In January 2017, the FCA sent a questionnaire to 22 wholesale banks asking information about their compliance function. The exercise was designed to give the FCA greater insight into the changes in the function over the past few years and where further challenges remain. The questionnaire contained 27 questions about the compliance function covering the following topics:
- role and strategy;
- strategy and planning;
- compliance monitoring;
- support and challenge; and
The FCA has now published a report on the compliance function in wholesale banks.
The report sets out the key themes and issues arising from firms’ responses to the questionnaire, together with some of the FCA’s own observations. Overall, the report notes that compliance functions need to evolve in response to a changing environment, including the advancement of technology-driven businesses and operations and the expanded range of first line of defence controls.
Key themes from the questionnaire responses include:
- the compliance function retains a key independent role but in many cases the role, strategy and design of compliance now warrant higher attention and support at board and executive level;
- the compliance function appears to be moving towards a pure, independent second line of defence risk function with a higher profile within firms;
- structurally, firms are seeking to clarify the shifting boundaries of the first and second lines of defence to help define the responsibilities of the compliance function, with regard, for instance, to financial crime. Such organisational change is likely to continue in the coming years;
- advances in technology require compliance functions to engage in system development at an early stage not only to advise and assess risk but also to leverage any opportunity to enhance the delivery of their own ‘compliance’ objectives (e.g. through the design of new controls); and
- several firms saw an opportunity for advanced data analytics and visualisation to help compliance discharge its mandate, but noted the risks of data quality and data security and, more broadly, cybercrime.
In terms of supervisory observations, the FCA notes that:
- compliance functions may benefit from considering how they interact with other second line of defence functions such as legal and risk, and the third line of defence, internal audit. Within the function itself, compliance needs to ensure it is adequately balancing its role as advisor to the front line with its role of providing challenge;
- firms should consider whether the function would benefit from a more refined, longer-term strategy beyond the parameters of the annual compliance plan;
- firms should be mindful of the accompanying pitfalls of an increasingly technology-based function, for example resilience, data security and the need for appropriately skilled personnel;
- compliance functions need to be staffed appropriately, including upskilling existing compliance staff by bringing in skills and experience directly from other functions and building out the compliance career offering, rather than simply reaching to the external recruitment market; and
- there is more “checking the checker” activity unrelated to internal audit, where teams within compliance examine the effectiveness of the compliance function itself. Any conflicts of interest that arise need to be managed effectively.
View FCA reports on review of compliance function in wholesale banks, 23 November 2017