18th May 2020, Bachir El Nakib (CAMS) Senior Consultant Compliance Alert LLC
For those working in the compliance and risk arenas, reading long consultation and policy statements has become a way of life, although perhaps not the highlight. Both regulators and central government seem to have generated huge volumes of reading matter in recent weeks. This is not necessarily a bad thing, but more cooperation and dialogue between those who generate all this new documentation might not go amiss.
What is a Culture of Compliance?
Merriam-Webster defines "culture" as "a particular society that has its own beliefs and ways of life." Culture is like the air we breathe: it's all around and within us, and is largely invisible. It is a way of thinking, behaving, or working that exists in every organization, and can influence our judgement and affect how we attach meaning.
Regardless of its size or business model, “a financial institution with a poor culture of compliance is likely to have shortcomings” in its compliance program, for financial institutions, it's important to have a "culture of compliance" that informs the perspective of everyone in the institution. Due to today's volume and complexity of regulation, it takes the entire organization to comply with regulatory compliance regulationsFinancial Regulatory bodies and supervision authorities spend time promoting enforcement rules programs and encouraging Firms to design and implement effective ethics and compliance programs. The blogosphere is filled with articles, surveys, studies, warnings, and marketing efforts all directed to encourage firms to increase compliance programs and resources.
Financial firms and companies have responded by increasing attention and resources to ethics and compliance programs. In particular, regulated industries are spending vast sums to enhance, improve, expand, and out-perform their competitors when it comes to compliance programs and technologies.
All of these trends are positive, except for one big question:
Are compliance programs and procedures effectively tailored to the nature of the risk? Or to put it another way, are compliance requirements adequately proportionate to the nature of the underlying risk?
When reviewing individual functions of a compliance program, it is important to ask the following questions:
1. What is the purpose of this requirement?
2. What is the nature of the underlying risk?
3. Are the requirements tailored to the underlying risk?
This may sound overly theoretical but it is an important inquiry. For example, in reviewing a firm’s third-party due diligence program, a firm may require a site visit for every third-party agent , irrespective of the specific risk profile.
Does that make sense? Is it a good expenditure of resources?
Another area where these questions may be relevant is oversight of gifts and hospitality. For example, should an employee be required to obtain prior approval for an expenditure exceeding $100? What is the surrounding risk to gifts and hospitality expenditures and requiring pre-approval for every item that exceeds $100?
There is a counter-balance to tailoring every procedure to the underlying risk – it is the cost of designing and enforcing policies and procedures that vary across an organization depending on the region, the nature of the business and the extent of a risk. In some cases, the design of a control has to be tailored to the overall risk – in some areas, it could be overkill, and in others it could be deficient in responding to a risk. These are normal tradeoffs in a compliance program – efficiency and accuracy are always balanced when it comes to administrative costs and burdens.
Chief Compliance Officers have to be open-minded to tinker with compliance program requirements where feasible to address underlying risks. A compliance program is ineffective, by definition, if it is not adequately tailored to company risks, especially in geographic areas or in specific lines of business.
Sometimes it is feasible to “cut back” on compliance program requirements, make intelligent risk-based cuts, and reallocate those resources to higher risk activities. A CCO has to document this reallocation, the reasons for it, and the good faith determination underlying the discounting of certain risks and the refocus on higher risk activities.
From a compliance perspective best practice, a CO has to consider this an essential aspect of a “continuous” improvement function; a way to demonstrate that a CCO is monitoring a compliance program, taking into account such information and then modifying the compliance program to account for new information and concerns.
CCOs have to be willing to upset the apple cart, make changes, and acknowledge the need for improvements. These actions reflect an underlying confidence and ability to address changing circumstances.
Core skills for monitoring
Supervisors will still be required to demonstrate the core skills noted above, albeit on a less frequent basis. The monitoring phase, however, also changes the emphasis in the delivery of these skills, and can be summarised as:
1. Identifying and agreeing an individual's performance strengths and weaknesses from management information, file reviews and observation
2. Organizing remedial and development training
3. Conducting quality assurance on field assessments
4. Providing ongoing support
5. Periodic observation or role play activities
6. Monitoring the completion of the individual's training log
7. Arranging continuing professional development
Role of appraisals
The firm's appraisal system may be used to formalise and summarise the continual identification of training needs at three levels:
1. Organisational — with reference to product area, such as mortgage, savings, protection and personal pensions.
2. Occupational — with reference to the role statement and, in particular, the knowledge, skills and attitude required to meet the performance standards necessary to carry out the job.
3. Individual — with reference to the individual knowledge, skills and attitude gaps compared with organisational and occupational standards.
Even though an individual has been deemed competent, there may still be training needs to be identified. Given constant change in the financial services environment, it is the supervisor's role to apply direction through personal judgment, particularly when formal training has yet to catch up with such change.
The intensity of supervision is significantly reduced when moving from supervision to monitoring. This means that supervisors with only trainees under direct supervision should have fewer individuals to supervise than those with competent individuals only. In practice, the spread and turnover of individuals combines trainees with those assessed as competent. As a solution, some firms traditionally have applied boundaries to the mix of skill levels by points systems. For example, where one competent adviser equals one point and one trainee adviser equals two points, a limit may be imposed of 15 points at any time, while also taking into account geographical implications. These are commonly known as “spans of control”.
Supervision of supervisors
The recruitment, training and supervision of a supervisor deserves as much attention as that afforded to an individual advising private customers. This includes having passed an appropriate examination. Consequently, firms are advised to implement a similarly structured set of requirements for supervisors based on the activities and core skills required of the position as outlined in this section. This will entail identifying who in the firm's management structure should be made the supervisor's supervisor — a factor which should draw upon the lines of accountability and responsibility held by the appropriate approved person holding a significant influence function. The supervisor's supervisor should also receive appropriate attention with regard to their training and assessment.
While space precludes detailing supervisory training, assessment and supervisory arrangements for the supervisor, the following objectives should be considered central to the programme:
* Scheme management and records:
* Demonstrate an understanding of the roles and responsibilities in operation within the training and competence scheme.
* Demonstrate the knowledge and skills required to complete and maintain an individual's training and development log in the prescribed manner.
* demonstrate the knowledge and skills required of the recruitment process from initial application to final offer, including compiling the role profile, assessing against the profile, identifying training needs and creating a development action plan.
* Training and coaching
* List and describe the main components of effective training, in relation to planning, structure, delivery and evaluation.
* Demonstrate the components of effective briefing, debriefing and coaching.
* Create a SMART (specific, measurable, achievable, realistic, timed) action plan.
* Maintain accurate training and coaching records.
* Analyse and interpret a given set of KPI information for both individuals - highlighting trends and identifying training needs - and for the scheme, identifying divisional performance and reporting on scheme progress.
* Assess a customer interaction interview and presentation interview, using the objective assessment instrument.
* Carry out a one-to-one meeting encompassing assessment activity and applying coaching skills.
Maintaining supervisory competence
As noted above, supervisors should be monitored and assessed in the same way as supervisors act for individuals, for example through:
* Regular monthly reviews, by reviewing the activities and KPIs of individuals.
* A regular assessment of supervisory skills.
* Training and coaching based on identified needs.
The supervisors' training log should clearly set out the frequency that is required, the structured content of formal meetings and the skills assessment required. Further training programmes in the categories described under maintaining competence will further strengthen the supervisory regime and address important considerations such as succession planning.
A supervisor's training record should, for example, contain the following information:
* The supervisor's personal information.
* The supervisory structure and span of control.
* The relevant KPIs for the supervisor's team.
* Development action plans.
* Coaching observation forms.
* Training observation forms.
* Performance appraisals (if appropriate).
* Compliance audit reports.
Attention to supervision is important as the regulatory supervision body will focus closely on firms' supervisory arrangements as an extension of senior management responsibilities. In this respect, the role of the supervisor must be the firm's first point of reference when designing approaches to T & C. Essential practices are:
* Supervision of those not yet competent, describing supervision of provisional competence and full competence.
* Supervision of those deemed competent, describing the roles of management information and appraisal.
* Supervision of the supervisor, describing the T & C framework for such individuals.
* Ensuring spans of control are appropriate.
* Provision or planning of management development skills/training.
* Management of conflicts of interest where team supervisors have their own responsibilities for client advice.
The role of both the CCO and the regulatory supervisor is instrumental in implementing, monitoring, assessing and providing remedial support to regulated activities (advised and non-advised sales) on a day-to-day basis
Files Related :
There is no files
Share This Page On Social Network :