The compliance dilemma


HR professionals in the financial services sector have long been pondering the issue of Training and Competence, and the introduction of the Financial Services and Markets Act 2000 on November 30 - the dreaded or ignored N2 - has reinvigorated the debate. The Act identifies those senior managers in a position of influence over their firms and customer-facing staff - the 27 controlled functions - and clearly states that it is they who have the ultimate responsibility for the actions of their firms.

This responsibility means that they have to ensure that staff in their area of the business are “competent”. This has opened up an entire new problem. How do you, firstly, establish whether staff throughout the firm are competent, and secondly, ensure that this competence is maintained.

This is a problem with various levels of complexity. Firstly, there needs to be a definition of what competent actually means. Secondly, a framework needs to be in place that tests staff against the agreed competences for their job roles. Thirdly, a well-structured training plan needs to be put in place to fill any identified gaps.

At this point a firm can consider itself compliant with the base requirement. However, there needs to be an audit trail and a plan that ensures that this achieved level of competence remains up-to-date over time.

For larger firms in particular, this brings a logistical problem of immense proportions.There are already a number of qualifications in existence, especially for client-facing staff, which remain roughly the same, albeit there may be some small changes. The problem is that the audience to be assessed and approved has grown significantly to include audit functions, control functions, research functions and line management functions. The areas in which competence is required has also expanded. A lot more emphasis is given to a firm-wide understanding of issues such as prevention of money laundering, data protection, market abuse etc. etc.

Until recently staff were labelled as competent upon signing a sheet of paper that stated that they had listened to the Compliance Officer for a few hours. This is no longer enough. To be honest, this has never been enough, but from now it will no longer be tolerated. There needs to be proof that the training has taken place, but also that the training was understood.

Competent is possibly a term that is wrongly used here, as even the most incompetent trader in the view of his employer can be entirely competent in the eyes of the regulator. The regulated competence refers more to proven knowledge and understanding of the rules and regulations that apply to someone’s activity.

There is only one way to efficiently and cost-effectively deal with this whole process, and that is through the use of an intranet or Internet-based solution. Through unique password protected access, a firm can test, train and track firm-wide staff in a short period of time. This technology also has the key benefit of a fully up-to-date audit trail. Even reminding staff that their approved status is about to lapse can be automated.

I believe that the regulator is worried that a lot of regulated firms still have not put sufficient structures in place to satisfy the new regime. Putting it off even longer will create a compliance risk that is simply not worth taking. The financial services sector is all about quantifying and monitoring risk, so it seems strange that a risk that can fairly easily be hedged is so knowingly ignored.