Corporate Governance

F1- Team Guernsey

Sara Barclay Compliance Monitoring, Corporate Governance , ,

Singapore F1The excitement of the Singapore Grand Prix has only be heightened by the restriction on what information can be passed to the Drivers. This addition to the regulations has come about as a result of what the fans and the controllers of Formula 1 believe is the driving of the car from the pit wall rather than the Driver actually driving and racing. To me, though the cars are complex, it is the Drivers who have the best perspective and the feel of what is going on around them in order to make the winning or best decisions, as we saw with Hamilton in Monza, who then capitalised on the situation and went on to win the race.

I don’t think it can be questioned that Guernsey is racing in the Formula 1 of Financial Centres globally, or that it has developed a high standard of regulation to be adhered to, while flexible enough to allow businesses to develop and have an advantage over other competing jurisdictions. One of the concerns that I am spoken to about and have previously posted on is whether the Directors and Partners of our Financial Service Businesses are becoming controlled by Compliance Officers and departments, and that essential business decisions are being curtailed and taken out of the hands of these Drivers.

The Board or Partners of a business must work to achieve the aims and objectives that have been set down. To do this they must obtain suitable and sufficient management information to assess whether opportunities are able to be taken. This information does not just come from the compliance department or officer but from a whole host of potential reports from committees and operational units.  They are listening, analysing and digesting all this information in much the same way that a racing driver pre-race will do with his team.  The strategies will be discussed and engineers and technicians will provide reams of information to allow the drivers to realise their strengths and weaknesses and those of the opposition. Drivers must also be aware of the regulations and where the track limits are and what is acceptable and what will be punished and penalised.

It then comes down to the race. Though the reports from the data sources are important to the team and must be continually analysed to ensure that the engines and electrical systems are performing as well as identifying and managing potential issues as they happen. The most important feedback though comes from the Drivers, who feel the track, the car and can see the tyres and the degradation, while eyeing the competition, corners and hazards.  The Directors and Partners are the drivers seeing through their visors the race as it develops, more than a compliance officer, the operational staff and support services, who remain in the pits or the pit wall, working hard behind the scenes and preparing for any eventuality that may occur and ensuring the strategy remains on track. This is why there is a need to have effective management information that is relevant, short and succinct for the Drivers who are racing.

At the end of the day it is up for the drivers to decide how to use the information they receive, some will push too hard and end up in the barriers, blow their engines or destroy their tyres. Blowing the engine or planting yourself into a barrier ensures that the race is over and for a financial service business it potentially means a total rebuild of the business, legal expenses and a loss of reputation. If the Directors or Partners act recklessly or with a cavalier attitude why would an investor or customer place their money or assets with the business? Destroying your tyres means that the driver can continue the race but they will be slower and need to pit stop more, allowing the competitors to seize the advantage, potentially the sponsors as well if the poor performance continues.  We have already seen this year in F1 how sponsors and investors have left or sold their holdings as well as the threats of doing so due to legal proceedings relating to the sport.

By over controlling the drivers or providing them with excessive information or information that is not succinct there are two possible outcomes.

  • The Driver cannot race effectively and take advantage of the opportunities as they arise with the potential of not seeing the hazards ahead or;
  • The Driver does not understand the severity of what they are being told or chooses to ignore the information, acting recklessly they or the team are penalised.

For the Directors and Partners this has the potential of substandard performance to potential legal and regulatory action against them and the business.

2014 SingaporeAs Sterling Moss said before the 2014 Singapore Grand Prix “to win the race you must be the first home”, and to do this the Drivers must have the freedom to race while also respecting the information that they are receiving. For any Director or Partner to have the right information delivered at the right time will assist them in driving the race to their full potential and to bring the race home, while minimising regulatory and legal exceptions or issues that may inhibit them being the first home. Drivers need to have the trust in their teams to continually advance the car to the changing regulations.  The team must provide the Driver with appropriate and effective information so that they can run to the regulations.

The trust developed between the compliance function as well as the other functions of the Business with the Directors and Partners is essential and will assist in the development of the business and the achieving of the Businesses aims and objectives in and effective and efficient manner. Undoubtedly in any season there will be set backs, but for any Driver to have trust and respect of their team reciprocated means that these setbacks can be overcome, potentially without detriment to their championship hopes. Most importantly this cohesiveness will allow the team to focus on the future, perfecting their car to ensure that they remain competitive providing the best outcome for their sponsors and greatest potential to win points and achieve the rewards, Team Guernsey must aspire to this.  Failure to let the Driver race can lose you the race or race advantage the same as the Driver not accurately analysing the right information provided succinctly to manage the car.

Thoughts for the week ahead.

Sara Barclay Compliance Monitoring, Corporate Governance

After a great time on or in the Ocean this weekend here are some thoughts for the week ahead.

Thoughts for the Week ahead

Review to your policies and procedures as well as the regulatory framework applicable to your business.

Record and evidence your findings. Where you can not meet the regulations have you thought of the Comply or Explain principle?

Report to the Directors and the Board effectively and accurately.

Remediate areas of non-compliance and put your two cents in to assist the business remediate effectively.

Have fun and most importantly enjoy!

Don’t change for the sake of change!

Sara Barclay AML/CTF, Compliance Monitoring, Corporate Governance , ,

It has been an interesting few weeks with lots of nervous Directors concerned with their compliance functions and wondering what to do in light of the recent Commission’s findings and fines that have been publically issued. What must be remembered is that the Directors are responsible for the compliance function and framework (Chapter 2 of the Commission’s Handbook’s) of their business and not the consultants they may employ.  So what needs to be done?

Don’t Panic! There really is little point in panicking and it will only tend to make things worse. Panicking only creates more fears, which may not be justified in some cases, fear then leads to aggression and that only leads to breakdown in communication. The key in gaining an understanding of what has happened and where your business may sit in the regulatory framework will be down to communication with your compliance provider.

Review your compliance framework. Are you satisfied that you have all the evidence to support the previous findings of your compliance function provided by your consultants? Does their review go far enough and look at all the areas of the regulation that pertains to your business? Are they evidencing their findings suitably to back up their conclusions? At the end of the day your compliance framework is your responsibility and you need to evidence that you are satisfied with it, those that undertake the review role and that you have oversight to control it.

I have previously had licensees who would sit down with me during the year and go through my monitoring programme and how they correlated to the reports I was providing them. The positive was that it gave them comfort and evidenced to the Commission that they had true oversight and control of their compliance framework.

Communicate clearly and calmly. This is important, the oversight review you have done will provide you with questions that you need to have satisfied.  In light of the recent Commission actions and public statement released, you will also need to know the facts of what happened and why it happened as you need to assess if you could find yourself in the same situation of being incorrectly reported to on the regulatory requirements.

Even if your provider was not concerned in the recent Commission’s action you need to ensure that they would not put your business in jeopardy. It is important that from your review you can put any queries or concerns across in a calm manner. Your consultants may be defensive but the discussion needs to be open and honest so you can establish the facts. It is vital that your consultants and/or their management have the ability to constructively deal and satisfy any questions or concerns you may have.

Potential areas to discuss and obtain evidence on. Are you satisfied with the work that has been and continues being undertaken? Do you need to increase the time that the consultants provide to your business? Is the compliance monitoring utilised to assess your business suitable? Do the reports provided to you evidence the review that has been undertaken and do they cover the requirements of the regulatory framework? Are you getting the service that you require and want, remember you are the customer here!

Are the consultants suitably qualified or knowledgeable in the areas pertaining to your business, and have you got the evidence? It is always best to assume that you need enough information to satisfy yourself as you would for any of your employees. Your compliance consultants will be able to provide you with evidence of the consultant’s qualifications and suitability.  I was always more than happy to provide my certificates to licensees as I am very proud of what I have achieved!

Review, assess, conclude and evidence. Once you have the responses to your queries and concerns, you will be in a situation where you can review and assess where your current framework is and where it is going. You may be satisfied that everything is suitable or your compliance consultants are making changes to bring their game up for you and are able to service your requirements appropriately going forward. You may find that it’s time to bring your compliance function in-house wholly or partially, or if you remain unsatisfied you have the option to move to another provider, but do your due diligence.

What is vitally important in your conclusion is that you evidence all of the findings. The Commission will be asking you the questions about your compliance framework, how you monitor and mitigate the risks and are able to ensure oversight. You will be held accountable by the Commission so you need to have the answers and evidence. It’s just good Corporate Governance at the end of the day.

I was approached earlier this week by a Licensee who had just been visited by the Commission. The Commission was impressed that AML/CTF was discussed and documented at their meetings and how this evidenced the oversight and responsibility the Licensee took. One happy Licensee always means one happy Compliance monkey. This shows the power of good minutes and how the Commission view the importance of them in the evidencing of the oversight of the compliance function taken by Licensees.

At the end of the day you do not want to be jumping from the frying pan into the fire. People make mistakes it is whether they can learn from them.  Whatever conclusion you come to will allow you to make the best decision for your business, just make sure that it is clearly evidenced. Don’t change just for change sake!

Diving in to Compliance

Sara Barclay AML/CTF, Business Risk Assessment, Compliance Monitoring, Corporate Governance , , , , , ,

Entering the waterMy weekends are spent reviewing overarching risk assessments and analysing specific risk assessments as well as undertaking the compliance review of policies and procedures, finishing with the review of performance of the systems and controls.  I am not taking work home with me nor am I moon-lighting or taking on further roles, I am though a qualified Diver and a qualified Solo Diver.

Diving can be a high risk pursuit and can lead to death even at shallow depths. My joy and passion is to go deep, exploring wrecks and reefs of the Channel Islands below 30 meters or 100ft and seeing the beauty and fragility of the alien world below illuminated in beautiful colours with its abundance of life.  The chance of swimming to the surface and surviving without any injury after a total gear failure or panic attack are slim at best, at these depths. The choices I make are calculated and risks are mitigated using similar principles that a Financial Services Business (“FSB”) would utilise.

I start every dive season off with an overarching risk assessment, looking at the risk I am prepared to take, what I want to achieve and the factors affect me. This is not overly different to the Anti-Money Laundering and Combatting Terrorist Financing (“AML/CTF”) Business Risk Assessment for any FSB in Guernsey.  My overarching risk assessment is where I look at what I want to achieve and the risks that I am prepared to take in essence what my risk appetite is, and it does vary year to year.

For a FSB the AML/CTF Business Risk Assessment looks at the risks posed by its products and services and its customers. In my case these translate to the types of diving I want to engage in, my planning and who I dive with.  My mitigation of the risks faced would be my diving gear and its set up and my overall health to make the dive.

I then put into action a monitoring programme taking into account my overarching risk assessment.  A full review of my diving gear is essential as is my fitness, this will involve servicing both gear, body and mind and reviewing them on a periodic basis.  This is similar to the provision of management information to the Directors of a FSB. They require to know the state of health of their policies, procedures, systems and controls, to ensure that they are maintained and remain in good condition and fit for purpose in order to mitigate the risks their business face. Knowing that my gear is in good condition and works is essential for whatever dive I do while the health of my body and mind will dictate the dive that can be undertaken safely. Resources must be put to where areas of concern are noted to ensure that the potential for errors or incidents are reduced to a minimum.

drift drivingThen it all comes down to the day, where I undertake a specific risk assessment of myself, the conditions, the type of dive to be undertaken and who I am diving with or if I am going solo. In a sense this is similar to the customer risk assessment that FSB’s undertake for each customer, in order to identify the risk they pose to the FSB and whether the risks are acceptable.

FSB’s by appreciating the risk posed and faced by the customer can decide whether they are prepared to engage in a business relationship with a customer.  In some cases when I have dived I have been satisfied with the risk I face and have dived but I have also be known to decide that the risks are too high or that my systems and controls are not up to the task and have declined the dive or undertaken an easier dive.  I always work on the idea that it is better to be on the surface wishing you were diving then being in trouble under the water away from help and wishing you were on the surface.

Due to the higher risks I take my systems and controls are tailored to me and include as a minimum two independent air cylinders.  I implement my systems and controls by dividing my body in to two halves, one side has computers connected to one cylinder and the other side has old-fashioned gauges connect to my other cylinder, the idea being that should one side fail I can rely on the other as back up.  It also means I can monitor the performance of my systems and controls effectively ensuring that any false readings or dangerous situations are detected early and evasive action taken.

The last thing I do after every dive is to review my systems and controls obtaining data from my computers, analysing this to ensure my policies and procedures remain fit for purpose.  I then assess my overarching risk assessment making changes if required. This has similarities to the quarterly and annual reviews that are done by management and Directors of a FSB to ensure that their businesses are meeting the regulatory framework and mitigating the risks that they face, in essence it’s just good corporate governance.

Diver OKThings do go wrong and no matter how good your policies, procedures, systems and controls are.  I have been in situations where I have had to shut down one side of my systems and controls due to sudden failure of a hose or regulator as well as having to rely on my old-fashioned gauges, watch and mental arithmetic when my computer has failed. It does not come down to luck that I am here writing this but that my risk assessments and planning have taken these situations into account.  My compliance monitoring has reduced these incidents and malfunctions to a minimum and I have put resources to the risks I face ensuring I am suitable trained and able to deal with incidents of this nature.

FSB’s that have a good corporate governance culture, a suitable compliance framework and a compliance monitoring programme that meets their needs and provides the required management information effectively, have in general survived the financial crisis and have adapted to business and regulatory changes with ease.  Where issues have surfaced they have been able to deal with them effectively and/or report at the earliest opportunity where required to the regulatory authorities or Financial Intelligence Unit.

(Pictures by kind permission of Colin Peters)

Briefing note 002- Trust Company Business On-Site Examination Findings from Jersey

Sara Barclay AML/CTF, Business Risk Assessment, Compliance Monitoring, Corporate Governance , , , , , ,

Image

The Jersey Financial Services Commission (“JFSC”) has recently published its 2013 on-site regulatory examination findings in respect of Fiduciary business conducted in Jersey. These findings are pertinent to any financial service business, Compliance Officer and Money Laundering Reporting Officer (“MLRO”) in ensuring that they are adhering to the Guernsey regulatory framework. I believe that key points from the examination findings are as follows:

Evaluation of Suspicious Activity Report’s (“SAR’s”) and reporting to the Financial Intelligence Unit (“FIU”):

  • Delays in the acknowledgement of receipt of an internal SAR to the person disclosing.
  • Lack of detailed investigation by the MLRO to support the decision made.
  • Follow-up action resulting from internal reports not being undertaken or no evidence of follow-up action were noted.
  • Lack of autonomy by an MLRO and the decision to report to the FIU being made by Board rather than the MLRO.
  • Internal reports not being recorded accurately and being overlooked by the MLRO leading to late reporting to the FIU.

Corporate Governance:

  • Board discussions not being fully documented in some instances.
  • Concerns were identified in respect of the Board interaction, reporting lines and the functions of delegated risk committees of cross-divisional functions of a business.
  • Term’s of reference for delegated functions of the Board not being in place.

Business Risk Assessment (”BRA”) and Strategy:

  • Lacking details of the consideration of the following areas;
    • Organisational factors;
    • Jurisdiction of customers;
    • Underlying activities of Customers, including Politically Exposed Person risk;
    • Products and services specific to the business (third parties);
    • Delivery of those products and services;
    • Outsourcing risk to other branches or third parties and;
    • Not separating its BRA assessment from that of the Manager.

Conflicts of Interest:

  • No documented consideration of potential Conflicts of Interest where multiple licences are held and products are provided to customers who are common to both licenses.
  • Consideration and documentation of wider Conflicts of Interests, such as the investment in to customer structures by a Director.
  • Consideration of the risk where a significant shareholder of the business introduces customers.
  • Non-Executive Directors maintaining a direct relationship with a customer.
  • Conflicting roles of Compliance Officers the anti-money laundering function where the individuals also held a primary customer facing role.
  • Consideration of the impact of close staff relationships particularly at a senior level e.g. husband and wife.
  • Policies and procedures for declaring and monitoring were identified.

Compliance Function:

  • Inconsistent attendance at Board meetings by the Compliance Officer.
  • No separate reports in respect of Compliance and the anti-money laundering and combatting terrorist financing (“AML/CTF”) function.
  • Reports not containing the following;
    • Regulatory updates;
    • Progress of compliance monitoring;
    • Updated position on compliance registers, and;
    • Information on periodic reviews and accounting records.
  • In some cases there was a lack of documenting of matters brought to the attention of the Board.

Compliance Resourcing:

  • Back logs in periodic review cycle.
  • Delays in compliance monitoring
  • Not undertaking action in respect of regulatory updates.
  • Out of date policies and procedures
  • Ongoing projects and remedial work not completed.
  • Concerns in respect of the investigation and determination of SAR’s.
  • Meeting the day-to-day requirements of the compliance role, where the Compliance Officer or MLRO held other roles within the business.

Compliance Monitoring:

  • Compliance Monitoring Programme’s (“CMP’s”) task orientated rather than a schedule of testing of the operational procedures.
  • CMP’s not being seen or approved by the Board.
  • Ineffective reporting of the progress or completion of the CMP and of the remediation of compliance findings.
  • Compliance testing of the areas of the business lacking in detail.
  • Ineffective mapping of the business to the regulatory framework.

Business Acceptance Systems and Controls:

  • Procedures not being specific regarding the prescribed due diligence required for higher risk customers and business relationships.
  • Undertaking transactions prior to the acceptance of the customer by the Business.
  • The delay of obtaining verification documents and undertaking risk rating prior to the undertaking of customer transactions.

Customer Risk Management Systems and Controls:

  • Customer risk assessments not capturing fully the risks associated with customers or as detailed by the regulatory framework.
  • Customer risk assessment not capturing the risks identified by the business in the BRA.
  • Customer risk assessments not taking into account adverse information identified on the customer.
  • Weighting scores for risks not being appropriate to elevate overall the risk to high where required.
  • Lack of guidance to assist staff in the completion of the customer risk profile.

Customer Profile

  • Vague customer profiles not capturing the expected pattern and frequency of expected transactions.
  • Customer information held in various places rather than centrally.
  • Where the rationale for the business relationship was recorded as tax planning or mitigation, Licensee’s did not hold the relevant tax advice.

Politically Exposed Persons:

  • PEP’s being declassified contrary to the regulatory framework.
  • Immediate family members and close associates not being designated as PEP’s

In conclusion Licensees and the Boards must ensure that they have up to date compliance procedures, their functions are staffed and resourced appropriately and ensuring that they have suitable and sufficient management information for their compliance status being provided in a timely manner to them.  The role of the MLRO is coming more into focus with Regulators especially its assessment by the Board.  The MLRO function needs to be adequately resourced with a suitable and autonomous person, it is my opinion that this role will become more of a focus of regulatory visits and evidence of its review and suitability will required to be documented.  I would always advise that a separate compliance report and MLRO report is provided to the Board to ensure that matters are easily identifiable to the Board.  Conflicts of interest must be recorded and the risks assessed appropriately.   The BRA must take into account the risks that customers pose to the business and also the AML/CTF risks detailed by the regulatory framework and where they are not applicable they should be noted as such. What I believe is the most important finding to come out is, ensuring customer risk assessments and profiles are detailed and maintained ensuring that all risks are covered in the BRA.  I would advise that you assess your business to these findings and if any matters are found a remedial programme is put in place and signed off by the Board ensuring appropriate timescales and reporting is in place.

.

Briefing Note: Jersey Financial Services Commission Onsite Examination Findings.

Sara Barclay AML/CTF, Compliance Monitoring, Corporate Governance , , ,

Compliance monkey

The Jersey Financial Services Commission (“JFSC”) conducted an onsite examination of one of its fiduciary licensee’s which has resulted in a public statement being issued. The findings provide an insight in to the areas that our sister Island regulator is focusing on and the regulatory action they are taking in respect of their findings. I believe that the key points of the onsite examination are as follows;

Anti-Money Laundering and Combatting Financing of Terrorism (“AML/CTF”)

The key points made in respect of the examination of the area of AML/CFT noted the following areas as failure to comply with the AML/CFT regulatory requirements:

  • Out of date CDD.
  • Lack of sufficient evidencing of source of funds and source of wealth.
  • Lack of evidence to demonstrate that CDD had been sufficiently evaluated.
  • Inadequate evidence of EDD having been undertaken on High Risk customers
  • Inadequate evidence of the review of risk assessments.
  • Providing registered office only business and the issuance of Powers of Attorney with little control of the risks and oversight expected to be applied to these products.

 

An investigation was also undertaken into a customer entity that had received funds that may have been connected to a fraud. The investigation found the following matters of concern:

  • Mind and management not with the Jersey appointed Directors but with the beneficial owners.
  • Lack of questioning and properly understanding the activities of the customer entity.
  • Allowing payments to be made by the Customer entity without knowing or assessing whether adequate funds would be available to complete transactions.
  • Over reliance on the ultimate beneficial owners instructions and did not challenge the rationale for acquiring assets.
  • Receiving loans which did not have formal loan agreements and were from entities that had the same beneficial owners.
  • Failing to understand the source of funds through the customer entity.
  • Failing to consider adverse information made available to it regarding the source of funds received by the customer’s entity.
  • Receiving funds without knowledge of the remitter and paying them out the next day.
  • Failing to keep adequate books and records for the customer entity
  • Being re-active instead of pro-active in the management of the customer entity.

 

Breaches of the Code of Conduct of Trust Company Business

The key points that led to breaches of the Jersey regulatory framework and principles for the conduct of Trust Company Business were as follows:

  • Failing to act with skill, care and diligence.
  • Failing to evidence in writing decisions made.
  • Failing to identify conflicts of interests.
  • Failing to ensure adequate review procedures were implemented to monitor Trust Company Business.
  • Failing to maintain adequate internal systems and controls.
  • Failing to exercise an adequate level of Corporate Governance.

These failures led to remedial action having to be implemented as follows:

  • Directors stepping down and the appointment of new local Directors and a new Non-Executive Chairperson.
  • Review in conjunction with an external resource of the processes and procedures of the business to effect changes to strengthen its systems and controls.
  • Initiation of a review process of customer files to remedy customer due diligence deficiencies.
  • Remediation programme has been put in place to rectify issues identified by the investigation.

In conclusion I believe that a robust compliance function and a compliance monitoring programme encompassing the regulatory framework would have alerted the business to its deficiencies and assisted in the evidencing of areas of concern that required remedial action that were subsequently identified by the JFSC .  I recommend that the points raised are taken in to account in any Financial Regulated or Registered Business and assessed against its current compliance framework. If you do find that you have issues of concern or that you cannot adequately evidence compliance to the regulatory framework my advice is to form a remediation plan and inform the Commission as soon as practical. A problem shared is a problem halved, I cannot give any guarantees that you will not face regulatory sanction but being open and honest has the potential to reduce or negate the use of regulatory sanctions, as William Mason Director General, mentioned in his December 2013 address to the Industry.  If the regulator in our sister Island is looking at these areas I believe that the Guernsey Commission will also be.

Part of the Problem or Part of the Solution?

Sara Barclay Compliance Monitoring, Corporate Governance , , ,

Image

One of the great things about compliance is that you get to assist licensees in creating and maintaining a suitable compliance framework. It is not just about meeting the regulatory requirements, part of the role is to also make a compliance framework that is suitable to also achieve the aims and objectives of the licensee’s business. I have worked as a compliance consultant, compliance officer and MLRO in the Regulated, Prescribed and Registered sectors of our financial services industry and each Licensee I worked for or provided advice to, was unique in its aims and objectives as were their products and services. For a Licensee to be successful in their business, aims and objectives as well as adherence to regulatory requirements, make up a bespoke compliance solution.

We are in an ever-changing business and regulatory climate, it’s not just the rules and the regulations that are changing but the approach the Commission takes in its supervision to Licensees. This leads to a real business problem for Directors in ensuring that their business meets the requirements and expectations of the Commission as well having to meet its own business aims and objectives. Compliance professionals can assist Licensees through their greater exposure to changes in industry practice and their exposure to the Commission and an understanding of the current supervision expectations. It’s really a no brainer having a compliance professional on tap and this will take away the worry of ensuring you are meeting the regulatory requirements and expectations while having a compliance framework that meets the aims and objectives of your business, or is it?

Having worked in many sectors of our financial services industry undertaking various roles to do with regulatory compliance and anti-money laundering and countering financing of terrorism does not mean that I am the font of all practical or theoretical knowledge in this area to be paid homage to and worshipped, I can assure you all I am not always right! Like everyone I am strong in some areas, adequate in others, and weak in a few (well maybe one or two). I always ensure that anything I undertake is something I can do well, and I believe it is refreshing to Directors when I turn round and tell them that what they are asking is out of my remit and refer them to compliance professional’s or experts who is more suitable. It is what compliance professionals and experts are there to provide isn’t it?

For compliance professionals contracts are their bread and butter.  This can lead them to grab everything that comes their way, with potentially their financial security coming at the expense of the quality of service and relations with a Licensee.  There is also the potential to obtain contracts for the financial security of the compliance professional rather than the financial best interest of the Licensee, leading to conflicts of interests.  I have previously advised Licensees to keep projects in-house due to the cost involved and more importantly that they were actually best placed to do the work themselves. It was great to be contacted later to be advised by the Licensee that they had decided that they were actually best placed to do the work and offered me a smaller contract which they did not have the expertise to undertake on their own.  Honesty means that Licensees will come back to you and also recommend your services, trust is a currency of the highest value.

Part of any compliance professional’s work is in writing and producing compliance documents and programmes to facilitate the Licensee’s compliance framework. It is all too easy for Licensees, who do not have the necessary compliance expertise in this area to unknowingly engage and pay for an all singing all dancing document that meets the regulatory requirements and some more, but won’t easily facilitate the achievement of the businesses aims and objectives. I once assisted a Licensee on review of the suitability of their compliance procedures that had been previously provided by a compliance professional. Their manual was at a very high level having a multitude of committees and quangos written into their procedures that would not be out-of-place in a global financial institution but totally unworkable for a firm that employed less than ten people locally and had a Board of six directors (inclusive of two employees). Though this document showed the theoretical prowess of the previous consultant, the manual was unworkable for the Licensee’s business and showed a lack of understanding of the regulatory framework. The Licensee had abandoned trying to follow the draconian requirements of this manual and had instead reverted to good industry practice, leading to the corporate governance headache of not following their own procedures. In this case the Licensee ended up paying twice to ensure that they had a suitable compliance procedures for their business.

Unfortunately there are compliance professionals out there who take on business they can’t service or do not have the expertise to manage effectively and/or facilitate adequately. There are compliance professionals who gold plate policies and procedures to impress their knowledge on the Licensee and obviously fail by not tailoring the policies and procedures to the business, leading to further costs being incurred by the Licensee. Unfortunately some compliance professionals negatively portray the Commission as a Vlad the Impaler archetype to scare Licensees into taking on unnecessary work due to potential misunderstanding of the rules or regulations or work the licensee would be best place to undertake themselves.

What can a Licensee do to minimise getting something that they do not require and ensure that they get the service they have paid for? It is all about doing your due diligence and I believe that the following points will be able to help a licensee.

  • Understand what knowledge and qualifications a compliance professional has.  They should be able to provide qualifications and a resume.
  • Get references or speak to previous customers of the compliance professional to get a feel of the suitability of the compliance consultant. The benefits of Guernsey is that it is quite easy to find out about people.
  • Talk to the compliance professional get a feel of their experience and knowledge, are they just about enhancing themselves, are they financially independent and are they interested in actually providing something that will enhance your business.
  • Is the compliance professional informing you as to potential or actual the regulatory issues or are they about scaring you into using their service.
  • Has the compliance professional got the capability and capacity? If it’s a firm is the actual person that will be undertaking work for you qualified, suitable and have the time?
  • Shop around with other compliance professional’s to see what they have to say about the work you need to be undertaken.

At the end of the day it is the Licensee and its Directors who are responsible for the suitability of their compliance framework and adherence to it, the Commission will hold them accountable for any failings regardless of who undertook the work. A compliance professional can be part of the problem if you do not do your due diligence on them or understand the needs of your business but, if you have done your research and you are aware of the requirements that you need to meet, they can definitely be part of the solution in achieving a suitable and sufficient compliance framework that meets the regulatory obligations, expectations and the business aims and objectives of the Licensee.

Diversity in the Boardroom

Sara Barclay Corporate Governance , , , ,

Lloyds Banking Group have committed to diversifying its business dynamics by pledging to make 40% of its senior executives women by 2020.  This good news story has though, been followed up by the news the Women attendees at Davos have slightly decreased, in essence still showing that the female proportion of the world population remains largely undervalued, unrecognised and potentially discriminated against.  Why is it that this amazing untapped natural resource remains under used and underappreciated?

It is well-known that to have a successful business you need to have an entrepreneurial Board that considers the risks faced and applies their collective experience to the issues while individually challenging ideas and mitigating risk.  Diversity in the Boardroom allows a safeguard against reckless behaviour or the undertaking of risk for self-interest allowing entrepreneurial spirit to flourish.  Diversity brings different skills, knowledge and backgrounds allowing the Board to collectively become stronger allowing greater stewardship of a Business whilst decisions and business opportunities can be openly challenged and investigated. With this in mind why is it that there is still a gender gap? Why is the Boardroom still the domain of the male executives in general? Should we go further than gender itself in order to continue to ensure that our financial industry remains at the forefront of the international finance sector and global financial community?

I believe that the reason that the Boardroom remains a bastion of the Male senior executive is down to education, opportunity and succession planning. Without education or equal opportunities the calibre and number of candidates to undertake these roles is significantly reduced. Whilst without the long-term succession planning of a business, education and career advancement opportunities for employees cannot be identified or put in place, this worryingly may lead to potential candidates becoming disillusioned.

Throughout my various roles I have had the opportunity to work with people of all genders and I truly believe that this has allowed me to develop personally for the better and has advanced me in my role as a compliance specialist.  I have always fitted a person to role in respect of knowledge and experience they possess rather than preconceived ideas of gender. I now find myself in a position where some of these people have succeeded in obtaining their goals, some have even surpassed me and this gives me the hunger to continue to challenge myself and achieve. I can’t help but smile at their achievements.

I have been lucky enough to be invited into the Boardroom to deliver my reports and provide advice.  Where the Board has been diversified by gender, I found that they were more confident, open to challenge and discussion. These Boards reviewed in-depth my reports and advice and sought through their individual integrity to collectively come to a decision that benefited the company from a holistic approach of regulation, best practice and the business of the company.

It is unfortunate to say that I have also delivered my reports and advice to Boards that have been male orientated and at times had a stagnant corporate governance culture.  In some of these cases my reports and advice were treated more as hindrance to the business and not considered in-depth due to a lack of challenge by the other Board members.  This has led to regulatory consequences that could have been avoided with the regulator pointing to a failure in corporate governance.  I can’t help but feel sadden by the cost in remedial action and reputation and the personal cost this has caused, due to a lack of diversification.

Though I believe in diversification I am against positive discrimination, as this can unintentionally lead to the achievements of people being discounted and discredited, this serves no purpose but to demoralise the person or a workforce and at worst create distrust and aggression through bullying.  By businesses taking the Lloyds example, over a period of time they can establish suitable practices for education and opportunity for all persons and allowing for successful succession planning to be put in place.  Allowing for people of any gender to be enthused to obtain education and seek challenging opportunities, this can only lead to a better and stronger corporate governance culture.

While the negative connotations surrounding gender must be challenged and put to the annals of history, I believe that the attributes of a person must be considered above gender.  It is often too easy to follow a fashion and rather than enhancing the Board or the Company, you increase the likelihood of a weak or defunct corporate governance system with a greater potential for reduced productivity or business capability, reputational damage and regulatory sanction. It also does not assist in the challenging of gender inequality.

The Board need the best people for the job at hand regardless of gender and we are in times where decisions made by Boards are being challenged by various stakeholders.  There are high-profile cases where failure of a business was down to self-interest, and unacceptable risk taking due to a failed corporate governance framework that could have been avoided by diversification of the Board by suitable qualified and knowledgeable persons, allowing for the challenge of business practices and decisions.

The need for effective reporting at Board level

Sara Barclay Compliance Monitoring, Corporate Governance , , ,

The current financial crisis has brought many failings to the forefront, none more so than the failings of the Corporate Governance framework in businesses. The Corporate Governance framework allows for both business objectives and ethical drivers to be incorporated into a business whilst seeking to protect both the Business, its stakeholders and investors or customers. Are failings in Corporate Governance solely as documented in the newspapers and media reports down to the Board’s greed and disregard for its stakeholders, or was the compliance framework in these businesses defunct by opaque reporting by key functions?

We have been lucky in Guernsey to have been insulated from the crisis at large, but I know from experience and we all know from the Commissions industry presentations that Corporate Governance is a key regulatory theme that will be assessed on their regulatory visits to licensees, to assess the risk and reward culture of a business and assist in mitigating these risks successfully. While it has been acknowledged by the Commission that they believe that this is a healthy area, could there be licensees that have put together a good document but the statements made by them do not resemble their Business or their Business’s current prudential business plan or their current regulatory compliance status?

What must be remembered is that any Corporate Governance assessment undertaken by the regulator on a licensee will look at a multitude of documents and reports that make up the core of any Board meeting, such as compliance reports, risk mitigation, internal audit as well as the business plan. These reports must be factual, clear and concise and encompass the whole status of the business in order that the directors can evidence their oversight and rationale for their understanding of the business. Theses documents and reports must all fall into the Corporate Governance assessment by the Board of the Business.

Has the Board questioned the effectiveness of its compliance framework, from the Compliance monitoring programme to the actual board reports it receives? Has the Board allowed the compliance function and other key functions to provide an independent review or are these key functions in fear of upsetting the Board and reporting only what they deem the Board should know or focus on? The importance of independent, full and factual reporting by these key functions is of the up most importance. It is vitally important that those of us who undertake these key roles provide effective reporting on all areas of the Business so that the Board can discharge their obligations successfully. We must not be in fear of providing reports that show areas that require action or gaps as by doing so we only assist the Board in becoming ineffective.

I have been privileged to have worked for and with Boards who have proactively sought to allow their key functions to independently report to them allowing the Board to successfully document and encompass their key functions in to their Corporate Governance framework. This has assisted the Business in the formulation of strategy, goals and effective work practices. For those licensees who I have assisted in remedial work in this area, though it has been hard to start off with the end result has been commented on by these Boards as being beneficial to their Business, optimising understanding and discussion on current and future business opportunities, obligations and assisting in evidencing of why certain opportunities were not followed up.

In my experience the failings in a Business’s Corporate Governance framework are down to opaque and ineffective reporting by the Business’s key functions leading to the blind following the blind. Where ineffective compliance reporting or monitoring has been identified during a regulatory visit the Board are often criticised and this is generally reported by the Commission as a failure in Corporate Governance. While the business of the Business is vital the understanding of the Board as to its current regulatory compliance is as important and cannot be underestimated. If the Board are aware of issues that require to be enhanced or remediated it can deal with them, most of the time hand in hand with fulfilling its business objectives, but to be effective the Board must have the oversight by effective reporting.

The culture of Corporate Governance must not be seen as a tick box exercise or as a regulatory obligation that serves no practical use to a business. I would advocate that a good culture need not be expensive in time or cost but rather a tool to optimise the Business for all stakeholders. As stakeholders move from being passive the need to document and show your culture of Corporate Governance becomes more of a focal point in the overall success of your Business and its cost effectiveness, and in the next few blogs I will go more in to detail on this. An effective Corporate Governance framework adds to safeguarding a business by requiring effective reporting from the key functions allowing for the dynamism and entrepreneurial spirit that has become part of our industry to be exercised by the Board in the continual development of its products and services.