Samuel Haskins, regulatory expert at PA Consulting, is quoted in Financier Worldwide’s article on the evolving role of the chief compliance officer (CCO).
“The CCO has moved from being a head of a sub-division of the legal team to the C-suite,” Samuel comments. “The role has become increasingly critical in responding to regulatory change and the shift from supervision to an emphasis on culture and judgement-based decisions. The CCO now has to not only develop robust compliance programmes, but also stay ahead of the curve and anticipate new requirements.”
He goes on to say: “The best CCOs balance their independence with business collaboration to identify and respond to emerging compliance risks. The industry has moved to a much more enterprise-wide approach to compliance – making it the responsibility of all rather than a siloed, prevention function. However, this transformation is not complete and there are big differences in approach in different sectors and industries.”
Helping to accelerate this transformation, Samuel says, is the introduction of the UK’s Senior Managers and Certification Regime (SM&CR) which, he believes, “should help reinforce the importance of compliance, as well as provide welcome clarity around each senior manager’s role and responsibilities for overseeing it”.
Samuel comments: “For firms without a CCO, increased regulatory scrutiny has often fallen to the general counsel or the chief risk officer (CRO). With a wide variety of compliance risk areas that are growing in complexity, CCOs must be able to prioritise compliance activity based on a clear understanding of what risks have the biggest impact. CCOs can benefit from the expertise of CROs to help them manage these risks. They should also use the existing enterprise risk management process to ensure compliance concerns are being escalated to senior management, and that resources are allocated to address them before they can become systemic problems.”
The piece goes on to talk about compliance programmes. Samuel says: “An effective compliance programme must start at the top, with the company’s senior leadership instilling a culture of compliance that encourages everyone to take breaches seriously.”
He continues: “CCOs can face serious consequences for deficiencies in compliance programmes. However, regulators are unlikely to bring enforcement action against CCOs who can demonstrate they did their jobs competently, diligently and in good faith, to protect consumers.”
The article notes that Samuel’s view is that the mandate of the CCO will continue to broaden to encompass issues such as conduct and culture.
Samuel comments: “Historically, compliance functions’ primary focus has been to define the rules and framework to meet the requirements of relevant laws and regulations. However, business practices are also facing increasing scrutiny from external stakeholders. Those with questionable business practices but without a strong culture can soon find themselves facing potential reputational damage. What is needed is a move away from the setting of ‘rules’ to the provision of ethical business practices and principles.”