My driving philosophy is that while external regulations must be satisfied, it is a mistake to be driven by them. Instead firms should start by looking at the characteristics of their business and ask "What are we already doing that could satisfy the rule?" and "What would be useful for us as a business?"
Analysing the business and then mapping onto the requirements will produce solutions that make sense for you and are efficient and effective.
Malcolm Lee has extensive experience in integrated risk management, covering financial services regulation, quality management and information security.
In financial services regulation he has held management positions as Compliance Officer and Money Laundering Reporting Officer under both the FSA/FCA regime and under the professional bodies DPB regime:
He has strong analytical and technical skills and enjoys taking external requirements and delivering on solutions that are both effective and efficient. His achievements include:
Malcolm was an Associate of the Institute and Faculty of Actuaries and from 2014 to 2017 was a member of the Professionalism Content Development Working Group which develops ethics training material for actuaries. He is a qualified internal auditor and a Member of the Institute of Quality Assurance. For many years he was a professional trainer and is a Fellow of the Chartered Institute of Personnel and Development.
Malcolm left his role as Global Regulatory Services Manager at Towers Watson in 2014 to start his own consultancy business.
Malcolm Lee Consulting Limited is a member of the Association of Professional Compliance Consultants.
Further details are on Malcolm’s LinkedIn profile.
The range of services covers financial services regulation (FCA or DPB), ISO27001 information security certification and ISO9001 quality mangement certification. In each of those areas the solutions that are implemented will be a good fit for the organisation and avoid bureaucracy.
ISO27001 information security certification
There is an increasing interest in ISO27001 certification for professional service firms. Irrespective of whether you wanted me or someone else to help, the important thing is to avoid any consultant who might come in and lay a whole standard set of things on top of what you are already doing. The security arrangements that you already have in place will satisfy some, if not many, of the requirements of the ISO27001 standard and a sensible first step will be to carry out a gap analysis. In some areas you will have nothing extra to do, in others there may be simple track changes to your existing policies - but there could be some areas that are not covered at all and including those might improve your security arrangements. A free initial meeting will establish the overall position.
Regulatory policy and procedures
Everything I do will be based on creating policies that are right for your organisation. Splitting the material between the different roles will minimise the amount that people have to read and focus their attention on the things that matter to them. Building the regulatory requirements into normal business processes will reduce the amount of ‘special’ things that people have to remember to do.
I can cover all areas including Training & Competence, Conflicts, TCF (Treating Customers Fairly), Remuneration, Capital Adequacy and Liquidity, Gifts & Entertainment and Personal Dealings.
Before implementation you may need to test and refine the policy with a number of individuals or groups within your organisation. This can involve liaison with individuals with differing views. I have experience of working with individuals at all levels to reach final agreement on a policy.
The FCA requires that each firm records the various roles and responsibilities. From a business perspective you will want to manage your company in a way that avoids silos and encourages ‘co-operation without duplication’ between business and corporate functions. For instance, the compliance function needs to work hand-in-hand with HR on training and competence and with IT and Security on data security. I can advise on your arrangements and put in place documentation to satisfy the regulator.
Anti-Money Laundering (AML)
I am experienced in anti-money laundering and other areas of financial crime prevention such as fraud prevention and anti-bribery and corruption.
You may find yourself on the receiving end of what seem like unreasonable requests for documentation from banks and insurance companies. For example, they may want passports and documentation from each of the trustees of a pension scheme. If it seems unreasonable - then it probably is. I have successfully negotiated with banks to remove the need for individual documents so that all that is required is evidence of the approval of the pension scheme. Our advice to you, and if necessary to banks, will be based on a detailed understanding of the guidance from the JMLSG (Joint Money Laundering Steering Group).
FCA or DPB authorisation
If you are not yet authorised then I can work with you to prepare for authorisation, make the application and put in place the necessary arrangements. From a business perspective you will already be worrying about many of the things that the regulator is also concerned about and so by starting with what you already do as a business it will be possible to make best use of what you already have and avoid unnecessary bureaucracy.
It is important that you understand what counts as regulated work and what doesn’t . You may be able to provide many of your services without the need to be authorised. If you do need to be authorised, then knowing the boundaries between regulated and non-regulated work will help to keep your authorisation fees at a low level.
Are the policies, procedures, roles and responsibilities that you have in place sufficient? I can provide guidance on that and also look to identify inefficiencies.
The requirements will often not be prescriptive but will be principles-based. That is good in that it allows you to put in place arrangements that are right for your firm. However it does mean that you need to be able to justify your position. I can review your interpretation of the guidance and your judgement and check that the evidence in your documentation is sufficient to justify the approach you are taking. Being able to justify your judgement is particularly important if your business is not familiar to the regulator.
Every company will be involved in routine operational matters – and every company will occasionally find itself in a situation where its internal resources are unable to meet those requirements. I am able to act on a one-off or interim management basis to keep things going.
Whether it is to do with the FCA returns (Gabriel, ONA, fee tariff, RDR, close links and controllers) or any other operational matter, I can help.
I can help you to create a risk-based plan for your internal audits. Often it will be the case that you will have internal resources that can carry out the audits and I can provide training that may help with that. Alternatively you can outsource the audits for me. From time to time you may identify particular areas that would benefit from a fresh pair of eyes to look at them and so it may be desirable to use me for those one-off investigations.
"I've had the privilege of working with Malcolm Lee for 10 years in the areas of quality and compliance. A consummate professional, Malcolm is easy to work with, tenaciously diligent, and hugely collaborative. He understands quality and compliance issues at a deep level and brings decades of hands-on experience, including working directly with regulators, to every situation. His congenial manner disarms confrontation and creates an atmosphere for progressive problem-solving and results. Working with Malcolm is always a pleasure, and I highly recommend him to anyone looking for in-depth expertise in the areas of compliance and quality."
Global Director of Enterprise Risk Management Towers Watson (retired)
"Malcolm has an excellent understanding of risk and compliance and fashions solutions which meet both regulatory and business needs. With a calm, considered style Malcolm listens well to all stakeholders and follows through with strong delivery of practical, commercial and compliant solutions. A valued and trusted advisor."
Former General Counsel of Watson Wyatt Europe
"Malcolm was known to me prior to joining Towers Watson, and this was a contributing factor for me deciding to join. Since then I have had the pleasure of working with him for many years. He has tremendous ability to establish workable solutions in a highly complex global business, using his deep knowledge of risk, financial regulatory compliance and ISO certifications. Very much the go-to person for wise counsel on all things ‘risk-related’."
Professional Excellence Manager for the Americas, Towers Watson
Some challenging questions for you...
Q1 How do you know that you are satisfying ALL the requirements that apply to you?
The world is increasingly complex. It is hard to keep up with all the regulations and it is easy to unwittingly miss out some areas. I can review the arrangements that you have in place and will use a tool to demonstrate that you have appropriate records for each area.
Q2 Will your documentation seem convincing when subject to outside scrutiny?
Apart from the FCA you could also be subject to scrutiny from a client’s auditors, from ISO assessors or, heaven forbid, as a result of litigation. Your documentation needs to show that you understand the rules, have appropriate policies in place to satisfy them and have evidence that shows that those policies are implemented and working effectively. I have examples of documents that can be adapted for your business which will provide you with reassurance.
Q3 Are there things that you do just “because the regulations require it”?
You will be looking to run a business that provides good service, is profitable and sustainable and has satisfied clients. There should, therefore, be a high level of commonality between what you and the regulator worry about. If you find yourself with extra policies and procedures that don’t seem to make sense to your business then you are probably not being as clever about your arrangements as you could be. As far as possible you want to satisfy the requirements with your normal business processes. Key to success is understanding your business and then mapping what you do onto the requirements. And a test of how well you understand the requirements is whether you can express them simply.
Here I am in my favourite car...
It’s a much-treasured 1983 Mini and is the ideal car for me.
It is unlikely to be the best car for you.
It just goes to show how important it is that the arrangements that you put in place need to be a good fit for you and your firm’s business culture and activities.
What is right for a large, complex firm will not be suitable for a small, simple firm.
What is right for an FCA (Financial Conduct Authority) authorised firm will not be suitable for a DPB (Designated Professional Body) authorised professional firm.