Collas Crill Group Partner Wayne Atkinson issues a spirited plea for the avoidance of self-defeating jargon at financial firms that are trying to tackle regulation and risk.

Last week, a colleague and I were discussing suspicious activity reports or SARs – or, to be more precise, we were both talking about SARs but not making much progress with our discussion. You see, we were talking about confidential information and more specifically my colleague was asking about suspicious activity reports while I was replying about subject access requests. Needless to say, it took a couple of moments of confused stares before we got onto the same page.

It’s a silly example of an increasingly problematic issue in Guernsey’s regulatory environment: a preponderance of jargon. Jargon has its uses – it lets one technically skilled person speak to another quickly and efficiently. It can, however, be isolating for people who are only linked to a field tangentially but who need to communicate with people deeply embedded in the technical culture of that field. In the regulatory world in which many of my financial service clients operate, the acronyms are flowing thick and fast: MIFID, MIFID II, MIFIR, SARs (both kinds), GDPR, MLROs, AML, KYC, CFT, FATCA, OFAC……I could go on…..for quite a long time.

But the problem goes beyond the increasing use of jargon and acronyms. It pervades people’s understanding of terminology and the effect that it might have on their businesses. In the last week, the European Union’s General Data Protection Regulation (GDPR) has been one of the most talked-about topics in Britain’s Crown Dependencies and although the majority of people have a basic understanding of what it means (because they have probably received 1,000 emails from every company and trust with which they've had any kind of involvement), that doesn't mean they truly understand the minutiae or even the overall intent of the regulation.

A clear trend in regulatory circles at the minute is the need for board level buy-in on projects and concepts. Regulatory compliance can no longer be assigned to a silo with periodic reporting back at board level. Instead, all members of the board need to understand and deal with difficult regulatory concepts. However, buy-in at board level requires a degree of both trust and understanding – the language we use can increasingly be an obstacle to that trust and understanding and that buy-in. An inability to give clear advice is a fatal flaw of which many lawyers are accused; one of the things I find myself telling the trainees and young lawyers at Collas Crill is that you cannot really be sure that you understand something until you can explain it to someone else. At a panel discussion on data security last year, one of my fellow panellists confessed to applying the ‘granny test.’ Could he explain the issue to his grandmother? Coherent explanations are not rooted in acronyms and technical jargon but in a firm grasp of the concepts that those terms represent.

The task of writing this article got me thinking about one the most impressive bits of public speaking I have ever seen. It was given by a man called Jarrod Jablonksi. Wikipedia describes Jablonksi as a ‘record-setting cave diver’ who once undertook a dive traversing 11 kilometres of continuous cave, which required his team to spend 21 hours underwater. Cave diving is by its nature very dangerous. If something goes wrong in a submerged cave, a diver cannot surface without making his way out of the cave. Normal diving issues become more complicated with the added risk of becoming lost or stuck and drowning. Plenty of cave divers drown and their colleagues, as a result, have strong opinions about the best (i.e. safest) way to cave-dive. As this is fairly technical in nature, it is also a jargon-rich environment. Jablonksi had some strong opinions that disagreed with others. In his speech, with no notes, he answered the questions of a crowd – some of whom knew little of cave diving or of his methods – explaining how he had formed his opinions and why. He did so with remarkably simple explanations of remarkably complicated issues and very little jargon.

Essentially, every answer to every question followed a pattern. When asked why he did something a certain way, Jablonski responded by pointing to the risks in the environment and the activity and then explained how his team had dealt with this-or-that risk. Despite the complexity of the subject, every one of his answers passed the ‘granny test.’ What was impressive about the talk wasn't that Jablonksi's approach was risk-free – it could never be risk free, he was spending hours at a time kilometres inside underwater caves. What was impressive was Jablonksi's depth of understanding of the risks and the best ways to offset them. Everything he did or did not do, wear or take with him had a rationale attached and had been considered. He also explained that he would never work with anyone who did not observe the same standards as his.

I often remember that talk when I speak to financial businesses about their approach to compliance. In addition to being about the ultimate use of a risk-based approach, it was an approach full of lessons that could be applied to business. No-one is going to drown in our industry, but financial businesses still deal with risk every day and manage that risk. We embrace innovative technologies such as the Blockchain or crypto-currencies, we share our expertise with emerging economies and markets and we deal with new clients regularly. Meanwhile, even the most ‘plain vanilla’ of structures is open to abuse. In compliance terms, we embrace (or should be embracing) risk.

As in cave diving, success does not stem from compliance policies which cut risk to zero – that is impossible if you want to conduct business. Instead, the key to success is to understanding the risks in one’s business environment and, like Jablonksi, to work out how to ward them off as far as possible. The mitigation of risk requires directors and compliance teams to understand risk – they cannot work in silos. A director should be able to look at a compliance effort and spot the specific risk it is meant to offset or control. Equally essentially, compliance teams ought to understand how the business operates in the real world so they can identify the risks inherent in it. An off-the-peg, one-size-fits-all set of policies is unlikely to work well. An accurate assessment of a situation allows a business to tailor its processes and policies to address specific concerns; a generic ‘precedent document’ may not even identify the concerns in question.

A second lesson is that the observance of fabulous processes may not get you anywhere if a teammate ‘goes rogue’ and ignores them. That is why Jablonski required buy-in on his methods from everyone on his team. Regulatory compliance requires a similar level of buy-in at all levels of a business with everyone embracing a compliance culture. It is not an option for someone to take a go-it-alone approach to risk management because it exposes the whole team to the risk of a catastrophic failure.

Thirdly, to return to my starting point, the use of jargon is a barrier to entry for people who are unfamiliar with it. Jablonski did not blast off bits of jargon to show off his knowledge; his speech worked well because he was able to show off that knowledge by explaining the issues in plain English. Will all the members of a business really jump on board with a new project when they have to google half the words in the roll-out email? Even worse, will well-meaning team members unwittingly contravene company policies because they do not understand what they are being asked to do?

When I was taking part in a panel discussion about the new data protection law last year, someone asked me a question about how less-technologically-able board members might ‘add value’ when speaking to IT consultants or IT team members. I made the point that if the board members in question asked me a question as a lawyer they would not accept an answer from me in ‘legalese’ but would instead demand an explanation in plain English. Why should they not make the same demands of other consultants and service providers?

So if I may finish with a plea, let us try to re-address risk and regulatory issues in a transparent, inclusive and considered way. Let us converse with non-regulatory teams and understand what they do and the risks they run, the better to craft processes for them to follow that they find intelligible instead of forcing standard procedures upon them. Let us configure things so that nobody feels the need to buck the system – and let us do so with the bare minimum of unnecessary jargon.

* Wayne Atkinson can be reached on +44 (0)1481 734225 or at wayne.atkinson@collascrill.com