Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Leveraging on Compliance Risk Management to Create Value


Published on

Published in: Business, Economy & Finance
  • Be the first to comment

  • Be the first to like this

Leveraging on Compliance Risk Management to Create Value

  1. 1. Leveraging on Compliance Risk Management to Create Value Eneni Oduwole April 10, 2013
  2. 2. Outline Introduction Risk-based Approach Functions of a Compliance Department Roles of the Board and Management Internal and External Drivers Risks and Consequences for Non-Compliance Required Measures Developing an Effective Programme Integrating Compliance with ERM FITC Compliance Risk Mgt Workshop - April 2013
  3. 3. What is Compliance? According to the International Compliance Association, the term Compliance describes the ability to act according to an order, set of rules or request. In business, it operates at two levels:  Level 1: Compliance with the external rules that are imposed upon an organisation as a whole  Level 2: Compliance with internal systems of control that are imposed to achieve compliance with the externally imposed rules describes it as “The state of being in accordance with the relevant Federal or regional authorities and their requirements.” In summary, Compliance describes the act of adhering to a pre-determined set of rules whether they are internal policies and procedures or externally driven statutory or regulatory guidelines and rules. Compliance also assures that best practices are upheld in the organization Compliance Risk is defined as the current and prospective risk to earnings or capital arising from violations of or non-conformance with set rules and regulations, best practices, internal policies, and ethical standards. Compliance Risk also arises where the laws governing products or services offered by the organization are vague or untested FITC Compliance Risk Mgt Workshop - April 2013
  4. 4. Risk-based Compliance Approach Enables expedient deployment of resources to specific / required areas Puts in place steps for identifying and assessing compliance risk exposures Ensures the application of appropriate compliance measures for controlling related risksBenefits: Tailored compliance strategies for effectively dealing with key compliance risks Efficiency gains; improved compliance adherence outcomes Reduced financial losses Greater business support for compliance – risk management processes by business FITC Compliance Risk Mgt Workshop - April 2013
  5. 5. Functions of a Compliance Department Identification of Related Risks: recognize regulatory risk exposures in an organisation and advise accordingly Awareness: Establish and communicate the organization’s compliance policy to ensure that it is observed Monitoring and Detection: continuously review and report on the effectiveness of controls put in place to assure effective Compliance Risk Management Prevention: ensure design and implementation of controls that would protect an organisation from Compliance Risk exposures Resolution: have strategies in place to ensure timely management and redress of Compliance Risk exposures as they crystallize or are identified Consultation: provide advice to the Board and Management of the organization on new trends, risks identified and controls required FITC Compliance Risk Mgt Workshop - April 2013
  6. 6. Roles and Responsibilities of the Board and Mgt in Regulatory ComplianceThe Board Management Oversight function over all compliance • Ensures the execution and adherence functions in the Bank to the Compliance Policy stipulations Reviews Compliance reports • Ensures a centrally controlled periodically at Board meetings to Compliance function led by a Chief ensure that the organization complies Compliance Officer exists to manage with all regulatory and internal compliance exposures organization procedures wide Ensures that the provisions of the • Provides sufficient resources and organization’s Compliance policy is ensures that compliance functions are strictly adhered to properly carried out, staff are adequately trained, and the periodic audit on the compliance function and framework conducted FITC Compliance Risk Mgt Workshop - April 2013
  7. 7. What drives Compliance Exposure Internally and Externally?Internal Policies These ensure that all staff comply with the organization’s internal rules and regulations that govern its business model, corporate objectives, ethical standards, Code of Corporate Governance and the Code of Professional Conduct The Chief Compliance Officer should monitor the development and implementation of these policies and ensure consistency with regulatory and legal stipulations; the Compliance Group in liaison with Management should ensure that no regulatory guideline is violated or breached in the implementation of its internal policies and procedures Corporate Governance should be ensured in the development and implementation of internal policies, and all Members of staff should comply with all internal policies FITC Compliance Risk Mgt Workshop - April 2013
  8. 8. What drives Compliance Exposure Internally and Externally? (cont’d)Laws and Regulatory Guidelines The Compliance function advises and monitors adherence with all legal, statutory, regulatory guidelines affecting the organization by ensuring transparent practices fashioned along local / international regulatory standards, and global best control practices are upheld Compliance with the Code of Corporate Governance issued by key local regulators (such as the Securities and Exchange Commission , the Central Bank of Nigeria) and globally accepted standards such as Sarbanes Oxley should be taken into consideration in drafting policies and procedures of the organization The Compliance function should ensure that all stakeholders are aware and adhere to local and international regulatory requirements; it is important that policies are drafted in line with relevant local regulations in all jurisdictions where the organization is operational FITC Compliance Risk Mgt Workshop - April 2013
  9. 9. What drives Compliance Exposure Internally and Externally? (cont’d)Laws and Regulatory Guidelines (cont’d) The guidelines of the key regulators in the home country of the organizations must be upheld at all times Periodical review and update of all laws, policies and regulations affecting the organization should be ensured Compliance levels organization-wide should be ascertained, and staff notified of new and revised policies and laws FITC Compliance Risk Mgt Workshop - April 2013
  10. 10. What drives Compliance Exposure Internally and Externally? (cont’d)Rendition of Returns All regulatory and statutory returns and reports should be rendered to regulators and law enforcement agencies as and when due to improve the organization’s rating by regulators and minimize sanctions and penalties against the organisation Maintaining a tracking system that would ensure timely and correct rendition of returns is required Business areas that breach the stipulated timelines should be appropriately sanctioned to ensure that the discipline required is inculcated organization- wide FITC Compliance Risk Mgt Workshop - April 2013
  11. 11. What drives Compliance Exposure Internally and Externally? (cont’d)Relationship Management The Compliance function ensures timely and satisfactory responses are provided to regulatory enquiries in compliance with the laws and regulatory requirements It liaises with external regulators and law enforcement agencies on its compliance responsibilities by maintaining an open, honest and transparent relationship with these authorities FITC Compliance Risk Mgt Workshop - April 2013
  12. 12. Risks and Consequences for Non-Compliance Sanctions and penalties Increased customer complaints Costly errors made by the organization Financial losses / Increased expenses Poor rating by External Auditors, Regulators and Rating Agencies Loss of licence FITC Compliance Risk Mgt Workshop - April 2013
  13. 13. Required Compliance Measures Advice – Agencies respond to direct requests for advice or proactively make contact with people or businesses to inform them of their obligations Guidance material – These materials made available on agency websites or through pamphlets to explain requirements Education campaigns – Agencies advertise to inform people and businesses about laws to persuade them to comply; these campaigns usually explain the reasons why regulations are in place or the negative impacts of non- compliance Warnings or cautions – A person or business is warned or cautioned that they have not complied with regulatory requirements and that they may be penalised for this FITC Compliance Risk Mgt Workshop - April 2013
  14. 14. Required Compliance Measures (cont’d) Monitoring measures (data collection, auditing and inspection) – Data collection from people and businesses for regulatory compliance purposes; Auditing / spot checks of the regulatory compliance records of people and businesses; Inspection of the activities of people or business to check compliance with the regulations Publication of names of offenders – Review details of people or businesses that have breached regulations Enforceable undertakings – After a requirement is breached, some agencies accept undertakings from non-compliers to do certain things to remedy breaches; penalties exist for failure to comply FITC Compliance Risk Mgt Workshop - April 2013
  15. 15. Required Compliance Measures (cont’d) Improvement notices – An agency requires a person or business to comply with a requirement within a specified time frame with a failure to do so resulting in a penalty Prohibition notices – An agency requires a person or business to stop an activity where a regulatory breach has occurred; the activity can continue when the breach has been remedied Penalty notices – An ‘on the spot fine’ is given for a breach of a regulatory requirement; the person or business is required to pay or elect to challenge it in court Civil pecuniary penalties – A right created under legislation for a person or business to claim compensation from another party for a regulatory breach FITC Compliance Risk Mgt Workshop - April 2013
  16. 16. Required Compliance Measures (cont’d) Injunctions – A court order that stops a person or business from continuing to do a particular thing after a regulatory breach Negative licences – The person is restricted from undertaking an activity that otherwise requires no authorisation Action against licences/accreditation/certification – The authorisation of a person or business to undertake an activity is restricted or withdrawn after a failure to comply with the conditions of the authorisation Criminal prosecution – Legal proceedings are brought by the agency against a person or business because the law has been broken; a decision to prosecute is made when it is considered to be in the public interest; a range of very serious penalties can be given to a person found guilty of a criminal offence including large fines and imprisonment FITC Compliance Risk Mgt Workshop - April 2013
  17. 17. Developing an Effective Compliance Programme• Describe the meaning of compliance for your organisation and its response to its relevant demands• Know what drives your compliance exposure both locally and abroad; internally and externally• Identify the risks and consequences of non-compliance on the continued existence of your organization• Appreciate and demonstrate in simple understandable ways, the relationship between corporate governance, risk management and compliance (GRC) FITC Compliance Risk Mgt Workshop - April 2013
  18. 18. Developing an Effective Compliance Programme (cont’d)• Ensure delineation of the roles and responsibilities of the Board of Directors and Management in managing Compliance Risk• Understand the implications of regulatory guidelines for corporate accountability and ethical behaviour• Develop an effective fit-for-purpose compliance• Ensure full integration of the organization’s ERM in optimising relevant structures and procedures for both compliance and proactive risk management FITC Compliance Risk Mgt Workshop - April 2013
  19. 19. Integrating Compliance with ERM Largely driven by IT Compliance strategies Ensure that ERM systems have modules for monitoring compliance with internal and external policies IT Governance strategies should take into consideration procedures that drive and monitor Compliance risks organization-wide IT should drive the integration of Governance, ERM and Compliance for optimal output and value add from these three key elements of business management to the success of the organization Assures proactive and holistic risk management FITC Compliance Risk Mgt Workshop - April 2013
  20. 20. Integrating Compliance with ERM for Proactive Risk Management FITC Compliance Risk Mgt Workshop - April 2013
  21. 21. “The fact was that I was not a master of my actions, becauseI was not so insane as to attempt to bend events to conformto my policies. On the contrary, I bent my policies to accordwith the unforeseen shape of events” – Napoleon Bonaparte “YOU CANNOT ALLOW ANY OF YOUR PEOPLE TO AVOID THE BRUTAL FACTS. IF THEY START LIVING IN A DREAM WORLD, IT’S GOING TO BE BAD.” - GENERAL JAMES “MAD DOG” MATTISS
  22. 22. References Thank You... Contact Details FITC Compliance Risk Mgt Workshop - April 2013