Content. What is ComplianceRole of Compliance in Corporate GovernanceWhat is an effective Compliance Function?Implementing a Compliance FrameworkCosts of Failure. What risks does a Compliance Framework manage?. The answer is not always obviousHow does the function of Compliance differ from the role of the Revision Committee?Does a Bank actually need this function?What will the function add to the stakeholders' purposes?.
1. The Criticality of a Centralised Compliance Function February 2007 Facilitated by Paul Leary
2. Content What is Compliance
Role of Compliance in Corporate Governance
What is an effective Compliance Function?
Implementing a Compliance Framework
Costs of Failure
3. What risks does a Compliance Framework manage? The answer is not always obvious
How does the function of Compliance differ from the role of the Revision Committee?
Does a Bank actually need this function?
What will the function add to the stakeholders’ purposes?
4. What is Compliance Risk? The purpose of the compliance function is
to assist the bank in managing its
compliance risk, which can be defined as:-
the risk of legal or regulatory sanctions,
financial loss, or loss to reputation a bank
may suffer as a result of its failure to comply
with all applicable laws, regulations, codes
of conduct and standards of good practice
5. The Compliance Framework Comprised of a number of components
Compliance department is the nucleus
Understanding and communicating the role of the compliance function is critical
6. What is Corporate Governance? The system by which a business is governed
It is concerned with the practices relevant to the attainment of business objectives
Risks that may prevent achievement of objectives must be managed
Risk management is therefore a pre-requisite to effective corporate governance
7. What part does each of the following play in the achievement of a compliant bank? Supervisory Board
8. Supervisory Board
Aproval of the compliance policies
Receiving independent information regarding the operational performance of the Bank from the Internal Audit Function (including the performance of the Compliance Function)
9. Management Board (‘Board’) Management Board is responsible for :
Overseeing the management of the compliance risk
Establish a permanent, independent and effective Compliance Function
Providing adequate resources to the function
Empowering the function
10. Senior Management Responsible for:
Communicating the policies
Ensuring policies are observed
Interpreting the policies
Managing the control environment
Reporting to the Board and the Compliance Function
Training the Staff
11. Line Staff Following procedures
Working with an enquiring mind
Accountable for actions
12. Compliance Function Assist in the management of Compliance Risks
Provide advice, guidance and education
Identification, prioritisation, managing and monitoring risks
Testing and reporting
Statutory responsibilities and liaison
13. Business Objectives Our objective is to become the pre-eminent provider of banking services in the Ukraine within the next 5 years
Our objective is to increase profits by 5% annually and avoid regulatory censure over the next 5 years
14. Risk Appetite Quantative
Statements talking about the relative quality of ….
15. Risk Appetite We will not accept Latin American clients
A maximum of 20% of our client base will be commercial clients
We will retain copies of all the required KYC documentation for our clients
16. The Compliance Function What is it’s role?
What are it’s objectives?
Is the Compliance Function’s perception of its role shared by other business functions?
17. Who owns compliance? Not the Compliance Function
Every member of staff is a compliance stakeholder
To what extent is that reflected in:
- job descriptions
- performance appraisals
18. Scope to perform Frequently a Compliance Function does not have room to perform proper duties adequately.
This problem is exacerbated by Board ignorance of what to expect of the Compliance Function.
19. Empowering Compliance Board to understand what it expects from the function
Provide function with formal status
Resource the function with staff, IT and power to act
Ensure the Executive supports the function
Ensure function has access to all personnel and bank records to enable to carry on its duties
20. Role of Compliance Function Ascertaining the role of the Compliance Function is an essential prerequisite for constructing an effective compliance framework
21. Relationships The Compliance function must manage relationships both internal and external Internal
22. Other internal control functions
Identifying responsibilities of other control functions and demarcating between responsibilities will reduce overlap and room for confusion and error.
23. Risk Roles Management Board need comfort in all the defined areas of risk (Credit, Market, Operational and Commercial Risk)
Risk Management identify the likelihood of an event and what tolerances would be acceptable
Compliance set the polices, procedures and perform the internal controls
Internal Audit reviews the efficacy of the system
External Audit reviews the true and fairness of the financial statements
24. The framework Different functions must work together in harmony.
Information and communication is the oil that makes the framework operate smoothly and effectively.
25. How can Supervisory and Management Boards ensure Compliance is embedded into the Bank?
26. THE COMPLIANCE RISK MANAGEMENT FRAMEWORK (“CRM”)
27. Compliance framework Comply - to act according to an order, set of rules or requests.
Risk - the possibility of something bad happening (or something good not happening).
Framework - a supporting structure around which something can be built. A system of rules, ideas or beliefs that is used to plan or decide something.
Process - a series of actions that you take in order to achieve a result. The result being compliance!
28. Process What are we going to consider in designing and implementing our Compliance Risk Framework?
29. Compliance Framework Establish Goals & Objectives
Assess Business Risks
Develop Compliance Risk Management Strategies
Design/Implement Risk Control Processes
Monitor Compliance Risk Management Process Performance
Improve Compliance Risk Management Process
Information for Decision Making
30. 1. Establish Goals & Objectives Define the bank’s :
Risk management goals and objectives
Risk tolerances / boundaries / limits
32. 2. Assess Business Risks Evaluate changes in the
in key assumptions underlying business strategies and in business lines,
products and business processes and the impact of these changes on potential risks to the entity.
Implement processes or activities to assess Compliance risks and information processing risks at the business process / activity level
33. BIS Principle 1 – Responsibilities of the Supervisory Board (SB) for Compliance The bank’s SB has the responsibility for overseeing the management of the bank’s compliance risk
The SB should approve the bank’s compliance policy, including a charter or other formal document establishing a permanent Compliance Function
34. 3. Develop Compliance Risk Management Strategies Develop Compliance Risk Management Strategies and
Respond to significant new risks or changes
with appropriate strategies, and
initiate the processes / activities to implement new risk management strategies quickly
35. 4. Design / Implement Risk Control Processes Ensure risk managers and process/activity owners:
Have the requisite skills and expertise to design and implement risk control processes/activities (commensurate with the risk management strategies).
Assume responsibility for and understand their accountability for managing significant risks.
Assess the timeliness, efficiency and effectiveness of the design of new or improved risk control processes
36. 5. Monitor Compliance Risk Management Process Performance Measure / monitor / assess the performance effectiveness of the CRMP in:
Identifying and managing specific risks and in executing strategies to create value (including the utilization of all available “audit” opportunities).
Benchmarking against regulations, best practices and industry knowledge
37. 6. Improve Compliance Risk Management Process Ensure that risk assessment, control and monitoring processes / activities are continuously improved throughout the organisation
At least once a year, the Supervisory Board or a committee of the Supervisory Board should review the bank’s compliance policy and its ongoing implementation to assess the extent to which the bank is managing its compliance risk effectively
38. 7. Information for Decision Making Ensure there is adequate communication and information for decision making
Enabling senior management to know that all CRMP activities are performed as intended
Enabling risk managers and process/ activity owners to clearly understand their responsibilities and accountabilities
41. Management Information Information generated by review programme
Key Risk Indicators are valuable
Must be analysed by Compliance Function
MI analysis should be communicated to Board with recommendations
Action should result
Process should be transparent
42. Summary of Functions Responsibilities Assist the Board manage the compliance risks
Advise staff on laws, regulations and development in these areas
Educate staff on compliance issues
Identify, measure and assess risk
Monitor, test and report on findings
Liaison with external bodies
Develop and maintain a compliance monitoring programme
44. Human factors Cultural considerations
Structures - Steep authority gradients
Bonus driven environments
45. Citigroup = ethics questionable corporate/individual ethics and integrity, misleading statements in Japan
Bank Of Ireland = Systematic tax avoidance
Abbey National = systems and procedures and AML controls
Moscow City Bank = Anton Dolgov Recent events and disasters
46. Section 311 Authorizes the Secretary of the Treasury to find that reasonable grounds exist for concluding that a foreign jurisdiction, institution, class of transactions or type of account is of "primary money laundering concern" and to require U.S. financial institutions to take certain "special measures" against those jurisdictions, institutions, accounts or transactions.
47. Banco Delta Asia On September 20, 2005, FinCEN announced the designation of Banco Delta Asia SARL, Macau Special Administrative Region, China (‘BDA’), as a financial institution of "primary money laundering concern" under Section 311
Treasury is issuing the attached proposed rule to impose special measures against BDA. The proposed rule would prohibit U.S. financial institutions from opening or maintaining correspondent or payable-through accounts in the U.S. for, or on behalf of, BDA
This prohibition extends to correspondent or payable-through accounts maintained for other foreign banks when such accounts are used by the foreign bank to provide financial services to BDA indirectly
48. Benefits to Bank Structured decision making based upon soundly researched evidence
Reduced errors and losses
Reduced legal claims from clients
Greater profit margins
Greater acceptance by international banking community
Reduced costs of transacting with international banking community
49. Contact details Paul Leary
Tel. 44 (0) 1534 613775
Fax. 44 (0) 1534 737355