A-Team Insight Blogs

International Compliance – A New Era for SMCR

Share article

By Andrew Shrimpton, Executive Chairman of Compliance Consulting at IQ-EQ

With great power comes great responsibility. Yes; but in the era of SMCR, heads of compliance have found out that even a medium amount of power now comes with an almost unpalatable amount of personal accountability – and legal jeopardy.

In many cases, this has already resulted in an unseemly game of buck-passing, as senior managers attempt to work out who is legitimately responsible for what – and what can be distributed elsewhere. And for the 10% of currently approved persons who are not based in the UK, it has been tempting to regard this as just another London-based spectator sport.

But this is all set to change. Buck-passing is going global, as the FCA attempts to close what it regards as a fundamental weakness in the financial market. The rules of responsibility will apply equally to foreign-domiciled compliance managers with a UK office, team and infrastructure as they do to firms founded and solely based in Britain.

That means, if the London office makes a mistake, you can still be held accountable, fined or worse, even if you’re based in New York, Boston or San Francisco.

This is quite a substantial liability shift and there is plenty that can be done to prepare, but in reality, many firms are repeating the mistakes of 2018 when GDPR came in, by burying their heads in the sand and assuming that geography would protect them. It didn’t then, and it won’t now.

All of this puts current international Heads of Compliance in an interesting position. Accept responsibility they can’t realistically adopt (or don’t want to) – or hand over the head of compliance title to someone who will, or who feels they can.

This personal Catch-22 is one of a series of questions that firms, and more importantly, individuals within those firms, will need to find answers to. One of the first things that firms will need to do is establish whether its governance structure is appropriate for the newly international SMCR jurisdiction.

In other words, is it realistic that someone outside the UK, with different working practices, cultures and even time zones, can take on the role as head of compliance? Is it enough to have a UK counterpart? Would it, in fact, be better to relocate responsibility entirely?

Firms will also need to codify responsibility to make sure the buck really lands where it’s supposed to – and that everyone understands where that is. Statements of responsibilities that set out clear duties and responsibilities, and reasonable steps that managers have to take to stop things going wrong in the first place will be needed. These are very much the end goal rather than the starting point, and should represent some pretty in-depth analysis of the firm’s current compliance processes.

It is also important to have the right systems and processes in place to make sure that paper-based accountability can be turned into reality. We often see internal ways of working, supported by embedded systems that act against responsible persons, making it easier to be irresponsible – especially in time-dependent workflows. If processes are easy and intuitive, people will do them. If they’re not, they’re far less likely to. If the person responsible is on the other side of the Atlantic, that creates intolerable levels of risk.

Firms should also make sure that the type and level of accountability is actually suited to the person it is assigned to – and then change it if necessary. The big question here is whether the individual is able to reply fully to any questions from the FCA about what is happening in the UK office.

All this will loom large in September, once the industry comes back from its summer holidays – and then there’ll be no more excuses for sand: you’re either lying on it, or burying your head in it.

Leave a comment

Your email address will not be published. Required fields are marked *

*

Related content

WEBINAR

Recorded Webinar: Senior Managers and Certification Regime (SMCR) – challenge or opportunity?

Are you ready to meet the requirements of the Senior Managers and Certification Regime (SMCR) when it comes into force for all firms authorised by the Financial Conduct Authority (FCA) in December 2019? Have you allocated all your staff to one of the four categories available under SMCR? Has your firm prepared a ‘statement of...

BLOG

Applicants Sought for New York RegTech Trade Mission

A-Team Group is delighted to partner with the UK’s Department for International Trade (DIT) to call for applications from UK RegTech businesses (specifically companies with a focus on regulatory monitoring, reporting and compliance) to participate in its upcoming 2019 UK RegTech Trade Mission to New York. Taking place November 13-15 in New York City, the...

GUIDE

Entity Data Management Handbook – Fifth Edition

Welcome to the fifth edition of A-Team Group’s Entity Data Management Handbook, sponsored for the fourth year running by entity data specialist Bureau van Dijk, a Moody’s Analytics Company. The past year has seen a crackdown on corporate responsibility for financial crime – with financial firms facing draconian fines for non-compliance and the very real...