It’s the role of a Chief Compliance Officer to oversee all company policies, procedures, products and services to make sure they are compliant with regulatory requirements. In recent years, numerous compliance officers at large firms have been fined, banned, suspended, or asked to leave, and face an increasingly complex regulatory environment (there was a regulatory alert every 15 minutes in 2015).
Rising liability has put increased emphasis on senior individuals’ ability to identify, manage and mitigate their own personal regulatory risks, with compliance officers feeling themselves to be particularly vulnerable.
In an interview with Corporate Compliance Insights CEO Maurice Gilbert, Stacey English, head of Regulatory Intelligence, Thomson Reuters, discussed mitigating personal reliability risk, and the future of the compliance profession.
Maurice Gilbert: What do you see as being the leading attributes of an effective CCO?
Stacey English: First and foremost, a CCO must have deep technical knowledge and practical experience of compliance not just to envision, but also to oversee and enable compliant solutions to both day-to-day business and cutting-edge innovations. To be truly effective, a CCO’s skill set needs to include excellent interpersonal skills. Credibility and gravitas in a range of internal and external environments are essential to ensure compliance is taken seriously at the Board level and the firm has an appropriate relationship with all relevant regulators.
The ability to multi-task is essential. Not only will a CCO have to regularly make judgment-based decisions, oversee a robust monitoring program, manage highly skilled staff and liaise with other risk and control functions, but they also have to stay up-to-date with all relevant regulatory changes.
Maurice Gilbert: What steps can a Chief Compliance Officer take to manage personal liability risk?
Stacey English: Personal liability for Chief Compliance Officers (CCOs) has grown alongside the liability for other senior managers in financial services firms. There are a range of measures CCOs can take to identify, manage and mitigate their rising personal liability. CCOs should ensure that their job descriptions are documented in up-to-date detail covering exactly what their role entails and how those obligations are discharged. As part of the discharge of obligations, CCOs need to maintain an appropriate suite of robust evidence to demonstrate the full discharge of their regulatory obligations.
CCOs are at the forefront of not only maintaining communications with all relevant regulators, but also tracking regulatory changes – including considering and learning the lessons from regulatory announcements in ways that shape the nature of regulatory expectations and associated personal liability. All relevant regulatory information needs to be – and to be seen to be – considered. This includes supranational or cross-border regulatory changes, the lessons to be learned from enforcement actions against firms undertaking similar business activities and any messages from speeches and other regulatory publications.
Maurice Gilbert: What do you foresee happening in the compliance profession three years from now?
Stacey English: The compliance profession will continue to evolve and the profession in three years’ time is likely to require an even greater level of technological expertise.
Whilst compliance officers do not need to be IT experts, they need to be increasingly aware of and engaged with a range of technological developments and innovations, from cyber resilience to robo-advice and the use of virtual currencies.
CCOs are likely to also find that the growing demand for experienced and skilled compliance officers is unsustainable and that they need to turn more to technology to enable compliance departments to do more with less.