FCA has published a note summarising the results of its review of the compliance function in wholesale banks. It had asked 22 wholesale banks (including global banks, medium-sized banks focusing on specific areas or geographies and firms with less significant UK footprints) 27 questions.
Key themes included:
- the need for the compliance function to evolve in response to a changing regulatory environment. Firms seem to be moving towards the compliance department being a pure, independent, second line of defence risk function – with a view to better defining the responsibilities of the compliance function. FCA suggests firms could do some thinking around the longer term goals for the function, the support it gets and its position in the overall “lines of defence” model;
- most compliance functions either excluded or underemphasised things like risk ownership, a role in supporting culture and sharing of second LoD responsibility with other functions;
- most firms reported significant changes usually stemming from organisational changes and including strengthening senior roles within the function, merging compliance with operational risk and moving financial crime in or out of compliance;
- any changes would generally be driven by structural changes within the firm or group, regulatory change or review of the LoD model;
- regulatory change was almost universally seen as the biggest challenge, and some firms also saw risks of skills gaps developing as complex changes coupled with lack of resource;
- compliance is usually an independent unit with the head of compliance reporting to the CEO, and is rarely outsourced; and
- the main change over recent years has been a dramatic increase in monitoring and surveillance activity. Firms said front-office technology investment had not led to any fundamental change to the compliance function.
FCA is not requiring any particular firm to take specific action but hopes boards and senior management of firms will consider the contents.