Gearing up for the FSA - the compliance controls which will be needed

Gearing up for the FSA - Simon Morris looks at the compliance controls which will be needed

The introduction of the Financial Services Authority will mean that the financial services industry is faced with a new regulator, and new rules. The new regulator will undoubtedly bring a fresh approach to the interpretation of those rules. One of the most important elements of the FSA's early pronouncements has been its emphasis on the expectation that regulated firms will be "compliant". Whatever the eventual rules which govern the carrying on of financial services may be, firms will be expected to have a "compliance culture" which means that everyone within an organisation will be working towards fulfilling the new regulator's criteria.

This article examines the exacting modern compliance standards which the regulators will require.

What is compliance?

Compliance is the documentation and enforcement of procedures by a company which enables it to comply with applicable rules and to achieve best practice. Regulators are increasingly looking beyond the strict wording of their rulebooks to see whether a firm conducts its business in accordance with procedures and standards generally applicable in the market place. Indeed, in some cases those rules are specifically drafted to force firms to pay regard to market practice.

Why is compliance important?

There are three main reasons why compliance
is important:

• Compliance is an essential requirement of the market. Increasingly, customers are asking to see copies of the latest regulatory reports on firms before agreeing to deal with them. Regulatory censure may also lead to a fall in confidence and a decline in business.
• Being a compliant organisation is good business practice. It will mean that a firm provides the correct service to the correct clients, minimising complaints and increasing its chances of efficiently transacting business.
• Last, but not least, the FSA will require it.

What will the FSA focus be?

The FSA will be looking for four particular aspects of compliance:

• Systems and controls In every aspect of a firm's business, from client money to customer complaints, the FSA will expect firms to have suitable systems and controls. It is essential that these procedures are documented - all too often, anything which is not in writing may as well not have happened.
• Compliance in administration The FSA will be as interested in the back office procedures of a regulated firm as it will in the sales processes. The FSA is expected to look increasingly at the quality of administration as indicative of whether a firm has a compliance culture.
• Role of management Howard Davies has already made it clear that the FSA will pick up where the SIB left off, and insist that the senior management of a firm takes a responsibility for that firm's compliance performance. Only if a firm's senior management is genuinely interested in running a compliant organisation is it likely that a "compliance culture" will permeate that organisation.
• Compliance function The FSA will insist that at the heart of any firm's compliance culture is its compliance function. Both the compliance officer, and the compliance staff, must be fully trained before they can be effective.

The aim of each firm should be to comply with these four
areas of the FSA's focus, and if a firm can do so then it will be able to show
its regulators that it operates in a strong control environment.

What must you do?

• Operate competently Most importantly, in order to be compliant a firm must operate competently. This means that it must obey the FSA's 10 Principles, in particular those relating to Integrity (Principle 1), Skill (Principle 2) and Organisation (Principle 9). If a firm organises and controls its internal affairs, keeps proper records, ensures that staff are suitable, trained and supervised and has well defined compliance procedures, then provided that it acts with skill and integrity it will be likely to be a compliant organisation.
• In accordance with procedures A compliance department should consult with business areas in order to ensure that it is drafting procedures which are workable and which truly relate to that firm's business activities. Once the correct procedures have been established, they should be documented so that staff can easily follow them.
• Which are monitored The compliance department should visit branches as well as head offices, and seek actual evidence that procedures are not only known but are followed. This could be by carrying out random sampling or on-the-spot checks.
• Effectively A firm should ensure that every area of its business is properly understood, as the FSA will increasingly look at the "big picture". Compliance procedures will only be truly effective if they are monitored thoroughly. The cross referencing of monitoring information may be important. For example, an unexpectedly high number of complaints in a particular area, such as charges, might indicate in another area of a business that charges are not being properly explained to customers.
• Obtaining change when necessary If monitoring suggests that changes to procedures are necessary, then compliance should issue a clear report to this effect and ensure that correction is swift. In addition, the FSA is unlikely to be lenient on firms that do not carry out an early revisit to check that the requirement for change has been properly understood, documented and implemented.
• With management support The FSA will insist that management fully support the compliance department. It is unlikely to be impressed with management structures which require the compliance officer to report to the senior management through a Byzantine reporting structure. However, if the compliance department have easy access to, and the support of, senior management then they are likely to be viewed by the FSA as far more effective.
• And with compliance as an influence throughout the firm The FSA will want to see a compliance department which fits in with other departments within a firm in formulating its policy. Getting sign-off from the compliance department for new initiatives should be seen as equally important as checking with legal or marketing departments that a particular policy development is appropriate.

If the above guidelines are followed, then firms should benefit from a virtuous circle whereby the senior management, line management and the compliance department communicate with each other and work harmoniously to constantly improve a company's business. The better the communication, the less likely that compliance errors will occur and the stronger the compliance culture will become.

Conclusion

An effective compliance function will act competently, be fully staffed and ensure that adequate procedures are properly implemented. It will benefit from management support, an effective reporting line, and have staff co-operation throughout the firm. In this way, a "compliance culture" can truly be said to exist through a firm.

If such a culture does not exist, then the consequences may include rule breaches, regulatory investigations, enforcement proceedings, discipline and ultimately bad publicity and loss of business. Compliance is good for business, and will receive regulatory approval. The FSA will be tough on poor compliance, and will rightly see senior management as the cause of poor compliance.