About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

International Compliance – A New Era for SMCR

Subscribe to our newsletter

By Andrew Shrimpton, Executive Chairman of Compliance Consulting at IQ-EQ

With great power comes great responsibility. Yes; but in the era of SMCR, heads of compliance have found out that even a medium amount of power now comes with an almost unpalatable amount of personal accountability – and legal jeopardy.

In many cases, this has already resulted in an unseemly game of buck-passing, as senior managers attempt to work out who is legitimately responsible for what – and what can be distributed elsewhere. And for the 10% of currently approved persons who are not based in the UK, it has been tempting to regard this as just another London-based spectator sport.

But this is all set to change. Buck-passing is going global, as the FCA attempts to close what it regards as a fundamental weakness in the financial market. The rules of responsibility will apply equally to foreign-domiciled compliance managers with a UK office, team and infrastructure as they do to firms founded and solely based in Britain.

That means, if the London office makes a mistake, you can still be held accountable, fined or worse, even if you’re based in New York, Boston or San Francisco.

This is quite a substantial liability shift and there is plenty that can be done to prepare, but in reality, many firms are repeating the mistakes of 2018 when GDPR came in, by burying their heads in the sand and assuming that geography would protect them. It didn’t then, and it won’t now.

All of this puts current international Heads of Compliance in an interesting position. Accept responsibility they can’t realistically adopt (or don’t want to) – or hand over the head of compliance title to someone who will, or who feels they can.

This personal Catch-22 is one of a series of questions that firms, and more importantly, individuals within those firms, will need to find answers to. One of the first things that firms will need to do is establish whether its governance structure is appropriate for the newly international SMCR jurisdiction.

In other words, is it realistic that someone outside the UK, with different working practices, cultures and even time zones, can take on the role as head of compliance? Is it enough to have a UK counterpart? Would it, in fact, be better to relocate responsibility entirely?

Firms will also need to codify responsibility to make sure the buck really lands where it’s supposed to – and that everyone understands where that is. Statements of responsibilities that set out clear duties and responsibilities, and reasonable steps that managers have to take to stop things going wrong in the first place will be needed. These are very much the end goal rather than the starting point, and should represent some pretty in-depth analysis of the firm’s current compliance processes.

It is also important to have the right systems and processes in place to make sure that paper-based accountability can be turned into reality. We often see internal ways of working, supported by embedded systems that act against responsible persons, making it easier to be irresponsible – especially in time-dependent workflows. If processes are easy and intuitive, people will do them. If they’re not, they’re far less likely to. If the person responsible is on the other side of the Atlantic, that creates intolerable levels of risk.

Firms should also make sure that the type and level of accountability is actually suited to the person it is assigned to – and then change it if necessary. The big question here is whether the individual is able to reply fully to any questions from the FCA about what is happening in the UK office.

All this will loom large in September, once the industry comes back from its summer holidays – and then there’ll be no more excuses for sand: you’re either lying on it, or burying your head in it.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: New solutions to the old problems of compliance with communications surveillance regulation

Communications surveillance is an integral element of trading at financial institutions, and its functions are clearly set out in jurisdictional regulations – to capture, record and retain all communications. Essentially, all business related communications must be recorded whatever the underlying mechanism – be it a work phone, personal mobile phone, text, video and so on...

BLOG

A-Team Group Names Winners of RegTech Insight Awards – USA 2022

Congratulations to the winners of A-Team Group’s RegTech Insight Awards – USA 2022. The awards were presented by Sarah Underwood, Editor, A-Team Group during a lively drinks reception following A-Team Group’s RegTech Summit New York on 16 November 2022. The RegTech Insight Awards recognise both established solution providers and innovative newcomers providing RegTech solutions that...

EVENT

Data Management Summit New York City

Now in its 12th year, the Data Management Summit (DMS) in New York brings together the North American, capital markets enterprise data management community, to explore the evolution of data strategy and how to leverage data to drive compliance and business insight.

GUIDE

Regulatory Data Handbook 2022/2023 – Tenth Edition

Welcome to the tenth edition of A-Team Group’s Regulatory Data Handbook, a publication that has tracked new regulations, amendments, implementation and data management requirements as regulatory change has impacted global capital markets participants over the past 10 years. This edition of the handbook includes new regulations and highlights some of the major regulatory interventions challenging...