• wblogo
  • wblogo
  • wblogo

Compliance over the last 20 years - what has changed?

Chris Hamblin, Editor, London, 25 July 2019

articleimage

The field of compliance is an ever-changing one. In this article we talk to Mark Dunster, a partner at the international law firm of Carey Olsen in Guernsey and a former chairman of that island’s Compliance Association.

The article is in the form of a question-and-answer session.

Q: What kind of person tended to become a compliance officer in the mid-to-late 1990s?

A: I am only speaking for Guernsey, but here the compliance officer used to be a retired policeman employed on a part-time basis. The work was not onerous in terms of training and was not time-consuming.

Q: My recollection of that era was that compliance was the booby prize that banks gave to staff they could spare.

A: Or there was that, with no added salary and with little or no reduction in your other duties.

Q: What about trustees, who have to do compliance jobs?

A: Trustees fall into two camps. The vast majority, back then and now, are "large-firm trustees limited,” where the people who make the decisions are the directors and then there’s a separate compliance department. Some trustees hold personal fiduciary licenses and that individual has an obligation to do ‘due diligence’ for the trust that he is a trustee of. That might be on the rise, with the growth of the family office.

Q: What changes have happened since the 1990s?

A: Compliance officers’ jobs have grown much more onerous with time, and with legislation that you must be familiar with, and the consequences of getting it wrong have grown worse.
When we started off in Guernsey it was primarily to do with money laundering. Since then, we have seen a boom in CFT, countering the financing of terrorism. Then ABC, anti-bribery-and-corruption compliance, gained traction in the last 5 years. Coming along now is the Convention on Modern Slavery. You’re having to go back through your historic supply chain.

The extent of legal obligations is growing and so is the extent to which you are expected to drill down. In the 1990s when we asked a customer to divulge the source of his wealth, it was on a form with enough space for about five words or a line. The answer that we accepted was often just ‘inheritance’ or ‘sale of company.’

Q: Do you think another long-term change is the evolution of offshore jurisdictions into more compliant jurisdictions than onshore ones?

A: Definitely. Offshore does better due diligence than onshore. This is beneficial because a lot of duff business is turned away before going in the door.

Q: Has this been very costly for jurisdictions like Guernsey?

A: The costs of ensuring compliance are getting greater. Penalties are growing here. There’s no ‘Goldilocks’ number of prosecutions.

Q: But the Financial Action Task Force thinks that there is, doesn’t it?

A: FATF certainly do, although it’s not the case. I think that the sum total of human wickedness is probably about the same in Guernsey and London and Rotterdam and Munchen Gladbach. Here it would not surprise me if the ‘Goldilocks’ number of convictions should be lower, because of the money we’re spending on scrutinising the business that’s coming in.

Q: What about the changes brought about in the last 20 years by the massive inflation in the number of rules?

A: These days, you have to be more of an expert on reading statutes. Take AML – compare the Rainbow Book of 1997 [so-called because it drew from many sources – not just regulatory] with the Guernsey Financial Services Commission’s Handbook of today – I think it is five times greater. It’s now also fuller of guidance notes and law and sanctions. You also need to know the modi operandi of far more people and businesses. ABC also requires the completion [i.e. upkeep] of more firms’ B&C registers. When it comes to hospitality and the giving of gifts, our limit is £50. The regulators expect to see it.

Also, compliance has gone into different areas. I’ve done AML but now need to do sanctions screening. It often involves a knowledge of trading patterns – that’s relatively new as well. I think the attitude of regulators towards advice has hardened across the board.

Q: Online exams are now a ‘thing’ for staff that today’s compliance officers have to organise. How much do they cost?

A: I’m not sure, but this is a problem for a small jurisdiction. In a large market like the UK or the US (where a typical course costs only £2 per head), it is possible to tailor a whole online course (which might last 30 minutes and not be too onerous) to the jurisdiction’s laws. This is not possible in Guernsey because the size of the place doesn’t warrant its own courses. Instead, firms have to use UK courses and, or course, there’s then the problem that they will do something that’s perfectly legal in the UK but illegal in Guernsey. To make up for that, the compliance officer has either to fill in the gaps in the course or to rely on some corrective ad-hoc training.

Q: I often find when talking to compliance folk that the rules affect companies of different size differently. At the level of a small IFA, compliance costs typically account for 10-11% of turnover, for a mid-size fund manager or private bank such as Julius Baer they might be 5-7%, and for the Citigroups and Barclays of this world they are more like 2%. Do you agree with that? And do you think that this amounts to a massive barrier to entry for fresh talent in the financial sector?

A: I completely agree. It’s a barrier to entry. It’s a fixed cost which affects smaller firms more than the larger ones, where variable costs are much more important.

Q: Are things getting more dangerous for the compliance officer?

A: Yes. There is a greater amount of legislation, which presents him with more opportunities to get things wrong. There is a greater focus on compliance at firms now, and there is greater prosecutorial will. And these days if something goes wrong at a firm, it was somebody’s job to stop it from happening. The regulators these days come in and say: “If there’s something wrong it’s a risk issue, and if it’s a risk issue, it was somebody’s job to stop it. If it’s a risk event, why wasn’t it on your risk register?" If it was and you didn’t work out how to stop it, it’s also your fault. They don’t say “one thing out of a hundred has gone wrong, so that’s not too bad." Instead they say “one thing out of a hundred has gone wrong, so let’s focus on that one.” There’s less of a willingness to accept.

Q: The relationship between the compliance officer and the board of a financial firm has changed, hasn’t it? Is he now on the board?

A: He’s not always on the board. In the old days nobody was because they were only “compliance and risk.” I still think that the compliance job has not achieved the board status that it deserves, but it’s going that way.

Q: Do you think that the world of financial services is marching inexorably towards the point where everybody is working for the Government?

A: No, but an ex-regulator said to me: “Here’s a curve. At the bottom, we have no regulations. This is clearly bad because everybody does what they want – it’s awful. Next up, you’re placing a curb on some excesses, but things will go wrong, so the call goes up for new rules. Then you go further up the curve with more rules, something goes wrong and the call goes up for new rules. Eventually, it’s completely hidebound and firms have to call in fleets of lawyer stop work out what business is worth doing and what is not doable." I agree with his thesis. You have to get away with it sometime.

I think that we should get back to some principle-based statements. If you do that, you have to be blunt because people write guidance to help you and you’re stuck with detailed rules again. Any country that breaks away from the rest of the world and does this cannot be a rule-taker, like Guernsey or Switzerland, but must be a rule-maker like the UK.

Q: Has there been a vast increase recently in the status of compliance officers?

A: I think it’s been a gradual growth. Now, though, if you came to Guernsey and said “I’ve just come to the island, I’m a lawyer/accountant,” you would get interviews. If you said “I’m a highly experienced compliance officer,” you’d be pounced on.

Q: Many people – especially Governance, Risk and Compliance (GRC) people, say that software is the great panacea for the dearth of experienced compliance officers and the explosion in salaries. Is this true?

A: I think it will help. Where it’s gone wrong with respect to Guernsey is that consultants do the compliance work for the firm but when it’s time for them to sign it off, they write “we have only done this work, the board is liable for any mistakes we have made.” Very often, the board says “in that case, we’d rather do it ourselves.” It requires some government agency. The Government could issue a compliance certificate saying “Mark Dunster lives here and is tax-resident” etc. It’ll make the man liable. The Government could then issue a certificate to the bank and if anyone got something wrong, you could only blame them. It would make compliance easier to do. It still wouldn’t remove much of the compliance burden.

Q: Compliance is definitely killing plenty of business off. Who’s suffering?

A: MSBs [i.e. money service businesses, an American term that made its way over to the UK in the Proceeds of Crime Act 2002] and anyone who relies on high-volume, low-profit business. If an IFA earns £500 from the typical customer, he is in that category.

Q: What was it like being the boss of the Guernsey Compliance Association?

A: I really enjoyed the intellectual challenge and working with people in the companies who are clever and want to do the right thing. The problem is that our member-firms presented us with a never-ending demand to be trained on more and more subjects.

The second problem is the number of consultative exercises on which the Government embarked that required research on the part of the trade bodies. You cannot give people a six-week window in which to respond, but that is what they do. I often found myself telling the regulators: "If you want the committee to respond, we’ll do what we can, but for a proper consultation we have to go out to the whole industry."

* Mark Dunster can be reached on +44 (0)1481 732015 or at mark.dunster@careyolsen.com

Latest Comment and Analysis

Latest News

Award Winners

Most Read

More Stories

Latest Poll