In this article we talk to Philip Naughton, a partner at ACA, the compliance consultancy and software group, about its recent and very successful merger with Cordium and about trends in the industry in general.

A real risk is also that evidence of compliance can be lost – especially during times of resizing. At a typical private bank there are numerous systems that don't necessarily talk to each other. If someone leaves the organisation and there is a compliance problem of which they may have knowledge, can the firm find the evidence of compliance, including emails? Firms should ‘inspect what they expect.’

We had a client a number of years ago which had a power outage and no one thought to check the comms room to see if the call-recording equipment had been reset – it hadn’t been. Regular and continuous monitoring should be carried out. Know what your risks are, monitor them and report any failings or weaknesses. It sounds very simple, but a surprising number of firms don’t always do the basics.

The FCA's Client Assets Sourcebook (CASS) calls on every bank to have a 'living will' so that it’s clear how client money has been organised and is accessible in the event of the failure of the firm. I think there needs to be one of those for information. At the end of the day, if a firm can’t evidence compliance or work done then the assumption by the regulators is that it wasn’t done – remember that old adage: “if it isn’t written down, it didn’t happen!”

Q: What sort of things do you do to help private banks comply?

A: Increasingly, clients are asking us to chaperone calls when research is being carried out on a particular sector (through the use of expert networks) - we listen, take notes and flag up any matters of concern from, for example, a market abuse perspective. Previously, those calls would have been chaperoned by a member of the compliance team but, as volume increases, such calls take the compliance people away from their core activities. Also, the cost of such chaperoning can be met by the business unit, so the firm can get a truer sense of the cost of compliance for that business unit.

There is a subtle change of funding going on in managed or outsourced services. Banks now do electronic communications surveillance by giving access to external parties like us – that way, junior people at a bank don't see the CEO's emails. E-comm accounts for half our team in our US Analysis and Review Centre in Pittsburgh.

Sometimes a bank hires one of our people to go in and carry out a variety of compliance tasks for it for one, two or even more days a week. This is more expensive than it would be to hire someone of its own but, in one such case, when I asked someone at the bank why the bank did it, he said: "If there's a problem, our person would have to deal with it on his own, using just his own experience. I like the fact that the ACA person has 50 people standing behind him." In other words, he can draw on the experience of others at our firm if needs be.

There is no need to worry about hiring and the need for support can be flexed as the need of the business requires. Another advantage is that if he's on holiday, we substitute him.

Also, at in a regulated entity, when there's a freeze on headcount, the firm can hire and deploy contractors so as to continue to carry out core compliance activities. It's more expensive, but it helps the firm get round the problem and use the right skillsets, which may change over time.

Q: If you have one compliance-related message for regulated firms, what is it?

A: Whenever you resize your business units, always determine the size and skillset of the compliance team you need. You can judge it yourself, or you can (typically) get one of the 'Big Four' in to do it for you, or increasingly we are finding firms asking us if we can do it.

You must ask yourself the crucial questions. How do we identify and manage the risks? Who does that work? Are the risk controls enough? When business unit activities change, is there a re-evaluation of risks? Don't do what the high-street banks are doing and cut the compliance department by 20% just because the business unit is shrinking by that amount!

* Philip Naughton can be reached at philip.naughton@acacomplianceeurope.com