is paramount is speed. The journey needs to be embarked upon soon and with urgency. What is undoubtedly true is that the range and complexity of the problems mounting are extraordinary and the need for solutions in an unequal and globalizing world is pressing. Compliance and regulation generally has a valuable role in making or facilitating and, on occasion, leading progress for both firms and the wider community, far beyond its popular image.
Traditional Compliance
Traditional compliance, as we shall refer to mechanical practices, is not covered here. There are many texts on introducing risk-based approaches or capital models. Other traditional elements of compliance include basic fitness and properness tests, authorization, client money rules, know your customer, market manipulation rules, transparency requirements, and financial promotions regulations and conduct of business rules. These are all important but they represent the foundation level of regulation and compliance and are not sufficient to constitute a sophisticated control environment or justify compliance as a full profession.
Similarly, fighting financial crime and money laundering have a basic of traditional compliance but have a sufficiently different set of objectives and processes to mark them out as a separate sub-discipline. It is more difficult to apply the models and tools introduced in this book to this parallel stream.
A final traditional tenet to be challenged is that compliance is not synonymous with or part of risk; it is much bigger than that. There may be compliance or regulatory risks within a risk framework but it does not follow from that that compliance is in some way subservient to risk or should be part of the risk department. Compliance, as we shall see in Parts II and III, has a much more strategic and wide-ranging scope and should report to the board independently and directly. Having a compliance person or specific non-executive director (NED) on the board is a clear sign that compliance has stepped up and not been left behind.
New Compliance
More than can perhaps be imagined depends on a new compliance emerging. This requires regulators and compliance to engage in a shared journey in which both are investing heavily in research, education, and discussion while establishing new joint approaches and infrastructures. We examine these new structures and elements and how they work together for a new compliance in Part II.
Shared Journey
It is important that the journey to new compliance is a shared one with compliance and regulation following the same map – the map is suggested in Chapter 2.
Ideally, regulation and compliance should be able to move forward in partnership at the same rate, but too often one side is playing catchup. If regulation is ahead of compliance, firms may be subject to increased regulatory risk, and if compliance gets ahead of regulation, then the risk is of unexpected interpretations increasing regulatory firm risk and regulators suffering reputational damage and loss of support by appearing flatfooted.
Regulation's role is to reflect and mediate the expectations and requirements of the wider public and economy. Regulatory objectives are rarely unreasonable, but regulators often lack the practical business experience to know how to implement them effectively and in a balanced way. Conversely, compliance should have the hands-on experience but may be more distant from the policy agenda or democratic public needs. Obviously, a dynamic process of learning from each other is ideal, but this needs a facilitative infrastructure, a basis of trust, and extensive practice. The crucibles for building mutual understanding may be shared training vehicles, informal discussion groups, frequent communication documents, and staff exchange programmes.
The most important shared understanding is that regulation and compliance are not ends in themselves. This self-delusion is dangerous and both compliance practitioners and regulators need to remind each other of their wider role and the implications of their actions. Both needs to have a shared answer to the question: Why do we do what we do? We consider that in Part III.
Chapter 2
General Model of Regulatory and Compliance Development
It is not the strongest or the most intelligent who will survive but those who can best manage change.
Introduction to Development Models
Charles Darwin set out a general model to describe the evolution of species and the principles of competition and natural selection. Adam Smith, similarly, provided a general model of economic development and described the operation of comparative advantage.
So development models usually have two basic components:
1. An overall direction and stages of development
2. Processes underlying change.
Regulation and compliance needs an overall picture of its development, including the major stages in that journey and an explanation of the processes by which change occurs. A general model is proposed here to help explain the pathway of change and to uncover the processes driving development. This in turn gives a clearer view of the future.
The usual caveats about models apply: there are variations in the fine detail, different cultures and jurisdictions develop at different rates, and progress is rarely linear. But models provide an easily comprehended picture that we can then re-complicate, adding all the appropriate variables to apply it to our own situation and circumstances.
Crucially, a model gives us vision, a way of summarising the past and helping us deal with future uncertainties. This is what compliance needs so badly: a narrative about where it has come from, and a map for its future progress and development.
General Model of Regulatory and Compliance Development
The model in Figure 2.1 describes a process of maturity. This is the development of regulation and compliance from start-up, through early and “teenage” years, to a more grownup state. This provides a model for understanding and evaluating each stage of a regulatory–compliance system. It also supplies a roadmap for future growth and improvement and may be considered at the levels of a:
● Jurisdiction
● Sector or subsector
● Firm
Figure 2.1 General Model of Regulatory and Compliance Development
It is not necessarily the case that all firms operating from or within a jurisdiction will be at the same level of maturity as the jurisdiction as a whole. There will be a range of maturities of individual firms or even subsectors, and this causes interesting problems both for the laggards and for the regulators concerned.
The model identifies five stages. These are clearly not mutually exclusive but blend one into another, each building on the others:
1. Start-up: Establishing credibility by using direct, often simple and easy-to-implement measures to combat an obvious and commonly agreed problem. Enforcement at this stage is often punitive, and rule breaches are described in technical terms. Regulation may operate in an apparently business-friendly way, and may be through self-regulatory organisations that are close to the issues and allow governance
