COLP and COFA

Article provided for Eclipse Legal Systems (www.eclipselegal.co.uk) by Matthew Hickling.  Matthew is Principal of Matthew Hickling Training Limited, an authorised CPD provider, making regulatory refresher training a little more refreshing.

The Solicitors Regulation Authority (SRA) authorises compliance officer nominations from 31 December 2012. But if managers are responsible for regulatory compliance, where exactly do compliance officers fit in?

Lambs to the slaughter?

Anthony Townsend, Chief Executive of the SRA, is quoted as saying, “compliance officers cannot be sacrificial lambs. You can’t just shuffle off responsibility for compliance.” ‘You’ here means the management and it begs an obvious question. If management can’t shuffle off its responsibilities for compliance, why have compliance officers at all?
Chapter 7 of the SRA Handbook is entitled ‘Management of your business’. It imposes upon managers many of the detailed and extensive compliance obligations that will, from 2013, come within the compliance officers’ remit. Since 6 October 2011, Outcome 7.2 requires firms to have systems and controls in place to achieve compliance. Outcome 7.3 requires managers to identify, monitor and manage risks to regulatory compliance. And Outcome 7.4 demands the maintenance of systems and controls for monitoring the financial stability of the firm.

For firms that are already up to speed, the process of nominating compliance officers may amount to little more than a labeling exercise. Anthony Townsend describes the appointment of compliance officers as ‘an incredibly important step towards cementing the idea that all firms should have good compliance systems in place’. You won’t need much cement if you already have a well-constructed dry stone wall in place.

Other firms have been a little slower coming to terms with the new requirements. For them, the compliance officer authorisation process is throwing up new anxieties. Those anxieties properly belong with the management, not the nominees. Compliance officers exist to ensure that managers are discharging their regulatory obligations, not to do it themselves. But how far does their individual responsibility extend?

Eyes and ears

Rule 8.5 of the SRA Authorisation Rules 2011 requires compliance officers to record and report regulatory breaches committed by the firm. This will take some doing, notwithstanding the management’s own obligation to report serious failures. Whether or not you are also a manager, policing your own firm from within, on behalf of your regulator, was never going to be an easy task. Compliance officers are intended to be the eyes and ears of the SRA within the firm but how many will relish the prospect of notifying the firm’s breaches? The SRA has stressed that compliance officers must be ‘equal to the task’. Maybe make that “at least equal to the task”.

The Authorisation Rules also require compliance officers to take ‘all reasonable steps’ to ensure that (a) the firm has appropriate systems in place to monitor and manage risk and (b) that those systems function effectively. The phrase ‘all reasonable steps’ creates a significantly higher level of undertaking than ‘reasonable steps’. If the SRA really did not intend for the firms’ managers to shuffle off their regulatory responsibilities on to their compliance officers, why produce a rule that imposes such an onerously high level of personal obligation? It serves up a worry that any non-compliance by the firm’s managers will inevitably be seen as a simultaneous failure by the compliance officer to take all reasonable steps to ensure that systems functioned effectively.

Perhaps the regulator recognises this. Perhaps Anthony Townsend is trying to reassure the inaugural batch of non-manager compliance officers that they will not be shuffled off with liabilities that properly belong to managers.

To be or not to be?

And where have we heard that expression ‘shuffled off’ before? Ah yes. It is in Hamlet’s soliloquy: ‘For in that sleep of death what dreams may come when we have shuffled off this mortal coil must give us pause’. Is it too far-fetched to suppose that the regulator is using Shakespeare to subliminally alert managers that it is they and not their compliance officers who will suffer the slings and arrows of outrageous fortune? Hamlet’s downfall is caused by a toxic combination of indecision and hasty acts. Is it being suggested that this would have been avoided had he discharged his princely duties in a better-regulated environment?

By the end of the play, the principal characters are dead. It all sounds a little depressing if this indeed is our regulator’s chosen analogy. But the closing scene may just offer one glimmer of hope. The dying Hamlet tells his loyal friend Horatio that he must not die. Horatio must live to tell the tale. Horatio then survives. He’ll be the compliance officer then!