Compliance officers in early-stage firms

Ireland has a vibrant fintech, payments, and e-money startup community alongside newly established subsidiaries of overseas firms and more traditional established financial services institutions, resulting in a large number of firms that are at various stages of the Central Bank of Ireland (CBI) authorisation process.

It is also resulting in the creation of opportunities for ambitious compliance professionals to advance their careers by taking up compliance officer roles with early-stage firms, either Irish start-ups or overseas-owned entities. The compliance officer role is one of several Pre-approval Control Functions (PCF) defined by the CBI and every firm seeking authorisation must have one in place. Other key PCF roles include Head of Risk and Head of Anti-Money Laundering and Counter Terrorism Financing, which the CBI may require to be filled depending on the nature, scale and complexity of the firms involved.

The career opportunities being created by the proliferation of new firms in the sector are particularly attractive for ambitious compliance and other professionals working in mid- and senior-level roles in established financial services firms. While they enjoy considerable job security, they may have to wait years before promotional opportunities arise in-house and progress to a PCF role.

Making the switch to an early-stage firm may entail some job security risks but it can be very exciting to be part of a team establishing a new business and embarking on the authorisation journey. It allows professionals to gain new experiences, get involved in the development and articulation of the firm’s strategy and business plan and take on a PCF role (sometimes, for the first time).

It can also allow them to shape and build the compliance function from the ground-up free of any inefficiencies or other impediments associated with legacy structures and frameworks. In effect, they can put their own stamp on the function which will be built in accordance with their vision (and their firm’s regulatory obligations).

In addition, it is possible to effect change more readily in new, smaller entities which tend to be more agile and nimble than established institutions. Decision-making lines are much shorter thereby eliminating many of the frustrations associated with the bureaucracy which tends to grow over time in larger institutions.

Another important aspect of the compliance officer role within a start-up is the opportunity to develop and positively affect a direct relationship with the CBI which will benefit the firm and stand to the compliance officer for the rest of their career. Indeed, if they adopt the mindset of seeing every engagement with the CBI as an opportunity to demonstrate their firm’s and their own individual, capabilities and credentials in relation to their regulatory obligations, it will create efficiencies within the authorisation process.

But it is one thing to aspire, it is quite another to deliver. In a larger organisation, compliance officers have access to technical expertise and other resources to support them in their work. These resources tend either not to exist or to be very limited in smaller, early-stage entities. Compliance officers therefore need to develop expertise in those areas very quickly if they are to build the frameworks and establish the policies and processes required by the CBI. It is also important to recognise areas where you may need technical support and/or guidance, whether that is through leveraging your network of compliance colleagues or professional advisers.

The compliance officer’s overall role within the business also tends to differ depending on the size of the organisation. In larger institutions, compliance officers can be focused solely on their core role and operate very much as a pure second line of defence function. The culture is far different in smaller entities and compliance officers can find themselves pulled in many different directions. They can find themselves getting involved in new product development and assisting with other operational matters.  While this can be interesting and exciting work in a startup environment but compliance functions in such firms are not awash with resources and there is a risk of the compliance officer being distracted from their core functions thereby endangering the firm’s prospects of success in the authorisation process.

Anyone considering making the switch to a start-up or early-stage firm should take the time to qualify the opportunity in advance. It is possible to be blinded by the potential of the career opportunity, the firm’s growth plans, the vision of the founders, the share options, and the other potential future rewards. But all of these things need to be set against the realities of the here and now.

Before making any move, people need to gain an understanding of the firm’s commitment to the second line of defence and build it out. You need to know the support is there from the Board of Directors to proportionately scale and resource the function. Those conversations need to be had upfront.

There is also an element of uncertainty in relation to a start-up. Will it get authorised? Will the founders continue to support it during what could be a lengthy authorisation process? Is the financial commitment there to see the process through to the end? No one is going to support an authorisation process indefinitely but there is a need to understand how long the commitment will last.

In that context and prior to accepting a role you should seek to obtain a full picture of the state and status of the application as well as information on any feedback received from the CBI in relation to the authorisation process.

There is also a degree of licence shopping in Europe. It is not uncommon for companies to seek authorisation in multiple jurisdictions concurrently. Anyone contemplating a move needs to know that the role of the compliance officer in Ireland will still exist if the firm gets authorised in another country first.

They also need to understand the need for personal resilience. Joining a start-up is effectively joining a project with quite aggressive timelines. The business is burning cash and revenue negative until such time as it is authorised (and sometimes for pro-long periods post-authorisation) and this places a lot of pressure on the compliance officer to get the process over the line as quickly as possible. Again, it is vitally important to ensure the commitment exists to provide the required resources.

In addition, there will likely be a requirement to dovetail compliance with the entrepreneurial culture which exists in early-stage enterprises. Founders may be brilliant business leaders with a great vision for the firm but the culture they foster needs to be one where compliance is taken seriously. If it is a box-ticking exercise, that is a reason not to move.

Compliance officers in these firms need to be aware of mission creep. It may not have been the founder or CEO’s intention to appoint a head of risk, but the CBI may require it during the authorisation process. That can lead to the compliance officer being asked to take on the role in addition to their existing responsibilities. Whilst this can be a flattering request, it can create some significant unintended consequences, if you seek to progress this PCF application with the CBI. If there is not a sufficiently robust capability and resource plan to support a dual PCF role application, it is almost always a bad idea, particularly where the CBI is directing the firm towards having separate individuals hold the PCF roles. People need to be aware of their own limitations and there is the risk that the CBI may not approve them for the additional role, not something any professional wants on their record.

While the challenges associated with being a compliance officer in an early-stage firm are not inconsiderable, the opportunities for career progression and to help build a new firm and compliance function from the ground up are very attractive and exciting. The key is to go into it with your eyes open and in possession of all the facts.

This article was first published in The Irish Compliance Quarterly.