A topic of conversation that often comes up is about “how compliance has become a monster”, sapping the dynamism of a business while slowly choking the new business streams by making the business over compliant. Has the compliance function gone too far and are they now holding Boards and Directors to a compliance and regulatory ransom leading to a loss in commerciality of the Guernsey Finance Sector?
Directors constantly berate me about having board packs that have compliance reports running to some 40 pages or more, how they spend more resources on compliance matters then on the direction of the business and that the compliance function does not assist them in achieving their business objectives. To my mind there is a balance that needs redressing in order that businesses can achieve high standards of compliance, while also achieving the businesses purpose and providing products and services to their clients that are competitive in cost with other jurisdictions.
The relationship between the Board and the compliance function must be one that is symbiotic, both assisting and nurturing one another. The compliance function must undertake suitable and sufficient monitoring of its business and report its findings effectively and efficiently to the Board. This is normally done by either an exception report or in a traditional report style over 40 pages and both have their own benefits and problems.
While using an exception reporting format this allows for immediate notifications of compliance and regulatory issues to the Board. The exception report though can fail to provide the assurance to the Board that the compliance function is suitable or sufficient due to its lack of content and oversight of the business.
The traditional compliance report of 40 pages or more will ensure that the Board can assess the suitability of its monitoring programme and compliance function. The problem with the traditional Compliance report is that its size may lead to regulatory or compliance issues being lost in the pages of the document. I am also aware that in some cases the traditional report format provided so much content but actually lacked the substance required to be provided to the Board in assessing the compliance status and function, a failing for the compliance function and a regulatory failing for the Board.
The compliance function must ensure that it has a suitable and sufficient Compliance Monitoring Programme and the Board must review this document annually to ensure that they are satisfied that it meets the Business and the regulatory requirements for the risks of the business being undertaken. The Compliance Monitoring Programme is the working paper of the compliance function, it shows the testing and findings of the compliance function and allows for suitable and informative compliance reports to be generated for the Board. The compliance report’s to the Board need to be a hybrid version of the traditional report and the exception report becoming more a précis of the Compliance Monitoring Programme, allowing the Board to see the matters of concern while also being assured of the compliance status of the Business.
The compliance function is the adviser to the Board in respect of the regulatory framework, providing advice and solutions to the Board in order that they can achieve the chosen business direction. This is where the business can become choked and the dynamism and competitiveness lost due to the gold plating of a business’s policies and procedures. The compliance function must always remember that it is the Board who decide the level of risk that they are satisfied to work with and that the compliance function is there to mitigate the risk by insuring that suitable and sufficient policies are in place. The compliance function must assess the regulatory requirements applicable to the business being undertaken and ensure that the Business is meeting these minimum requirements. The compliance function must never seek to direct the Board or the Business but to inform the Board what is required and expected of them in respect of the risks that the Board have deemed as acceptable.
I do believe that in some cases the compliance function has gone too far and seeks to control the business due to their own personal views or prejudices. It must always be remembered by all stakeholders in the finance industry in Guernsey that without the business there is no compliance function and without a compliance function there can be no business. It is vital that the compliance function is able to provide the required regulatory information to the Board in a succinct and effective manner in order that the Board can discharge their regulatory duties effectively and efficiently.
It is important that the compliance function provide the Board with first class regulatory advice that is free from their own personal prejudices. This is required in order that the Board can ascertain what the minimum regulatory requirements are and how best they can meet these requirements and make business decisions that will not endanger the Business or its clients. The Board must assess on an annual basis the suitability of its compliance function, if it is not providing the Board with the required information or are making the business lack commerciality by over compliance of the policies and procedures the Board must address these matters as they are ultimately responsible for the compliance function and its suitability and effectiveness.
- The Dark Art (compliancemonkey.wordpress.com)