On the first day of Christmas, the industry gave to me…the most common recurring issues and potential pitfalls across a firm’s governance, compliance and control environment.
Christmas comes but once a year, but compliance obligations apply all year round.
Unfortunately, when it comes to compliance programmes this Christmas, UK financial services firms are still making the same errors, over and over again.
Our recent compliance reviews carried out on financial services firms identified, on average, 24 different regulatory failings or weaknesses – one for every day of advent and not a case of the more the merrier
This Christmas, we have rounded up 12 of the most frequently observed compliance weaknesses or failings made by firms this year.
By tackling this list of potential issues, compliance teams can put their organisation’s programmes on sounder footing should the UK Financial Conduct Authority (FCA) come calling in 2020.
A number of years ago at an FCA Annual Conference they stated that the two principal reasons firms end up in enforcement are lack of governance and lack of oversight.
Firms need formal, minuted board and senior management meetings with set agendas, and a programme of regular reports, policies, procedures or risk assessments.
The arrival of SM&CR in December 2019 makes good governance even more essential.
2 Compliance arrangements
In compliance terms, this is the beating heart of your firm which people can sometimes be a bit blasé about.
Keeping basic compliance infrastructure, such as the compliance manual, policies, and procedures, up-to-date is absolutely vital.
3 General compliance
This is a general catch-all section where many of the findings we make are present. The devil is often in the detail when it comes to getting things right for the regulator:
- Be accurate: use the correct form of words for the Statutory Status Disclosure
- Check the firm’s standing data details within 30 days of its accounting reference date, as required by SUP 16.10. The FCA knows it has inaccurate data for many firms. Keep an eye out for changes coming into play after 30 Jan 2020
- Validate the quality of recordkeeping with a compliance review.
- Examine the firm’s Part 4A Permission profile. If the firm doesn’t need or use a permission, or intend to use it within the next 12 months, remove it.
Firms often neglect important regulatory requirements in the human resources area. These include:
- Failing to conduct and document a formal review of an individual before registering them as an approved person (and now Senior Manager) with the FCA
- Using attestations only sporadically
- Getting the 12-week rule wrong. SUP 10A.5.6 allows the appointment of an individual to a Significant Influence Function for 12 weeks only in temporary or reasonably unforeseen circumstances.
This is an area that is critically important for all financial services firms but where we see many making basic mistakes from record keeping to content specificity during our reviews.
Training must not be a “tick box” exercise – it is the foundation to a firm’s overall culture.
Training should be designed appropriately for the firm’s operations, compliance obligations and risks and should be well executed and documented.
The values of online vs face-to-face training should also be considered.
6 Financial crime arrangements
Firms not completing financial crime risk assessments, or conducting one as a one-off initial exercise that hasn’t been revisited either recently - or in some cases since the firm’s inception is another pitfall.
A thorough understanding of its financial crime risks is key if a firm is to apply proportionate and effective systems and controls.
7 FCA reporting
Three key issues that pop up over and over again in firms’ regulatory reporting include:
- Incorrect Gabriel schedule – often these have been set up the wrong way or amended incorrectly. Firms should regularly review their schedules.
- Erroneous fixed overheads requirements calculations – There are two different calculation methods, use the correct one.
- Wrong controllers and close links reports – it is important to provide the right information. Also, senior managers must understand the impact of decisions on group
8 Financial planning – Firms often neglect this area. The FCA expects that firms:
- Undertake financial forecasting – Have a three-year outlook in place.
- Consider capital and liquidity – Evaluate the impact on all financial resources – not just capital – and non-financial resources when assessing risks.
- Create a wind-down plan – Have a proportionate plan for winding down the business in a way that doesn’t cause harm.
9 ICAAP – The Internal Capital Adequacy Assessment Process (ICAAP) should never be a tick-box exercise. Key elements of a strong ICAAP approach include: