There is global acceptance that the role of a compliance officer is to ensure that a company is conducting its business in full compliance with all appropriate laws and regulations that pertain to its particular industry. Strangely, the South African insurance industry has deviated from this recognised practice by only demanding the appointment of a registered compliance officer in terms of FAIS and FICA.
Although other financial sector laws require insurance companies and banks to formalise and adopt the function of compliance as part of their control infrastructure (Board Notice 158 of 2014 being a prime example), unlike FAIS and FICA there are no specific requirements to actually appoint a registered compliance officer. For this reason, it was inevitable that FAIS compliance officers would emerge who concentrate solely on the FAIS Act when developing compliance monitoring programmes, disregarding all other insurance laws.
But whether operating solely as a FAIS compliance officer or not, there can be no doubt that before a compliance officer can introduce a compliance programme, he/she must have a full understanding of the company’s goals and culture, as well as of the exact nature of the company’s operating business model.
I therefore find it strange that the irrational practice of compliance officers providing a ‘desk quote’ to prospective clients without having undertaken a risk analysis abounds, particularly bearing in mind that a compliance officer is tasked, not just with keeping a company’s business dealings ethically sound, but also with ensuring that internal practises of employees result in the highest possible level of compliance,
However, this irrational practise is likely to change.
The FSB’s publication in September exempting compliance officers from s4(4) of Board Notice 127 of 2010 was, in my opinion, the first step taken to reform the compliance industry. The exemption enables a compliance officer to determine his/her own visitation frequencies subject to the condition that the compliance monitoring programme addresses the nature and range of financial services that the FSP renders.
The only true way of developing such a programme is for the compliance officer to have a risk rating tool, matrix or framework which will guide the compliance officer in determining the programme to be developed.
A quality risk rating tool takes cognisence of not only the governance structure and culture of the FSP, but also the methods of product distribution, servicing, advertising, the range and extent of licenses and sub licenses, and the FSP’s branch infrastructure. The accessibility and content of off-site data and client communications is also an aspect that can have a material impact on the desired monitoring programme.
It follows that a ‘desk quote’ from a compliance practice can hardly be reassuring to the Directors, and indeed may well be indicative of an inferior compliance programme being offered. Most will agree that if a job is to be done, it has to be done properly. Niki Zotou, as head of Robert Walters’ legal division in New York, included the following words in his summing up of compliance:
“The most effective line of defence a corporation can implement against regulatory sanction is an efficient and effective compliance program. An efficient and effective compliance program is not attainable without the right compliance officer.”
In the same way that an insurer will not quote for a risk until the underwriter understands what it entails, or a broker will not provide advice without conducting a needs analysis, a compliance officer is unable to provide a ‘quote’ for compliance in the absence of a full exploratory discussion.
In choosing a compliance officer, it is suggested that an FSP (or insurer for that matter) ensures that some form of risk rating matrix, constantly upgraded as and when the regulation changes or when the FSB publishes their interpretations of the insurance laws, is used by the compliance officer concerned.