With the ever-increasing regulations and their changes, brokers have no choice but to tackle the subject of compliance head on. Team awareness, monitoring, risk analysis, recruitment of a compliance officer. Review of the action plan.
Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) provisions, General Data Protection Regulation (GDPR), Digital Operational Resilience Act (DORA) or Solvency II. Here are some of the compliance files that are piling up on brokers’ desks. “A subject that is all the more complex because the regulations are far from being harmonized on a European scale,” stresses Charlotte Gaudin, CEO and founder of AML Factory, a solution that automates the implementation of AML-CFT regulations.
Another source of complexity is the constant changes. “On average, the texts change four times a year,” observes the CEO of AML Factory, “which can lead to the scoring of customer files being reviewed as many times.”
It is easy to understand why the cost of compliance is estimated at the European level to be around €150 billion.
What about the impact of non-compliance?
“Few studies have been conducted on the subject,” continues Charlotte Gaudin, “but it is common to see companies forced to spend hundreds of thousands of euros after a visit from ACPR (Autorité de contrôle prudentiel et de résolution) inspectors.”
Consider compliance as a team sport
How can we avoid multiplying the risks in our daily activities? First, by ensuring that the responsibility for compliance is carried by everyone in the company, not just the person in charge of this heavy load.
“Even though we now have a compliance department with two full-time members, we could not do this without relying on the correspondents we have in the various business or product lines,” says Fabien Fischer, compliance officer at Roole (Identicar’s commercial brand).
In fact, bringing a new product into compliance with the AML-CFT regulations cannot be done without close collaboration with the people involved in the design. “And such work can require a major investment from those concerned over several weeks,” Fabien Fischer illustrates. “Another example is the GDPR and its impact on data retention time. It is impossible to move forward without the IT department being heavily involved.”
For each subject, it is therefore necessary to explain, convince and mobilize resources for the time required.
“Sometimes it is easier on a topic like counterterrorism than on a somewhat technical point of the GDPR,” acknowledges Roole’s compliance officer.
“In all cases, I try not to make compliance an inhibitor, but rather to encourage teams to see it as a game, in a positive way. A game in which risks are identified with the experts involved while decisions are made in a collegial manner.”
Assess risk at the level of the organisation
How much energy should a broker invest in compliance?
“Since 2017, insurers have worked hard to ensure that their brokers contribute to compliance,” notes Sophie Le Goff, partner at Sia Partners, in charge of the insurance and compliance teams. “The question now is: how far should brokers go? The answer is specific to each one, because a principle of proportionality applies according to the size of the organisation.”
Working on compliance therefore requires conducting a risk assessment on all facets of compliance. That is why compliance is not just a matter for lawyers. That is why outsourcing to ensure a comprehensive watch can be invaluable to maintain the level of vigilance. This is the option chosen by Roole.
“We rely on three specialised firms: one for the GDPR, one for taxation, and another for insurance law,” explains Fabien Fischer. “Each year, I ask them for a watch review and I regularly solicit them on specific points.”
Keep a close watch on all compliance issues
“This monitoring is fundamental, because even if a broker decides to outsource processes, for example for everything related to identity verification, it remains its responsibility to understand what it is subject to,” warns Sophie Le Goff.
“The goal is not to achieve 20/20 on compliance, but rather, say, 12/20. In other words, it is not about overcomplicating processes, but about finding the right balance between business efficiency – and therefore business development – and risk management.”
And this in a very concrete way. A recent example: the ACPR published a recommendation in May of this year on the time it takes to process complaints. From customer referral to complaint follow-up, many operational issues are impacted. It is up to each individual to assess the risk and to deduce the measures to be taken.
“And the measures are not only processes, but also training and acculturation management,” says Sophie Le Goff.
“You will not be able to comply with such a recommendation from the ACPR without training the employees concerned.”
Establish a compliance department
Both the complexity of regulations and the growth of business are leading brokers to create a “Compliance Officer” position. A decision made a year ago at Roole.
“Between our growth, which has led us to have 1.2 million active customers, and the over-regulation of the business, it became clear that compliance could not remain a subject managed by a single person, no matter how good he or she was,” says Fabien Fischer, Roole’s Compliance Officer.
The broker, which has 300 employees and relies on five insurers, has therefore opted to create a dedicated department. The right candidate just needs to be found.
“The quest is difficult,” admits Charlotte Gaudin, who knows the subject well since she has held this position within several organisations. “Companies are doing everything to avoid losing their compliance officer. These profiles are precious and it is not by chance that we find more and more independent experts who live very well from their speciality.”
This is evidenced by the existence of One Bird+ a freelance platform dedicated to compliance.
Roole opted for a two-person compliance department: a compliance officer, with a strong company and insurance background, and a lawyer.
“My background in the company enables me to have a constructive conversation with everyone, a detailed assessment of the risks and to propose reasoned measures,” confirms Fabien Fischer. “As for our lawyer, she has a strong background in insurance and also has a general legal education, which is useful on a daily basis given the range of regulations we have to cover.”
With a thorough knowledge of the business, a good risk analyst, a facilitator and a teacher, the compliance officer is a rare pearl. The good news is – as the Roole example shows – the right candidate is sometimes not far away.