If you study regulation in any detail it becomes clear that there are certain key responsibilities within any regulated firm, including compliance, training and human resources.
The following case study centres on the importance of these three areas and raises questions which each firm should consider.
James & Smithers
James and Smithers is a [fictitious] firm of insurance brokers with 100 staff. It has four divisions, each having a director responsible for operations.
The chairman and owner of the company makes most of the high-level decisions. After advice from consultants, he decides to appoint one of the directors as a part-time compliance consultant and another as training manager. He also employs an HR manager from outside the industry.
The compliance consultant starts by having a health check on the business and, as part of that process, maps out an action plan. He asks the board for a budget of £50,000 for compliance, competence assessment and training for the coming year. This is agreed by the board.
Part of the compliance action plan is to undertake a gap analysis of competence and this is done over a three-month period. That pilot scheme indicates that there are some serious gaps in knowledge of market practice, product knowledge and regulation.
So, the compliance consultant puts together a plan for training and assessment across the whole firm and presents this to the board, with a request for £20,000 from the amount set aside for compliance and training.
The board point out that, unfortunately, the training manager has already spent £45,000 on time management and management soft skills courses in the first month of the year and so there is actually only £5,000 left for compliance for the remainder of the year!
The above example raises the first important learning point. It is vital that when planning and budgeting to meet FCA regulatory requirements, that the firm decides and documents who will manage compliance, who will manage training and who will control the budget. If necessary, there should be two budgets, one for each of the two managers – one for training and the other for compliance.
Perhaps, there should also be a compliance budget to be spent on all training that is specifically related to getting and staying compliant?
This was a common-problem a few years ago - money poured into sales and management training but very little was diverted to compliance and the tasks required to become compliant.
If you run a company or are responsible for allocating these sorts of funds (large or small), be absolutely sure that you have created clear lines of authority.
Returning to the case study, having swallowed the bitter pill that the training manager may have spent the training budget, the compliance consultant sets about a programme of training for supervisors and learning for staff where competence gaps have been identified by the training needs analysis.
From his file reviews he knows that product knowledge among staff is poor and that irrespective of regulator’s requirements, the company is at risk from negligence claims unless he addresses product knowledge training as soon as possible.
However, having put together a plan for limited compliance training for supervisors and a more detailed plan for product training – to include the assistance of insurers – he is staggered to be told by the HR manager that competence training and assessment falls to the HR department. The HR manager probably has little experience of compliance, but a lot of letters after her name.
This leads to another very important learning point. Whatever the rights and wrongs of the arguments, this is a classic situation of no one having decided who is responsible for competence assessment and retraining and assessment when non-compliance is detected.
Not only that, we have a situation that the authority itself is not identified.
Let us suppose that in the case above, all three people report to the chairman. The fact is that this firm is going to have difficulty surviving if that chairman:
A: Does not understand regulation and compliance
B: Shows favouritism rather than takes an objective view
C: Prefers profits to compliance.
The major point I want to get across is that not only must you allocate responsibilities, you must also decide clear lines of authority and reporting.
Even if you are a firm where little authority is delegated, it is important to understand that the competence of the person making those decisions, particularly with controlled functions, has to be assessed and declared.
My opinion is that in the case study above it is perhaps the compliance officer who should have the overriding authority at this time. However, if the chairman wishes to maintain the decision-making authority with no element of delegation then he must be careful to acquaint himself well with the tasks and issues at hand and be willing to declare his competence on the issues.
If, for example, in the above case the chairman backs the HR manager and defers the product training and serious negligence claims arise, it is he that could be blamed by the regulator.
On the other hand, the HR manager is far more likely to understand the legal issues of employment and the training manager may well be the one of the three who has formal experience of training issues.
Ultimately, the board really must make sure that all three managers know and understand enough about regulation that they can be signed off as competent to do their jobs in a regulated environment.
But, perhaps more than anything, there must be documentary evidence to support how this firm is going to run, who makes decisions and has authority over whom – the best scenario is to document this plan within board minutes.