Читать книгу The Compliance Revolution - Jackman David - Страница 9
Part One
Theory
Chapter 1
New Compliance
ОглавлениеSee the whole among the pieces.
– Cameron Butland and David Jackman, Twenty-First Century Charter (21CC; June 2, 2009)
The Challenge
Compliance is undergoing a revolution in underlying principles, practices, role, expectations, and value. But many involved in governance, risk, and compliance (GRC) do not recognise the importance of the changes underway or understand how best to react and lead. This book aims to explain the significance of the phase we are now entering in financial services and provides a guide for compliance practitioners to navigate the transition in a way that is applicable to any sector or jurisdiction.
Compliance is growing rapidly across the world as regulatory requirements become more complex and international. The compliance function is now growing faster than many other roles but in many cases remains operational and mechanical; relative to its level of responsibility and potential impact, compliance is low status and poorly integrated into mainstream business activities. It is often considered an expensive add-on, marginalised, seen as a barrier to successful business, bedeviled by silo mentality and simplistic approaches.
This has to change. Compliance must show itself to be high-value, pivotal, and strategic. To achieve this there needs to be a fundamental shift in:
● How compliance sees itself
● Intellectual capital
● Overall direction and narrative
● Tools and methodologies
● Competences and professionalism
Yet the primary reason for this change is not self-preservation or self-enhancement, but because the aims and deliverables of compliance are so important to so many. The outcomes of compliance are critical to individual customers, families, businesses, and to the interests of the wider economy and society.
Turning Point
A turning point has been reached in financial services regulation. This text picks up the story of regulatory and compliance development at this crucial inflection. This is the moment at which compliance comes of age. It is no longer acceptable or credible to hide behind box ticking or “having appropriate systems and controls in place.” The differentiator is professional maturity. This is not possible without a focus on corporate and sector-wide maturity.
The journey on which compliance – and regulation – is embarking runs uphill. The path is steep and at times indistinct and difficult. There is a need to develop many tools and resources to assist the climb. However, this book sets out a general direction of travel and equips the reader with as much of the basic equipment as is possible to make a safe and successful ascent.
What is paramount is speed. The journey needs to be embarked upon soon and with urgency. What is undoubtedly true is that the range and complexity of the problems mounting are extraordinary and the need for solutions in an unequal and globalizing world is pressing. Compliance and regulation generally has a valuable role in making or facilitating and, on occasion, leading progress for both firms and the wider community, far beyond its popular image.
Traditional Compliance
Traditional compliance, as we shall refer to mechanical practices, is not covered here. There are many texts on introducing risk-based approaches or capital models. Other traditional elements of compliance include basic fitness and properness tests, authorization, client money rules, know your customer, market manipulation rules, transparency requirements, and financial promotions regulations and conduct of business rules. These are all important but they represent the foundation level of regulation and compliance and are not sufficient to constitute a sophisticated control environment or justify compliance as a full profession.
Similarly, fighting financial crime and money laundering have a basic of traditional compliance but have a sufficiently different set of objectives and processes to mark them out as a separate sub-discipline. It is more difficult to apply the models and tools introduced in this book to this parallel stream.
A final traditional tenet to be challenged is that compliance is not synonymous with or part of risk; it is much bigger than that. There may be compliance or regulatory risks within a risk framework but it does not follow from that that compliance is in some way subservient to risk or should be part of the risk department. Compliance, as we shall see in Parts II and III, has a much more strategic and wide-ranging scope and should report to the board independently and directly. Having a compliance person or specific non-executive director (NED) on the board is a clear sign that compliance has stepped up and not been left behind.
New Compliance
More than can perhaps be imagined depends on a new compliance emerging. This requires regulators and compliance to engage in a shared journey in which both are investing heavily in research, education, and discussion while establishing new joint approaches and infrastructures. We examine these new structures and elements and how they work together for a new compliance in Part II.
Shared Journey
It is important that the journey to new compliance is a shared one with compliance and regulation following the same map – the map is suggested in Chapter 2.
Ideally, regulation and compliance should be able to move forward in partnership at the same rate, but too often one side is playing catchup. If regulation is ahead of compliance, firms may be subject to increased regulatory risk, and if compliance gets ahead of regulation, then the risk is of unexpected interpretations increasing regulatory firm risk and regulators suffering reputational damage and loss of support by appearing flatfooted.
Regulation's role is to reflect and mediate the expectations and requirements of the wider public and economy. Regulatory objectives are rarely unreasonable, but regulators often lack the practical business experience to know how to implement them effectively and in a balanced way. Conversely, compliance should have the hands-on experience but may be more distant from the policy agenda or democratic public needs. Obviously, a dynamic process of learning from each other is ideal, but this needs a facilitative infrastructure, a basis of trust, and extensive practice. The crucibles for building mutual understanding may be shared training vehicles, informal discussion groups, frequent communication documents, and staff exchange programmes.
The most important shared understanding is that regulation and compliance are not ends in themselves. This self-delusion is dangerous and both compliance practitioners and regulators need to remind each other of their wider role and the implications of their actions. Both needs to have a shared answer to the question: Why do we do what we do? We consider that in Part III.