When talking about training in financial services, the focus tends to, quite naturally, be towards ensuring the strict regulatory requirements are met first of all. Specifically, the training and competence requirements of those individuals and their supervisors, who are captured by the FCA’s T&C requirements. The focus is quite rightly here, because failure to establish and maintain appropriate systems and controls could lead, in certain cases, to enforcement action.
But there’s one particular area in many financial services organisations where ongoing training and development can have a tendency to be a little less formal in its structure, and have less direct focus; and that’s for the people who work in the assurance functions in the business.
What is assurance?
This isn’t strictly speaking a defined term within firms (although it’s used extensively by audit firms and management consultants). Basically, it’s those functions in the business that serve to provide assurance (or otherwise) to senior management and the board, that the systems and controls in place across the business are satisfactory and are fit for purpose. Also, that they meet specific regulatory requirements, in whatever form they may come (either statutory regulators such as the FCA or the FRC, or governing bodies such as the Faculty and Institute of Actuaries).
These functions tend to be better known as compliance monitoring, internal audit and risk functions. They are the lines of defence (to use that well-worn expression) between the firm’s operations and the outside world, which includes regulators, shareholders and other stakeholders.
What’s the big deal?
The big deal is that there are a number of challenges coming up in future that not only business lines need to be prepared for, but also the assurance functions. And the training needs of the people working in the latter must not be forgotten.
The winds of change
There’s no doubt that at the moment, the winds of regulatory change are blowing very hard indeed: not just in the UK, but across Europe and across the Atlantic too.
I know this is not a new concept, and that I’ve been talking about it since the start of the year, but the fact is that it’s pretty intense out there right now – and set only to get worse.
But that’s an issue for those who run businesses to get to grips with, surely? Why would this be an issue now for assurance functions?
A new season
There’s one simple reason – it’s planning time.
Now, we’re heading into the season when compliance, internal audit and risk departments alike are looking at drafting their plans for 2016. To do so, they have to have an eye on two things specifically:
- Where the biggest risks are within their firms, and how they can tailor their assurance activities to focus on them; and
- How much resource they actually have available to carry out their plans.
Inevitably, what comes out at the end of this process is something of a compromise between what the functions would like to be able to monitor, and what they physically have the time and people to cover. But the focus of these discussions tends to be on the numbers of people available rather than how well they’ve been trained to carry out what’s asked of them.
The problem is, for those carrying out assurance, is that with so much regulatory change on the horizon, how can they be certain that they are covering the right things, and that they have the requisite level of knowledge to be able to do so competently?
To give you a flavour of what I mean, here are four areas where assurance functions would do well to check if their level of knowledge and understanding is appropriate.
The big one for insurers is now only a few months away. But for compliance, risk and internal audit, where should the focus of activity be for 2016? Should it be around the controls and operation of the functions required to ensure all periodic reporting is correct and on time? Should it include a look at the processes that lead to the construction of the Pillar I numbers? Or how about an independent assurance review of the Own Risk and Solvency Assessment (ORSA), when it is finalised next year?
This will naturally get a lot of focus, and should be near the top of monitoring plans for 2016. The question is, do the relevant people have the right level of subject knowledge to carry out what’s asked of them?
This one just refuses to go away. After last week’s latest consultation from the FCA, a number of small changes are being introduced now to the already massively-changed pension regime (more on that story in future posts). However, assurance functions will no doubt want to take a look at how firms have adapted to the new regime in practice, and are continuing to embed the constant stream of changes from the regulators, many of which have very short lead-in times before they’re introduced.
MiFID II and EMIR
Two big initiatives from Europe, which will be of interest mainly to the investment management sector but also indirectly to insurers too. EMIR has already started to bite for many, but the second iteration of MiFID still has over a year to go before it goes live. However, assurance functions may wish to look at firms’ readiness for the changes when they happen.
Last and by no means least, the senior managers in banks, insurers and investment firms will see major changes in the way they are governed from March next year. Whilst the focus between now and then will quite rightly be on implementation of the changes, assurance functions could look at reviewing the effectiveness of the new controls and processes soon after they have been implemented.
These are just four very brief examples of where key changes are happening in our industry that will require the focus from those in assurance roles. The question is – do these teams have the knowledge and understanding to carry out what’s required of them?
Planning exercises are not just an opportunity to set out what activities need to be carried out in the forthcoming year, they also present a chance to take a step back and see whether really, training is needed on a specific subject to make sure the work can be carried out effectively.
The good news is that the tools and resources needed to make this assessment are all readily available; either by just keeping an ear to the ground as to what events are coming up, or taking a more proactive approach and searching out opportunities.
Either way, don’t miss this chance to ensure that assurance plans add as much value as possible in 2016.
By Martyn Oughton a Professional Member of the International Compliance Association (ICA). Martyn now writes a regular blog for Industry Events Online focusing on the importance of training in all aspects of compliance. Read Martyn's other publications at Martyn's Writers' Residence website.
To keep up to speed with new events and blog posts sign up to the Industry Events Online weekly newsletter.