Compliance and the ‘business prevention’ barrier

roderick rennison

The two most angst ridden areas for intermediary firms are IT (principally back office systems) and compliance. If not appropriately configured and resourced, both can hold firms back from achieving their potential. In some instances, they threaten a firm’s very existence. This article focuses on the challenge of compliance but I will look at selecting and managing a back-office system that is fit for purpose in the near future.

According to a recent study by Apfa, firms are now estimated to spend in excess of 10 per cent of turnover on managing compliance and risk. Despite this, however, many still have an ineffective compliance regime. Why is this?

I suspect that in a significant percentage of instances it is because of a failure to plan and resource appropriately; not least to provide those charged with running the compliance function with the necessary management training and support to succeed.

So, first, planning. What is already in place is often too readily accepted as being “OK” or too difficult to fix. It can pay dividends to periodically step back and ask if there are better ways to achieve the required results: namely good client outcomes that are compliant and embedded to enable the firm to function effectively and profitably.

Having a periodic external compliance audit/review should be a cost effective exercise. However, that pre-supposes the objectives of the audit/review are thought through and agreed in advance. Good preparation and briefing will improve the value obtained. Following through on recommendations is also important. Once made these should not be ignored.

Next up, resource. Alas, in some firms the starting point for resourcing the compliance function is how little can be allocated rather than how much is needed.

External resources can be used to varying degrees but always be aware that, as the FCA frequently reminds us, outsourcing does not in any way lessen the responsibility of the firm. The firm is always accountable, so any outsourcing or insourcing needs to be appropriately and effectively managed. Done well, though, a firm can leave itself more time to do what it does well.

And what about management and support? No compliance and risk function runs itself. Not only does it need to be an integral part of the firm but it also needs to be supported to ensure the aims of consistently good client outcomes and a compliant business are met.

There is a very old and worn phrase about the compliance function being the business prevention function. However, that is often perceived to be the case when there is poor communication or where the business principals do not offer support at the right time, or sometimes both. The responsibility to instil and maintain the appropriate culture rests with the senior managers and business owners.

Finally, what about the people undertaking the compliance and risk activities? How well are they equipped to do the work? Compliance and risk professionals need ongoing training that is relevant to their own specialism just as much as others in the business.

Compliance managers in larger firms need to not only have the technical knowledge of regulation but also the ability to interpret and apply it in the context of the firm’s circumstances. They also need to possess the necessary soft skills in relation to communication and managing expectations with the firm’s senior management, advisers and other staff.

The old adage “you get only out what you put in” is as true in the case of compliance as it is with other key parts of any intermediary business. It is no coincidence most successful firms have a compliant culture that focuses on good client outcomes. Reviewing your firm’s compliance function and its effectiveness is likely to be one of the best business decisions you make.

Roderic Rennison is director at The Ideas Lab