This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
It has been argued that there is a potential conflict of interest (CoI) arising from the need of the Compliance Function (CF) to stay close to business on a day-to day basis. The aim of our assignment is to explore this potential conflict and how it might be addressed.
Conflict of Interest: Inherent in Definition of Compliance
In essence, compliance is "a state in which someone or something is in accordance with established guidelines, specifications or legislation or the process of becoming so."
(Whatis.com, 2011) In a company perspective, the CF exists to provide Assurance that the company is managing the compliance risks arising from the key external requirements with direct impact of non-compliance that fall within the function's scope. Typically, CF looks after conformity with all applicable laws and internal regulations. In this capacity, the function reports directly to senior management and, in specific cases, to the supervisory authority.
In order for the CF to be effective, it must be independent of other business activities and conflicts of interest, so it can discharge its duties objectively, provide an independent perspective and report objectively on the standards of compliance that the firm observes, both to the company and to the relevant regulator.
Without sufficient independence, the Compliance Officer (CO) faces conflict of interests where "a person has a private or personal interest sufficient to appear to influence the objective exercise of his or her official duties as, say, a public official, an employee, or a professional." (MacDonald et al., 2002:68) Consequently, the CO may not be objective when viewing the activities of senior executives.
PWC (2005) carried out a study in 2002 in 73 internationally active and major domestic financial services institutions in 17 countries worldwide. 11% of respondents considered 'lack of independence' of CF to be an issue. (Appendix 1)
Similarly, in 2007 the Bank of International Settlements [as a follow-up to its Compliance paper (BIS, 2005)] assessed the status of implementation of the compliance principles described in this paper, as well as the compliance-related challenges facing the industry regarding compliance issues in 21 participating jurisdictions. The most frequent areas involved in compliance incidents included market conduct - which encompasses conflicts of interests. (BIS, 2008)
The Gap: Profit vs. Stakeholder Interests
Indeed, maintaining absolute independence of the CF in practice proves troublesome, as the very definition of Compliance above suggests. The CO is an employee of the firm and may be one of the senior officers, acting on behalf of the CEO and the Board.
Consequently, this may create a certain tension between the CO and other managers of the firm who are providing services and generating income. (Methven, 2011)
Furthermore, having a good relationship with the business is vital to the success of the CF, particularly when it comes to assessing the compliance risk of the business. An adversarial relationship should be avoided and the CO should not be seen as a barrier to conducting normal business.
The Expectations Gap
To establish whether the CF provides assurance to the Board that the company is managing the compliance risks to a large extent depend on how the role of compliance is defined, formally set out and perceived both within the firm and externally. Should it monitor compliance, provide assurance and/or add value to the company for example.
An example from an Audit environment illustrates this point. Would you say that it is "true" or "false" that: "The role of the auditor is to detect fraud and error in financial statements". Most people would probably say "true". But in fact, in 1896 Kingston Cotton Mills case it was stated that the auditor was a watchdog but not a bloodhound - i.e. the auditor's primary role is not the detection of fraud, but to express opinion on whether the financial statements give true and fair view of the company's affairs. Nevertheless, all those years of regulating the profession and educating the public were not enough to clear this lack of clarity among users of the financial statements.
Although the CF is to advise on conduct of business to comply with laws and regulations, it is the CEO/Board who hold the ultimate responsibility for the compliance of the organisation. This raises the question whether the CF might only be as good as the CEO and/or Board want it to be.
PWC (2009) research indicates that COs are generally involved in setting and agreeing their functions' objectives and 83% of COs see the Board as the most influential in this regard. However, goals and objectives are not always clear and a wide-ranging remit is often combined with changing management expectations (e.g. towards advising on prudential issues, more broadly on reputational risk management or sustainable value creation), without an associated reassessment and/or reallocation of resources.
Compliance Function - There to catch you out or help you out?
Compliance should be seen not just as a monitoring tool but as an active method of support to management. "As business progressively manifests the right behaviour - embodying both integrity and innovation - the need for the CF to "police" its activities diminishes, and the value-adding "counsellor" role comes more to the fore."
Companies with a mature compliance culture tend to think of the CF as a vital element adding quality to the business in the interests of the customer and to business operations in general. No decisions on, for example, new business ventures would be taken without the involvement of the CF and its advice on all compliance risk areas. (Metheven, 2011)
In turn, having a good relationship with the business is vital to the success of the CF, particularly when it comes to assessing the compliance risk of the business.
On the other hand, the focus should not be allowed to swing entirely in the 'counsellor' direction. CF has a critical role to play in compliance oversight and monitoring in order not only to provide the necessary comfort to management but also to frame the advice it provides going forward. A clear delineation needs to be set between 'doing compliance' and 'monitoring compliance'. (PWC, 2005) Careful attention needs to be paid to management of potential conflicts of interest between the two CF roles.
Level of Assurance
It should be considered what level of assurance (i.e. if it expects reasonable assurance or limited assurance) the organisations expect the CF to provide (ACCA, 2009):
Reasonable assurance -The objective of a reasonable assurance engagement is a reduction in assurance engagement risk to an acceptably low level in the circumstances of the engagement.
(e.g. "In our opinion, internal control is effective in all material respects, based on levels fixed by the company.")
Limited assurance - The objective of a limited assurance engagement is a reduction in assurance engagement risk to a level that is acceptable in the circumstances of the engagement, but where that risk is greater than for a reasonable assurance engagement.
(e.g. "Nothing has come to our notice that causes us to believe that internal control is not effective, based on the levels set by the company.")
What is Independence?
The FSA (2005) suggested that firms should consider whether a definition of COI could be too narrow. An alternative for firms was to begin with a general definition of COI followed by an analysis of how it may apply in common business situations.
The best place to start such analysis might be to gain clear understanding of the main terms surrounding COI and Independence. "The ability to exercise sound judgement and decision making independent of the views of management, or inappropriate outside interests" is just one of the many definitions of independence. (IFAC, 2010)
One of the key criteria is to recognise that independence covers three different areas:
Independence of a function of any activity it reviews (i.e. not being put in a position of having to assess an activity for which it has day to day responsibility)
Organisational independence, in terms of the Chief Compliance Officer's reporting line within the organisation.
Independence as a "state of mind" of the internal auditing staff. (ECIIA, 2010)
Furthermore, IFAC identifies two different categories of independence:
Independence of mind and fact:
The COs needs to be in a state of mind that allows them to express opinions about the subject matter without feeling that they are under pressure due to independence issues and feel that they are allowed to act with integrity, conducting their compliance activities objectively and with professional scepticism.
Independence in appearance:
If third parties do not perceive the CO as being independent, even though the CO is independent in his/her mind, the third party do not trust the him/her due to certain circumstances or relationships which are incompatible with independence. As a result, the promise of the assurance that the CO is supposed to provide is lost.
Therefore, management should deal with the wider issues of CoI in a manner that is fair but also seen to be fair. In order to deliver this, clear guidance should be in place for staff on how to recognise a potential issue and when to escalate matters.
Threats and Safeguards to Independence
Once the Board is clear on what Independence actually means to the organisation the internal and external environment scanning can commence to highlight visible and emerging threats, risks and conflicts. (Appendix 2, 4) Senior management should make informed judgements about the materiality of the conflict risk. This forms a solid basis for applying variety of safeguards that can either reduce the particular threat or perhaps eliminate it entirely. Safeguards can be employed by legislation and regulation, the profession itself, individual organisations and at the end of the day it all comes to an individual. In relation to organisations, the business culture that supports the management of compliance and mitigation of COI is key in this process.
The Safeguards: Regulation, Legislation
Safeguards created by the profession, legislation or regulation include various pieces of corporate governance requirements, professional standards etc.
New Corporate Governance Code for Irish Financial Sector
For the purpose of this assignment we focused on the Corporate Governance Code for Credit Institutions and Insurance Undertakings ('the Code') that came into effect on 1 January 2011 as it is often considered to be one of the major recent events in the Irish Compliance and Corporate Government space.
Similarly to UK's Combined Code of Corporate Governance, the Code has a requirement for an annual confirmation of compliance to be submitted to Central Bank of Ireland ('CB'). As part of the Consumer Protection Code regulated financial service providers must provide a summary of the entity's policy in relation to COI to consumers as part of its terms of business. Failure to comply with the requirements of either code may be sanctioned under the Administrative Sanctions Framework of the CB.
Main objective of the Code is to prevent any one individual from having unfettered powers within a firm by placing primary responsibility for corporate governance with the Board. The minimum expectations that will apply to the Boards of credit institutions and insurance undertakings include (Financial Regulator, 2011; FRC, 2010):
Requirements relating to the composition of the Board (e.g. minimum of five directors);
Limits on the number of directorships which directors may hold;
Clear separation of the roles of Chairman and CEO;
A prohibition on an individual who has been a CEO, executive director or senior manager during the previous five years from becoming Chairman of that institution;
Criteria for director independence;
Consideration of conflicts of interest;
A requirement that Board performance and compliance is reviewed every three years by an external evaluator;
A requirement that Boards establishes a document of the risk appetite for the institution and the risk appetite is subject to annual review.
The establishment of a remuneration committee, where appropriate.
The Safeguards: Work Environment
The compliance department alone cannot resolve the inherent COI between an organisation's desire for profits and its duty to wider stakeholders, especially customers. (Appendix 3) Neither the concept of independence means that the CF cannot work closely with management and staff in the various business units. Rather, various safeguards can be employed in a bank to enhance the effectiveness of the CF.
BIS Principles (2005) outline these elements forming the basis of CF's independence:
CF should have a formal status within the bank.
There should be head of compliance of appropriate seniority with overall responsibility for co-ordinating the management of the bank's compliance risk. The nature of the reporting line and functional relationships depend on how the bank has chosen to organise its CF. The Board should be informed when the head of compliance takes up or leaves (including reasons for departure) the position.
CF staff should not be placed in a position where there is a possible conflict of interest. (e.g. conflict of compliance and other responsibilities or remuneration related to the financial performance of the business line for which they exercise compliance responsibilities).
The scope and responsibilities of CF should be clearly specified and then appropriate resources determined in relation to the size, complexity and nature of the business.
CF should have free, unencumbered access to any personnel and information necessary to carry out their responsibilities (e.g. on its own initiative investigate possible breaches of compliance policy; free to report to senior management on any irregularities without fear of retaliation)
Integrated Assurance Framework
Furthermore, the BIS Principles (2005) advise that CF, although independent in its perspective of the business and its controls, should be subject to periodic and independent review by the internal audit function.
Often, CF is seen as a part of the overall "Integrated Assurance Framework" that is typically based on the "three lines of defence" model comprising of Management in the first line, Risk management and Compliance in the second line, and independent assurance (i.e. Internal and External Audit) in the third line.
Whilst all Assurance Providers should be objective, there are varying levels of independence of the function from management. It is beneficial that these functions work closely together, each within their defined area of responsibility, while recognising the need for independent perspective or reporting by each of those functions. As such, this model allows an organisation to enhance good governance and provides confidence to the Board and the Regulator that risks are identified and managed, internal controls are operating effectively; CF has a clear, comprehensive mandate and is adequately resourced to achieve its objectives. (Stensgaard, 2010)
The Safeguards: Profession / Professionals
Safeguards that Individual Practitioners can take include compliance with CPD requirements, keeping up to date with current standards and maintaining links with their professional body.
PWC (2009) research highlighted that Industry Associations are valuable in helping organisations stay abreast of regulatory developments, provide a good interlocutor for regulators, and could enhance the 'professionalization' of the CO role.
Training and development of Compliance Officers
Specific attention needs to be paid to appropriate training and development of COs because their ability to influence the business depends on seniority as well as on capacity to relate to the commercial mindset of the business and understand its nature.
COs need to demonstrate a broad range of managerial, team and relationship building capabilities to coordinate a diverse set of individuals and the differing expectations of internal shareholders, without jeopardising the function's independence.
The credibility of Compliance Officers can be reinforced externally. Current proposals for Solvency II indicate that 'fit and proper' assessments will apply to COs and this may well extend in time to other financial sectors.
Also, there is currently a Consultation Paper titled 'the Fit and Proper Regime in Part 3 of the Central Bank Reform Act 2010. This Consultation Paper has been released because the CB sought additional powers to allow it apply an improved fitness and probity regime to individuals in all regulated financial services providers. The Consultation Paper sets out that, among other provisions, the CB wants to be able to restrict people entering senior positions in regulated financial services firms but also to suspend, remove and/or prohibit individuals in certain positions.
In conclusion, conflict of interest seems to be, indeed, very much a reality. Does it matter? Not necessarily, as long as the internal lines of defence work well together. The real issue is how to make the Compliance Function as efficient and independent as possible. This comes back to senior management to embed a culture of compliance within the organisation.