We are often asked about what personal liability a firm's Compliance Officer might have. Firms are obliged to appoint an individual to undertake this role and that person will normally be a Director or Senior Manager in the firm. The role is a FCA Controlled Function (CF10), more formally called Compliance Oversight Function. The CF10 is charged with -
- responsibility for oversight of the firm's compliance with relevant regulations; and
- reporting to the firm's governing body in respect of that responsibility.
For evidence that the responsibility is real and needs to be taken seriously, we can look to two aspects.
- the regulations that protect the CF10;
- the consequences when it goes wrong.
Firms must demonstrably support the CF10 and compliance function. SYSC 6.1.4 states, "the compliance function must have the necessary authority, resources, expertise and access to all relevant information".
Firms must also safeguard the objectivity and independence of the CF10. For example, the CF10's remuneration must not be structured in such a way that might compromise that independence, or be likely to do so. And there are rules that constrain the ability of firms to remove, or apply disciplinary sanction against, the CF10.
When it goes wrong
The real proof of how seriously firms appointing, and individuals accepting, the CF10 role should treat the decision can be seen in cases where it has all gone wrong. The financial press frequently carries stories of large fines and/or bans being imposed on Compliance Officers. It is not appropriate to name names or list every single case here but the following is a representative and eye opening selection of some consequences for Compliance Officers.
£200,000 personal fine
... for failing to action professional advice that due diligence of products was inadequate, recklessly failing to ensure the risk of products' non-performance was addressed, failing to notify the FCA of the actual non-performance of those products and misleading the FCA.
£105,000 personal fine - and banned
... for contributing to a culture that permitted LIBOR manipulation to take place and failing to recognise the risk of this culture or take steps to prevent it.
£75,000 personal fine
... for failing to exercise due skill, care and diligence in performing the CF10 role.
£33,800 personal fine
... for systematic weaknesses in the design and execution of compliance systems and controls.
£19,000 personal fine
... for failing to deal with the FCA in an open and cooperative manner.
We believe that a quick look at the rules and an even quicker look at the eye-watering personal fines that have been imposed should result in two thought processes.
- Firms should make sure that they have the right person in the CF10 role. It clearly needs to be an individual with a thorough knowledge and understanding of the relevant regulations. But the person also needs to have authority and objectivity and an environment that supports the role.
- Actual or prospective CF10s should ensure that they have the relevant regulatory knowledge. The individual needs to have an independent mind set and be prepared to challenge the management of the firm and report and address issues or potential risks. However, it is also essential that they understand the nature and workings of the business they monitor. One without the other is insufficient. It is not uncommon in professional firms with a small financial advice unit for a professional partner to take on the CF10 role – often because they don’t trust anyone else to do it, have too small a FS operation to warrant the cost of a dedicated individual or simply don’t want incur that cost – but where the partner does not actually understand the business they are overseeing.
A similar situation often also applies to ‘traditional’ adviser firms. The Compliance Officer needs to have a thorough grasp of the rules AND the business. One without the other is a problem waiting to happen. We often see advice firms where one of the directors/partners takes on the role but does not have sufficient grasp of the rules and how to make them work (and may see the role as a distraction from doing business anyway). Other firms take on a dedicated individual who might know the rules but has little or no authority and/or little or no grasp of the business and how to make it compliant with those rules.
Finally, you will not be surprised that we took particular note of the case where a Compliance Officer was fined for "failing to ensure timely and adequate implementation of recommendations of an external compliance consultancy". We aim to support our clients' business objectives and to ensure that they operate effectively and compliantly.
Action Required By You
- Firms appointing a CF10 should ensure that the individual has sufficient understanding of the regulations and the business;
- Firms must ensure that the CF10 and Compliance Function is supported by the firm's processes and culture;
- CF10s must ensure that they acquire and maintain up to date knowledge and understanding of all regulations relevant to the business of the firm;
- CF10s must be prepared to challenge and guide the management of the firm.
For more information, contact your usual ATEB consultant or click here.