Following the release of Thomson Reuters’ Personal Liability Report, Corporate Compliance Insights’ CEO, Maurice Gilbert, delved deeper into the findings with the report’s co-author, Stacey English, Head of Regulatory Intelligence at Thomson Reuters. Ms. English graciously provides her insight into both the role CCOs can play in mitigating personal liability risk and the future of the compliance profession.
Maurice Gilbert: What steps can a Chief Compliance Officer take to manage personal liability risk?
Stacey English: Personal liability for Chief Compliance Officers (CCOs) has grown alongside the liability for other senior managers in financial services firms. There are a range of measures CCOs can take to identify, manage and mitigate their rising personal liability. CCOs should ensure that their job descriptions are documented in up-to-date detail covering exactly what their role entails and how those obligations are discharged. As part of the discharge of obligations, CCOs need to maintain an appropriate suite of robust evidence to demonstrate the full discharge of their regulatory obligations.
CCOs are at the forefront of not only maintaining communications with all relevant regulators, but also tracking regulatory changes – including considering and learning the lessons from regulatory announcements in ways that shape the nature of regulatory expectations and associated personal liability. All relevant regulatory information needs to be – and to be seen to be – considered. This includes supranational or cross-border regulatory changes, the lessons to be learned from enforcement actions against firms undertaking similar business activities and any messages from speeches and other regulatory publications.
MG: Will the increased difficulty in recruiting Chief Compliance Officers cause regulators to rethink their approach to personal liability?
SE: Regulators are aware that any enforcement action taken against senior individuals will be scrutinized. Regulators had come under significant criticism for not having been seen to hold anyone accountable for the financial crisis, but great care is needed in the practical imposition of more realistic personal liability for wrongdoing.
For CCOs, concerns have been expressed in the U.S. that perhaps compliance officers had been unduly targeted, reinforcing the need for credible deterrence to be seen to be applied evenhandedly. One practical ramification for CCOs is the expected impact on resources. Two-thirds of respondents to the 2015 personal liability survey reported that the focus on accountability will have an impact on firms’ ability to recruit and retain skilled senior compliance staff.
MG: What new service offerings does Thomson Reuters offer to help Chief Compliance Officers manage risk?
SE: Research & Analyses: Thomson Reuters Regulatory Intelligence (TRRI) produces several impactful, insightful studies annually on salient issues and matters affecting the compliance community, based upon global and regional surveys we conduct with market participants. Key findings and trends from these surveys – articulated by their author(s) – are announced via press releases, media alerts, blogs, white papers and other bylined communications, as well as at conferences and other forums. (Examples include the Thomson Reuters Personal Liability Report, the Thomson Reuters State of Regulatory Reform Special Report, the Thomson Reuters Conduct Risk Report and the Thomson Reuters Cost of Compliance Report.)
News & Intelligence-Gathering: TRRI also has a global staff of journalists daily covering financial regulation and compliance news developments in London, Hong Kong, Perth, Singapore, Toronto, New York, Washington, D.C. and beyond. Their articles and insights appear also on the Reuters Financial Regulatory Forum and are republished (with attribution) by other news organizations and industry analyst information sites.
For more on TRRI, see https://risk.thomsonreuters.com/products/thomson-reuters-regulatory-intelligence
Additionally, Thomson Reuters offers CCOs an array of pertinent risk management solutions in the form of regulatory databases, software programs – such as our Org ID managed service to help compliance teams address and meet global Know Your Customer (KYC) regulations – and our World-Check database to help CCOs comply with anti-money laundering (AML) and anti-terrorist financing requirements.
Thomson Reuters also has a comprehensive suite of compliance (e-)learning tools.
MG: How do you see the regulatory landscape changing corporate compliance programs in the future?
SE: The worldwide regulatory focus on culture, ethics and conduct will continue to shape compliance programs. Many firms and jurisdictions still have a long way to go in understanding what conduct risk means to their business and implementing a program to manage it. Compliance with the culture and conduct standards of the firm requires buy-in and understanding from all staff and can’t be managed by the compliance function alone. Cultural change programs are long-term, and it takes time to implement and assess the results. Firms will also need to assess much more qualitative results to determine their success – a focus on quantitative numbers alone won’t be effective.
Corporate compliance programs are also being driven by the swathe of regulatory changes, which are now moving into the implementation phase.
MG: What do you foresee happening in the compliance profession three years from now?
SE: The compliance profession will continue to evolve and the profession in three years’ time is likely to require an even greater level of technological expertise. Whilst compliance officers do not need to be IT experts, they need to be increasingly aware of and engaged with a range of technological developments and innovations, from cyber resilience to robo-advice and the use of virtual currencies. CCOs are likely to also find that the growing demand for experienced and skilled compliance officers is unsustainable and that they need to turn more to technology to enable compliance departments to do more with less.
MG: What do you see as being the leading attributes of an effective CCO?
SE: First and foremost, a CCO must have deep technical knowledge and practical experience of compliance not just to envision, but also to oversee and enable compliant solutions to both day-to-day business and cutting-edge innovations. To be truly effective, a CCO’s skill set needs to include excellent interpersonal skills. Credibility and gravitas in a range of internal and external environments are essential to ensure compliance is taken seriously at the Board level and the firm has an appropriate relationship with all relevant regulators.
The ability to multi-task is essential. Not only will a CCO have to regularly make judgment-based decisions, oversee a robust monitoring program, manage highly skilled staff and liaise with other risk and control functions, but they also have to stay up-to-date with all relevant regulatory changes.
MG: What do you see as the greatest regulatory risks facing companies today?
SE: For financial services firms, there are a number of key regulatory risks at play, including the growing regulatory expectations around conduct risk, increased personal liability and regulatory fatigue arising from the continued pace and column of regulatory change. All of these risks need to be managed while skilled compliance resources are at a distinct and growing premium.
Stacey English is head of the Regulatory Intelligence team for Thomson Reuters, which monitors and analyzes regulatory developments from global regulators and provides regulatory and industry insight, as well as thought leadership, to compliance and risk professionals worldwide.
Stacey has 20 years of compliance, risk and audit experience within the financial services industry, both as a regulator and as a practitioner.
Prior to joining Thomson Reuters, Stacey began her regulatory career with the Financial Services Authority, spending six years undertaking supervisory inspections and mis-selling investigations; drafting new rules and guidance for the financial services industry and two prior years as an internal auditor assessing the conduct of the regulator itself.
As a practitioner, she specialized in risk management within the insurance industry. As a senior manager for Aviva, and latterly with Lloyd’s of London, Stacey focused on designing and embedding enterprise-wide risk management and reporting. She also provided risk management consultancy services to Lloyd’s syndicates. Stacey was latterly head of governance, reporting and intelligence for Barclays Bank.
Stacey is a qualified accountant, having gained the highest results worldwide; she has first class degrees in B.Sc. (Hons) Applied Accounting and B.A. (Hons) Business Administration, and holds the Financial Planning Certificate.
Maurice Gilbert founded Corporate Compliance Insights in December 2008 to further the discussion and professional knowledge exchange of important, forward-thinking corporate governance, risk and compliance topics.
