Principles-based regime is double-edged sword, says compliance
A spokesman for the regulator said: "Senior management has told us it wants principles, which is behind the emphasis on risk-based decision making. Compliance officers want rules and it makes the industry seem 'schizophrenic'." But the divide can vary and may not always be that strong, he added.
Senior managers are more in step with compliance officers than it may appear, a senior compliance officer for a bank said. "Managers pay lip service to a principles-based regime but know they are accountable if a risk-based decision goes belly-up. The reality is that they want hard and fast rules."
Jamil Choudhry, anti-money laundering policy adviser at the FSA, recently described the risk-based approach as a "thinking man's game". "Firms feel compelled to be over-conservative because they fear that if they follow the risk-based approach, the FSA will challenge their judgement in hindsight. I say that a firm should have documented decisions and, if its systems and controls are effective, enforcement action is unlikely."
Matters of principles
Lawyers claim that a principles-based regime can enable the FSA to bring an action where the rules do not exist. Philip Rubens, partner at Stephens Innocent, said: "By looking at a number of final notices, the FSA has relied on principles to take disciplinary action in areas where it has not found a breach of a specific rule."
A partner with another City law firm noted that the FSA's fine against Morgan Grenfell & Co in April 2004, for breaching FSA principles in a client's programme trade, was not based on rules but on principles six and eight. "The FSA must base its case on something. If it is not on principles, the FSA might have far more rules."
It is senior managers who have their heads on the block, a compliance consultant noted. "The risk-based approach is great in theory, but it relies on a huge train of trust. It depends on managers not coming down like a tonne of bricks on subordinates who might get it wrong."
One senior compliance officer said that resistance to risk-based management was coming from the top. "The regulator is looking for a conscious effort in firms to move towards the risk-based approach but it is difficult to get this across to management. They don't want liability to come back on them."
Compliance must sometimes put its foot down and say, "This is my interpretation," one official said. "It's easier if you can link it to something else being done." Some consider compliance as detrimental to their business objectives but ARROW visits rely on it as a control centre, he added.
Clear competence
Lloyds TSB recently conducted an internal survey on the important competence areas in compliance, said Garry Monksfield, head of regulatory compliance at the bank. "A clear competence is to understand the business. Without it, you cannot be a compliance officer."
Compliance must also understand the broader world of financial services, Monksfield said. "People in top positions within firms are not necessarily from a financial services environment, but may have worked on the retail side."
With a broader view of the business, compliance officers could take a more strategic approach, Monksfield said. "They are doing a lot of fire fighting. If they think more strategically, it should add value and profits."
The risk of making wrong decisions is reflected in a compliance officer's salary, according to Victoria Scott-Villars, who heads up the legal and compliance team at Principal Search, an executive search firm. "The role of the compliance officer is more exposed than it was, and it has a higher profile. This may lead to the perception that it has become more difficult, but I don't think that's the case. There are more consultation papers and UK and European regulation, and the job has perhaps become more onerous but there has always been judgement required."
How much judgement is required depends on the individual compliance officer's role, Scott-Villars said. "Compliance officers at a high level are required to interpret rules rather than just apply them in a blanket fashion. You can either do it or not: it is a matter of personality, skillet and flexibility."
Interpretive skills
People in advisory roles need to develop more interpretive skills than those in surveillance, and some compliance officers can only work successfully in one or the other, Scott-Villars said. "In surveillance you are looking at facts and figures, and determining whether there has been a breach. If you are in advisory work, you are looking at new products, and this requires more in the way of creativity and judgement."
Compliance can add value in preparing for regulatory visits, according to Monksfield. "We can find out what regulators really want from the organisation, and ensure that information goes to key areas. To develop solid ideas before meeting with the regulator is essential. There is no such thing as an informal meeting with the regulator."
Policies are an area on which the FSA is keen to focus, according to Monksfield. "We all have to go through hundreds of pages of consultation papers. Compliance can add value in identifying key areas through a structured approach."
Benchmarking of risk indicators is another challenge for compliance, Monksfield said. "We've got good risk indicators on what happened, but we need it on what will happen. Management is very interested because this helps the bottom line."
There is a lot of focus on outcomes, and this drives the risk-based approach, with an emphasis on systems and controls, Monksfield said. "You should have a buffer zone. There's a real danger that you will go on what the rules require."