Blog

Compliance – What keeps everyone up at night

We talked to the Head of Compliance for a large financial services company and share his insights below, plus what all companies concerned about compliance can take from this.

Business background:

Approximately 500 staff and turnover is £50-60m.

The founder of the business comes from an advertising background, and is seriously into technology, so we are a tech heavy business. We do a lot of marketing, which has to be scrutinised by compliance to ensure it meets the regulations.

As one of the largest intermediaries in our sector in the UK, we are definitely on the FCA’s radar.

What does a typical day look like?

The compliance team handle all areas of compliance – complaints, customer service, financial promotions etc – they are logged and all actions are recorded through to resolution. So, while no two days are the same, my time is spent monitoring and managing that.

Whilst we spend a fair amount of our time reacting to requests, we also monitor activities with a risk focus to identify potential problems. We pick up on themes which we report back to the business.

What keeps you up at night?

The format of our data – the regulator and large financial partners regularly want data interpreted in different ways – how it is currently stored can make that challenging and time consuming.

Regulatory changes are constantly keeping us on our toes. The FCA are very black and white, and the consequences of getting it wrong in their eyes are significant.

Whilst we do get notice of changes the FCA make, it can have a big effect on the business. We have to take commercial decisions about the impact – for example, changes to the way firms can charge for advice on pension transfers caused us to decide to pull out of that market.

There’s always the compromise between the risk to the business versus the commercial needs of the business. The company still needs to operate and deliver a good service – it can be a fine balance.

How do you mitigate risk in the business?

There’s lots of horizon scanning. We have become adept at foreseeing the direction of travel from the FCA.

We look at what others in our sector are doing.

And, of course, we make recommendations on the best way to adopt practice balancing reducing the risk with the commercial side of the business.

We also work very closely with the company’s Data Protection Officer.

What about internal risk?

We have risk registers and I work with the individual business teams to identify who has access to what data and why.

Ultimately, the technology security is the responsibility of our IT team, but obviously it concerns us too.

What success stories do you have around tech helping you do your role?

Complaints used to all be logged onto a spreadsheet. Over the course of time, this became more and more complex, with formulae and pivot tables it had become quite a beast! Our internal developers have now built an in house solution, onto our CRM system. That’s had a huge effect as it means we can extract the data any way we want. It means saving time, but also reduces human error too.

If you could wave a magic wand what would technology do to support you?

AI is showing a lot of promise and I’d love to be able to adopt that into the business. At the moment we only have the resources to sample check each month, and I am always concerned about what’s happened to the rest. But through AI every case could be checked for certain key risks. That comfort of knowing it has all been checked and risks flagged would be great.

Ultimately, you just want an electronic filing cabinet. A system that is robust, easy to access, able to retain data in a way that enables you to interrogate any way you want and its not found wanting.

The thing to remember is that no matter how well the IT team have built it, it’s only as good as the data that’s put into it.

So, this might be relevant in a large business, but what can we take away from this?

• Compliance is challenging to continually manage – no matter what size your business is
• The marriage between compliance, data protection and IT is an essential one to protect the business – balancing the legal and regulatory requirements with the need for the business wheels to continue to turn
• Data – think about the choice of applications and the format of the data – both in terms of structure and storage. You need to be sure it’s robust enough to cope with regulatory changes, the changing requirements of your own business, or indeed the partners that you work with, or aspire to work with.
• Don’t delay – make the choice now about where and how you’re storing the data – don’t wait until you have grown and your data has become an unwieldy beast
• Don’t underestimate time efficiencies – don’t take a time saving of 30 minutes for one member of staff in isolation, it’s cumulative and that’s still a saving of 26 hours per year – that’s two thirds of a week. Then imagine that multiplied by several people and suddenly that’s a whole lot of time that could be utilised better.
• Automation is a very effective way of saving labour time and human error. Adopting artificial intelligence (AI) is a lot easier than you might think and is perfect for step and repeat style tasks. We source apps for customers all the time to do just this kind of work.
• Using technology to improve both compliance and business efficiency is easier and less expensive than you might think

If you would like to learn more about how we can support you with your compliance needs, please contact us on 01784 437 123 to arrange a chat.