Upload
eneni-oduwole
View
572
Download
2
Tags:
Embed Size (px)
Citation preview
Leveraging on Compliance Risk Management to Create Value
Eneni OduwoleApril 10, 2013
FITC Compliance Risk Mgt Workshop - April 2013
Outline
Introduction
Risk-based Approach
Functions of a Compliance Department
Roles of the Board and Management
Internal and External Drivers
Risks and Consequences for Non-Compliance
Required Measures
Developing an Effective Programme
Integrating Compliance with ERM
FITC Compliance Risk Mgt Workshop - April 2013
What is Compliance?
According to the International Compliance Association, the term Compliance describes the ability to act according to an order, set of rules or request. In business, it operates at two levels: Level 1: Compliance with the external rules that are imposed upon an organisation as a whole Level 2: Compliance with internal systems of control that are imposed to achieve compliance with
the externally imposed rules
Investorwords.com describes it as “The state of being in accordance with the relevant Federal or regional authorities and their requirements.”
In summary, Compliance describes the act of adhering to a pre-determined set of rules whether they are internal policies and procedures or externally driven statutory or regulatory guidelines and rules. Compliance also assures that best practices are upheld in the organization
Compliance Risk is defined as the current and prospective risk to earnings or capital arising from violations of or non-conformance with set rules and regulations, best practices, internal policies, and ethical standards. Compliance Risk also arises where the laws governing products or services offered by the organization are vague or untested
FITC Compliance Risk Mgt Workshop - April 2013
Risk-based Compliance Approach
Enables expedient deployment of resources to specific / required areas
Puts in place steps for identifying and assessing compliance risk exposures
Ensures the application of appropriate compliance measures for controlling related risks
Benefits: Tailored compliance strategies for effectively dealing with key compliance risks Efficiency gains; improved compliance adherence outcomes Reduced financial losses Greater business support for compliance – risk management processes by business
FITC Compliance Risk Mgt Workshop - April 2013
Functions of a Compliance Department
Identification of Related Risks: recognize regulatory risk exposures in an organisation and advise accordingly
Awareness: Establish and communicate the organization’s compliance policy to ensure that it is observed
Monitoring and Detection: continuously review and report on the effectiveness of controls put in place to assure effective Compliance Risk Management
Prevention: ensure design and implementation of controls that would protect an organisation from Compliance Risk exposures
Resolution: have strategies in place to ensure timely management and redress of Compliance Risk exposures as they crystallize or are identified
Consultation: provide advice to the Board and Management of the organization on new trends, risks identified and controls required
FITC Compliance Risk Mgt Workshop - April 2013
Roles and Responsibilities of the Board and Mgt in Regulatory Compliance
The Board Oversight function over all compliance
functions in the Bank
Reviews Compliance reports periodically at Board meetings to ensure that the organization complies with all regulatory and internal procedures
Ensures that the provisions of the organization’s Compliance policy is strictly adhered to
Management • Ensures the execution and adherence
to the Compliance Policy stipulations
• Ensures a centrally controlled Compliance function led by a Chief Compliance Officer exists to manage compliance exposures organization wide
• Provides sufficient resources and ensures that compliance functions are properly carried out, staff are adequately trained, and the periodic audit on the compliance function and framework conducted
FITC Compliance Risk Mgt Workshop - April 2013
What drives Compliance Exposure Internally and Externally?
Internal Policies These ensure that all staff comply with the organization’s internal rules and
regulations that govern its business model, corporate objectives, ethical standards, Code of Corporate Governance and the Code of Professional Conduct
The Chief Compliance Officer should monitor the development and implementation of these policies and ensure consistency with regulatory and legal stipulations; the Compliance Group in liaison with Management should ensure that no regulatory guideline is violated or breached in the implementation of its internal policies and procedures
Corporate Governance should be ensured in the development and implementation of internal policies, and all Members of staff should comply with all internal policies
FITC Compliance Risk Mgt Workshop - April 2013
What drives Compliance Exposure Internally and Externally? (cont’d)
Laws and Regulatory Guidelines The Compliance function advises and monitors adherence with all legal,
statutory, regulatory guidelines affecting the organization by ensuring transparent practices fashioned along local / international regulatory standards, and global best control practices are upheld
Compliance with the Code of Corporate Governance issued by key local regulators (such as the Securities and Exchange Commission , the Central Bank of Nigeria) and globally accepted standards such as Sarbanes Oxley should be taken into consideration in drafting policies and procedures of the organization
The Compliance function should ensure that all stakeholders are aware and adhere to local and international regulatory requirements; it is important that policies are drafted in line with relevant local regulations in all jurisdictions where the organization is operational
FITC Compliance Risk Mgt Workshop - April 2013
What drives Compliance Exposure Internally and Externally? (cont’d)
Laws and Regulatory Guidelines (cont’d) The guidelines of the key regulators in the home country of the organizations
must be upheld at all times
Periodical review and update of all laws, policies and regulations affecting the organization should be ensured
Compliance levels organization-wide should be ascertained, and staff notified of new and revised policies and laws
FITC Compliance Risk Mgt Workshop - April 2013
What drives Compliance Exposure Internally and Externally? (cont’d)
Rendition of Returns All regulatory and statutory returns and reports should be rendered to
regulators and law enforcement agencies as and when due to improve the organization’s rating by regulators and minimize sanctions and penalties against the organisation
Maintaining a tracking system that would ensure timely and correct rendition of returns is required
Business areas that breach the stipulated timelines should be appropriately sanctioned to ensure that the discipline required is inculcated organization-wide
FITC Compliance Risk Mgt Workshop - April 2013
What drives Compliance Exposure Internally and Externally? (cont’d)
Relationship Management The Compliance function ensures timely and satisfactory responses are
provided to regulatory enquiries in compliance with the laws and regulatory requirements
It liaises with external regulators and law enforcement agencies on its compliance responsibilities by maintaining an open, honest and transparent relationship with these authorities
FITC Compliance Risk Mgt Workshop - April 2013
Risks and Consequences for Non-Compliance
Sanctions and penalties
Increased customer complaints
Costly errors made by the organization
Financial losses / Increased expenses
Poor rating by External Auditors, Regulators and Rating Agencies
Loss of licence
FITC Compliance Risk Mgt Workshop - April 2013
Required Compliance Measures
Advice – Agencies respond to direct requests for advice or proactively make contact with people or businesses to inform them of their obligations
Guidance material – These materials made available on agency websites or through pamphlets to explain requirements
Education campaigns – Agencies advertise to inform people and businesses about laws to persuade them to comply; these campaigns usually explain the reasons why regulations are in place or the negative impacts of non-compliance
Warnings or cautions – A person or business is warned or cautioned that they have not complied with regulatory requirements and that they may be penalised for this
FITC Compliance Risk Mgt Workshop - April 2013
Required Compliance Measures (cont’d)
Monitoring measures (data collection, auditing and inspection) – Data collection from people and businesses for regulatory compliance purposes; Auditing / spot checks of the regulatory compliance records of people and businesses; Inspection of the activities of people or business to check compliance with the regulations
Publication of names of offenders – Review details of people or businesses that have breached regulations
Enforceable undertakings – After a requirement is breached, some agencies accept undertakings from non-compliers to do certain things to remedy breaches; penalties exist for failure to comply
FITC Compliance Risk Mgt Workshop - April 2013
Required Compliance Measures (cont’d)
Improvement notices – An agency requires a person or business to comply with a requirement within a specified time frame with a failure to do so resulting in a penalty
Prohibition notices – An agency requires a person or business to stop an activity where a regulatory breach has occurred; the activity can continue when the breach has been remedied
Penalty notices – An ‘on the spot fine’ is given for a breach of a regulatory requirement; the person or business is required to pay or elect to challenge it in court
Civil pecuniary penalties – A right created under legislation for a person or business to claim compensation from another party for a regulatory breach
FITC Compliance Risk Mgt Workshop - April 2013
Required Compliance Measures (cont’d)
Injunctions – A court order that stops a person or business from continuing to do a particular thing after a regulatory breach
Negative licences – The person is restricted from undertaking an activity that otherwise requires no authorisation
Action against licences/accreditation/certification – The authorisation of a person or business to undertake an activity is restricted or withdrawn after a failure to comply with the conditions of the authorisation
Criminal prosecution – Legal proceedings are brought by the agency against a person or business because the law has been broken; a decision to prosecute is made when it is considered to be in the public interest; a range of very serious penalties can be given to a person found guilty of a criminal offence including large fines and imprisonment
FITC Compliance Risk Mgt Workshop - April 2013
Developing an Effective Compliance Programme
• Describe the meaning of compliance for your organisation and its response to its relevant demands
• Know what drives your compliance exposure both locally and abroad; internally and externally
• Identify the risks and consequences of non-compliance on the continued existence of your organization
• Appreciate and demonstrate in simple understandable ways, the relationship between corporate governance, risk management and compliance (GRC)
FITC Compliance Risk Mgt Workshop - April 2013
Developing an Effective Compliance Programme (cont’d)
• Ensure delineation of the roles and responsibilities of the Board of Directors and Management in managing Compliance Risk
• Understand the implications of regulatory guidelines for corporate accountability and ethical behaviour
• Develop an effective fit-for-purpose compliance
• Ensure full integration of the organization’s ERM in optimising relevant structures and procedures for both compliance and proactive risk management
FITC Compliance Risk Mgt Workshop - April 2013
Integrating Compliance with ERM
Largely driven by IT Compliance strategies
Ensure that ERM systems have modules for monitoring compliance with internal and external policies
IT Governance strategies should take into consideration procedures that drive and monitor Compliance risks organization-wide
IT should drive the integration of Governance, ERM and Compliance for optimal output and value add from these three key elements of business management to the success of the organization
Assures proactive and holistic risk management
FITC Compliance Risk Mgt Workshop - April 2013
Integrating Compliance with ERM for Proactive Risk Management
“YOU CANNOT ALLOW ANY OF YOUR PEOPLE TO AVOID THE BRUTAL FACTS. IF THEY START LIVING IN A DREAM WORLD, IT’S GOING TO BE BAD.” -
GENERAL JAMES “MAD DOG” MATTISS
“The fact was that I was not a master of my actions, because I was not so insane as to attempt to bend events to conform to my policies. On the contrary, I bent my policies to accord with the unforeseen shape of events” – Napoleon Bonaparte
FITC Compliance Risk Mgt Workshop - April 2013
References
www.grc-resource.com www.betterregulation.nsw.gov.au
Thank You...Contact Details
[email protected]@yahoo.co.uk