On 23 November 2017, the FCA published the results of its research into compliance functions in wholesale banks (the "Report"). The Report is not a formal paper, nor does it prompt any specific action from firms in the wholesale sector or otherwise, but compliance functions operating in FCA-regulated firms are advised to review the Report to ensure that they continue to comply with the standards expected by the FCA in this increasingly scrutinised function.

The questionnaire

The FCA sent a questionnaire to 22 wholesale banks in January this year asking for information from their respective compliance functions. The questionnaire contained 27 questions covering the following topics:

  • Role and structure
  • Strategy and planning
  • Compliance monitoring
  • Technology
  • Support and challenge
  • Personnel

The Report

The Report sets out the key themes and the issues arising from the firms' responses to the questionnaire, along with some of the FCA's own observations. The Report acknowledges that compliance functions need to evolve in response to a changing environment, including the advancement of technology-driven businesses and operations.

The key themes established from the questionnaire's responses were:

  • The role, strategy and design of compliance now warrants higher attention and support at board and executive level as a result of a period of rapid and fundamental change in the financial services industry.
  • The compliance function is moving towards a pure, independent second line of defence ("LoD") risk function, with a higher profile within firms.
  • Compliance representatives have been added to boards and governance committees, and reporting lines of the function elevated.
  • Firms are seeking to clarify the shifting boundaries of the first and second lines of defence to help define the responsibilities of the compliance function.
  • Advances in technology require compliance functions to engage in system development at an early stage not only to advise and assess risk, but also to leverage any opportunity to enhance the delivery of their own 'compliance' objectives.
  • Investment in surveillance systems and additional personnel has been identified as an enabler of better quality compliance challenge.
  • Compliance functions have grown in size and are relying more on technology to deliver against their mandates.
  • A careful balance must be struck between meeting the need for increased headcount whilst also ensuring that appropriate staffing, both in skills and experience, is maintained.

The FCA's own observations were:

  • Compliance functions are still considering how best to define their responsibilities as a second LoD.
  • Compliance functions may benefit from considering how they interact with other second LoD functions such as Legal and Risk, and third LoD functions such as Internal Audit.
  • Compliance must ensure that it is adequately balancing its role as advisor to the front line with its role of providing challenge.
  • Compliance functions must consider whether the function could seek to deliver broader objectives, and in particular whether it would benefit from a more refined, longer-term strategy beyond the parameters of the annual compliance plan.
  • Whilst there are clearly tangible benefits as a result of advances in technology, firms should be mindful of the accompanying pitfalls of an increasingly technology-based function, for example, resilience, data security and the need for appropriately skilled personnel.
  • Firms must "build out" the compliance career offering by upskilling existing compliance staff, rather than simply reaching to the external recruitment market.
  • There is now more 'checking the checker' activity unrelated to Internal Audit, where teams within compliance examine the effectiveness of the compliance function itself.

The context

Interestingly, the stated purpose for sending out the questionnaires to the wholesale banking sector was to provide the FCA with "greater insight into the changes in the [compliance] functions over the past few years and where further changes remain." It is worth noting though that the FCA is well aware of the various pitfalls that exist in compliance functions in FCA-regulated entities as a result of the recent enforcement action that has taken place in this space. Since 2015, there have been adverse findings relating to compliance individuals arising from a combination of Statements of Principle breaches and being "knowingly concerned" in their respective firms' breaches (as well as concerns regarding the openness with which various individuals dealt with the Regulator), namely, Kraft (January '15); Wills (March '15); Bell (March '15); Johnson (May '16); Smith (October '16); Watters (July '17); and Nathan (August '17).

The exercise can therefore be seen as an effort by the FCA to increase its level of understanding of the changing face of compliance functions, perhaps with a view to offering more guidance from a Supervision angle (prevention ex ante), rather than becoming involved at the point of Enforcement (reaction ex post).

Finally, the Report includes a helpful section entitled "Questions to Consider". This is, in effect, a prompt to encourage boards and senior management to think more carefully about their respective compliance functions. Firms are encouraged to entertain these questions sooner rather than later, and certainly before any upcoming Supervisory visit or enquiry from the Regulator.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.