Don't believe in 'ghosts': Don't leave compliance and AML to the inexperienced
Some economies aren’t just false, they are foolish. A UK financial services firm that skimps on having a professional handle compliance could soon discover it has made a mistake. Added costs and the anger of clients and regulators are just the start. For some fintechs, boutiques and start-ups, treating compliance or anti-money laundering (AML) as an afterthought could threaten the business.
The amount and complexity of financial services regulation has snowballed since 2016. Compliance keeps a firm and its managers on the right side of it. That is not something to dismiss lightly: in 2019 the Financial Conduct Authority (FCA) imposed over £392m in penalties on businesses and individuals. But good compliance is not about stopping a firm doing things. A skilled compliance professional shows you how to do them safely.
The Senior Managers and Certification Regime (SMCR)
A regulatory red flag warns against not having someone dedicated to handling compliance. Under the Senior Managers and Certification Regime (SMCR), overseeing compliance is categorised as a senior management function (SMF) and responsibility for it must be allocated to a named individual. They must receive prior regulatory approval from the FCA and sometimes the Prudential Regulation Authority (PRA).
The PRA and FCA introduced SMCR in 2016. Initially it only concerned banks but since December 2019 it has applied to every regulated firm. As will be explained, there are powerful reasons why leaders of firms should remember SMCR when considering their compliance needs and obligations.
Core rules on the compliance team a firm must have are in FCA Handbook SYSC 6.1. The entry level is having adequate policies and procedures to comply with the regulatory system. In very small firms conducting simple business, an existing senior manager often also carries the ‘SMF 16’ responsibility for compliance or SMF 17 money laundering reporting function (MLRO). That is permitted so long as the FCA grants the additional regulatory approvals needed.
But as a firm develops, the compliance workload expands rapidly. ‘Double hatting’ soon becomes inappropriate. Commercially it makes no sense for the chief operating officer or a frontline executive who could be generating income to be spending time covering compliance. The regulator is also less likely to accept the arrangement.
FCA SYSC 6.1.3A says the ‘nature, scale and complexity’ of any firm’s business may mean it needs a separate compliance function. If so (SYSC 6.1.4) a compliance officer with the necessary expertise who is not involved in the activities they monitor should be appointed. That boils down to recruiting a specialist.
Doubling up as compliance head or MLRO also becomes unattractive. SMCR makes those holding an SMF personally accountable if something goes wrong. Blame cannot be avoided. The FCA can fine them or even ban them working in finance. A wise executive, already busy with their main role, may not want the extra responsibility for compliance or AML.
Ghost CCOs - What Are They and How Are They Harmful?
Firms can be tempted to fulfil their regulatory obligations on the cheap by appointing what in the U.S is called a ‘ghost’ compliance officer instead of a professional. A ‘ghost’ is someone only nominally in charge of compliance or with hands-on responsibility but not the necessary knowledge and experience.
The temptation is understandable. No one likes spending money unnecessarily, especially in uncertain times. But appointing a ghost can bring problems swiftly. On the commercial side, important counterparties will be deterred from doing business with you because your substandard compliance exposes them to risk. Others may exploit it. Resources could be wasted on projects that hit an inevitable regulatory barrier. Your risk of employee fraud rises.
SMCR aims to prevent ‘ghosting’ or double hatting roles too long. Whoever seeks regulatory approval to be an SMF must be a ‘fit and proper’ person for the role. Every year the firm must check they remain ‘fit and proper,’ which includes having the necessary ‘competence and capability.’ FCA FIT 2.2.1A says relevant factors include having adequate training, experience and time to fulfil their duties.
The regulatory consequences of appointing a ghost are potentially extremely serious. A firm can legitimately outgrow ‘double hatting.’ But deliberately seeking FCA approval for someone clearly unqualified to oversee compliance or AML could suggest a firm and its leadership hold the regulatory system in contempt.
If the FCA concludes that your firm thinks compliance with the rules is unimportant, it will also conclude it has failed to meet the required standards. The firm’s permission to operate in the UK may be at risk. As it is, the FCA’s 2020-2021 Business indicated it will be shifting its enforcement focus towards small firms that take regulatory chances.
‘Over the coming year we will be shifting our focus towards smaller firms. Many, but not all, of the 60,000 firms we regulate are committed to acting in line with our rules and principles. Some are not. We will shift our focus towards those firms that consistently fail to meet our required standards.’ – FCA Business Plan 2020-2021 p7.
Lesser repercussions of appointing a ‘ghost’ or ‘double hatting’ compliance for too long go beyond an embarrassing FCA refusal to approve an appointment. The firm’s governance arrangements could be called into question, leading the FCA to scrutinise its operations. Putting forward an obviously unsuitable compliance arrangement could cast doubt the firm’s leader’s suitability to hold an SMF. They might even be in breach of senior managers conduct rules COCON 2.2.2 and 2.2.3.
On the other hand, going ahead with compliance recruitment as soon as your firm begins to need a dedicated specialist or to expand its team does not just avoid penalties and regulatory interventions. Good compliance professionals understand business too. They work with frontline teams, finding solutions and identifying opportunities. They protect your firm from external and internal bad actors, helping you to make money safely.
At Rutherford, we know the market and exceptional practitioners in it. We understand that firms’ needs vary. That is why we can source the right compliance specialists for your firm.
Jonathan Skerrett is a Director at Rutherford, the executive legal, financial crime, cyber and compliance recruitment specialists.
Contact us for a confidential search, send us an email at email@example.com or see our latest vacancies.
 Source: FCA 2019 fines: https://www.fca.org.uk/news/news-stories/2019-fines
 Source: FCA SYSC 6.1: https://www.handbook.fca.org.uk/handbook/SYSC/6/1.html
 Source: FCA FIT 2.2: https://www.handbook.fca.org.uk/handbook/FIT/2/2.html
 Source: FCA Business plan 2020-2021: https://www.fca.org.uk/publication/business-plans/business-plan-2020-21.pdf
 Source: FCA senior managers’ conduct rules CONCON 2.2: https://www.handbook.fca.org.uk/handbook/COCON/2/2.html