Making compliance easier

The best way to deal with constant regulatory change is to embed a compliance culture throughout the organisation – and the impetus has to come from the top, writes Peter Moore of The IMS Group.

Since the global financial crisis, there has been a wave of regulatory initiatives – some informed and well thought-out, others less so. Despite the existence of global organisations like the G20 or the IOSCO, the level of coordination between regulatory developments has been extremely disappointing, while fetters like cost/benefit analysis considerations or so-called principles of better regulation often seem to be forgotten.

Standing behind the financial regulators at times of financial crises are usually politicians espousing that “something must be done”, regardless of the extent of their understanding of capital markets.

So how should the financial services industry cope with what feels like constant regulatory change? Should it be submissive on the outside while resentful on the inside, adopting an external demeanour of obeying orders? There must be a better way – particularly since most successful financial services firms have lifecycles much longer than the term of national governments.

Getting buy-in

As anyone who has children will appreciate, getting them to bed each night requires a carefully devised strategy. One of the most important tasks prior to bedtime is teeth cleaning. Ideally, this should be supervised; however, occasionally one might allow the children to attend to it unsupervised, both as a well-intended exercise of trust and empowerment, and, more realistically, for expediency.

So how does one measure that any prescribed task has indeed taken place? The evidence of minty breath is a flawed control, since this can easily be acquired by just ingesting the toothpaste. While such conduct will achieve the short-term goal, it will not achieve the long-term objective of oral health and hygiene. Teeth-cleaning is a task directed by the parent, but the child is the ultimate beneficiary.

This analogy may seem tangential. But it’s seeking to demonstrate that voluntary compliance – a critical first step in both fulfilling and coping with regulatory obligations – occurs when a number of influences come to bear.

In the case of clean teeth, it includes the recognition that you are on your second (and final) set of teeth; an informed realisation that trips to the dentist for fillings are unpleasant; and, most importantly, an aesthetic belief that clean teeth look nicer.

Every principal of a financial services firm will, at the very least, want their firm to meet its regulatory obligations. A business plan that involves intentional breach, or breach by omission, is not a sustainable one, since it is only a matter of time before the cost of sanctions completely erodes the rationale of the existence of the business.

Accordingly, principals of any regulated business must espouse a healthy attitude to compliance. Not all regulation is perfect, but it is nevertheless ‘the law of the land’, which must be obeyed. If staff detect any hint of negativity or resentment from senior management, this severely hinders the effectiveness of the firm’s policies, procedures, systems and controls. The right culture being set at and by the top of a firm is paramount.

To the extent that a firm’s principals do not fully understand the origin and rationale of particular obligations or regulation generally, compliance advisers should and can assist with this. Knowledge enhances understanding, which in turn enhances the prospects for success.

Targeting risks 

The best approach a firm can take is to understand fully its regulatory obligations based on the nature, scale and scope of its activities. Within a private equity firm, key determinants will include: total assets under management, the number of funds being managed; the number of portfolio companies, and their size/ complexity; the number of geographic locations involved; and the number of staff across the whole organisation.

The firm then needs to align its most material obligations with measures that it already wants to take itself. For example, managing conflicts and acting in the best interests of investors is something that firms should want to do anyway: it’s good for business, and investors expect it. Meeting regulatory obligations of the capital adequacy variety again accords with a firm’s inherent desire to manage its own risks – a sensible commercial aspiration.

A regulator’s motives and actions are rarely pastoral, which should provide an added incentive for a firm to establish a compliance programme that serves its own agenda. A positive by-product is that this will actually assist firms to cope with regulatory change – since most developments tend to be new versions of the familiar themes of investor protection or systemic risk/capital adequacy.

When a new regulatory requirement is created, firms should start by determining whether existing processes can already meet it, as this will help to reduce the impact of any new regulation. This might involve reviewing current systems and controls to identify how they could be adapted or expanded. Indeed, this is something firms should be doing on an ongoing basis anyway.

The EU’s Alternative Investment Fund Managers Directive, for instance, represents a number of reasonably familiar regulatory obligations. It’s perhaps overly simplifying matters to classify each component as just ‘more of the same’. However, recognising that most of these measures are not completely new should alleviate much of the stress that the AIFMD and regulatory change in general is causing.

Size does matter

The crucial next step is to embed this compliance programme firmly within the organisation. This is traditionally achieved by disseminating literature to staff, usually with the added requirement that staff formally acknowledge in writing that they have understood – and will comply with – the policies and procedures in place. The more succinct this is, the better. Too much compliance literature currently in use is verbose, usually from a failure to understand fully which regulatory obligations do and do not apply. The longer and less relevant the literature, the more likely it will fail to become fully embedded. Too much of it ends up gathering dust on a shelf. If a compliance manual is the size of a door stop, that will be a more fitting use for it.

The next critical pillar is compliance training. Again, poor training can often take a tick-box approach and thus fail to meet its objective. Effective training will not only validate the programme’s rationale, but also assist staff to implement and follow the various procedures.

However, engaging staff with training programmes can be difficult; many staff at financial services firms regard compliance training as a chore and a bore. Good training is empathetic to what staff members need to know: it should aid, assist and arm. There is no reason why it cannot also entertain. Senior management can offer their assistance by mandating attendance and also by participating eagerly in the subject matter. Too often, they pander to investment professionals by agreeing that they cannot possibly be away from their day jobs for 60 minutes in a year to learn about important compliance issues – which is clearly evidence of a failure to set up an appropriate compliance culture. Firms can address this by delivering meaningful training sessions at fairly frequent intervals that genuinely add value. And senior management need to be prominent in facilitating this training: it should be seen to be delivered in their voice, not that of the compliance officer.

Not a foregone conclusion

However, the private equity industry must not forget its own role as an informed stakeholder. While the AIFMD is a good example of how not to propose and introduce regulation, it also serves as a template of how the community can and should respond to unsatisfactory proposals. To the credit of the industry, constructive engagement followed the initial draft at both national and European levels, which partially moderated the impact of the final proposals. More than two years into the process, the AIFMD is an example of how organised, effective lobbying can have some success.

The key lesson here is that good lobbying should inform rather than litigate; this avoids the appearance that the industry is resistant to regulation.

Furthermore, as the economic significance of private equity continues to develop, it is important that the industry does not withdraw from its engagement with politicians and regulators and risk being misunderstood once again. It would be dangerous to sit back and think that no more damage can be done. Key decision makers like European politicians should remain a keen focus since, in this case, even the national financial services regulators are little more than lobbyists themselves.

In the UK, where private equity has long been regulated by the FSA, the challenges in upgrading to the AIFMD regime will largely be operational and financial. In other countries, some firms will be regulated for the first time and so will need to develop their governance, compliance arrangements and procedures to meet the demands of regulators – who will suddenly become material stakeholders in their business. There is now much to do by June 2013, by which time the AIFMD will need to be implemented into national law, and thousands of firms across Europe will need to implement it into their businesses.

(Not to be outdone by Europe, the US has responded with the Dodd-Frank Act, which may lead to some firms finding that they are regulated by the US before they need to comply with any provisions in their European home state.)

Time to embrace change

Change is inevitable: the regulatory environment is no more likely to remain consistent than any capital market or other economic factor. (Indeed, all of these are actually interconnected.)

However, a strong, healthy compliance culture is the nearest a firm can get to future-proofing their practices. It’s also the most stable platform from which to cope with regulatory change – and to take an active role in influencing this change. 

Peter Moore is head of the Regulation and Compliance division at the IMS group. He has worked in financial services regulation and compliance since 1995, and has been consulting to private equity and fund management firms since 2006.