I know some people who, even today have an inherent loathing of compliance in all its forms. They see it as a drain on resource, an obstacle to running a smooth business and a real threat to profitability. Just more tiresome, autocratic red tape with no inherent benefit to the business; a necessary evil to stave off the attentions of the big bad regulator.
Well, to a certain extent, I agree.
“What!” ……. I hear the outcry of my fellow compliance professionals “But you are a professional compliance consultant! how can you possibly agree with such a statement!”
Let me explain. It all comes down to compliance culture. In the fast-moving world of regulation, firms are approaching their compliance responsibilities extremely seriously, which of course is a very good thing. The problems arise precisely because of the approach taken. With the perceived enforcement appetite of the regulator at an all-time high, firms are desperately keen to ensure they do not succumb to enforcement action by ensuring that all their compliance processes and controls are watertight. Yes, a good thing.
Unfortunately, by taking such an approach they can lose sight of a key fundamental to effective compliance – PROPORTIONALITY. This is where I was surprised to find myself agreeing with the sentiments in the opening paragraph. By employing a disproportionately high standard across the entire client base a firm is simply demonstrating to the regulator that it has no real understanding of what a risk based approach actually means. I have certainly seen cases of this when collecting and reviewing CDD. The regulator will expect a firm to meet the minimum control standards, however, if a firm decides to impose what it sees as much higher standards, this has no regulatory bearing.
The resource employed to set up client review programmes can potentially have a real impact on commerciality if not managed in a proportionate way. It can also seriously impact on client relationships too. Especially if a firm is seen as constantly pestering a client for more CDD only because it fears reprisals from the regulator if it doesn’t. The regulator will respect a firm making its own judgement in terms of a client identity or corporate structure as long as the assessment is fully documented and made within the rules.
That is why, in order to avoid a disproportionate approach, it is vital for a firm to have a detailed assessment of what constitutes high, medium and low risk relationships, specific to their own business. Yes, there are generic risk indicators but I would certainly advocate for a firm to look deeper into its own client relationships to ascertain the appropriate risk criteria for them.
Not only is proportionality a demonstration that a firm understands the concept of a risk based approach and here’s something often overlooked, it’s a rule. Section 79 of the Handbook clearly states,
“The policies, procedures and controls must………….…. impose the least necessary burden on customers, beneficial owners and underlying principals consistent with meeting the requirements of the Regulations and Rules”
Firms can only comply with section 79 if they are fully aware of the concept of a risk based approach and that their policies and procedures reflect this. How many firms go straight to Section 79 before instigating a client review programme, I wonder.
Of course, a comprehensive compliance culture will ultimately protect and benefit a licensee. I am not, for one minute, suggesting firms should neglect their responsibilities under the regulations and the rules. However, proportionality has to be a key feature in order to demonstrate an effective compliance environment.
It’s about getting the balance right. It would be interesting to hear what people think.