The Uncertain Role of the Compliance Officer

The Financial Advisory and Intermediary Services Act 37 of 2007 (FAIS) obliges most financial services providers (FSPs) to appoint a compliance officer “to oversee the provider’s compliance function and to monitor compliance”, as well as to “take responsibility for liaison with the registrar”. Thus, the compliance should be well-versed in the FAIS act and all its requirements and should understand the FSP well enough to know which requirements are applicable to it and which are not. With the impending Conduct of Financial Institutions (COFI) Bill, the South African financial sector is intended to move from a highly prescriptive, rule-based environment under FAIS to a principles-centred, outcomes-based environment of regulation and institution-led risk management. What are compliance obligations after all if not regulator-imposed risk management mechanisms? Soon, FSPs will be expected to make decisions about their own prudential conduct, being in the best position to know what their unique entity types require to remain steady and operational. This begs the question, what will be expected of compliance officers in the near future if anything? Certainly, knowledge of the prescribed principles, but with no number for a capital adequacy requirement, for instance, will the compliance officer be expected to take on the role of risk management? If “enough” is the principle and there is no numerical value for enough, will the compliance officer be empowered to decide, or will the compliance function essentially be absorbed and forgotten into the risk department of the enterprise? Currently, governance principles such as those in the King Code already direct that the compliance function reports to the risk function. Compliance is however able to maintain its independence precisely because it is informed by compliance standards that are predominantly external to the enterprise and relatively measurable and quantifiable. The abstraction of external and independent standards connotes the abstraction of the compliance officer. Is this the future of the South African compliance officer? COFI will tell.