, so that if a regulator comes on site, they will see full compliance.

Be firm

Managers will give excuses that transactions are time critical, procedures are not clear; they have not been trained on the procedures etc.  Your response should be that they should have sought guidance before going ahead with any transaction.  Make it clear that procedures have been set by the firm, agreed and adopted by senior management to enable the firm to meet its legal and regulatory obligations; and any material or significant variance from the procedures is not acceptable, as it puts the firm at risk.

Develop compliance policies

As a compliance officer, you need to design and develop written policies and procedures in form of a compliance manual.  You must frequently revisit your manual to determine its effectiveness.  Not having an up-to-date compliance policy is like having no procedures at all.  Use you manual as a basis for conducting regular training, outreach and periodic monitoring and surveillance.

Organise training outreach and workshops

Regular training helps you to get the compliance message out.  This helps you, being a representative of the compliance agenda, to make yourself approachable and visible. With this, people will start to respond positively, knowing that the compliance message is continually developed throughout their time at the firm and they have not merely been handed a copy of the manual and left to get on with it.

Conduct monitoring/risk assessment

Risk assessment is a very useful tool to give you a foundation from which to speak and say to the firm what specific regulatory risk the firm is exposed to.  The assessment also helps in calling for resources needed to mitigate any risk.  Compliance is not usually seen as bringing any immediate tangible benefit to the firm and so is sometimes not high on the priority list of resources allocation.  The risk assessment is useful for obtaining the proper resources you need.  You can report to senior management the risks you have identified, the frequency and severity and you can demonstrate how the risks would be prioritised, controlled and mitigated.  You can also show that the firm cannot afford to slip in the risk areas and it appears that trends are indicating that the firm might slip.

Manage the regulators

You are the primary contact between your firm and the regulator.  The regulator has the power to enter and inspect any document they wish.  This is a sensitive and delicate area which appears more like an invasion of privacy.  However as the firm is registered as a regulated firm, all right of privacy have effectively been signed away so you have to let the regulator into your business and welcome them warmly and professionally, giving them a good impression of your firm.  Notify the regulator of changes in your firm rather than them finding out from other sources.

Put you house in order

Don’t let the regulator come in and discover deficiencies and defaults that you are not already aware of.  The best way to ensure this is to conduct mock visits.  You can do the mock visits yourself or use independent outside consultants.  You must also keep accurate records.  If there are any rules that you cannot comply with because they are unduly burdensome to your firm, do not hesitate to apply for a waiver or dispensation.  Endeavour to maintain regular contact with your supervisory contact in the regulator for individual guidance on policy and interpretation of rules that are amorphous.  Untruthfulness and dishonesty can get you in jail so ensure that you are open with the regulator.  It is easy to be suspicious that your openness could be used to get enforcement action against you; but you have to balance between concealing and being open and candid.  If you have agreed to rectify a default, ensure that you do it immediate and don’t let the regulator come back and find that it was ignored.

Defend your firm

If the regulator finds breaches and deficiencies, you can defend your firm against the findings.  Robustly advocate your case, proving it with facts and evidence, showing all mitigating factors, showing if the customers or investors have been redressed, showing if you have improved your surveillance to ensure that the breach does not recur, showing that your firm has not been negligent or reckless but has acted with judgement where different firms may come to different conclusions with the same established facts.  If the rule in question has not established clearly an obligation e.g. it state “the firm should” rather than “the firm must”, then show that you acted reasonably in the absence of a set legal standard.  Show that you had consistently sought help, advice and guidance from the regulator on the issue or you have relied on independent external legal advice on the issue -the regulator may be lenient with your firm.  Defend your firm if findings are based on inaccurate information or the penalty is unduly harsh or disproportionate. Show that the breach or violation will not pose significant risk to customers or investors or to the confidence of the market and the financial system.

Conclusion

A good book for compliance officers to read is “Essential strategies for financial services compliance” by Annie Mills.  You need to have skills of professionalism, commercialism, leadership, communication, passion, customer focus and accountability.  So long as you are very comfortable with managing change, problem solving, decision making, planning and organising, you are well on your way to being a dynamic and highly effective compliance officer.