Merge audit and compliance in financial services

In terms of employment growth, regulation must be the UK’s most successful enterprise.  And we have been attempting to export it worldwide.  The 4,000 strong Financial Services Authority (FSA) has now been divided into two main successors, the Prudential Regulation Authority (PRA), made part of the Bank of England, and Financial Conduct Authority (FCA), and a few minor ones.  Hydra-like we can expect the combined total employment by the new bodies comfortably to exceed that of the FSA.

A couple of ironies here are firstly that financial services regulation was handed over to Brussels by Prime Minister Brown in 2009, leaving all these UK bodies merely with supervision of the rules set by the EU.  Secondly, the level of malfeasance by banks in particular has grown in proportion to the numbers of regulations and regulators.  The more regulators and regulations we have, it seems, the worse the banks behave.  Part of the explanation is that the regulators have been incompetent at worst and invisible at best.  If you doubt me, see the comments this month by the Commons Treasury Committee about the appointment of the new Chairman of the FCA.

And talking of invisibility, where were the auditors when this naughtiness was taking place?  Auditors are theoretically employed by shareholders but, in reality, by the directors of the companies they audit.  So you do not get a lot of auditors reporting that the directors are up to no good or turning blind eyes to practices they should be correcting.

To return to the issue of the numbers employed, the number of regulators, or regulatory supervisors, is not of much interest to a government which is cutting the size of the civil service (good) but recharging all the financial services regulatory staff costs back to the firms in the sector.  Pontius Pilate was no better at hand-washing.

And the number of external regulatory staff is only a fraction of the total, arguably one third.  The firms themselves have myriad compliance officers infiltrating the veins of the business and taking up the time of those managers trying to run it.  The upside of that is that the better the internal compliance system, the less need there should be, in terms of person-hours, for the involvement of the external supervisors.

Much the same applies to internal audit: the better job they do, the less the audit fees should be.

But what, when all is said and done, is the difference in roles between external and internal auditors on the one hand and regulatory supervision on the other?  Would it not be better to have fewer people combining audit and compliance and doing it properly, rather than the legions now employed and failing?  And let us prohibit directors from appointing their own watchdogs, or rather poodles.  A joint appointment committee of shareholders and PRA would give the audit/compliance team true independence.