Having recently been party to many a conversation with the FCA over approving new people to these roles and running a workshop for those either in it, or wanting to be in it, it highlighted to me how potentially misunderstood the role is and how many people working within firms are not aware of all that’s involved in the SMF16 role.
So, what are the key responsibilities of someone responsible for compliance oversight within a firm and why is it so key to the success of that firm that this role is given the time, resource and respect it deserves?
- To identify the risks that an organisation faces and advise on them.
- To design and implement controls to prevent these risks with an organisation.
- To detect, monitor and report on the effectiveness of those controls in the management of an organisation’s exposure to risks.
- To resolve compliance difficulties as they occur.
- To advise the business on rules and controls.
Now we know why they exist, what are the main risks they are there to consider?
- AML/financial crime – in conjunction with MLRO.
- T&C – potentially with support from T&C.
- Quality of advice – file checkers?
- Governance – board.
- Systems and controls – operations.
- And on and on…
By now, I think we can all see that this is a very broad role that covers pretty much all aspects of most businesses and can be far-reaching in terms of the implications of not dedicating sufficient resource to protecting the firm, or worse still, getting it wrong.
One of the main ways that a number of the responsibilities and the main risks are assessed is within the firm’s annual compliance plan, compliance monitoring programme, SYSC report, annual compliance report (these are all roughly the same thing).
The purpose of this is that the firm can then demonstrate this: SYSC 3.1.1R01/12/2001RP
A firm must take reasonable care to establish and maintain such systems and controls as are appropriate to its business.
This sounds easy, right? Well, it would be if everyone within a business played their part, followed the processes and procedures set out, all operated in the same way and to the same timescales and did what the firm says it’s going to do. This is why it’s not easy, as too often firms aren’t clear enough in how they wish to operate (procedures), their processes can be miss-aligned and the systems and controls to identify when things have gone awry are not up to scratch (back-office data). This is why I thought I would write this article to remind everyone what big a part we all play in helping to keep our firms on the straight and narrow and away from harm’s way.
If I am honest, for most firms this should not be rocket science, because if sufficient resource and the right technology is available and used properly, it ‘should’ be easy enough to identify if an adviser is not following a central investment proposition or the firm’s advice process. If a member of the support team isn’t loading new business as per the firms’ procedures or labelling contracts correctly. If anyone in the team is behind with their CPD, annual testing or any other element of the T&C/appraisal scheme that could mean they are not fit and proper to carry out their role. That internal process such as collating information for PII renewals is difficult because data is being recorded incorrectly or not consistently, or even that any complaints received are not being handled as per the firms’ complaints policy or as per the FCA rules.
They all sound pretty innocuous on their own, don’t they? But collectively they all have a massive impact on the business and the role of the Compliance Officer and with everyone doing their bit, they should not fall and cause any issues. Which is my point. People aren’t always doing their bit and whilst we all love to have a whinge about compliance, the person carrying out that function is only trying to keep the business away from all the risks mentioned and it shouldn’t take a lot to make their job a little easier, achievable and protect the firm and your clients from any future harm.
SM&CR has had a huge impact on those responsible, now realising how accountable they are, the same goes for the conduct rules that everyone and anyone who works within a firm now has to abide by. So, if you know things aren’t being done as they should be, you are as liable for not taking this information to the powers that be as the person bending the rules.
Lots of the roles (as per my note above), may well be delegated or carried out in conjunction with someone else, so again, the Compliance Oversight is relying on or working with others to carry out the necessary tasks. This collaborative approach is great, as long as the people the work is delegated to have the necessary experience, capacity, skills and knowledge to carry out the tasks being asked of them.
So just ask yourselves, are you doing all you can to ensure you’re following all of the policies, procedures and systems that are in place within your firm to ensure you’re meeting all your obligations? If not, why not and what’s being done to improve anything that’s not working? There should be no reason to sit in silence if things aren’t working or could be improved.
The FCA is massively looking at this area now. They’ve started with increased scrutiny on new applications for the role, which means next up will be to talk to existing holders of the SMF16 role about the firms’ systems and controls, so that you can demonstrate that you do the things you say you do. This means that if you aren’t doing them, either don’t say you will or if you should be doing something, make sure you are!
Sorry for the rant, but too often we see firms come under scrutiny, not for trying to do the wrong thing by their clients, but because you can’t dot the I’s or cross the Ts to prove they have proper oversight within the business. If you need any assistance or a conversation about any of the above, please do not hesitate to shout.
Christian Markwick – Head of Adviser Support
We host a couple of workshops that could help with the above: