slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Association of Insurance Compliance Professionals (AICP) Annual Conference October 1, 2012, San Antonio, Texas. PowerPoint Presentation
Download Presentation
Association of Insurance Compliance Professionals (AICP) Annual Conference October 1, 2012, San Antonio, Texas.

Loading in 2 Seconds...

play fullscreen
1 / 55

Association of Insurance Compliance Professionals (AICP) Annual Conference October 1, 2012, San Antonio, Texas. - PowerPoint PPT Presentation


  • 166 Views
  • Uploaded on

Operational Compliance: Creating A Partnership of Risk Mitigation. Association of Insurance Compliance Professionals (AICP) Annual Conference October 1, 2012, San Antonio, Texas. Operational COMPLIANCE Risk Management: 3 levels of Defense.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Association of Insurance Compliance Professionals (AICP) Annual Conference October 1, 2012, San Antonio, Texas.' - errin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Operational Compliance: Creating A Partnership of Risk Mitigation

Association of Insurance Compliance Professionals (AICP) Annual Conference

October 1, 2012, San Antonio, Texas.

operational compliance risk management 3 levels of defense
Operational COMPLIANCE Risk Management: 3 levels of Defense

Board of Directors / Office of the Chief Executive Officer

Oversight and Assessment

1st Line

Individual Products & Services (IPS)

Property & Casualty

Consultation / Advisory Relationship

2nd Line

Compliance

3rd Line

Internal Audit

slide3
Yvette Knott

Nationwide Financial Services Regulatory Director

business risk management
BUSINESS RISK ManaGeMenT
  • We exist because of a need for a:
          • a) Centralized governance support for Nationwide Financial Services
          • b) Common framework for compliance risk management assuring coordinated business implementation (Nationwide Financial & Nationwide Life)
          • c) Coordination of efforts at a global level
slide5

BUSINESS RISK ManaGeMenT

OUR VISION: Provide efficient solutions that are tailored to meet the specific risk exposures facing our business and members.

  • Proactively identify potential regulatory issues for IPSO
  • Ensure operational processes and procedures are in line with state/federal regulations
  • Avoid imposed company fines during internal and external audits
  • Help the business identify control deficiencies through internal assessments
  • Promote innovative business solutions that enhance how we operate and sell Nationwide in accordance with state/federal regulations

CRITICAL SUCCESS FACTORS

business risk management regulatory governance team
BUSINESS RISK ManaGeMenTRegulatory Governance Team

Yvette Knott

Regulatory Director

Ops Regulatory Manager

Consultant

Consultant

Consultant

Consultant

Sr. Analyst

Specialist

Virtual Team

Sr. Analyst

Specialist

  • Office of Internal Audits
  • Legal
  • Anti-Money Laundering
  • Government Relations
  • Corporate Compliance
  • PCIO
  • Lobbyists
  • Sales & Services
  • Enterprise & NF Risk Management
  • Operations
  • Nationwide Health Plans
  • Business Continuity
  • Office of Privacy
  • Office of Ethics
  • Internal Investigation Unit
  • Marketing
  • Business Development

Sr. Analyst

Specialist

Sr. Analyst

business risk management our structure
Business Risk managementour structure

Governance Support – Regulatory Filing

Business Units

Office of Internal Audits

Fraud

Partners

Anti Money Laundering

Disaster Response

Compliance

Government Relations

Legal

business risk management o ur functions
Business Risk management Our Functions

Prevention

Demand

Control

  • Market Conduct Exams
  • State and Federal Requests
  • Financial Audits (KPMG)
  • NW Internal Audits
  • External Audits (SEC Exams)
  • AML Audits
  • Reinsurance Audits
  • Information Security Audits
  • Legislative Regulatory Model Changes (LRCU’s)
  • IPSO Assessments
  • Compliance Control Assessment Testing (CCAT Controls)
  • Procedure Reviews
  • FRC Controls (Model Audit Rule Financial Controls)
  • Fraud/AML Controls & Monitoring
  • NOSS Monitoring
  • STOA/STOLI Controls & Monitoring
  • Subpoena/Litigation Requests
  • Business Continuity
  • Advisor Watchlist
  • Annual Privacy Mailings
  • Fund Trading/Settlements
  • Regulatory Requests/Inquiries
  • Compliance Certification Program
  • Return Mail
  • AccurintAccess Monitoring
  • Business Consulting
  • Regulatory Project Management
business risk management change management model
Business Risk management Change management model

Preparing the business and our customers for upcoming changes through proactive planning, education and business readiness.

INDIVIDUAL

Viewed through two lenses…

ORGANIZATION

business risk management change mgmt strategy
Business Risk management change mgmt strategy
  • Change Management Strategy
  • Current-Future State Analysis
  • Risk Summary
    • Performer impact
    • Organizational readiness and resistance
    • Sponsor alignment
    • Realization risk
  • Change Management Team
    • Team structure and staffing
    • Sponsor coalition
  • Special Tactics and Actions
    • Develop full change mgmt plan
  • Change Management Plan
  • Sponsor Actions
  • Communication Actions
  • Training Actions
  • Coaching Actions
  • Adoption Actions
business risk management tools continued
Business Risk management Tools (continued)

Regulatory Audit Summary

Regulatory Matrix

business risk management tools continued1
Business Risk management Tools (continued)

Regulatory Requests/Inquiries Database

slide15
Lisa Cooper

Corporate Compliance Director

individual life and annuities at a glance
Individual Life and AnnuitiesAt-A Glance

Products

Individual Life and Annuities

Group Life supporting NBSG (a/k/a COLI/BOLI)

NW Companies

NLAIC – Nationwide Life and Annuity Insurance Company

NLIC – Nationwide Life Insurance Company

NISC – Nationwide Investment Services Corporation

NSLLC – Nationwide Securities LLC

NFGA – Nationwide Financial General Agency

Regulators

State DOI

State Securities

SEC

FINRA

IRS

DOL*

*Individual annuities inside of retirement plans

Distribution Channels

Affiliated: NFN Agents & NSLLC

Non-Affiliated: Wholesalers through Financial Institutions, Independent BDs, Wirehouses, IMOs and BGAs.

Operations – Service Customer Accounts

Process transfers, additional contributions and loans.

Process surrenders, partial withdrawals and claims.

Assist with contract/policy changes.

Operations – Set Up New Business

Process New Customer Applications and set up customer accounts.

operational compliance mission vision
Operational Compliance - Mission & Vision

7

Mission

  • We create value by developing and maintaining a risk-based sustainable compliance program by:
    • providing guidance and oversight to our business partners;
    • promoting the integration of compliance into firm values, activities and processes; and
    • ensuring ethical business standards.

Vision

  • We assess the regulatory risk and assist our business partners in making informed decisions that mitigate risk while maintaining or improving the overall business objectives by:
    • building and maintaining strong relationships with our business partners to ensure compliance remains a trusted source for guidance and direction on all important business decisions; and
    • building and maintaining strong external connections to industry committees and colleagues to stay current within the regulatory environment.

18

9 elements of an effective compliance program
9 Elements of an Effective Compliance Program
  • High Level Responsibility
  • Risk Assessment
  • Written Policies & Procedures
  • Training & Education
  • Monitoring & Testing
  • Response & Prevention
  • Enforcement & Discipline
  • Reporting
  • Regulatory Exam, Inquiry & Relationship Management
the 9 elements of the ips compliance program
The 9 Elements of the IPS Compliance Program

1) High Level Responsibility

  • A high-level awareness that building a compliance culture is a part of everyone’s job from Executive Management to Individual Contributors.
  • Compliance partnership with the Business.
the 9 elements of the ips compliance program1
The 9 Elements of the IPS Compliance Program

2) Risk Assessments

Phase I: Research, validate compliance and document gaps.

Phase II: Communicate and consult w/Business on action plans.

Develop remediation plan to determine risk and self- reporting.

Phase III: Communicate remediation plan to Business and work on recommended resolutions and action plan(s)

Validate gaps are closed 30 days after Business confirmation received that action plan complete.

Phase IV:Develop monitoring plan - consider annual communication, training and auditing).

the 9 elements of the ips compliance program2
The 9 Elements of the IPS Compliance Program
  • Written Policies and Procedures
    • Registered Separate Accounts – 38a-1 Program
      • Annual review and Business acknowledgement of compliance 38a-1 policies.
      • Consistently reviewing 38a-1 policies to verify compliance with day-to-day inquiry or project work.
    • State Compliance – Model Laws/Regs.
      • Utilize model laws/regs to create state-based compliance programs and manage changes through regulatory life cycle.
the 9 elements of the ips compliance program3
The 9 Elements of the IPS Compliance Program

4) Training and Education

  • State Laws
    • New York Regulation 60 annual training and on-boarding
    • New York Regulation 60 monthly Q&A collaboration meeting between Compliance and the Business
    • NAIC Suitability Operational Review Team
    • Puerto Rico Senior Vulnerability Training per Rule 93
  • Federal Securities Laws
    • Transaction processing around Rule 22c-1 (4:00 cut off)
  • Business participation in external compliance conferences
the 9 elements of the ips compliance program4
The 9 Elements of the IPS Compliance Program

5) Monitoring, Testing and Surveillance

  • Registered Separate Accounts – 38a-1 Program
    • CCAT 38a-1 Registered Separate Account Objective Testing
    • Periodic Business self-assessments and/or Compliance Testing around business processes, compliance policies and procedures.
  • State Compliance Programs
    • Quarterly NAIC Suitability Reg. Surveillance
    • Fixed Annuity
    • NY Reg. 60 Surveillance
  • Compliance-Business-Internal Audits
    • Collaboration among the 3 areas to conduct appropriate auditing, testing and monitoring of IPS Compliance Program.
the 9 elements of the ips compliance program5
The 9 Elements of the IPS Compliance Program

6) Response and Prevention

  • Consumer complaints follow a formal review process and are systematically tracked via epower center.
  • Consistent review of compliance policies, operational procedures and contract obligations through compliance day-to-day inquiry and project work assists with identifying issues.
  • Potential compliance issues use formal mechanism for reporting and remediating issues.
  • Continuous collaboration with Internal Audit, Compliance and the Business to assist with risk mitigation of IPS Compliance Program.
the 9 elements of the ips compliance program6
The 9 Elements of the IPS Compliance Program

7) Enforcement and Discipline

  • Result in disciplinary action that could result in termination of employment.
the 9 elements of the ips compliance program7
The 9 Elements of the IPS Compliance Program

8) Reporting

  • Life Company Board of Director Reports
    • Annual 38a-1 CCO Report to the Board
    • State Annuity Suitability Regulation Annual Report to Senior Management
  • Quarterly Report of Compliance
  • Heat Map
  • Metrics
the 9 elements of the ips compliance program8
The 9 Elements of the IPS Compliance Program

9) Regulatory Exams, Inquiries and Relationship Management

  • SEC 38a-1 Registered Separate Account Exam and inquiries
  • State DOI market conduct exams and inquiries
  • Other Federal exams (IRS/DOL/Federal Reserve Bank)
operational risk management and mitigation
OPERATIONAL RISK MANAGEMENT AND MITIGATION
  • Common Risks
    • Business Volume and Quality Control.
    • System constraints causing manual processing.
    • Frequency of associates changing positions without adequate training and understanding of compliance issues.
    • Lack of regulatory understanding tied to business transaction process.
  • Mitigation Plan
    • Creating a culture of compliance.
    • Developing partnerships with business partners.
    • Developing and maintaining formal compliance programs.
slide30

Scott Whitaker

Compliance Director

p c compliance overview
P&C Compliance OverView

Installation Path Training

Agency Audits

IAA Reviews

HO Matched Pair Testing

Reporting

Agency Compliance

P&C Sales Compliance

Do Not Call

Violent Crimes Act

Social Media Review

Compliance Websites

p c compliance overview1
P&C Compliance OverView

Installation Path Training

Agency Audits

IAA Reviews

HO Matched Pair Testing

Pre-visit Data Collection

Reporting

Agency Compliance

P&C Sales Compliance

NSS Reviews

Do Not Call

On-site Review

Violent Crimes Act

Reporting

Social Media Review

Follow-up

Compliance Websites

p c compliance overview2
P&C Compliance OverView

Installation Path Training

Agency Audits

IAA Reviews

HO Matched Pair Testing

Reporting

Pre-visit Data Collection

Agency Compliance

P&C Sales Compliance

NSS Reviews

Do Not Call

On-site Review

Violent Crimes Act

Reporting

Fiduciary Audits

Social Media Review

Follow-up

Fiduciary Reporting

Fiduciary Revisits & Follow-ups

Compliance Websites

Fiduciary Remote Audits

Fiduciary Installation Path

p c compliance overview3
P&C Compliance OverView

Installation Path Training

Agency Audits

IAA Reviews

HO Matched Pair Testing

Reporting

Pre-visit Data Collection

Agency Compliance

P&C Sales Compliance

NSS Reviews

Do Not Call

On-site Review

Violent Crimes Act

Reporting

Fiduciary Audits

Contract Admin

Follow-up

Social Media Review

Fiduciary Reporting

Fiduciary Revisits & Follow-ups

Compliance Websites

Fiduciary Remote Audits

Fiduciary Installation Path

Brokerage

Contract Admin

p c compliance overview4
P&C Compliance OverView

Installation Path Training

Pre-visit Data Collection

Agency Audits

On-site

Review

Action Plans & Follow Up

IAA Reviews

Reporting

HO Matched Pair Testing

Best Practices

Field Sales Appraisal

Reporting

Pre-visit Data Collection

Agency Compliance

P&C Sales Compliance

NSS Reviews

Do Not Call

On-site Review

Violent Crimes Act

Reporting

Fiduciary Audits

Contract Admin

Follow-up

Social Media Review

Fiduciary Reporting

Compliance Websites

Fiduciary Revisits & Follow-ups

Fiduciary Remote Audits

Fiduciary Installation Path

Brokerage

Contract Admin

p c compliance staffing chart
P&C Compliance Staffing Chart

AVP Compliance

John English

Compliance Analyst

Compliance Manager

Compliance Manager

Field Sales Appraisal

Sr. Consultant

Contract Administration

Sr. Consultant

Compliance Director

Contract Administration

Consultant

Field Sales Appraisal

Sr. Consultant

Compliance Specialist

Field Auditors (8)

Field Auditors (7)

Compliance Specialist

Fiduciary Auditors (5)

Sr Fiduciary Auditor

p c compliance value add
P&C Compliance Value Add

Compliance Validation - through our on-site Agency audits and Field Sales Appraisals, we validate Agent and Regional Sales Operation Compliance.

Reporting - Compliance Results are reported individually to agents and Sales Managers.

Field Sales Appraisal results are provided to Regional and Sales Support Leadership.

Recommendations are provided to improve sales organizational effectiveness.

Training - we complete on-line training as well as training at our training center for

Agents and Sales Leaders.

Protect the Brand - help avoid adverse publicity and Department of Insurance activity. Avoid

Federal/State fines from Do Not Call list violation.

Subject Matter Experts - review programs from a Compliance standpoint–Customer Experience,

Standards for Safeguarding Customer Information, Specialty Auto processes, Adverse Decision

Lettersand Privacy Pre-notice.

Coordination - with other areas including OGC, Privacy and Agency Relations to stay on top of

changing State/Federal Compliance requirements and their impact on the Sales Operation.

p c compliance partners with business units
P&C Compliance Partners with Business Units
  • Underwriting
  • Product
  • Market Conduct
  • Regulatory Compliance
  • OGC
  • Internal Investigations
  • Claims
  • Regional Operations
slide39

Greg Jordan

Vice President Internal Audit

nationwide risk coverage structure
NationwideRisk Coverage Structure

BOD

C-Suite

1st Line Of Defense

Risk Ownership

C

A

B

Line Of Business Management

Investment Risk

ERM

Credit Risk

2nd Line Of Defense

Risk Control & Monitoring

Selected Risk & Control Functions

Compliance

Market Risk

IT Risk

3rd Line Of Defense

Risk Management

Assurance

Internal Audit

Assurance & Validation

keys to compliance program reliance
Keys to Compliance Program Reliance

An effective compliance program...

...benefits regulatory capital, earnings and reputation

…involves an assessment of legal, regulatory and operational risks on an enterprise-wide basis

…is progressive and proactive in working with management in risk management activities

…is collaborative with other risk management partners in your organization

managing emerging risks
Managing Emerging Risks

Strategic

Reputation

Legal

Productivity

Data Confidentiality

Regulatory

Transactional

external influences on audit and compliance planning
External Influences on Audit and Compliance Planning

Internal Audit shares many outside clients with Compliance and risk Management Partners

Records Retention

Services

slide46

Which Compliance Functions to Audit?

Audit the formal functions

  • Informal functions often serve
  • as controls within the larger
  • business process
  • Often reviewed when testing
  • controls during audit of
  • process/area
  • Formal functions are usually
  • process in itself
  • Entire function typically
  • considered control
  • Perform full scope audit of the Compliance function

Informal

Formal

what ia looks for when auditing compliance
What IA Looks for when Auditing Compliance

Structure/Objectivity

  • Understand key risks and what could go wrong in process

Reporting

Sampling

Measurement/

Scoring

Execution

Issue

Follow-Up

common compliance risks2
Common Compliance Risks

Execution

  • What types of reviews, assessments are performed? (On-site, desk review, etc.)
  • What is the frequency of review?
  • Are associates trained on how to conduct reviews?
  • Are reviews calibrated among associates?
slide54

Deriving Additional Internal Audit Value from Compliance

Viewing Compliance function as a valued partner

is critical to a strong control environment

  • Routinely share risk insights
  • Leverage Compliance as an expert
  • Ask Compliance to cover other risks

to help IA’s coverage

  • Encourage Compliance functions

to leverage each other