The Complexity of Running a Geographic Region and Dealing with Multiple Regulators

As an EMEA Chief Compliance Officer, I have run regulatory risk compliance programmes over numerous jurisdictions and encountered varied regulatory examiners. This would be more than 20, extensively European, naturally the United Kingdom and the United States when working for American firms. The major categories of regulators fall into Central banks, prudential regulation (e.g., EBS, B of E), Bank regulators (e.g., OCC), Conduct regulators (e.g., FCA, BaFin), Securities regulators (e.g., ESMA, AFM), Exchanges (e.g., LSE) and Commissions (e.g., SEC, CFTC).

I have covered various cultures, worked with principle led regulators and others that are risk based but one thing is true, all regulators want a solid relationship with your firm. Developing a good relationship creates trust. A lot of regulators are inexperienced, learning on the job, but all at some point work to a political agenda that has been publicised such as Market Abuse, Conduct Risk etc. Whatever the reason you are dealing with a regulator be it a general enquiry, an examination, or an inspection I have found that there is only one tried and tested approach to foster a strong relationship, gain their trust and pass regulatory exams.

As you are the conduit between your firm’s senior c-suite management, business heads and the regulator you must be a powerful communicator, but your style should be concise, precise, and informative. The best delivery is to express your regulatory risk and control structure as comprehensive and dynamic. Always illustrate change in the programme and that you view change as a constant. Highlighting the past to demonstrate the present and the improvement in your current programme is a must. This shows that your programme is dynamic, but you must also highlight future planned works and analysis. As old regulations are superseded and new ones are created it is perfectly permissible to talk about projects as works in progress, but they must have detailed plans, overviews, and completion deadlines. As your businesses develop/morph or your firm in acts a takeover or merger again there is need for realignment of the regulatory programme. There are endless variables but what you are illustrating is that you have a sound, strong programme, that is not static but current and evolving – this is the closed loop model. As change is a constant you have communicated that the model is circular.

When telling your story educate the regulator about who your firm is, what it stands for and how the risk programme is managed. The 3 lines of defence model must be stressed and at the 1st level the business must be seen to own the risk with operational controls; at the 2nd level Compliance must be an independent advisory service, conducting control reviews and issuing corrective actions that are dealt with in a timely fashion; finally, the 3rd level, Audit must be seen to be active in auditing the whole model. In conclusion, you are demonstrating what good looks like and to do this well you must convey:

• the past (where the programme came from)
• the present (where the programme enhancements are today), and
• the future (planned amendments timetabled v horizon scanning for future changes)

Finally, as the meeting(s) or examination concludes leave the regulator with a taster, a future deliverable. If the above is followed you should achieve a successful outcome. With a strong regulatory relationship this can lead to positive commentary and even recommendations. This should be viewed as a constructive outcome not as a criticism far better than receiving a directive, a section 166, put on a remediation programme and/or financial fines and public censure.

Governance Risk and Compliance Limited, shares these experiences with you as we wish to demonstrate our distinct advantage over other Compliance Consultancies, Compliance Service firms and Recruiters. As market practitioners, we deliver compliance officers with substantial experience and expertise who are more than willing to be hands-on to deliver high level risk solutions for you. If you would like to discuss how we can help you please contact us by phone on 0203 1488 885, or by email info@grc-management.com

  • Dadmin
  • October 21, 2021

Join our Consulting