Search

Finding breaches is not all bad news

Rules breaches can have negative connotations after all non-compliance is never good. It can depend of course on what the breach is, whether its material, affects many clients or appears systemic.

A breach that you identify yourself, in-house, perhaps through a review or just by an alert individual, can be good, provided it is handled well.

Firstly, having the internal environment that enables breaches to be identified shows a good risk culture because you are actively checking and looking for issues. It also reflects an organisation that is comfortable identifying and discussing issues. People working in a weaker culture may be more inclined to suppress risks and issues until they are identified by audit or a third party. Having a third party identify breaches is never a good place to be because you lose control of the messaging to your regulator. If you self-identify and self-report, you stay in control of the message.

Secondly, what you do once you identify an issue that could be a breach is really important. If it looks like a potential breach that is notifiable to the regulators, then you need to tell them quickly. One of the most important point to remember when dealing with the regulators is being open and honest (Principle 11). There is nothing more irritating as a regulator than a firm calling late in the day\ or week to say they have concluded an investigation and found they are in breach. You need to give the regulator the head up, that you are looking into an issue and will get back to them once you have more information. It is far better to be calling a few weeks later and saying it wasn’t anything. It shows a level of maturity in your regulatory engagement and confidence in your internal investigations which are reflective of a good risk and compliance culture.

Giving the regulators the heads up also allows them to ask questions and to consider any internal briefings they may need to prepare, after all the regulator is an organisation with management layers, hierarchy, and accountability. Being considerate of their needs helps your own situation because no management team likes nasty surprises, and a natural reaction when you are on the receiving end of a nasty surprise is to react and usually ask plenty of questions which makes the messenger reactive rather than proactive.

Some breaches are just a sign of business as usual, consider rules about operations such as CASS where you will of course get breaks. That might give rise to a breach here and there but provided it’s not material or symptomatic of fundamental underlying issues then that is the sign your operations are functioning normally which must be good. So, finding those breaches is not necessarily bad.

At Leaman Crellin we can help guide you through the good, bad, and downright ugly breaches. We can help you consider your regulatory engagement strategy, breach recording and reporting, remediation and advise you about adjustments you can make to enhance your risk and compliance culture.

21 views
How to Guide: MiFID II Transaction Reporting

How to Guide: MiFID II Transaction Reporting

SMCR Checklist

SMCR Checklist

Training on PRA & FCA outsourcing

Training on PRA & FCA outsourcing

Bribery and Corruption Risk Assessment

Bribery and Corruption Risk Assessment

Training Pack: Suspicious Transaction Order Reporting (STOR)

Training Pack: Suspicious Transaction Order Reporting (STOR)

Brexit Substituted Compliance Inventory

Brexit Substituted Compliance Inventory

Conflicts of Interest Register Template

Conflicts of Interest Register Template

UK Financial Crime Inventory

UK Financial Crime Inventory

Fit and Proper Assessment Template

Fit and Proper Assessment Template

UK Public General Acts Inventory

UK Public General Acts Inventory

Reasonable Steps Templates

Reasonable Steps Templates

PRA & FCA Outsourcing Checklist

PRA & FCA Outsourcing Checklist

Need some compliance advice?

Want to check best practice or request advice on your approach. Need technical support with your audit or monitoring review? Request a private consultation by video conference.

 

We offer 45 minute sessions by video conference.

regulatory consulting companies

fca compliance procedures

financial services compliance consultants

regulatory compliance consulting firms

regulatory consulting companies     fca compliance procedures     financial services compliance consultants     regulatory compliance consulting firms

©2020 by Leaman Crellin Limited