Role of the Compliance Function
What is a Head of Compliance?
The Compliance Oversight Function (SMF16) is the director or senior manager within the firm who has been allocated the responsibility for “oversight of the firm's compliance” and “reporting to the governing body in respect of that responsibility”. This is commonly referred to as the Head of Compliance.
Responsibility: Company v.s. SMF 16
It is the firm as a whole that has the responsibility to establish, implement and maintain adequate policies and procedures sufficient to ensure compliance of the firm including its managers, employees with its obligations under the regulatory system.
The firm must, taking into account the nature, scale and complexity of its business, and the nature and range of financial services and activities undertaken in the course of that business, establish, implement and maintain adequate policies and procedures designed to detect any risk of failure by the firm to comply with its obligations under the regulatory system, as well as associated risks, and put in place adequate measures and procedures designed to minimise such risks and to enable the appropriate regulator to exercise its powers effectively under the regulatory system.
The firm is also responsible for maintaining a permanent and effective compliance function which operates independently.
Head of Compliance Responsibility
The SMF 16 as head of the Compliance Function has the responsibility of:
monitoring and, on a regular basis, assessing the adequacy and effectiveness of the measures and procedures put in place and the actions taken to address any deficiencies in the firm's compliance with its obligations; and
advising and assisting the relevant persons responsible for carrying out regulated activities to comply with the firm's obligations under the regulatory system.
The Compliance Function
To enable the compliance function to discharge its responsibilities properly and independently, a firm must ensure that the following conditions are satisfied:
the compliance function must have the necessary authority, resources, expertise and access to all relevant information;
a compliance officer must be appointed and must be responsible for the compliance function and for any reporting as to compliance required;
the relevant persons involved in the compliance functions must not be involved in the performance of services or activities they monitor; and
the method of determining the remuneration of the relevant persons involved in the compliance function must not compromise their objectivity and must not be likely to do so.
Independence
It is important to distinguish between the responsibility of “the business” and the responsibilities of the SMF16 or the compliance function. In essence it is “the business” who is responsible for “establishing / implementing / maintaining” policies – commonly referred to as the 1st line of defence, but the compliance function is responsible for overseeing and reporting - commonly referred to as the 2nd line of defence.
The general principle is that if the 2nd line didn’t exist then the 1st line would generally be able to conduct themselves in accordance with the relevant rules and regulations.
The concept of a 1st and 2nd line of defence is integral to the understanding of a SMF16’s responsibility.
Firms should ensure that the compliance function holds a position in the organisational structure that ensures that the compliance officer and other compliance staff act independently when performing their tasks.
In certain situations, the SMF16 or indeed the compliance function could be involved in the day-to-day decision making, continually providing advice to the business and potentially signing-off key decisions or contracts in advance of them being enacted. If the compliance function is involved in this way they will need to consider if they are able to conduct effective independent monitoring of business activities and if a separate monitoring is needed.
In Practice - General activities
It is up to the SMF16 to decide the precise activities that are needed to comply with the responsibilities set out above. It is not possible to provide an exhaustive list of activities, however some key practical activities include:
Policies and procedures: Providing advice to the business on establishing compliant policies and procedures.
Monitoring Plan: Devising a risk-based compliance monitoring plan for the year which sets out the business areas that need to be reviewed and the extent of the review that will be performed.
Compliance monitoring: Executing the compliance monitoring plan and assisting the business address any deficiencies identified.
Reporting: At least annual compliance reporting to the board on the results of the monitoring activities undertaken, the deficiencies identified and the action plan to address any issues.
Registers: Maintaining relevant compliance registers in relation to – conflicts of interests, financial promotions, complaints, errors and omissions, personal account dealing and others as appropriate.
Regulatory reporting: Assisting the finance team understand the nature of the information they need to report to the FCA.
Business awareness: Having sufficient standing to be aware of all relevant upcoming business developments in sufficient time to advise on regulatory consequences
Business knowledge: Participating in business discussions to ensure that they are kept abreast of all relevant business activities that may have a compliance element.
Regulatory change: keeping abreast with regulatory pronouncements to the extent they may impact the strategic or operational activities of the business.
Financial promotions: Many firms have their SMF16 approve financial promotions as an additional layer of oversight.
Regulatory Capital: Assisting the finance team in understanding the firm’s regulatory capital requirements.
Marketing: Assisting the sales/distribution team in understanding how they can marketed the product in various European and non-European jurisdictions.
Contracts: Assisting the legal team in understanding the regulatory requirement for new contracts.
Training: Ensuring that the business is sufficiently trained on their compliance responsibilities.
