Gearing up for the FSA - Simon Morris looks at the compliance
controls which will be needed
The introduction of the Financial Services Authority will mean that
the financial services industry is faced with a new regulator, and
new rules. The new regulator will undoubtedly bring a fresh
approach to the interpretation of those rules. One of the most
important elements of the FSA's early pronouncements has been its
emphasis on the expectation that regulated firms will be
"compliant". Whatever the eventual rules which govern the carrying
on of financial services may be, firms will be expected to have a
"compliance culture" which means that everyone within an
organisation will be working towards fulfilling the new regulator's
This article examines the exacting modern compliance standards
which the regulators will require.
What is compliance?
Compliance is the documentation and enforcement of procedures by a
company which enables it to comply with applicable rules and to
achieve best practice. Regulators are increasingly looking beyond
the strict wording of their rulebooks to see whether a firm
conducts its business in accordance with procedures and standards
generally applicable in the market place. Indeed, in some cases
those rules are specifically drafted to force firms to pay regard
to market practice.
Why is compliance important?
There are three main reasons why compliance
- Compliance is an essential requirement of the market.
Increasingly, customers are asking to see copies of the latest
regulatory reports on firms before agreeing to deal with them.
Regulatory censure may also lead to a fall in confidence and a
decline in business.
- Being a compliant organisation is good business practice. It
will mean that a firm provides the correct service to the correct
clients, minimising complaints and increasing its chances of
efficiently transacting business.
- Last, but not least, the FSA will require it.
What will the FSA focus be?
The FSA will be looking for four particular aspects of
- Systems and controls
In every aspect of a firm's business, from client
money to customer complaints, the FSA will expect firms to have
suitable systems and controls. It is essential that these
procedures are documented - all too often, anything which is not in
writing may as well not have happened.
- Compliance in administration
The FSA will be as interested in the back office
procedures of a regulated firm as it will in the sales processes.
The FSA is expected to look increasingly at the quality of
administration as indicative of whether a firm has a compliance
- Role of management
Howard Davies has already made it clear that the
FSA will pick up where the SIB left off, and insist that the senior
management of a firm takes a responsibility for that firm's
compliance performance. Only if a firm's senior management is
genuinely interested in running a compliant organisation is it
likely that a "compliance culture" will permeate that
- Compliance function
will insist that at the heart of any firm's compliance culture is
compliance function. Both the compliance officer, and the
must be fully trained before they can be effective.
The aim of each firm should be to comply with these four
areas of the FSA's focus, and if a firm can do so then it will be
able to show
its regulators that it operates in a strong control
What must you do?
- Operate competently
Most importantly, in order to be compliant a firm
must operate competently. This means that it must obey the FSA's 10
Principles, in particular those relating to Integrity (Principle
1), Skill (Principle 2) and Organisation (Principle 9). If a firm
organises and controls its internal affairs, keeps proper records,
ensures that staff are suitable, trained and supervised and has
well defined compliance procedures, then provided that it acts with
skill and integrity it will be likely to be a compliant
- In accordance with procedures
A compliance department should consult with
business areas in order to ensure that it is drafting procedures
which are workable and which truly relate to that firm's business
activities. Once the correct procedures have been established, they
should be documented so that staff can easily follow them.
- Which are monitored
The compliance department should visit branches as
well as head offices, and seek actual evidence that procedures are
not only known but are followed. This could be by carrying out
random sampling or on-the-spot checks.
A firm should ensure that every area of its business is properly
understood, as the FSA will increasingly look at the "big picture".
Compliance procedures will only be truly effective if they are
monitored thoroughly. The cross referencing of monitoring
information may be important. For example, an unexpectedly high
number of complaints in a particular area, such as charges, might
indicate in another area of a business that charges are not being
properly explained to customers.
- Obtaining change when necessary
If monitoring suggests that changes to procedures
are necessary, then compliance should issue a clear report to this
effect and ensure that correction is swift. In addition, the FSA is
unlikely to be lenient on firms that do not carry out an early
revisit to check that the requirement for change has been properly
understood, documented and implemented.
- With management support
The FSA will insist that management fully support
the compliance department. It is unlikely to be impressed with
management structures which require the compliance officer to
report to the senior management through a Byzantine reporting
structure. However, if the compliance department have easy access
to, and the support of, senior management then they are likely to
be viewed by the FSA as far more effective.
- And with compliance as an influence throughout
The FSA will want to see a compliance
which fits in with other departments within a firm in formulating
policy. Getting sign-off from the compliance department for new
should be seen as equally important as checking with legal or
departments that a particular policy development is
If the above guidelines are followed, then firms should benefit
from a virtuous circle whereby the senior management, line
management and the compliance department communicate with each
other and work harmoniously to constantly improve a company's
business. The better the communication, the less likely that
compliance errors will occur and the stronger the compliance
culture will become.
An effective compliance function will act competently, be fully
staffed and ensure that adequate procedures are properly
implemented. It will benefit from management support, an effective
reporting line, and have staff co-operation throughout the firm. In
this way, a "compliance culture" can truly be said to exist through
If such a culture does not exist, then the consequences may include
rule breaches, regulatory investigations, enforcement proceedings,
discipline and ultimately bad publicity and loss of business.
Compliance is good for business, and will receive regulatory
approval. The FSA will be tough on poor compliance, and will
rightly see senior management as the cause of poor compliance.