Fifteen to twenty years ago, if you told someone your job was a Compliance Officer – they might have looked at you puzzled or asked, ‘oh are you a lawyer?’. People didn’t really know what you did because a distinct compliance/risk and compliance function within an organisation was rare. The role of compliance was required to be filled by the business based on their interpretation of advice provided by the Legal Department – and challenges arose as the business struggled to understand the requirements and comply. This is distinctly different to the role the compliance function plays. Fast forward to 2022, and compliance officers are in high demand; in the financial services industry they are a critical component of an organisation’s structure but more importantly, a second line of defence function that no organisation can do without.
When we talk about the second line of defence, let’s break that down. The first line of defence is the business – who has direct responsibility for management of first or front-line operational risk issues. The second line of defence consists of your compliance and risk functions; and the third line of defence is audit. There is a heavy reliance on the second line of defence for guidance and advice on compliance with regulatory requirements, management of operational risk, compliance training, and helping the business navigate the quagmire of global regulatory rules and stay in business. Basically, the rule of thumb is, when in doubt – ask your Compliance Officer!
Reviewing some of the largest corporate fines in the financial services industry in the last decade, and the findings outlined by Royal Commissions or in Regulatory Fines, there is often an element of compliance failures that are highlighted as part of the investigations. From lack of a compliance culture in the organisation, to the business failing to consult compliance on the do’s and don’ts; and the lack of adequate compliance coverage and engagement within a business – compliance is almost always part of the equation. What went wrong? Why didn’t the business ask Compliance? Why didn’t Compliance stop the business? These might be questions that would be asked as part of a regulatory inspection, an audit, an investigation. And they are reasonable questions. Institutions’ remediation plans in response to compliance findings often outline a promise to significantly build out their compliance and/or operational risk teams to try and strengthen the overall compliance culture and demonstrate that they take compliance seriously.
But underlying this is another important question – given the expectations on Compliance, what are we doing to support their ability to stand up to that expectation? This is the concept I want to unpack in more detail during this article.
Let’s explore the types of academic backgrounds that Compliance Officers come from. It’s not uncommon for Compliance Officers to have studied law at university but it’s not a must either. Many have also come from working in the business and make the move over to compliance. And then you can have others that are really out of left field – one of my former managers in Core Compliance was an Engineer by qualification! There currently isn’t a degree at University that you can study on how to be a Compliance Officer – it’s something that is learned through the organisation and on-the-job training. However, the question has to be asked – how do we ensure that our Compliance Officers are best equipped to support the growth of the organisation in the future, and manage its compliance and operational risk obligations? What should we be investing in the Compliance Department?
There is no right answer about the qualifications that make a good Compliance Officer. But if you look at other roles or sectors within financial services, in addition to those initial qualifications, there are ongoing qualifications or competency requirements that must be met. Chartered Accountants are required to do annual Continuing Professional Development (CPD) training. The same requirement exists for Financial Planners, Financial Services Sales Executives, Legal Practitioners and so on. Yet with the heavy dependency on Compliance Officers, and the increasing level of personal accountability of the Compliance Officer – there is no uniform approach to ensure that Compliance Professionals continue their learning journey and focus on upskilling themselves to continue to be competent. Many regulators across the globe have some sort of a ‘Fit and Proper’ test that must be met for front line business employees dealing with clients. However, the business cannot function without the Compliance Department, so why isn’t there a competency requirement for the compliance function? Why are Compliance Officers not required to meet annual CPD requirements to demonstrate they have continued to study, learn, upskill and remain fit and proper for their role?
While regulators across the world have not yet implemented this requirement, it is incumbent on organisations to understand the importance of investing in the education of their Compliance Teams. Within the financial services industry, only those working in the Financial Crimes Compliance (FCC) sector are either required or encouraged to complete the Association of Certified Anti-Money Laundering (ACAMs) certifications. However, this is just one sector of compliance in financial services. Depending on the size of the institution, there could be many different products and services on offer, requiring Compliance Functions to support different lines of businesses. How do those Compliance Officers stay in touch with what is happening in the market, industry trends, regulatory expectations – other than just sourcing it themselves and reading what they can – on top of their daily job? As someone who has worked in compliance for over twenty years, I can tell you there is rarely time for self-directed learning and study. Its only when you are granted the permission and given the time to attend training sessions, courses, external conferences or seminars – that you are able to dedicate time to outside learning and find out more than ‘just enough to keep putting out the fires in your day job’
In the current economic environment, there is a huge focus on costs. The argument has been that Compliance Department is not a revenue generating department. However, it must be pointed out that the revenue generating departments cannot survive without Compliance. Fair, they may not bring in new clients, generate new deals or help fund new businesses – yet none of these business activities can exist without compliance support, engagement, and professional advice. Is the focus on costs the reason for the hesitancy to invest in the ongoing education of our compliance professionals? It’s another expense on the balance sheet. Why is this the case? Isn’t Compliance the first team you’re asked to contact if you aren’t sure about whether your actions are compliant with the rules or regulations? As a Compliance Training Professional, I know that every single course we produce ALWAYS refers the learner to their Compliance Officer for guidance or clarification. This highlights the dependence on Compliance Officer to provide guidance and advice and enable the business to continue deliver on their primary goals for the organisation.
Organisations need to understand that investing in ongoing education of Compliance Officers is an investment in the security and safety of the company. There is an ongoing focus on individual accountability from Senior executives. For example, the Senior Manager Regime in the UK, or the Banking Executive Accountability Regime (BEAR) in Australia. This translates to an even heavier reliance by senior executives on their Compliance function. Further, simply hiring more compliance staff is not the solution. Those who are hired need to be supported to continually upskill – whether it’s in relation to the full spectrum of risks they have to understand, being more aware of the technology challenges the business faces, or even the opportunity to frequently engage with regulatory and industry bodies to be at the cold front and hear important information upfront. But what is being done to ensure that Compliance function is adequately trained, skilled and ‘fit and proper’ for the critical role they play in the organisation’s ongoing success?
During my career as a compliance officer over the past twenty years, I have worked with a range of people from different businesses, and a large component of that has been on the collaboration required for training content. A training specialist must work closely with subject matter experts to develop the content fit for purpose. The training may have an operational compliance focus – e.g. what to do, how to comply, what are the ‘do’s and don’ts’; or a regulatory focus – what are the rules, how do you interpret them, how to ensure compliance. Either way, the training content needs to be delivered in a way that the learner can understand and absorb the key takeaways. In recent years, the Compliance function has become the subject matter experts for training delivered to the business that they support. In some cases, Legal may also be consulted to ensure the interpretation of the rules and regulations are correct. Through these experiences, we have encountered various levels of knowledge from Compliance Officers themselves of the rule sets – some are very familiar with the requirements, understanding them clearly and are able to identify changes required in the content to ensure it provides the best possible message to the learners. Others, while they are functionally responsible to provide guidance on the rules and regulations, may not actually be that familiar, and must defer to internal or external Legal for guidance as the experts. In this scenario, it demonstrates that while Compliance Officers are held out to be the experts, they aren’t always as confident in the knowledge of the specific subject that they are supposed to be experts on. This could be a factor of being new to the organisation, or the area being complex and frequently changing. Either way, it shows that the Compliance function has a challenge being ‘expert’ on all the areas they are engaged for advice.
I have rarely seen training that is targeted specifically for the Compliance Officer, and there needs to be more of it, to provide our Compliance functions an opportunity to grow, strengthen and do the best they can for their lines of business. Under the current infrastructure, the Compliance Officer is expected to manage their own learning journey, read all the articles and publications from regulators, industry experts, etc. and stay ahead of the business from a knowledge perspective. Is that enough?
There is a focus for the ‘Compliance Officer of the future’ to increasingly work with artificial intelligence and advancing technologies, to reduce manual analysis and to create efficiencies. The regulatory environment is changing so quickly and so frequently that the Compliance function needs to rely on better technological solutions to collect and analyse data, and be able to report to the regulator within the very tight timeframes. Without the technological advances, the ability to meet those deadlines becomes problematic due to the amount of manual work required. Yet is the advancing use of technology to help Compliance do their role actually helping educate them and increase their knowledge? It is certainly a step forward in creating productivity efficiencies which would provide a greater balance in enabling time to be dedicated to ongoing learning. Alternately, one could argue the sheer volume of work coming through the door means without the technological advances, they would have no chance of staying on top of their day-to-day work.
And what about large corporations’ approach to ‘juniorizing’ roles? Someone experienced or senior leaves an organisation, and the role is replaced with someone more junior. On one hand this does create future career growth – but on the other hand it means the new joiner has a much steeper learning curve before they get up to speed to fill the expectations of a Compliance Officer. For a Compliance Manager leading such a team – who may have been doing their role for quite some time, leading a team of junior, inexperienced staff means more on-the-job training is required, and less time for strategic learning and self-development.
The human mind needs to have the opportunity to learn new things, to feel excited, intrigued, challenged – to continue growth. This is the case both in your personal and professional life. Why do people get in a rut? Because they aren’t learning. They aren’t challenged. They feel like they are standing still. Compliance is an area of so much change, of opportunities for development, learning and growth, and it’s imperative to ensure our Compliance functions stay with an organisation, feel valued and continue to grow in their roles. Organisational support for their ongoing learning and development in the Compliance arena should be part of the organisation’s business priorities. I believe it won’t be long before Regulators across the world may look at the qualifications of Compliance Officers as part of their onsite reviews or requests for information; and while the academic backgrounds of the Compliance Officers may be varied, there should also be an ongoing focus for organisations to demonstrate what they are doing to continue to learn, upskill and build their Compliance skillset, in order for the organisation to succeed. Just as a positive Compliance culture from the top of the house is imperative for an organisation’s success, it is also imperative to invest in the future of your Compliance function by providing them an avenue of learning. Whether that is through studying dedicated compliance courses via external bodies, creating a learning infrastructure internally that requires them to demonstrate ongoing learning and development (through both internal and external sources) or creating a business objective through performance management tied to ongoing education. All these strategies will help focus the importance of ongoing education for compliance officers and demonstrate the organisation’s support. But more importantly it will create highly engaged, curious, challenged, top class Compliance Officers providing sound advice for the business to flourish.