Building a Compliance Framework

What is a Compliance Framework?

It is essential a firm complies, and demonstrates compliance, with all legal and regulatory requirements affecting it business. A compliance framework should seek to demonstrate how the firms manages its compliance arrangements. 

A regulatory compliance framework is usually determined by two factors:

1. Regulatory requirements
2. The firm’s proposed business activities 

Each of these will change over time and the Compliance Framework will need to be amended to reflect those changes.  

It is essential for the firm to have a clear understanding of the regulatory requirements that it must adhere to such as:

• Primary Legislation – the Financial Services and Markets Act 2000 and the Financial Services Act 2012
• Secondary legislation such as the Regulated Activities Order and the Financial Promotions Order
• Rules and guidance set by the Regulatory such as the FCA and The FCA Handbook. 

Scoping a Compliance Framework?

First step in creating the compliance framework is to gather information to understand the business and it’s regulatory requirements to identify risks. The identified risks will need to be managed, monitored and reported Senior Management with adequate oversight.  

As a starting point the firm should:

• Scope the regulatory regimes to which firm is subject (directly or indirectly), with particular emphasis on the regulatory issues that apply to the firm
• Specify the compliance standards the firm aims to meet and defines the compliance culture
• Identify the people involved in compliance
• Summarise and specify the responsibilities of the Compliance Team and its areas of activity such as regulatory developments
• Detail how it will report and provide oversight to Senior Management to ensure compliance receives adequate attention
• Summarise the regulatory responsibilities of the business
• Set out the arrangements to apply when dealing with regulators and regulatory reporting
• Describe the arrangements that will apply in the event of any regulatory breach or where remedial action is required
• Describe the relationship between Compliance, Operational Risk and Internal Audit within the Group
• Describe the Compliance Committee and other oversight reporting

Maintaining a Compliance Framework 

To ensure a framework remains effective and robust it will require testing  and updating where necessary.  This can be achieved through:

• Regular Monitoring through annual testing/ compliance monitoring plans
• Regular reporting and MI to Senior Management to ensure adequate oversight
• Communication though sharing legal and regulatory developments with the business, providing training and implementing and updating policies to achieve compliance.