Regulation continues to present major challenges and opportunities to insurers. Over the past few years, we've seen significant changes in the global regulatory and compliance landscapes and these changes have seen compliance costs increase drastically, having a significant impact on firms across the world. The Cost of Compliance study from Thomson Reuters has shown that respondents believe the cost of compliance staff will increase due to these changes, with 61% of respondents expecting senior compliance staff to cost 'slightly more,' with a further 22% expecting the costs to increase 'significantly.'
You may have started creating a culture of compliance within your firm and will be taking all relevant steps to limit inefficiencies. However, small errors can present themselves in an ever-complex, repetitive paper-based process - resulting in a slower, less effective compliance procedure and more strain on your team. If you’re looking to expand your compliance team to make them more efficient, you might be wondering whether this is achievable with limited resources. This article looks at the options.
Firms like yours now have the need to build, strengthen, re-shape and maintain compliance functions to cope with the significant increase in regulatory and compliance activity. We'll cover five key strategies in this article that can assist you in the process of resource-sensitive compliance team building:
- Conducting compliance risk assessments
- Starting at the top
- Identifying the skills your compliance team must possess
- Providing regular training
- Creating and maintaining a culture of compliance
Although a compliance team member should already be conducting compliance risk assessments, it’s important to do this regularly. This is so you’re always aware of what risks your firm is facing and what the team can do to combat them. When you're talking about compliance risk, anything less than a comprehensive check is unacceptable and even though you may have already succeeded in building a compliance team with limited resources, you might still be at serious risk if ill-prepared.
A compliance risk assessment will help you to identify and understand your firm's top compliance risks, so you’re in a better position to understand which steps to take. The PwC Compliance Study has shown that 67% of respondents have a process to identify owners of specific compliance and ethics-related risks, which is a surprisingly low figure and shows how many are failing in this particular area. For risk assessments, employee input is vital, but the same study has shown that 59% of respondents indicated that they include interviews with management and the board in their risk assessment, process, while only 21% of respondents include employee surveys. By limiting the input of employees, the results can potentially miss operational or front-line employee issues which could be critical identifiers or elevate the importance of particular risks in the organisation.
PwC's method of implementing a successful risk assessment for any firm is a time-consuming process, but it's an effective way of finding the risks and giving enough time to act upon them. The steps include:
- Setting the tone at the top-level
- Setting objectives
- Analysing data
- Gaining insights
- Understanding risks and opportunities
- Evaluating options
- Taking action
- Managing, measuring and adjusting
If the findings from your assessment highlight significant, immediate risks within your organisation, the need for a full compliance team will be confirmed, as well as the breadth and depth of expertise needed which will impact your budget. If the opposite is true and a risk assessment concludes that risks are manageable without a dedicated or expansive team, the exercise will have been a worthwhile budget minimising procedure.
If the board aren't setting the tone by declaring compliance and risk management as an imperative and critical to enterprise sustainability, your team simply won't understand just how important this aspect is and the organisation won't have a 'compliance-first' attitude, which is ultimately necessary.
Ways in which to achieve the correct tone at the top include having executive commitment, so any senior executives in your organisation should support all compliance checks and ethics programmes. This is a crucial aspect, as 97% of respondents in the PwC survey indicated that their senior leadership are committed to compliance and ethics, whereas only 16% believed their employees viewed their CEO as the compliance and ethics champion in their organisation. This proactive role and interest needs to be well communicated to all stakeholders so that the rest of the organisation can absorb this commitment and demonstrate a similar attitude, which may help reduce the need for a larger, more complex compliance team.
Starting at the top also requires top-level communication. Formal communication is necessary and even more so when it's a sensitive issue such as compliance. By facilitating good communication, you'll ensure the rest of the firm is aware of the current risk state, and highlight any involvement required from the wider team.
Although the PwC survey has shown that 82% of respondents admit senior leaders formally communicate the importance of compliance, more needs to be done as only 26% of senior executives speak of compliance as part of everyday business communications.
Finally, starting at the top means there needs to be participation in strategic planning. If the stakeholders and board members aren't part of the compliance-planning processes, then they won't be able to add much value to the rest of the team who may be seeking further guidance. Only when this has been completed is it possible to embark on building an effective and ultimately cost-effective compliance team.
When it comes time to creating your compliance team with limited resources, it's essential to first identify the skills you require within the team. You'll need reliable people who are assertive, determined, principled, articulate, pay attention to detail, experienced and are great communicators.
However, there's a difference between building an expert compliance team that can eliminate every headache with ease, versus building one with limited resources. It's important to take into account that people with those skills may cost more, compounding the need for a thorough risk assessment at the start of your team building journey.
You should invest in regular employee training that explains your compliance policies, as well as the types of behaviours that are prohibited. Consider implementing training once every quarter so that the knowledge always remains fresh, up to date within your compliance (and wider) teams’ minds. Consider internal expertise first rather than outsourcing if possible. Whilst training is an unavoidable cost it should help maintain your team's knowledge and control the need for further team growth temporarily.
A lack of training will ultimately lead to the development of an inefficient, costly compliance process. This results in less business being signed off as compliant, increasing the risk of opportunities being missed.
Considering that compliance is a growing challenge and specialist skills are needed, it's beneficial to have the whole team take part in courses that will give them the right knowledge and skills, along with teaching them everything they need to know about approaching compliance with confidence.
Courses from The Chartered Insurance Institute (CII):
- Introduction to Compliance
- FCA Regulation of Insurance Brokers
- Insurance, Financial and Operational Risk Management
Compliance isn't an issue you can only focus on once and then never look over again. If it was, then you would be able to operate efficiently well under budget every single year. You need more than a set of policies to make compliance as seamless as possible, so it's important that you are creating and maintaining a culture of compliance within your team. By creating this culture, you're reducing or even eliminating compliance obstacles which uneducated colleagues or those with a lack of training could create. If producers are bringing more holistically-compliant business to your team, then efficiencies can be gained before the work even arrives.
As previously discussed, to achieve and maintain this culture it's important to set the tone at the top and conducting regular risk assessments. To aid further cultural development, The Wall Street Journal has highlighted other methods asking management to:
- Develop a compliance risk management programme
- Align the compliance functions
- Lobby for effective technology
- Work alongside internal departments
- Offer training, leadership development and communicate
- Participate in strategic planning
So, is it possible?
Whilst there are effective methods in place to create a fully functioning compliance team, creating one with limited resources using traditional methods, or even maintaining your current compliance spend is no longer possible.
Even if you have an in-house compliance team or you're currently outsourcing compliance, technology is now available to improve the way you achieve it.
A 2016 survey from Thomson Reuters shows that 52% of respondents agree that RegTech solutions are impacting how they manage compliance, with 17% having already implemented one or more. Plus, with the right solution in place, the ability to filter through the sheer number of regulatory updates published on a daily basis and only tracking those that are relevant provide tremendous time and cost-saving benefits.
Which compliance checks should you or your team be making right now?
Understanding what constitutes appropriate due diligence on Brokers and Sub-Brokers shouldn't be an exhaustive task.
Download our Step-By-Step Broker Compliance Checklist to remind yourself and your team of the required checks you need to carry out to ensure compliance in 2018 and beyond.