Members Only | 23/07/20

Compliance after COVID – the end of the BPU?

Have you heard of the BPU before? It stands for Business Prevention Unit, and it’s how the compliance function is seen in far too many organisations.

I’m a consumer credit compliance consultant, an interim, usually. One of those people who breezes into a firm, changes everything and then goes on to the next contract, leaving someone else to carry on. I specialise in operational compliance, complaints, Quality Assurance (QA), policies, procedures etc. I think of it as Operations Assurance and I’d like to share a few insights with you.

I’ve been working from home since mid-March, as has everyone else in the firm I’m currently working for. The revised immediate priorities of the company have made me consider the function of the compliance department and how its priorities could, and should, change. I’m sure all firms are in the same boat. The possibility of a country, and worldwide recession naturally forces firms to concentrate on the bottom line, and I asked myself: ‘is the compliance function adding tangible and visible value, and if not, how does it adapt to this new world?’

I was personally concerned because, as an interim, I thought I’d probably be first out of the door if the going gets tough, as compliance generally is an expensive resource and its product, as it were, is not often immediately visible or identifiable, certainly not in a profit sense. I’ve been around for long enough to understand that firms that overlook compliance are merely storing up issues further down the line. We’re already thinking about how what we’re doing about forbearance during this pandemic, will affect complaints later on. For example, the compliance function must demonstrate its worth in order to have the input and influence that it should. Here are my conclusions, all of which tally with the way I think compliance should work.

Compliance managers need to recognise the fact that a firm’s senior managers are inevitably and increasingly focused on the bottom line, and they may well see compliance as a cost centre, not a potential profit centre (or, more correctly, a profit protection centre). Producing reports and charts which merely reflect what’s happened is not adding visible value. Certainly, churning the same charts out month after month isn’t. Senior managers already know what’s happened operationally, or should do, they get reports about call answering, complaint volumes, and so on, from relevant departments. Merely regurgitating or distilling other functions’ figures does not add anything.

Compliance should stop merely reporting, and think:

• are these figures relevant?
• are they reported elsewhere?
• what is the audience really concerned about?
• what aren’t they seeing?
• what can I tell them (that perhaps no-one else can) that would increase their awareness of what’s going on?
• is the more focused concentration on the bottom line having impacts in other areas?
• is risk increasing?
• is TCF at risk?
• are complaints increasing, and with what cause?
• how can I demonstrate this?
• how does it all fit together?

The compliance function has a major role to play in presenting a holistic view of the firm, a change in one area can have impacts in many others, and Compliance is well placed to collate the data and demonstrate this.

A major function of compliance is usually to manage quality assurance, certainly second-line and possibly first-line as well. Compliance often has major input into complaints and may be responsible for Root Cause Analysis (RCA).

So what better time to have a look at the entire process of QA, complaints and RCA, and consider how they’re working together?

They’re all windows into the effect your policies and processes are having on customers, or the effects that they’re having on the wider business. They should all work together, with one common aim, to improve the business. QA points out what you’re getting wrong, complaints tell you how that’s affecting your customers, RCA gives insight into where issues are coming from and how issues in one area can influence the performance of others.

The compliance function ought to be instrumental in bringing these, often disparate or ‘siloed’, strands together and formulating plans to improve, from the cause up. Get the data, show senior management what’s going wrong, and add value by creating plans and putting them into action.

• is process improvement required? – work with the operation to agree new processes and procedures, and implement solutions
• is it a lack of training? – work with the training function to create material and deliver it to the teams
• is it a result of the firm’s culture? – work with the business to improve awareness of what’s expected, in terms of outcomes both for customers and the firm.

Then work with QA and complaints to show the improvement over time. It is initiatives like this, that show how compliance can work with, and help to improve the wider business, that will foster awareness across the business and impress upon senior management why compliance is there and the value it can add.

In general, though, the most important message is, compliance should get directly involved with the business and show how it can help. Be approachable. The compliance function should be independent and impartial. Think about how you’re adding value, and how you can demonstrate that tackling some fundamental issues together, will make the operation work better.

So instead of the BPU, be a PPU – Profit Protection Unit. A new, post-COVID term, perhaps.

Peter Hartley, BSc, FICA, FCICM
ComplyWithMe Limited