About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

International Compliance – A New Era for SMCR

Subscribe to our newsletter

By Andrew Shrimpton, Executive Chairman of Compliance Consulting at IQ-EQ

With great power comes great responsibility. Yes; but in the era of SMCR, heads of compliance have found out that even a medium amount of power now comes with an almost unpalatable amount of personal accountability – and legal jeopardy.

In many cases, this has already resulted in an unseemly game of buck-passing, as senior managers attempt to work out who is legitimately responsible for what – and what can be distributed elsewhere. And for the 10% of currently approved persons who are not based in the UK, it has been tempting to regard this as just another London-based spectator sport.

But this is all set to change. Buck-passing is going global, as the FCA attempts to close what it regards as a fundamental weakness in the financial market. The rules of responsibility will apply equally to foreign-domiciled compliance managers with a UK office, team and infrastructure as they do to firms founded and solely based in Britain.

That means, if the London office makes a mistake, you can still be held accountable, fined or worse, even if you’re based in New York, Boston or San Francisco.

This is quite a substantial liability shift and there is plenty that can be done to prepare, but in reality, many firms are repeating the mistakes of 2018 when GDPR came in, by burying their heads in the sand and assuming that geography would protect them. It didn’t then, and it won’t now.

All of this puts current international Heads of Compliance in an interesting position. Accept responsibility they can’t realistically adopt (or don’t want to) – or hand over the head of compliance title to someone who will, or who feels they can.

This personal Catch-22 is one of a series of questions that firms, and more importantly, individuals within those firms, will need to find answers to. One of the first things that firms will need to do is establish whether its governance structure is appropriate for the newly international SMCR jurisdiction.

In other words, is it realistic that someone outside the UK, with different working practices, cultures and even time zones, can take on the role as head of compliance? Is it enough to have a UK counterpart? Would it, in fact, be better to relocate responsibility entirely?

Firms will also need to codify responsibility to make sure the buck really lands where it’s supposed to – and that everyone understands where that is. Statements of responsibilities that set out clear duties and responsibilities, and reasonable steps that managers have to take to stop things going wrong in the first place will be needed. These are very much the end goal rather than the starting point, and should represent some pretty in-depth analysis of the firm’s current compliance processes.

It is also important to have the right systems and processes in place to make sure that paper-based accountability can be turned into reality. We often see internal ways of working, supported by embedded systems that act against responsible persons, making it easier to be irresponsible – especially in time-dependent workflows. If processes are easy and intuitive, people will do them. If they’re not, they’re far less likely to. If the person responsible is on the other side of the Atlantic, that creates intolerable levels of risk.

Firms should also make sure that the type and level of accountability is actually suited to the person it is assigned to – and then change it if necessary. The big question here is whether the individual is able to reply fully to any questions from the FCA about what is happening in the UK office.

All this will loom large in September, once the industry comes back from its summer holidays – and then there’ll be no more excuses for sand: you’re either lying on it, or burying your head in it.

Subscribe to our newsletter

Related content

WEBINAR

Upcoming Webinar: Practical considerations for regulatory change management

Date: 18 September 2024 Time: 10:00am ET / 3:00pm London / 4:00pm CET Duration: 50 minutes Regulatory change management has become a norm across financial markets but a challenge for financial institutions that must monitor, manage and adapt to ensure compliance with both minor and major adjustments to obligations. This year is particularly troublesome, with...

BLOG

How 2024 will be a Monumental Year with Evolving Regulatory Requirements

By Leo Labeis, CEO at REGnosys. This year will be uniquely busy with numerous changes to global reporting regimes. This article explores the changes firms need to be aware of and how RegTech solutions can help them stay ahead of the curve. RegTech is one of the fastest advancing areas of fintech with the global...

EVENT

ESG Data & Tech Summit London

The ESG Data & Tech Summit will explore challenges around assembling and evaluating ESG data for reporting and the impact of regulatory measures and industry collaboration on transparency and standardisation efforts. Expert speakers will address how the evolving market infrastructure is developing and the role of new technologies and alternative data in improving insight and filling data gaps.

GUIDE

Entity Data Management Handbook – Third Edition

Welcome to the third edition of the Entity Data Management Handbook which is available for free download. In this updated edition we delve into the role entity data plays in the smooth running of financial institutions and capital markets, the challenges of attaining high quality data, and various aspects, approaches and technologies involved in managing...