A: It's gone very well. It’s been over 18 months now since ACA’s acquisition of Cordium was completed. The combined business now gives us in the UK over 50 compliance professionals and 400+ clients. There has been no notable staff attrition and we've lost no clients as a result of the acquisition. We now service an even wider range of firms from smaller asset managers to multi-billion firms in the hedge fund, private markets, wealth management and alternatives space.

Q: Did ACA's ComplianceAlpha absorb Cordium's Compliance ELF?

A: Yes. We released ComplianceAlpha 2.0 last October, which introduced an updated and expanded version of Compliance ELF, on which firms manage their employee personal trading monitoring and surveillance activities, to the platform. With regulators all over the world evolving their own technology to identify potential market abuse and other misconduct quickly, this helps the firms keep pace.

Q: What happened to platform Mirabella?

A: It's still part of the ACA group. Nine months ago we decided to sell or 'exit' it. We're a governance, risk and compliance (GRC) and technology firm, so why do we have a regulated entity in our midst? There are risks associated with having such an entity in a group like this.

That is not to say that it isn't of good quality. It's one of the best and most expensive – if not the most expensive – platforms in the marketplace. It has about 65-70 firms on it. I am sure that ACA and Mirabella will continue to work together for firms that need the services of both.

Q: How did you come to be in compliance?

A: This is my 31st year in UK compliance. I started in October 1989 at Irish Life. I then worked for four years at one of the regulators of the day – LAUTRO (the Life Assurance and Unit Trust Regulatory Organisation). Then I spent six years at National Australia Bank, ultimately as their head of regulatory policy, before going into retail compliance consultancy for 2 years and then joining the Hartford as their business conduct compliance manager. I joined what was known as IMS in May 2010 which has evolved to now become ACA Europe.

Q: With ever-more onerous regulations to obey, do you think that all financiers are marching inexorably towards a moment when they are all working for the Government?

A: No. In this game there's continual consolidation and release and consolidation and release. Regulation tightens and then seems to relax and so it continues. Mind you, it always ends up consolidating at a higher level than last time. Compliance isn't going away. Inevitably what has happened is that regulation builds on regulation. When I was at LAUTRO, the whole rulebook was three inches thick. Now, if you look at COBS and all other sourcebooks that are relevant to what would have been in old money a LAUTRO firm, it’s nearing 4 feet!

Q: Have you ever seen a bank cutting its compliance team needlessly?

A: I’m aware of a high street bank which very recently is looking to reduce its headcount by 25% across a number of business units including compliance. Simple as that – 25% of the compliance team must go. What does not appear to have taken place is that the business unit resizes and then an assessment is made of what size of skillset of team is required to then support those smaller business units. When a redundancy situation arises it can be the longer-term and skilled employees who put themselves forward for redundancy and a brain drain can occur.

I was told when in-house: "we don't need as many compliance people any more because we are now compliant." My response was: "but we are only compliant because we have the right people with the right skills and headcount!"

Q: What is the best way for a compliance function to operate at a private bank?

A: These days, compliance must work collaboratively with the business unit and my motto is that compliance should be "built in, but not built on." Compliance people have a lot of value they can add to a business both in terms of knowledge of the business itself and how risk can be efficiently and effectively managed.

A real risk is also that evidence of compliance can be lost – especially during times of resizing. At a typical private bank there are numerous systems that don't necessarily talk to each other. If someone leaves the organisation and there is a compliance problem of which they may have knowledge, can the firm find the evidence of compliance, including emails? Firms should ‘inspect what they expect.’

We had a client a number of years ago which had a power outage and no one thought to check the comms room to see if the call-recording equipment had been reset – it hadn’t been. Regular and continuous monitoring should be carried out. Know what your risks are, monitor them and report any failings or weaknesses. It sounds very simple, but a surprising number of firms don’t always do the basics.

The FCA's Client Assets Sourcebook (CASS) calls on every bank to have a 'living will' so that it’s clear how client money has been organised and is accessible in the event of the failure of the firm. I think there needs to be one of those for information. At the end of the day, if a firm can’t evidence compliance or work done then the assumption by the regulators is that it wasn’t done – remember that old adage: “if it isn’t written down, it didn’t happen!”

Q: What sort of things do you do to help private banks comply?

A: Increasingly, clients are asking us to chaperone calls when research is being carried out on a particular sector (through the use of expert networks) - we listen, take notes and flag up any matters of concern from, for example, a market abuse perspective. Previously, those calls would have been chaperoned by a member of the compliance team but, as volume increases, such calls take the compliance people away from their core activities. Also, the cost of such chaperoning can be met by the business unit, so the firm can get a truer sense of the cost of compliance for that business unit.

There is a subtle change of funding going on in managed or outsourced services. Banks now do electronic communications surveillance by giving access to external parties like us – that way, junior people at a bank don't see the CEO's emails. E-comm accounts for half our team in our US Analysis and Review Centre in Pittsburgh.

Sometimes a bank hires one of our people to go in and carry out a variety of compliance tasks for it for one, two or even more days a week. This is more expensive than it would be to hire someone of its own but, in one such case, when I asked someone at the bank why the bank did it, he said: "If there's a problem, our person would have to deal with it on his own, using just his own experience. I like the fact that the ACA person has 50 people standing behind him." In other words, he can draw on the experience of others at our firm if needs be.

There is no need to worry about hiring and the need for support can be flexed as the need of the business requires. Another advantage is that if he's on holiday, we substitute him.

Also, at in a regulated entity, when there's a freeze on headcount, the firm can hire and deploy contractors so as to continue to carry out core compliance activities. It's more expensive, but it helps the firm get round the problem and use the right skillsets, which may change over time.

Q: If you have one compliance-related message for regulated firms, what is it?

A: Whenever you resize your business units, always determine the size and skillset of the compliance team you need. You can judge it yourself, or you can (typically) get one of the 'Big Four' in to do it for you, or increasingly we are finding firms asking us if we can do it.

You must ask yourself the crucial questions. How do we identify and manage the risks? Who does that work? Are the risk controls enough? When business unit activities change, is there a re-evaluation of risks? Don't do what the high-street banks are doing and cut the compliance department by 20% just because the business unit is shrinking by that amount!

* Philip Naughton can be reached at philip.naughton@acacomplianceeurope.com