With an increasingly full and complex in-tray, a challenging operating environment, how do you plan to reinvigorate your compliance teams and programme as we come out of lock-down and start the staggered return to a new workplace normal?
What does the post-pandemic regulatory environment look like?
- Regulators (including the PRA and FCA) have rightly been focused on financial stability, firm’s operational and financial resilience, market integrity and ensuring customers are treated fairly during the coronavirus crisis.
- Regulators have supported the financial services industry, provided extensive information and guidance to firms on their regulatory duties and temporary reliefs from some regulatory requirements.
- Whilst there were a number of material enforcement actions in 2020, the FCA issued a lower number of Final Notices in 2020 compared with previous years. The amount of FCA fines levied in 2020 were £192 million compared with £393 million in 2019.
- Whether the pandemic contributed to a lighter enforcement agenda in 2020 or whether it was driven by other factors is a matter for debate, but in ERP’s view, firms should prepare for a change in regulatory focus and an uptick in supervision and enforcement activity, particularly where firms are failing to meet their regulatory obligations or FCA instructed remediation and control enhancement programmes.
- Our CCO COVID Survey in October 2020, highlighted a number of practical challenges and concerns in maintaining proper standards of compliance. These included:
(i) a concerted focus on run-the-bank compliance controls impacting change delivery and control remediation programmes leading to project ‘drift’ and elevated regulatory risks;
(ii) the loss of face-to-face contact impacting information flows and relationships which are an important component of an effective compliance programme;
(iii) recognition that conduct and control risks by ‘bad actors’ are multiplied by remote working; and
(iv) concerns over pandemic fatigue impacting employee wellbeing and health compounding capacity and resourcing constraints.
- From speaking to our industry contacts, these issues and concerns remain as we start 2021 and many compliance teams remain under significant resource and budgetary constraints.
- As the industry rebounds post-pandemic, the regulatory focus will change. It seems to us, that for many firms, the pandemic will have put many compliance functions under significant stress and the risks to firms of non-compliance are on the downside and there is a need to reinvigorate compliance programmes and catch up where activities have fallen behind.
- We have a new FCA CEO, Nikhil Rathi who is in the early stages of his tenure. The FSA failed to detect and prevent a number of material regulatory failures which contributed to the creation of the FCA (eg LIBOR, FX, Derivatives mis-selling). It’s highly unlikely the new FCA CEO will want to see a repeat occurrence and major firm regulatory failings on his watch. Time will tell how well firms have performed from a control perspective over the last year and whether there has been misconduct in certain quarters? Key overseas regulators, such as the SEC and BaFin, are also likely to have an increased agenda following political change in Washington and fallout from the Wirecard scandal in Germany.
- The EU Covid Vacine debacle was a warning from outside the financial services industry that the post Brexit relationship with EU will not be easy to navigate. The ERP view is that “equivalence” regulatory discussions are fraught with risk both from the European and UK side. London-based Chief Compliance Officers with a post-Brexit expanded European remit, need to remain vigilant on changes to regulatory requirements that mean post-Brexit operating models (eg back-to-back bookings) quickly become out-dated. An inability to travel to European hubs on the continent increases operational and regulatory risks for firms.
- Post-MIFID 2 and post-Brexit, many UK compliance teams have been downsized and resources moved into other EU locations or international centres of excellence. There has been de-layering within the compliance management ranks, leavers have been replaced with more junior staff which drains SME and organisational expertise and experience within teams at a time of significant stress. The compliance risks are not decreasing in 2021, if anything we think the risks of non-compliance are on the increase.
How can you take practical steps to reinvigorate your compliance teams, compliance programmes and catch up where you have fallen behind?
- Take stock: Look in the rear mirror and critically assess whether you fully delivered your 2020 compliance programme. Be honest, be transparent. Few firms will have survived 2020 without some compliance programme slippage, processing backlogs and a reduction in planned compliance activities. Many of the pre-pandemic priorities have not gone away and need renewed focus: the LIBOR transition programme (some timing relief but the fundamental challenge remains), conduct risk (both new risks arising from remote working but also the “traditional” conduct risk themes) and communications monitoring (the Gamestop episode highlights the power of social media so firms should be looking carefully at how they are monitoring use of social media and other communications challenges in their own environment). Financial crime risks remain front and centre, sanctions risks are increasing particularly under the new US administration, corruption is back in the news with the Benny Steinmetz conviction in Switzerland and Trump’s concessions to Dan Gertler. Firms need to ensure that EMEA Compliance programmes are operating in an integrated way but appropriately organised given the sharper, post-Brexit bifurcation of activities and regulation in the absence of any EU equivalence decision in favour of the UK. Reset expectations with your firm’s senior management and governance bodies, be clear on the compliance challenges and ask for resources and other support when required. Ensure you also focus on areas where temporary relief has been granted by the regulators as temporary relief is just that, “temporary” and regulators will focus on such areas during future regulator supervision and visits.
- Use the return to normal work routines to reset your programme and raise the bar: The OCC’s recent US$400 million fine against Citibank related to deficiencies in enterprise-wide risk management, compliance risk management, data governance, and internal controls is a stark reminder that even the world’s biggest banks don’t always get things right. Citibank is required to make enhancements in a broad range of fundamental core compliance components which include:
- Establishing roles, responsibilities and accountability for compliance in front line business units and compliance;
- Improvements in policies, procedures and control systems to measure, aggregate and limit regulatory compliance exposures;
- Enhancements in independent monitoring and testing to provide credible challenge;
- Improvements in compliance information systems, compliance training and compliance escalation protocols.It would be prudent to complete a ‘Read-across’ exercise (ideally by an objective independent compliance practitioner) to ensure your organisation is not exposed to similar failings. Use this as an opportunity to recalibrate your compliance programme to address existing and new compliance challenges (eg maintaining control in a remote working environment, really embracing compliance technology, ESG governance and control, cloud-based technology, new communication tools and platforms etc). You should also be having a thorough look at 2020 Compliance Risk Assessment results. For many firms, the compliance risk profile of the organisation will be different at the end of 2020 as compared 2019.
- Inject flexible SME capacity: in the absence of new FTE permanent headcount, the only way to inject capacity is to leverage external resources. Notwithstanding the dislocation in the compliance contractor / regulatory consulting market caused by the impact of IR35 and the conservative approach to implementation adopted by many firms, there is a deep pool of highly skilled compliance professionals who can inject immediate capacity into your team focusing on execution and delivery without the distractions of day-to-day run-the-bank compliance.
- Get ahead of audit or regulatory inspections: if you are likely to come under audit scrutiny in 2021 or be subject to a specific regulatory inspection, get ahead of the game. Leverage external compliance SMEs to focus specifically on audit or inspection preparation, tyre-kick your controls to root out potential non-compliance issues. Better to self-identify issues rather than be told by Audit and Regulators that you have a problem.
- Lobby for new NEDs with compliance and conduct expertise: Having senior compliance expertise on your Board can only be a positive development and support your agenda. Senior Compliance Officers bring a wide range of leadership, commercial and risk management skills (beyond their compliance expertise) to the Boardroom and adding additional Compliance and Conduct expertise to your Board will strengthen your team and pay regulatory dividends.
- ‘Administer the antidote to disillusionment: Bounded optimism!’: A recent by McKinsey & Co (Overcoming pandemic fatigue: How to reenergize organisations for the long run), discusses ideas for re-energising organisations post-crisis and the role of senior leaders. There are no easy answers! One specific point resonated, and which is an essential compliance leadership trait, “leaders should act with bounded optimism; that is they need to display inspiration, hope and optimism that is tempered by reality and help their people make meaning out of the circumstances by creating an understanding of what’s happening, and what responses are required”. There are a broad range of effective compliance leadership styles but as we emerge from look-down adopting an optimistic approach seems like good advice to us.
How can ERP help you?
- We provide our consulting clients with access to our extensive network of senior regulatory specialists. This network stretches back well over 20 years and offers to our clients individuals who have worked at investment banks, private banks, brokerages, asset managers, regulators and consulting firms.
- Our team of consultants can provide tailored consulting assignments on a wide range of compliance technical disciplines and specialist areas. All engagements will be managed by a former Compliance Managing Director to ensure quality of service and execution.