Khepri's A to Z: Head of Compliance - Buy and Sell-Side Compliance

Introduction

This article explains the role of the Head of Compliance, the requirements for effective compliance functions and the division of responsibility between the 1st and 2nd lines of defence for managing compliance risk.

Why bother focusing on gifts and hospitality policies?

Bribery poses a significant threat to the reputation and stability of financial services firms.

Bribery includes situations where individuals offer bribes to gain preferential treatment, secure lucrative contracts, or influence decision-making processes.

Such acts compromise fair competition, create conflicts of interest, and expose firms to legal and regulatory risks.

Gifts and hospitality play a complex role within the financial sector. While these practices can be legitimate and promote business relationships, they also carry the potential for abuse. Unmonitored and undisclosed gifts can easily transition into bribery, exerting undue influence and compromising the impartiality of decision-makers.

What does the FCA expect?

Firms need to ensure that there are appropriate processes in place for overseeing the provision, and receipt, of gifts and hospitality.

Controls such as registers and pre-approval thresholds serve as crucial tools for mitigating bribery risks within financial services firms. Effective implementation of registers requires individuals to disclose all offers and receipts above a certain threshold, allowing firms to scrutinise the legitimacy of any gift and hospitality.

By mandating the reporting of such interactions, firms can identify potential conflicts of interest, assess the appropriateness of gifts, and prevent bribery.

It is important that firms maintain controls that promote transparency and accountability. By documenting and monitoring all exchanges, organisations create an auditable trail of interactions, ensuring that all parties are held accountable for their actions. The registers also act as a deterrent, discouraging employees from engaging in bribery due to the fear of detection and consequences.

A comprehensive gifts and hospitality policy, and corresponding anti-bribery culture, allows firms to identify potential conflicts of interest. By analysing the nature and frequency of gift-giving and hospitality events, organisations can proactively address situations where employees may be compromised by personal relationships or favours, ensuring decisions are made in the best interest of clients and stakeholders.

What are the benefits to you?

The implementation of effective controls help financial services firms meet regulatory requirements and manage bribery-related risks. By maintaining accurate records, firms can demonstrate their commitment to anti-bribery measures during regulatory audits and investigations. Additionally, effective risk management reduces the likelihood of legal penalties, reputational damage, and the erosion of public trust. Effective controls act as a catalyst for cultivating an ethical culture within financial services firms. It sends a strong message that bribery will not be tolerated and reinforces the importance of integrity, fairness, and ethical decision-making. By consistently enforcing these measures, organisations can build trust with clients, regulators, and the public.

A robust anti-bribery and inducements framework that includes controls for gifts and hospitality registers are indispensable tools for financial services firms aiming to combat bribery. By promoting transparency, accountability, and ethical conduct, these can create a robust framework that safeguards the industry's reputation and fosters a culture of integrity.

What is a Head of Compliance? 

The Compliance Oversight Function (SMF16) is the director or senior manager within the firm who has been allocated the responsibility for “oversight of the firm's compliance” and “reporting to the governing body in respect of that responsibility”. This is commonly referred to as the Head of Compliance. 

Responsibility: Company v.s. SMF 16 

It is the firm as a whole that has the responsibility to establish, implement and maintain adequate policies and procedures sufficient to ensure compliance with its obligations under the regulatory system. 

The firm must, taking into account the nature, scale and complexity of its business, and the nature and range of financial services and activities undertaken in the course of that business, establish, implement and maintain adequate policies and procedures designed to detect any risk of failure by the firm to comply with its obligations under the regulatory system, as well as associated risks, and put in place adequate measures and procedures designed to minimise such risks and to enable the appropriate regulator to exercise its powers effectively under the regulatory system.  

The firm is also responsible for maintaining a permanent and effective compliance function which operates independently. 

Head of Compliance Responsibility 

The SMF 16, as head of the Compliance Function, has the responsibility of:  

• monitoring and, on a regular basis, assessing the adequacy and effectiveness of the measures and procedures put in place and the actions taken to address any deficiencies in the firm's compliance with its obligations; and 

• advising and assisting the relevant persons responsible for carrying out regulated activities to comply with the firm's obligations under the regulatory system.

The Compliance Function 

To enable the compliance function to discharge its responsibilities properly and independently, a firm must ensure that the following conditions are satisfied: 

• the compliance function must have the necessary authority, resources, expertise and access to all relevant information; 

• a compliance officer must be appointed and must be responsible for the compliance function and for any reporting as to compliance required; 

• the relevant persons involved in the compliance functions must not be involved in the performance of services or activities they monitor; and 

• the method of determining the remuneration of the relevant persons involved in the compliance function must not compromise their objectivity and must not be likely to do so. 

Independence 

It is important to distinguish between the responsibility of “the business” and the responsibilities of the SMF16 or the compliance function. In essence it is “the business” who is responsible for “establishing / implementing / maintaining” policies – commonly referred to as the 1st line of defence, but the compliance function is responsible for overseeing and reporting - commonly referred to as the 2nd line of defence.   

The general principle is that if the 2nd line didn’t exist then the 1st line would generally be able to conduct themselves in accordance with the relevant rules and regulations.  

The concept of a 1st and 2nd line of defence is integral to the understanding of a SMF16’s responsibility.  

Firms should ensure that the compliance function holds a position in the organisational structure that ensures that the compliance officer and other compliance staff act independently when performing their tasks.  

In certain situations, the SMF16 or indeed the compliance function could be involved in the day-to-day decision making, continually providing advice to the business and potentially signing-off key decisions or contracts in advance of them being enacted. If the compliance function is involved in this way they will need to consider if they are able to conduct effective independent monitoring of business activities and if a separate monitoring is needed.

In Practice - General activities 

It is up to the SMF16 to decide the precise activities that are needed to comply with the responsibilities set out above. It is not possible to provide an exhaustive list of activities, however some key practical activities include: 

• Policies and procedures: Providing advice to the business on establishing compliant policies and procedures. 

• Monitoring plan: Devising a risk-based compliance monitoring plan for the year which sets out the business areas that need to be reviewed and the extent of the review that will be performed. 

• Compliance monitoring: Executing the compliance monitoring plan and assisting the business address any deficiencies identified. 

• Reporting: At least annual compliance reporting to the board on the results of the monitoring activities undertaken, the deficiencies identified and the action plan to address any issues.   

• Registers: Maintaining relevant compliance registers in relation to – conflicts of interests, financial promotions, complaints, errors and omissions, personal account dealing and others as appropriate. 

• Regulatory reporting: Assisting the finance team understand the nature of the information they need to report to the FCA. 

• Business awareness: Having sufficient standing to be aware of all relevant upcoming business developments in sufficient time to advise on regulatory consequences 

• Business knowledge: Participating in business discussions to ensure that they are kept abreast of all relevant business activities that may have a compliance element.   

• Regulatory change: keeping abreast with regulatory pronouncements to the extent they may impact the strategic or operational activities of the business. 

• Financial promotions: Many firms have their SMF16 approve financial promotions as an additional layer of oversight. 

• Regulatory Capital: Assisting the finance team in understanding the firm’s regulatory capital requirements. 

• Marketing: Assisting the sales/distribution team in understanding how they can marketed the product in various European and non-European jurisdictions. 

• Contracts: Assisting the legal team in understanding the regulatory requirement for new contracts. 

• Training: Ensuring that the business is sufficiently trained on their compliance responsibilities.