Alan Ramsay is Deputy Chairman of the Chartered Institute for Securities & Investment (CISI). A chartered accountant by training, he is a recognised expert in financial services industry regulation. Roles Alan held prior to his most recent role as a senior advisor to PwC’s Financial Services Regulatory Practice in London include a fifteen-year tenure leading compliance globally for HSBC, and a decade in senior positions at The Securities & Futures Authority.  Here, Alan speaks to Alex Keetch about his career in compliance, the lessons he has learnt, and how he perceives the compliance function evolving in future as part of the financial industry’s broader governance framework.

AK:  Alan, it’s great to be talking to you again. Are you finding that your compliance experience is a selling point when it comes to making the cut for board-level positions?

AR:  Yes, I think that’s probably the case. You might agree that this is an obvious thing to say, but if you are going to try to make any sense out of the obligations that are attached to compliance functions these days, as many firms are trying to, you have to reflect a little bit on the events of the last ten years or so, and very obviously that takes you into thinking about the financial crisis, mis-selling scandals, PPI, LIBOR, Forex rigging and the rest. These have very much shaped the expectations that are attached to compliance and to those who occupy senior roles within such functions. It’s put a spotlight on governance, on culture, on standards, maybe even on integrity, dare I say, and the political and supervisory responses to all of that, seem to me to have been quite far reaching and quite intense. It seems to me we’ve moved on from a gentler era, where the world, looking back now, at least seems to have been a slightly more predictable place.

AK:  Reflecting that, the wording used by people like Gordon Brown and Alan Greenspan, some of the most influential financial voices of that era, was quite benign.

AR:  Indeed. you’ve had, as you say, some prominent figures speaking very positively about financial conditions, which then changed very quickly and we moved into the era of the financial world being apparently only populated by ‘wicked bankers’. All of that is the backdrop against which compliance and regulation has changed and developed since then. I think you see that change in all kinds of ways. If you start with regulation and supervision, I think we’ve seen a change in regulatory approach, and I think there’s arguably a more judgement-based set of supervisory processes, which means looking beyond compliance and the letter of regulation and asking questions about what is right, not just about what complies. I think there are also now heightened risks around the supervisory and regulatory process, particularly around supervisory predictability and consistency over the years gone by, plus the benefit of hindsight, and the temptation to apply current standards and expectations to circumstances and events which may be very long since passed by. That has also driven change in the role of compliance, which there is now much more emphasis. Within certain larger and more complex organisations, being viewed as a business partner and having some strategic involvement and helping define the shape of the business is now quite natural, as many boards are now having to factor in compliance much more emphatically and directly than they did previously. This is partially regulators are now looking to compliance to provide more internal challenge than they did previously. If you talk to regulators now, particularly in the US, they’re not terribly interested in comments or thoughts around effective business partnering, regardless of how important this is to business stakeholders. They are much more interested in the extent to which compliance is performing an essential control function and providing that internal challenge. That’s one of a handful of dichotomies the modern compliance leader needs to reconcile.

AK:  You’re talking about the conflict between the need for effective business partnering versus the need to remain independent.

AR:  Yes, indeed. That tension has always been there in some form but I think it is now much more evident than it was in the past. A key consequence is that there is a much greater emphasis within firms around the need to have the right kind of culture. Culture is a business concept that has been discussed for a long time, though it’s now come to be a much more central area of focus, and firms from the top down are working out how to get this right. More recently, there’s been recognition that a control framework, underpinned by a premise that if something is not expressly prohibited, it’s viewed as acceptable, is ultimately going to be problematic.

AK:  It may not hurt you immediately but over time. It’s interesting to think of the crisis as almost the ‘extinction-level event’ that jolted the industry out of complacency.

AR:  I think that’s right, although the nature of these things is that as we collectively reflect as an industry over the last ten years, some of this stuff is not immediately obvious, it is gradual.

AK:  I reflect sometimes on the state of the world and the incendiary role of aspects of the media in reporting on things like the financial crisis. The fact is that industries evolve, and lessons are learnt from failure. One way of looking at the crisis is that it’s an incredibly useful tutorial on how to more sensibly run a global financial system, although as lessons go, the human cost was huge, which is why the regulatory response was as stern as it has been.

AR: That’s right. The direction found now seems to me to be one of creating a culture where everybody takes responsibility for doing the right thing all the time. The Senior Managers Regime in the UK, and the work that regulators have done on personal accountability and personal responsibility, are enforcing that. In this changed environment, it can’t really come as any surprise that the skills and capabilities which have traditionally been demanded of those occupying senior compliance positions, are also now changing. The profile of today’s chief compliance officer is likely to be very different from that of his or her classically qualified predecessor. It seems to me there is a suite of skills and capabilities and abilities which will be sought as a matter of course in a capable and well-qualified compliance professional. Things like independence, integrity, principles, good judgement, good critical thinking skills, discretion, some sense of proportion, ability to interpret information very quickly, good communication skills, being fair minded, pro-active, diligent – the wish list of nice adjectives could go on for a very long time. Additionally, you also have to have a thorough understanding of the business, an international perspective, and additionally a feeling for strategy and direction of travel, so that you can align compliance resource and capability against what actually drives the business.

AK:  So before we’ve even started to think about knowledge of the technical rules…

AR:  Exactly, we are already looking for a certain type of person. On my own list of traditional wants would be strong technical compliance knowledge and being up to date on rule changes. People would have to be pretty exceptional to strongly tick all those boxes, but technical knowledge is now taken as a prerequisite, to the extent that it’s absolutely necessary, but no longer sufficient by itself.

AK:  As a headhunter looking for people in these areas, I am always looking for technical knowledge as a second language, and then beyond that you need some sort of ‘X-factor’.

AR:  Part of my point is that some of the skills that I’m suggesting are essential, and are now very sought after, are now of a higher order than they were previously. Regulation now is so very high on the agenda of those charged with running businesses and those who sit on the boards at such businesses, it has now to be factored in, in all kinds of ways, so there is, in my view, an emphatic need for compliance leaders to be business partners. We talked previously a little bit about communication; compliance leaders must be able to handle the formalities of an audit committee and develop good relationships with chairmen and non-executives working in those capacities. You are also seeing a new breed of non-executives, who are technically capable from a regulatory perspective, who are engaged, committed to their independent roles, used to operating in highly regulated environments. Compliance needs to be ready to go up against those stakeholders.

AK:  That increased level of accountability also applies to those stakeholders, doesn’t it?

AR:  And it has caused many to reflect on what they are responsible and accountable for. The clarity of reporting lines, the clarity of job descriptions, which previously may have been viewed as rather a dull piece of internal mechanism, now have a very important role for those who occupy such roles.

AK:  I suspect it will be a difficult balance to strike: the willingness to be a team player, versus “my accountability finishes here, so I am not legally responsible for failures”.

AR:  You might see such dysfunction and damaging positions taken if the SMCR is implemented in the wrong way, if the regulators don’t see the broader picture. This could be very corrosive, particularly at quite senior levels, if you get some kind of jobsworth mentality developing or everybody looking over their shoulders. I would maintain that properly implemented, in the spirit of responding intelligently and thoughtfully to some of the kind of changes we were talking about earlier, it needn’t be like that. It doesn’t take much imagination to see where things could go wrong though, and be counterproductive.

AK:  And in an adversarial, politicised regulatory environment, it might make for an even more challenging environment.

AR:  I think many people will grasp very readily why these changes are necessary. In some places it’s actually been recognised as an opportunity to straighten out a lot of behaviours and organisational structures, although clearly, there are some people that see this, and much regulation in general, as unnecessary bureaucracy.

AK:  Donald Trump and many Republicans want to roll back the rules and regulations to make doing business easier, don’t they? Easier, but more risky again?

AR:  Without doubt, when you have a crisis, you can reasonably expect that there will be a reaction and there will be a regulatory response, which will be quite assertive and intensive. The pendulum may be starting to swing back now, in the United States. Some commentary you read says that adjustment is necessary, because the regulators have taken things further than necessary, although there is that conflicting line of thought which says, have we learnt nothing from the crisis? Additionally, unfortunately and sadly, we have continued to see instances of bad behaviour in many places. Maybe then, it’s too soon to start releasing or relaxing some of the changed and strengthened rules. The interesting aspect of all this for me is that so much of this is about judgement, on the part of people reviewing complicated situations, and those judgements need to be constantly refined and re-evaluated.

AK:  And judgement aside, as compliance functions have grown, enabling their ability to cope with regulation on behalf of the huge businesses they support and control is a giant logistical challenge. There will be frustration, won’t there, that just as we’ve put all this in place, and we’re ready for the regulatory environment as it stands, the ‘powers that be’ are changing the rules again?

AR:  To some extent life is always going to be like that. Where you have a foul-up, you expect a reaction. One then has to manage is the consequences, and this is part of the changing role of compliance. There is a heightened expectation around the ability of good compliance people to communicate the thinking of the regulator to the business, and to explain if it needs explanation, and not everyone in compliance is ready for this. We’ve always looked in compliance people for people who could demonstrate a strong constitution, a strong conviction that their experience meant they could rely on themselves to make the right calls, and be more influenced by that than by questions of personal relationships. That requirement is more urgent in the environment as it stands now than it has ever been before. Compliance needs to take the lead in setting the tone for corporate integrity, and the ability to drive and promote the right kind of culture is crucial in compliance leaders. I also think you will increasingly look towards people who are confident with technology – that’s a huge factor nowadays.

AK:  Do you think technology in the regulatory space might be most useful in order to free up the ‘thinking time’ to allow for better business partnering?

AR:  That’s right, there is undoubtedly now much smarter technology available for monitoring, reviewing etc. Going back to the earlier part of my career, when I was a regulator, I’ve spent too much of my life listening to recordings, in the event of a trading dispute or worse, and that has been very time-consuming. Technology has moved on in all kinds of ways, and you’re right, it does bring the possibility with it of not just doing it better but releasing capable human resource which is precious and expensive, to do frankly more intelligent and higher-value things. In parallel with all that, organisations are under cost pressure, so can we find smarter solutions, whether through technology, or more intelligent development of existing resources, to create more effective leaders? The kind of thing I’m thinking of when it comes to development is self-awareness. For example, if you’re going to say there is a premium on leadership in compliance, and you have an expectation that people occupying those roles must have a more significant role in shaping and influencing strategy and communicating with board colleagues and all those issues, self-awareness becomes very important. Effective leaders know their own strengths and weaknesses; they’re able to identify where they need to build their skills, and where they could benefit from coaching or similar activities. I have talked a lot about communication, whether it’s sharing key points with senior business colleagues, or the board, or translating essential messages from those stakeholders for others in the organisation. They need to do so in a way which is very clear and credible and without a lot of jargon, which requires real skill. In the past, you wouldn’t have necessarily placed a premium on your compliance team having the best communication skills in the business, and now you would probably feel they were a bit deficient if they couldn’t communicate effectively.

AK:  And communicating with a fairly diverse group and in some cases, quite challenging audiences, from actuaries, to lawyers, to sales people, to traders keen to seal and deal who may not like the compliance viewpoint, but are absolutely forced to abide by it.

AR:  You’ve made my next point for me very well: knowing your audience and understanding how you need to vary your approach to ensure you get the best results is fundamental. You might call it empathy or emotional intelligence; helps build relationships, it strengthens team dynamics, both within compliance and also between various groups of stakeholders.

AK:  Emotional intelligence can sound like a slightly soft and fluffy concept but sometimes it takes the emotional intelligence to determine the right approach to an individual or situation.

AR:  Understanding your audience was always important and that possibly differentiated between someone who could just quote a rule at you and someone who could explain it to you in a way that actually made business sense. That was probably always there, as with so much of what we’ve talked about today. I just think the expectations now around these things are much higher.

AK:  There are naturally emotionally intelligent people out there, some less so, and both types will find themselves in senior compliance roles now and in future. Then we get back to the importance of training, not just in the context of being taught the rulebook, but in that of developing the soft skills required.

AR:  That’s right. The traditional skills are necessary but are no longer sufficient. Also, I wouldn’t have used this language, say, twenty years ago, in thinking about what I looked for in a good compliance person, but now, qualities like creativity and innovation are important. That’s not especially crisis-driven; we touched earlier on technology and the capabilities that brings. You’d now seek a readiness to look at things a little more imaginatively, to imagine different and new solutions and strategies.

AK:  To borrow a phrase from the technology space, you could say we have been talking about ‘version 2.0’ of the compliance director, which has been forming and refining itself in the last decade since the crisis. In terms of version 3.0, perhaps which will apply to an emerging cadre of potential leaders in compliance, what characteristics should they be looking to develop and refine?

AR:  I hadn’t thought of it in terms of developing software releases as it were, but it’s maybe not a bad analogy. If you’re going to accept the thesis that regulation and compliance are now such a critical part business strategy, you will want a talented group of people around you who can think progressively and help to the liberate the collective thought process, through self-awareness, excellent communication skills and emotional intelligence, and dare I say, it even some charisma.

AK:  Many thanks Alan – we appreciate your time.