Rules Navigator

Navigating the difficult waters of compliance in a time of constant change

Olympic trails canoe/kayak - mens C-2.
Photo: Andy Lyons/Getty Images

Gary Watson | Clarionet Consulting

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

The challenges of combining SMF16 and SMF17 – expectations on the heads of compliance and MLROs.

Operating in an era where regulatory expectations have never been higher and will undoubtedly continue to grow, combining SMF16 and SMF17 into one role provides some challenges and risks. Periodically, certainly as firms grow, it makes sense for their leadership to review this approach. 

In 2022, the FCA set out its expectations on heads of compliance and MLROs (money laundering reporting officers), as part of the approval process for SMF16 and SMF17 applications. The publication indicated that the applicant will need the necessary skills and knowledge, and that the level of skills and knowledge should be in line with the size of the firm and its risk of harm.

That’s straightforward enough, but for the individual, it can be problematic. First, there is acquiring the requisite skills and knowledge, and then keeping on top of regulatory developments when they could be very diverse. They range from AML (anti money laundering), ABC (anti-bribery and corruption), fraud, sanctions, and MAR (Market Abuse Regulation), to cybersecurity, data privacy, PSR (Payment Services Regulations), ESG (environmental, social and governance), MiFID (Markets in Financial Instruments Directive), operational resilience, whistleblowing, plus, of course, consumer duty.

Regulations and regulatory expectations, perhaps reflecting societal changes, are constantly moving. No wonder ancient Greek philosopher Heraclitus’ “everything changes” quote (or misquote) is often used. 

Splitting the roles

So at what point could the SMF roles could be better served by being split?

As well as the obvious customer population size and product complexity, the maturity of the first line risk functions, as well as the second line depth of skills and expertise, would all go into the mix. Size aside, perhaps there’s also a slight paradox, as firms that have further to travel on their risk and compliance maturity journey are more likely to combine these roles. 

Points to consider:

  • Are first-line risk functions managing these risks separately and do they require specialist second-line support and oversight? 
  • Do senior management feel that the annual compliance monitoring plan isn’t adequately covering both financial crime and compliance risks? 
  • Is there an over focus on the familiar within the compliance team, meaning time doesn’t permit a focus on new emerging risks, or on shaping how the compliance team continues to learn and develop? 

The above could be signals that the scope and breadth of the compliance and financial crime risks could be causing challenges for the second-line compliance team and, by association, the person holding both the SMF16 and SMF17 roles. Here’s where the third line has a part to play; the luxury of being able to step back from the day-to-day and take a wider look at what is and isn’t working. 

Maintaining the current status

Nothing says a firm can’t combine these roles and be effective at managing both compliance and financial crime risk. Perhaps key for the person holding both SMF roles is an acceptance that while they can’t be the subject matter expert on all topics, they can have a good understanding of what’s required, and have a team around them that has the time and inclination to dive deep into different regulatory areas. 

However, it is helpful, from time to time, to review whether this path remains the right one and, as per the FCA’s expectations, is in line with the size of the firm and its risk of harm.

Gary Watson is the director of Clarionet Consulting. He is a former head of compliance and MLRO, with extensive FCA SMF 16 and SMF17 experience.

, , , , , ,

You may also like