, compliance culture
, corporate governance
, thematic visit
Having worked in the financial services industry for over 13 years I can see that risk, compliance and internal audit play a fundamental part in good governance. However in many organisations these functions are split, do not interact and all cite their reasons for remaining independent. Does this mean that there is a flaw in this attitude, as they should work together?
There are a number of areas to examine before we get to the role of ‘compliance’.
The question of culture must be determined by the firm, acknowledged by the regulator during a thematic/ARROW visit and then implemented by senior management. There should be a risk-based approach to regulatory issues and a ‘comply or explain’ culture, based on good-practice.There are certainly cases presenting themselves in which senior management are not taking these issues seriously enough, and are not putting in place systems to ensure that the information they are presented with is sufficiently objective.
In my experience I can also say that within firms, staff and executives are trained on a regular basis and the emphasis on CPD for professional development is still a requirement for practitioners to strive for in their respective functions. This training is usually performed by compliance and HR teams. What is not so clear is how many non-executive directors go through any training and competence requirements. Who is monitoring their progress?
The classic example is when asked by the regulator what are the main risks to the business, different risks are cited by different non-executive directors. This immediately sparks an enquiry by the regulator as to why there is no common ground in relation to risks at the firm. It is also common for CEOs to be people who may exert a lot of pressure on the board to persuade them to their way of thinking. The non-executives could be paralysed by the infectious, bullying tactics that CEOs may wish to command in the boardroom, so in effect little “challenge” is made. This is why the minutes of board meetings are often requested by the FSA prior to an ARROW or thematic visit - in order to assess these “challenges” and whether they exist or not.
Recent events have put the focus on shareholders to ensure their companies are properly run. Shareholders can sometimes be oblivious as to what is actually happening at a firm, focusing solely on share prices and dividends. Maybe shareholders need to have more of an input if overall standards of governance are to be improved.
So, finally, we need to ask ’how can compliance assist in the quest for better corporate governance?’ This is inherently linked to the question, ’ how much importance we are placing on compliance?’
I believe that compliance should be at the forefront of the business and be the sole contact for the regulator. Compliance staff should sit on board meetings regardless of the size of the firm. Compliance must have the status and power to challenge any discussions that are contrary to the regulatory ethos, to be able to determine whether the firm is compliant and to ascertain that customers are being treated fairly.
Compliance staff are the professionals. With their controlled function status they are the central point of oversight, whom the Regulator has approved to control all regulatory issues on their behalf.
Compliance professionals should have the status, knowledge and voice so need to be taken more seriously. Compliance must be given a free hand to advise the firm as it is their integrity, honesty and attitude that will make the difference.
Marek Kubiakowski is an ICA Professional Member and Managing Director of CPMXK Consulting Services Limited.