The Financial Conduct Authority (FCA), in their 2019/20 business plan, set out their main areas of focus which include both their supervisory priorities and also market studies. So it was no surprise that the Dear CEO letter on 21st January titled, Portfolio strategy letter for Financial Advisers should drop in the inbox so early in the new year.
The focus for the regulator is per their business plan. The FCA is concerned that consumers are having to take more responsibility for more complex financial decisions and quite rightly there is a need to prevent harm to consumers. With well-documented examples of where the actions of some firms have resulted in significant harm to consumers, this leaves not only the consumers vulnerable but other firms in terms of FSCS Levy increases and PII.
It is therefore vital to firms that they have robust systems and controls in place, and that they have competent advisers who give consistently good, client-centric advice, and have support staff who are experienced enough to provide challenge where needed.
SMCR will be tested this year by the FCA, and make no bones about this there will be fall out. We have heard worrying stories of individuals hiding in firms as they know there is no form A going off to the FCA. How much damage can be done before they are found out, will this be when they appear on the new Directory. Do you know your new hires? Have you issued the Regulatory Reference? Did you know it existed?
On the surface of all of this, the last two years has been a tsunami of regulation, which you cannot be expected to keep up with whilst doing your day job
We as compliance consultants keep up to date for you, we constantly horizon scan – the new buzz term for ‘read everything coming from the FCA’. We are members of the APCC and by doing so adhere to our own code of conduct which is something we are very proud of. We are also members of the PFS so adhere to their Code of Conduct too. So, when we hear about Compliance Consultants “doing a bit” here and there, we get very annoyed.
Please do your due diligence, does the individual have compliance/supervision experience and in what capacity, would be one of the first of many questions you should be asking when you engage. Are they members of the APCC?
The FCA updated a checklist that their predecessors compiled; this should be a minimum when you are conducting your own due diligence. A price comparison alone will not give you everything you should be asking.
Due Diligence for appointing an FCA compliance consultant
In an attempt to assist firms in choosing a suitable compliance consultant the FCA’s predecessor the FSA drew up a list of questions and issues you should consider as a minimum before engaging with a consultancy firm This checklist has since been updated by FCA.
If you do decide to get compliance support, it is important to consider what sort of support your firm needs and establish the type and level of service you require.
There are lots of different levels of service available. Make sure that any service you choose will address your objectives and help ensure you are compliant. Some of the services commonly provided include:
- initial risk assessment
- business development
- help with procedures
- file audits
- technical support
- training, and
- professional indemnity insurance (PII) cover
If you do decide to use outside support, you should consider:
- using an appropriate level of service. Different firms have different requirements; do not purchase something you do not need
- the relationship and extent of the services provided should be driven by you
- how you will monitor the quality and appropriateness of the services provided
You will want to ask potential consultants about their experience, skills and competence and establish that they have the knowledge and resources to give you what you need.
Good Practice Example
Firm F monitored the services provided to them by their consultant. The monitoring identified that the consultants were not providing a tailored service or specific enough help putting in place procedures.
The firm felt they were not getting the support they needed and changed to a consultancy which gave a more bespoke service. This helped them to implement improved procedures for complaints handling
Poor Practice Example
Firm H asked a consultant for specific technical advice on complaints handling and the scope of permissions. However, the consultant was inexperienced in these areas and gave the firm incorrect advice.
Following an FCA visit the complaints procedures were revised. However, the advice on permissions had resulted in a significant breach of FCA requirements, which resulted in disciplinary action.
You cannot outsource your regulatory obligations and the responsibility for oversight still remains with your firm.
We would wholeheartedly agree with this, and a bespoke service is essential. We want you to be an individual firm and not a carbon copy of another firm as you are using the same documents.
In addition to this advice from the FCA we would add: –
Regulatory knowledge and experience
Do they have the necessary experience to assist you and your type of firm?
Firms should look at how long the firm of consultants has been established, whether they focus exclusively on compliance with FCA rules and the range of clients for whom they act or have acted.
What are their financial services experience?
Firms should look to ensure that the consultants they propose to appoint have sufficient experience of the industry itself in which the firm operates, as distinct from experience simply from a regulatory perspective. Industry experience will give the consultant the ability to provide advice that is business-focused and practical.
What are their qualifications?
Firms should look at the qualifications held by the consultants, and particularly ensure that they are relevant to the advice that is being sought and the sector of the market in which they operate. It is worth noting that there are no regulatory requirements for consultants to be qualified, so it is important to ask this question.
How do they keep up-to-date with regulatory and product changes?
Consultants should be able to demonstrate that they have systems in place to keep abreast of all developments in the industry. Consultants will be best placed to demonstrate this if they have a team of dedicated staff. Such a dedicated team should ensure that it keeps itself updated at all times by making daily checks of the FCA website and associated regulatory sites, by attending appropriate seminars and briefings, by establishing contacts with firms of financial services lawyers, and that any necessary information is passed to all consultants. In addition, membership of appropriate organisations will help firms to stay abreast of developments through the communication discussion channels they provide.
Which associations or trade bodies are they members of?
The APCC is the professional body for compliance consultancy firms. APCC members advise firms who are regulated by the FSA. The APCC was formed on the initiative of the FCA to improve the professional standards of compliance consultants. The APCC is recognised as a trade body by the FCA and APPC members are also required to sign up to certain standards of behaviour, ethics and organisation. APCC member firms are subject to a disciplinary procedure.
Other consultants including contractors or small self-employed consultants may belong to other professional bodies, but those bodies will not focus exclusively on setting standards for compliance consultancy firms.
Services and Service Levels
What type and level of service do you need?
Firms should ensure that they know exactly what type and level of service they require. This could be a small one-off project or could involve the subscription to ongoing services that the firm may rely upon to ensure that that it is made aware of, and remains compliant with, all regulatory changes that take place.
Have you asked for, and will you enter into, a service level agreement (SLA)?
Have you ensured that the SLA details the work that will be undertaken?
Consultants are to be encouraged to provide terms of business and service level agreements and such other documentation so that there is no doubt as to the level of service agreed to be provided. Failure to provide such documentation may result in areas of compliance “falling down a hole” and failing to be addressed, and as such this understanding at the outset is paramount.
It should be noted that consultants will only provide advice on areas that it has agreed to provide advice on. However competent and efficient, firms cannot expect advice or assistance above and beyond that which it has been contracted to provide.
Many firms of compliance consultants will provide regular regulatory updates, either for a subscription or, of a more limited nature, for free. However, where this service is not available, or not subscribed to, it will be assumed that firms have in place their own procedures for keeping abreast of and implementing into their procedures, regulatory developments.
Will you and the consultant ensure that the SLA is reviewed and remains ‘fit for purpose’?
Firms and consultants should ensure that requirements are reviewed regularly so that the advice given is at all times suitable for the requirements of the firm.
What are their charges?
In order that firms can be sure that the package that they are agreeing with a firm of consultants is appropriate and cost-effective it is important to establish from the outset the level of charges that will be applied for the various services.
How many firms does the consultant work for?
Firms should check out the number and types of client that the firm has also worked, and continues to work, for. This is one of the best indicators as to the amount of experience the consultant will have across different sectors of the market.
Do they have sufficient resources or might they be overstretched?
It is of particular importance to ensure that the consultant is adequately resourced. If inadequate resources are available, not only may specific projects not be properly fulfilled, or not be fulfilled in a timely manner meaning that regulatory deadlines may be missed, but there will be a significant risk that they may not be aware of and/or communicate regulatory developments in a timely manner, which may result in firms failing to implement changes in time or at all.
What are their back-up arrangements for holidays etc..?
It is important, particularly with smaller firms to ensure that service will not be compromised through staff absences. Where firms are dealing primarily with one consultant it is important to ensure that that there is sufficient knowledgeable back –up available.
Have you reviewed their professional integrity, reputation, skills and competence?
Have you asked for a list of clients and taken references?
However well qualified a firm of consultants appears to be it is still important to make certain checks to establish their integrity, reputation, skills and competence within the market-place.
References from reputable firms within the same sector of the market-place that have already used the services of the consultant are one of the best ways of establishing this.
Have you compared them to any other consultants?
There are many companies offering compliance help. By comparing different firms, their experience, reputation and technical knowledge and qualifications, and the terms that they are prepared to offer, it will often become obvious which firm should be appointed.
Do they/will they add value?
It is important to be able to work well in partnership with the consultants appointed. Failures here will lead to failures in the advice, resulting in a lack of understanding about the underlying business.
Has any regulated firm they have worked for ever been subject to any action by the FCA?
Whilst action taken against a firm that is on the client list of a firm of compliance consultants should be looked into, it does not automatically mean that the firm of consultants is to be avoided. It may be that the matter resulting in the action does not result from any failure in the advice given by the consultant. This could simply be because they were appointed to assist after the regulatory action was commenced or because the consultants were not appointed to provide advice in the area concerned.
Does the consultant have Professional Indemnity Insurance and is it sufficient?
Although not a formal requirement most reputable firms of compliance consultants will maintain Professional Indemnity Insurance to a level suitable for the nature of the business that it operates.
It is only through firms ensuring that the consultants they appoint are adequately qualified, experienced, ethical and otherwise, in a position to provide the advice needed, that rogue consultants will be forced out of the marketplace.
It is also essential to appoint adequately experienced consultants to ensure your firm is compliant, we don’t do tick-box compliance but will challenge firms who we feel have ineffective systems and controls and recommend appropriate action.
We strongly advocate that when appointing a compliance consultancy firm, you should consider only those firms who are members of the Association of Professional Compliance Consultants (APCC). This is the main evidence that you can rely on that the firm aspires to deliver a professional service and has pledged to adhere to their Code of Conduct.
To discuss your compliance requirements, get in touch today.