Is a lean compliance team an efficient use of budget or a short-sighted route to increasing risk?
Please sir, can I have some more… resource?
In this article the Blueprint GRC team discuss the challenging task faced by the alternative investment industry of building “fit for purpose” compliance and operational capability. These teams need to be technically talented, resolutely flexible and universally efficient to stand up to the mounting pressures of cost control, developing regulatory and technological threat, associated new regulations and a seemly ever-increasing workload. As a follow on to our horizon scanning article for 2025 Blueprint GRC we share our view on mitigating the challenges 2025 may present from the perspective of resource management and task execution.
During our professional careers, a combined sixty years, we regularly comment on the positive developments we witness in the capability, ingenuity and technical excellence of compliance professionals within the alternative asset management space. These are developments which are not applauded enough and manifest significant industry benefits by reducing regulatory risk and mitigating harms to consumers of financial service products. However, with every “Yang”, there must be the consideration of the “Yin”. In this case, the challenge is capacity. As a team of consultants, we are reminded by our clients that the talent, diligence and agility of our compliance peers is constantly under pressure by the overwhelming volume of tasks to be completed. We therefore see heightening regulatory risk and personal liability increasing, not through negligence, ignorance or malice, but instead by regulatory tasks not getting completed. By the time these, sometimes basic, tasks are investigated it could be too late to remedy or expensive to remediate.
If we consider the FCA’s most recent response to the UK Prime Minister, Secretary of State and Chancellor as an example; that letter reiterates the need to “reduce the regulatory burden”, suggesting that the volume and intricacy of current regulatory obligations will be simplified and the reporting burden lessened to promote growth, maintain competitiveness, and remain sustainable. This message is telling, and if we look further down-stream to a practitioner level, these concerns are manifested by the refusal of some professionals to take on regulatory Senior Management Functions for fear of the liability, against a backdrop of internal resourcing concerns and a lack of operational autonomy. So how can our clients continue to mitigate risk and improve standards under this level of resourcing pressure?
Our first observation is to better understand and categorise where the capacity constraint lies. We typically see these fall into three areas:
1. Insufficient Human Capacity
All too commonly we work with highly talented compliance professionals who are unable to be effective across all facets of their role. This is brought about by the volume of work and strategic thinking which needs to be undertaken, not necessarily its technical complexity. The expense and difficulty in sourcing appropriately skilled new hires makes this a challenge which is far more trying to solve than it should be.
2. Insufficient Internal Knowledge
A knowledge gap in a developing compliance environment can pose significant risk. Whilst less common in a steady state, modern compliance environment, it becomes a significant challenge when clients launch new strategies or products, or are faced with regulatory change or jurisdictional expansion. With the prevalence of liquid alternative managers entering the private markets space, a lack of internal understanding for risk mitigation and appropriate monitoring expertise across multiple strategy types can quickly become dangerous without the appropriate regulatory knowledge. Sourcing that can be expensive and time consuming.
3. Poor use of technology/providers
It has long been hoped that technology and the use of AI are the solutions to all our resourcing concerns. Technology and AI certainly have pivotal roles but be cautious at the point of sale. We frequently see the frustrations of poorly implemented technology. Ultimately, the solution needs to be strategy and structure specific, it must communicate with other applications consistently, and firms need to understand how much human capital is required to interpret and action technology outputs.
Gaining better understanding of the above allows a client to identify the type of resourcing constraint currently faced and so effectively plan, communicate, and deliver a strategy which mitigates identified risks through a targeted improvement in the three areas. Identification is just the start though, what about the challenge of requesting and securing budget?
Our next observation is that compliance professionals can be reticent to communicate capacity concerns at governing body level. All too often we hear that such proposals have been turned down or simply not entertained or explored fully. Sadly, it is easy to suggest that middle and back-office staff are not directly contributing to the bottom line. But one has to make the case that that compliance and legal staff are regularly dealing with complexities and obligations comparable and equivalent to the investment teams they serve at a fraction of the budget. Therefore, senior compliance staff must be comfortable and confident in highlighting their resourcing need and agreeing a plan to improve it.
Compliance professionals must always fully understand the (commercial) status quo and be able to articulate the approaching horizon. This means having a detailed understanding of the existing business, its medium-term trajectory and immediate plans for the coming year. Then, place a regulatory overlay on that picture and identify specific resourcing needs which are discussed openly at governing body level and recorded within detailed minutes. Compliance should be able to articulate and justify the benefits of a fit for purpose compliance team and the risks of not investing in it. Doing so is a material protection for the Compliance Officer (SMF16) in terms of reasonable steps taken to ensure the regulatory agenda is considered at the highest level.
Building, developing and retaining an efficient and effective compliance team is not an easy task in the current environment. Recognising the resources required via a combination of human capital, subject matter knowledge and technological fire power is a fine balancing act. This problem, and the challenge of meeting it, is one of the driving forces behind the services Blueprint GRC Limited offers. We believe that collaboration is more important than corporation, in the same way solutions are preferable to sales. Our team of industry leaders is placed to drive better outcomes for our clients, so, if this article has resonated and you would like to discuss the issues identified further, we’d be delighted to hear from you.
Blueprint GRC provides industry leading expertise to help you address complex regulatory issues, as well as providing resources, capacity and team development across all seniority levels to help achieve and maintain compliance with empathy for budget. Our clients benefit from outsourcing certain functions or projects to Blueprint, retaining us for on-going GRC support or insourcing members of our team to supplement their own internal resources. Led by seasoned industry practitioners, Blueprint achieves cost and time-effective results, returning to our clients the precious commodity of time.