The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

International Compliance – A New Era for SMCR

By Andrew Shrimpton, Executive Chairman of Compliance Consulting at IQ-EQ

With great power comes great responsibility. Yes; but in the era of SMCR, heads of compliance have found out that even a medium amount of power now comes with an almost unpalatable amount of personal accountability – and legal jeopardy.

In many cases, this has already resulted in an unseemly game of buck-passing, as senior managers attempt to work out who is legitimately responsible for what – and what can be distributed elsewhere. And for the 10% of currently approved persons who are not based in the UK, it has been tempting to regard this as just another London-based spectator sport.

But this is all set to change. Buck-passing is going global, as the FCA attempts to close what it regards as a fundamental weakness in the financial market. The rules of responsibility will apply equally to foreign-domiciled compliance managers with a UK office, team and infrastructure as they do to firms founded and solely based in Britain.

That means, if the London office makes a mistake, you can still be held accountable, fined or worse, even if you’re based in New York, Boston or San Francisco.

This is quite a substantial liability shift and there is plenty that can be done to prepare, but in reality, many firms are repeating the mistakes of 2018 when GDPR came in, by burying their heads in the sand and assuming that geography would protect them. It didn’t then, and it won’t now.

All of this puts current international Heads of Compliance in an interesting position. Accept responsibility they can’t realistically adopt (or don’t want to) – or hand over the head of compliance title to someone who will, or who feels they can.

This personal Catch-22 is one of a series of questions that firms, and more importantly, individuals within those firms, will need to find answers to. One of the first things that firms will need to do is establish whether its governance structure is appropriate for the newly international SMCR jurisdiction.

In other words, is it realistic that someone outside the UK, with different working practices, cultures and even time zones, can take on the role as head of compliance? Is it enough to have a UK counterpart? Would it, in fact, be better to relocate responsibility entirely?

Firms will also need to codify responsibility to make sure the buck really lands where it’s supposed to – and that everyone understands where that is. Statements of responsibilities that set out clear duties and responsibilities, and reasonable steps that managers have to take to stop things going wrong in the first place will be needed. These are very much the end goal rather than the starting point, and should represent some pretty in-depth analysis of the firm’s current compliance processes.

It is also important to have the right systems and processes in place to make sure that paper-based accountability can be turned into reality. We often see internal ways of working, supported by embedded systems that act against responsible persons, making it easier to be irresponsible – especially in time-dependent workflows. If processes are easy and intuitive, people will do them. If they’re not, they’re far less likely to. If the person responsible is on the other side of the Atlantic, that creates intolerable levels of risk.

Firms should also make sure that the type and level of accountability is actually suited to the person it is assigned to – and then change it if necessary. The big question here is whether the individual is able to reply fully to any questions from the FCA about what is happening in the UK office.

All this will loom large in September, once the industry comes back from its summer holidays – and then there’ll be no more excuses for sand: you’re either lying on it, or burying your head in it.

Related content

WEBINAR

Recorded Webinar: Managing the transaction reporting landscape post Brexit: MiFID II, SFTR, EMIR

The transaction reporting landscape has, for many financial institutions, expanded considerably in size since the end of the UK’s Brexit transition period on 31 December 2020 and the resulting need for double reporting of some transactions to both EU and UK authorities. It has also changed dramatically following the UK government’s failure to reach equivalence...

BLOG

Confluence Acquires Fundpeak to Address Funds’ KIID, PRIIPS Requirements

Pittsburgh-based risk and regulatory solution specialist Confluence Technologies has agreed to acquire Fundpeak, a provider of tools for helping buy-side firms manage their marketing and communications based in Czech Republic. The acquisition aims to strengthen Confluence’s offerings in the segment by leveraging Fundpeak’s expertise in providing secure fund portals and marketing tools such as fund...

EVENT

RegTech Summit New York City

Now in its 5th year, the RegTech Summit in NYC explores how the North American financial services industry can leverage technology to drive innovation, cut costs and support regulatory change.

GUIDE

Entity Data Management Handbook – Seventh Edition

Sourcing entity data and ensuring efficient and effective entity data management is a challenge for many financial institutions as volumes of data rise, more regulations require entity data in reporting, and the fight again financial crime is escalated by bad actors using increasingly sophisticated techniques to attack processes and systems. That said, based on best...