View more on these topics

Scott Gallacher: Compliance processes can harm clients

I  am convinced the government sees regulation as a great, free solution to each and every one of the world’s problems.

And, to be fair, from its perspective it probably is: simply create some rules or, better still, a regulatory authority to oversee some aspect of business, have businesses pay for it via levies and, hey presto, a great, free solution to the problem.

The government also has someone – the regulator – to pass the buck to if things go wrong. We all remember the great renaming of the FSA to the FCA.

It is not that I am against regulation. The market, completely unchecked and left to its own devices, is a dangerous thing. But regulation is not the free lunch the government thinks it is.

This is also not helped by every man and his dog (regulators, networks, compliance officers and so on) insisting on gold-plating the rules at each and every turn.

For the past few weeks, I seem to have done nothing but compliance tasks. The real work of advising clients has taken a back seat as I ensure we have all compliance documents up to date and in place. Otherwise, we would risk not being here to advise those clients tomorrow.

Specifically, the General Data Protection Regulation – which, of course, has laudable aims, particularly in light of the allegations against Cambridge Analytica and the use of Facebook data – has been a huge drain of our time and energy.

It is not enough to be GDPR compliant and agree not to misuse someone’s data or bombard them with junk e-mails. We also need to evidence that we are acting compliantly, in case it is needed in the future. Consequently, I have written or updated privacy notices, terms of business, data flow maps and a staff awareness presentation.

Finally, following all of the above, we have had to undertake a data protection impact assessment, for which, somewhat unhelpfully, even the Information Commissioner’s Office does not seem to provide a template.

On GDPR alone, all of this has taken a couple of weeks or so. Who will pay for this time? Certainly not the government. On a time-costed basis, this would run at around £15,000. Given that we aim to add value for our clients, the cost to the economy as a whole is even greater.

Will any of our clients benefit from these two weeks lost to GDPR policies? I doubt it, but it is of course necessary to not only comply but also show compliance. Otherwise, we would risk not being in business much longer.

I am concerned that the costs of being seen to comply are so increasingly onerous they are becoming dangerous. The analogy I have been using over the past couple of weeks is that of a farmer missing the window to plant his potatoes due to having to write a potato blight policy. Having the policy is all very well but it is not much use if there are no potatoes in the field to be harvested.

The government, regulators and compliance officers should think before imposing or gold-plating regulations. A simple cost/benefit analysis would not go amiss.

Scott Gallacher is director of Rowley Turton



Compliance tip: Beware email scams against advice firms

All firms run the risk of being used by criminals for fraudulent activity, so it is vital to remain vigilant. Fraudulent emails are becoming more sophisticated and we recently became aware of a new scam targeted at financial intermediaries. The scam revolves around your client’s email account which has been hacked. You receive a request […]

Compliance tip: How to drive cultural change

The FCA’s recent discussion paper, DP18/2: Transforming Culture in Financial Services, focused heavily on how to drive cultural change within an organisation. A number of the paper’s contributors highlight that focusing solely on senior management behaviour and the ‘tone from the top’ overlooks the complexity of organisational culture and the role all employees have in […]

Compliance tip: Do you need to opt out of Mifid II?

There are many reasons why a firm might wish to amend its status from Exempt CAD to Article 3. Exempt CAD firms have usually opted into Mifid in order to passport their investment services into another EU member state, or to enable them to transmit orders in unregulated collective investment schemes to non-Mifid firms. Article […]

Jail banker

Film scheme tax fraud accountant banned

Former accountant Terence Potter, previously jailed for eight years for his part in a scheme tax fraud, has been banned from all regulated activity. Potter, a former tax partner at EY, is currently serving his sentence in HM Prison Highpoint South in Suffolk after being convicted of four counts of fraud linked to a tax […]


News and expert analysis straight to your inbox

Sign up


There are 6 comments at the moment, we would love to hear your opinion too.

  1. The cost benefit analysis is used to justify the end result. Regulators take the worse case scenario and use that to justify the means with the result we get disproportionate legislation thanks to the few that have abused the system.
    I am convinced that compliance with these rules are never checked, the FCA simply does not have the resources or staff to bother and in spite of the alarmist reporting if we did nothing nobody would know – until it goes wrong of course! But then when that happens the rules are so complex, even if you were trying to “comply” you would be found guilty!

    • If you think the FCA has insufficient resources to enforce GDPR, what about the resources for the ICO to enforce GDPR, which applies not just to financial services but every business,Scout Group, school and even somebody who employs a nanny.

      And what happens when HMRC loses somebody’s personal data. If it is fined 4% of turnover will there be a corresponding increase in all taxation imposed by the ICO?

      A good cop out for the government. “We are not raising taxes but we have to pay a fine (to ourselves, with your money)”.

  2. Couldn’t agree more Scott.

    Add in Mifid2, the forthcoming IDD etc and as you rightly point out, the fixed costs of an advisory firm have increased and time spent with clients reduced.

    And given the spam I still receive, only those who follow the rules have incurred these costs – the others carry on regardless.

  3. Martin Martin 1st June 2018 at 7:52 pm

    A very true to real-life assessment.

    Ultimately, regulation is only as good as the policing behind it and the fact that we are all now over-burdened with regulation, while nothing much is being done to tackle the wrong-doing, maybe confirms that another FCA change is needed. It really does seem as though they are just moving the chairs around…

  4. What a complete load of C**p. £15,000?????

  5. Julian Stevens 12th June 2018 at 8:59 am

    Which, as far as our industry is concerned, neatly articulates the consequences of the FCA’s wilful lack of compliance with and the total lack of enforcement of the Statutory Code of Practice for Regulators. From the foreword:-

    The Regulators’ Compliance Code is a central part of the Government’s better regulation agenda. Its aim is to embed a risk-based, proportionate and targeted approach to regulatory inspection and enforcement among the regulators it applies to.

    Our [patently unfulfilled] expectation is that as regulators integrate the Code’s standards into their regulatory culture and processes, they will become more efficient and effective in their work. They will be able to use their resources in a way that gets the most value out of the effort that they make, whilst delivering significant benefits to low risk and compliant businesses through better-focused inspection activity, increased use of advice for businesses, and lower compliance costs.

    In tacit defiance of these objectives, the FCA has instead opted for a completely ineffective system of trying to regulate everyone according to the lowest common denominator. And it obviously hasn’t worked, has it?

Leave a comment