If you can't see this newsletter properly please click here

Welcome

When I first met Chris Bond, I thought that he was the most brilliant chairperson I had ever met.  As I got to know Chris, I realised that he has superb in-depth knowledge of a broad range of regulatory issues which affect financial services firms, and furthermore, he is able to transfer this knowledge to a wide range of audiences.  I am very pleased that Chris as taken the time to explore the implications  of MPBR (More Principles-based Regulation) to Compliance and HR departments, and I am sure that you will find his article not only informative but also engaging.

Christopher Bond is the Senior Adviser to the Securities & Investment Institute on Compliance. His responsibilities include writing the stories for the SII Regulatory Update (which covers asset management, corporate finance, hedge funds, investment banking, derivatives, private equity, private wealth management and retail intermediaries), and plays a role in FSA's initiatives on professionalism such as the Retail Distribution Review. Christopher also supports several such regulated firms as an adviser or non executive director. He speaks frequently at events in the UK and other EU countries on current regulatory issues such as MiFID, Money Laundering, Financial Crime and More Principles-based Regulation for Senior Management. He has been the Compliance Officer in a bank and an investment manager.

Previously Christopher was a senior equity partner in a City Law Firm for many years. In that capacity he had responsibility for financial services for the firm's clients in many countries in Europe, the US and East Asia including on UK Government sponsored trade missions. He has written many articles on UK Regulation in his career.

click here for previous issues of the newsletter

................................................

FSA NEWS & SPEECHES 

Stockbroking firm fined £77,000 for weak data security controls, FSA Press Release, 17 June 2008

FSA Publishes Annual Report 2007/2008, 30 June 2008

The report details how the FSA has delivered outcomes for both firms and consumers throughout the year under the three headings which cover all of the FSA's work. These are:

• to promote efficient, orderly and fair financial markets, both wholesale and retail;
  to help the retail consumer for financial services achieve a fair deal; and
  to improve its business capability and effectiveness, so as to make the FSA easier to do business with

...............................................
Upcoming Conferences and Events

The FSA has said, “Once an employee has attained competence, a firm must ensure that the employee remains competent … It is important that training to maintain competence is effective and purposeful”.



Strategic Recruitment, London, 30 July 2008

Practical Employment Law:  Absence, London, 27 August 2008

Practical Employment Law:  Redundancy, London, 28 August 2008

IRS Recruitment and Retention Conference, London, 11 September 2008

CIPD Annual Conference and Exhibition, Harrogate, 16-18 September 2008

..................................................

Articles of Interest

Brown's advice on CV fibs, The Sun, July 13, 2008

Integrity, at What Price?, PR.com, June 18, 2008

Training & Competence Revisited, PR.com, June 18, 2008

National Staff Dismissal Register ticks all the wrong boxes, Personnel Today.com, May 29, 2008

.................................................

CRB News - The fingerprinting process

We are often asked why it is sometimes necessary for applicants to go through the unpopular procedure of having their fingerprints taken.  CRB states that sometimes the information available to them is not sufficient be able to be certain that a particular criminal record does not belong to an applicant.

Where the CRB is unable to make a definite decision, it is necessary to ask the applicant to provide their fingerprints for the purpose of elimination.  If the applicant gives consent, all relevant documentation is passed to the local police force which then arranges an appointment to take the applicant's fingerprints; these are checked against those held on the Police National Computer.  The police will then either confirm the conviction or agree that the information should be removed from the individual's Disclosure.

All correspondence is conducted via the Umbrella Body (Powerchex), to reduce the time taken to process the application.

How should the Compliance and HR Functions respond to More Principles-based Regulation, MiFID and ICAAP?

By Christopher Bond, Senior Adviser on Compliance, Securities & Investment Institute

Important Note

The views expressed by Christopher Bond in this Article are his personal views and not those of the Securities & Investment Institute of which he is the Senior Adviser on Compliance.

MiFID has dominated Compliance’s and some HR Departments’ waking hours in the last year. Meeting that big change has left little time to consider other changes which may have a larger and more permanent impact on Compliance. More Principles-based Regulation (MPBR), corporate governance changes under MiFID and the self-assessment of a firm’s capital requirements under ICAAP, are likely to change the function of Compliance and HR in many firms – long after memories of the long evenings of MiFID preparation have faded.

The purpose of this Article is to persuade any doubters to make a strategic review of the purpose and function of Compliance, and to some extent, of HR. Although this Article focuses more on Compliance than HR, many of the changes and responses to these apply equally to HR – for example in making an HR Risk Map or Gap Analysis of people risks.

Until recently the purpose of the Compliance function was clear – to do as much as possible to keep the Firm following the Rules, and out of trouble with the Regulator. This sometimes meant trying to act as the Regulator’s representative in the Firm, and as the Firm’s representative with the Regulator. No easy task. HR had some of the same divided roles – for example for Approved Persons. Compliance was helped in doing this by two advantages – first the FSA’s Rules focused Compliance’s responsibility on the conduct of business rules, and secondly there were many detailed rules to show Senior Management, HR and business departments what was, and what was not, possible e.g. on qualifications for Approved Persons.

No more. For a start the empowering of senior management under MPBR to decide what approach to choose to achieve “outcomes” under the FSA’s Principles, moved much decision making to them and away from Compliance and HR. How can Compliance or HR refuse to approve an approach unless clearly unlikely to produce the “outcome” under the relevant Principle? Their ability to object is further reduced by the removal of many detailed rules – as in financial promotions, or demonstrating that employees have maintained their competence. At the same time as Compliance and HR lost power, the scope of Compliance is extended under MiFID and COBS “to the Firm’s activities under the regulatory system”*- not just the conduct of business rules. This covers prudential and corporate governance.

So how should Compliance and HR respond to these sometimes uncomfortable changes? There are several possibilities. Hector Sants in a “Dear CEO” letter ** describing good compliance practices in MPBR, wrote: “There is one particular element that runs throughout, namely the importance of senior management engagement.” Many of the good practices described in the letter could also apply to HR.

One approach is to diplomatically persuade senior management and other departments to accept their greater responsibilities – for example in treating customers and employees fairly, and in supporting Compliance and HR’s contribution to decision making. More generally there is a natural initiative for HR, given its role in developing a structured approach to executive development, to increase the knowledge and skills of senior management in the new way of making decisions. For example the Securities & Investment Institute offers free workshops to senior management of Firms who are corporate members. Some Compliance and HR staff may need more “soft skills” training to be persuasive, and senior management should accept the cost as appropriate and valuable.

Another approach is to redefine “Compliance Risk” and Compliance’s responsibilities. In the same “Dear CEO” letter, Hector Sants encouraged Compliance to redefine its role - “exercising good compliance judgement can benefit by perceiving compliance as a risk management function.” This implies a new approach by Compliance – for example making compliance risk maps using probability/impact/ ratings before and after mitigation, or gap analyses. (These also have the practical value of providing a base for a revised monitoring programme). HR could use the same approach.

Once the compliance function and other risk management functions such as HR are defined, relationships between these functions may need revisiting. Independence of the Compliance or HR functions does not prevent information sharing. This may lead to time saving in avoiding duplication in information collecting and risk monitoring – between Compliance and Risk and HR. In fact such co-operation can go further. Preparing a Firm’s ICAAP has revealed a new area of Operational Risk (including people risk) in some firms – which directly affects the amount of prudential capital of the Firm. This is mainly divided between Risk, Compliance, HR and Finance – with business departments contributing. A separate risk department approach may be inefficient and even dangerous – the Senior Supervisors Group (of 8 leading international regulators) Report on the Credit Crisis*** found best practice in leading investment banks in those which had a central and firm-wide approach to risk management. The logic of a Firm regularly reviewing its ICAAP encourages one of these four functions to be in charge of leading the team for collecting and merging the information for the Operational Risk Assessment. This could well be any of them, particularly in small or medium sized Firms, with strong support from the other departments. Indeed some Firms have gone further in giving the responsibility for Compliance and Risk, and sometimes HR, to the same person. Although safeguards are needed in this structure to preserve the “four eyes” approach (see for example SYSC 6.1.4(3) “The Compliance Function must not be involved in the performance of the services they monitor”), it is a development to watch.

In conclusion Compliance and HR need to accept that they are now – and may have been for some time – risk management departments. Now is a good time for all risk management departments including Compliance and HR to do a strategic review of their functions and relationships with senior management, business departments and other risk functions.

Christopher Bond MSI ACoI BA (Cantab)

23 June 2008
………………………………

Notes

*COBS 6.1.3(2) of the FSA Rulebook                                                                         (www.fsa.gov.uk)
**”Dear CEO” Letter: Managing Compliance Risk in major investment banks – good practices (www.fsa.gov.uk/pubs/ceo/compliance_risk.pdf)
***Senior Supervisors Group “Observations on Risk Management Practices during the recent market turbulence” - March 6 2008 (www.newyorkfed.org/newsevents/news/ banking/2008/SSG_Risk_Mgt_doc_final.pdf)