Do you really need a compliance manual?
Let’s get this clear from the beginning: there are no rules in the UK that say you must have a compliance manual. You are, of course, required to have good systems and controls, and frameworks for complying with rules and regulations. But this does not necessarily translate to having something with a cover sheet on it that reads “compliance manual”.
In some corners of our industry there clearly is a perception that a compliance manual is a requirement. So where does that come from?
There are two sources: about 20 years ago the Basel Committee for Banking Standards recommended that banks have a compliance manual. Various iterations of organisational requirements in MiFID and the Capital Requirements Directives and Regulations have long since superseded these standards.
The second source are the application forms available from FCA for new permissions. These ask that a copy of the firm’s compliance manual is attached. Anything like this which is part of an application process has not been through consultation and so is not binding on firms. That aside, the reason FCA asks for a compliance manual I believe is just shorthand for asking for evidence that the firm has documented framework of policies and procedures in place to comply with their rules.
Aside from the odd occasion when you are applying for new permissions or seeking authorisation for the first time, done well compliance manuals can be extremely useful documents.
What it should be
Compliance manuals are at their best when they map out all your policies and procedures with some context around how the business is regulated. This approach meets the regulatory expectations to have frameworks of policies and procedures, whilst also meeting the needs of the business to make rules practical and relevant to what they do day to day.
Many compliance officers, and their businesses, struggle with the volume of mandatory training they must provide every year. A good compliance manual that maps to all the business-relevant regulatory regimes and policies will enable the compliance officer to provide refresher training around all those core subjects, freeing them up to provide deeper training on topical areas identified through their compliance risk assessment.
A really good compliance manual will:
Address your business, they are the target audience.
Be simple to understand and easy to follow.
Provide context about the regulatory regime under which your business operates.
Be used for inductions and annual compliance refresher training.
Provide links for more information \ detail such as policy and procedures.
What it should not be
As with all good manuals length and language are key. Compliance manuals often confuse their purpose and target audience. This makes them complex reading and as a result they lose their usefulness.
A common source of confusion is whether the manual is addressing the compliance department or the business. This is quickly cleared up by understanding the purpose of the compliance manual which is to meet the requirement to have a framework of policies and procedures that enable the firm to comply with the rules that apply to it. If you need something that explains how the compliance department works, which most SMF16 will want for their reasonable steps, then a separate compliance department handbook is perhaps what is needed.
These days rulebooks are published online and accessible by all. A compliance manual has evolved as a result with much greater emphasis on explaining rules and regulations to the business so that the business understands what it needs to do to operate in a compliant way.
In a smaller firm it can be disproportionate to have standalone policies on some areas. A compliance manual can be used quite legitimately to set out policy on those areas that are more cross cutting or peripheral for the business. The challenge for those businesses when they grow is to keep revisiting those policies and recognising when they should be published as standalone documents outside the compliance manual.
A compliance manual is there to help and guide your business, as such you would not expect it to be:
A regurgitation of rules and rule references
More than 40-50 pages long
Cover policy or procedures, or uniquely cover a policy or procedure
A guide for how compliance does its job
A who’s who guide to the compliance department
If you are now thinking about your compliance manual and think it needs a refresh let us know we can freshen it up for you, and if you think you might need to start from scratch, then why not take a standing start by downloading the readymade manual from our shop.