The compliance industry has become massive in the last few years. Where do you fit in?

Allen: We help firms with their compliance in the broadest possible sense. Our client base tends to be whoever looks after compliance at the big financial institutions. While they have internal resources, they're still struggling to keep up with all the new legislation that is being introduced and in Asia they're struggling with the cross border issues that come up across investing in up to fourteen different markets.

On the small end of the scale we act as a compliance provider to small organizations that still have to follow many rules and regulations but whose size does not justify having someone full time on their staff.

One of the biggest risks global financial institutions now face is regulatory risk. Why would they feel comfortable outsourcing this to you?

They are not outsourcing compliance. You can never outsource responsibility for compliance. The responsibility rests firmly with them. We are just providing an extra pair of hands and filling in specialist gaps. Compliance in Asia is difficult and unclear, especially outside Hong Kong and Singapore. In many cases it is difficult to work out what the regulator wants.

Regulators change their mind and there is a tendency for them to penalize foreign firms. In some cases they go looking for a problem. Those issues mean that it is difficult for firms to always comply.

How do you provide any clarity, including advice and training, in an environment where the rules aren't clear?

Regulators are concerned about market protection and investor protection. If you can distill down the essence of regulation, even though it differs from market to market, they are pretty much concerned about the same thing. They don't want the market to be disturbed nor investors, especially retail investors, to be ripped off. When we do training, we emphasize general principles and use lots of case studies.

Is it possible for firms to change their thinking on compliance away from it being a purely cost centre to one which gives them a business advantage?

Absolutely. Some of the bigger houses do look at it in that way. Compliance is a selling point when it comes to dealing with investors, particularly on the asset management side, where firms have long relationships with their institutional investors. I've been involved in firms where compliance teams are part of investor pitches, being part of the selling process.

Another trend is that firms are looking to embed compliance in the business units. As opposed to it being a separate function, they are assigning it back to the business units, making it more the individuals and the teams' responsibilities and letting them own the process. In many firms, assessing how compliant someone has been is one of their key performance indicators.

I imagine they learn the rules quite quickly after that.

In the international houses most senior management are aware and want to comply. There is a gap still in Asia. There is a lot of lip service paid to compliance but the systems of compliance are very new here. The regulators are also not following up with the size of fines and types of penalties that you see in the UK and US that really impact an organization's bottom line and force it to change. One of the exceptions is the FSA in Japan, who to their credit, do shut people down as they did to Citigroup in Japan. Most other regulators do not penalize firms enough to really make a difference.

So you think they should penalize people more?

Only if they are penalizing them for the right things, not minor breaches and infractions. There is no point in sending a team of six junior regulators into a bank for six weeks and going through all the transactions and then slapping a wrist because of some minor record keeping glitch. The regulators here are very rule orientated and box ticking driven, with a narrow approach to compliance. If they actually addressed issues such as market manipulation and then fined people, that would be a different issue.

Is the problem that most regulators in Asia are not actually independent enough? They are controlled by central banks, politicians or even business cartels. And so they only thing left for them to do is go after minor infringements by foreign players, who seem politically to be fair game?

Absolutely. They are also not well resourced and in some countries there is a problem with corruption. The head of enforcement of one area of the Taiwanese regulator has just been suspended for tipping off an insider dealing ring. They are not independent.

So I assume the regulators are not your better clients?

Interestingly we do have a lot of support from the better regulators in the region. The SFC and MAS are both very supportive and they are both grown up enough to face a bit of criticism when it comes their way. They both have new regulations to work through and are seeing how they will work out and want to work through issues with the industry.

How are you working with all the new entrants to the asset management and hedge fund industry in Asia?

We are doing a lot of work with the hedge fund industry. regulated but. In Hong Kong they are fully regulated and in Singapore although many of the hedge funds are exempt from licensing, they do need to meet their own investors' expectations that they have compliance regimes in place We have a lot of hedge fund clients which shows they think that compliance is important.

We put a regime in place with manuals and documentation; its sort of compliance lite. So it is similar to what you would see in a big asset manager but scaled down to what the hedge funds need.

Are there compliance disasters out there waiting to happen?

There are compliance disasters out there already. There are a lot of people who are trying to get compliance right and spending a lot of time effort and money to do so. . But even in those organizations there will be snafus and trip ups. There have been so many changes in Asia that it is very difficult to work out what you can and cannot do. We are also in a big bull market in which the business side grows very quickly but the back office and support gets lots of extra work just piled onto the existing resource. So problems will arise even though the firms might be working hard to avoid them

Is it possible to be 100%, fully, absolutely compliant if you are a multinational financial institution working in Asia and still make any money?

It is not possible to be fully compliant at all times in this region, whether you are making money or not. There are just too many rules and regulations. For instance if you work for a US bank in Hong Kong, you have Sarbanes Oxley, NASD, SEC and potential state regulators to deal with. Then you have all the Hong Kong regulations - and if Hong Kong is your regional hub, you will then have all the other sets of regulations from around Asia to comply with. The proliferation of regulation is extraordinary.