To the uninitiated the Compliance officer is an alchemist who from his Compliance Monitoring Programme (CMP) allows a licensee to reach a gold standard. It is essential that a licensee understands their status in the regulatory framework and environment at anytime in order to protect client, investor and themselves. What are the elements of this dark art of compliance monitoring? How can such a programme assist a licensee achieve a gold standard without the process becoming resource and cost intensive?
From the recent Guernsey Financial Services Commission (GFSC) industry presentations there was a theme running through that for Boards to achieve high standards of Corporate Governance and regulatory compliance had to be aware of the risks that they faced. The detecting of breaches of regulation needed to be identified at the earliest opportunity and appropriate action taken to remediate. The tool to identify the risks and detect the breaches is the CMP.
The Jersey Financial Services Commission (JFSC)has released this week a “Dear CEO” letter that details the benefits and requirements of an effective CMP. Though there are many documents and articles on how to create an effective Compliance Monitoring Programme though I believe the guidance as issued by the JFSC would benefit any licensee in Guernsey.
The Compliance Officer when undertaking the creation or review of their CMP must ensure that all the applicable rules and regulation that the licensee must be compliant with are identified. The controls of the licensee then need to be matched to these rules and the regulations. It is essential that a licensee can evidence that they can manage the risk of non-compliance by having suitable controls that meet its identified regulatory framework.
The Compliance Officer needs to assess the impact and the probability of non compliance with the regulatory framework. From this assessment the frequency of testing the licensee’s controls to the identified regulatory framework can be established. It goes without saying that what is assessed as high impact and has a high probability must be reviewed more often, allowing the Compliance Officer to effectively place resources to the risk of non-compliance.
It is essential that the Board review the CMP and if satisfied of its suitability formally adopt it. The Board should periodically assess the suitability of the programme to its applicable regulatory framework to ensure its continued suitability.
In undertaking the monitoring process utilising the CMP the Compliance Officer must not place over reliance on verbal assertions, reports or assurances from other business units. The Compliance Officer must find the evidence that the controls are satisfactory and that the applicable regulatory framework applicable to the licensee is being met. The findings of the monitoring must be recorded and the supporting evidence to the findings documented in the CMP.
The results of the CMP findings must be reported to relevant persons at the Licensee and also the Board. The findings must be presented to the Board and relevant persons in a concise and effective manner confirming the compliance status, areas where enhancements are required and the details of any remedial actions. This will allow the licensee to assess and consider where areas of non-compliance are identified the seriousness of the non-compliance, remedial action to be undertaken and whether the GFSC should be notified.
The CMP process is cyclical allowing the effective monitoring and risk based monitoring while adapting to the changing regulatory framework. The CMP helps to establish a culture of compliance and assists in providing the gold standard that any client, investor or regulator will want to see. Not necessarily a dark art but one, when done well will certainly add value to any licensee while providing comfort and assurance to any board allowing them to continually work to a gold standard.