More Related Content
Similar to Chapter 9 financial compliance programme
Similar to Chapter 9 financial compliance programme (20)
Chapter 9 financial compliance programme
- 1. Chapter 9
Financial Compliance
Programme
The Presentation Slides for Teaching
Financial Regulations and Compliance Practices
Website : https://sites.google.com/site/quanrisk
E-mail : quanrisk@gmail.com
Copyright © 2018 CapitaLogic Limited
- 2. Declaration
Copyright © 2018 CapitaLogic Limited.
All rights reserved. No part of this presentation file may be
reproduced, in any form or by any means, without written
permission from CapitaLogic Limited.
Authored by Dr. LAM Yat-fai (林日辉),
Principal, Structured Products Analytics, CapitaLogic Limited,
Adjunct Professor of Finance, City University of Hong Kong,
Doctor of Business Administration,
CFA, CAIA, CAMS, FRM, PRM.
Copyright © 2018 CapitaLogic Limited 2
- 5. Financial institution
Front office
Sales
Marketing
Customer services
Back office
Settlement
Accounting
Information technology
Middle office
Compliance
Risk management
Copyright © 2018 CapitaLogic Limited 5
- 6. Financial compliance streams
General compliance
Deposits, loans and mortgages
Securities brokerage
Licensing
Regulatory reporting
Others
Specialist compliance
Anti-money launder and counter-terrorist financing
Private banking and wealth management
Derivative securities and treasury products
Credit risk modelling
Technology risk management
Copyright © 2018 CapitaLogic Limited 6
- 7. Compliance function
Large financial institution
A separate function under the board of directors
Medium and small financial institution
Compliance department
Risk management and compliance department
Legal and compliance department
Dedicated compliance for private banking
Directly under the board of directors
Copyright © 2018 CapitaLogic Limited 7
- 9. Compliance duties – internal
Ensure a FI’s operations to be inline with statutory and
regulatory requirements
Design and implement compliance programmes
Develop policy templates
Develop procedure templates
Review and comment policies and procedures
Drive training and awareness initiatives
Conduct regular and ad-hoc compliance reviews
Interpret ordinances and regulatory documents in simple
language to colleagues
Copyright © 2018 CapitaLogic Limited 9
- 10. Compliance duties – external
The official communications channel with
regulators
Review and approve documents to be
submitted to regulator
Clarify ordinances and regulatory documents
with regulators and lawyers
Co-ordinate compliance activities among all
external parties
Copyright © 2018 CapitaLogic Limited 10
- 11. Expectations from FI operations
Say “Yes, please go ahead.”
Compliance officer should tell
What can be done?
What cannot be done?
Why?
Who said so?
Most important
How can be done?
Copyright © 2018 CapitaLogic Limited 11
- 13. A typical compliance programne
Senior management
oversight
Policies
Procedures
IT systems
MIS reports
Training and awareness
Compliance review
Independent assessment
Internal audit
Copyright © 2018 CapitaLogic Limited 13
- 14. Senior management oversight
Compliance programme committee
All directors as members
Terms of reference
Regular meeting
Meeting agendas
Meeting minutes
Copyright © 2018 CapitaLogic Limited 14
- 15. Policy
General template prepared by the compliance
Policy prepared by the senior management of a
functional department in accordance with the
general template
Reviewed and updated annually
Principle based
Cannot be used directly for the FI operations
Coverage and details match the regulatory
guidelines
Copyright © 2018 CapitaLogic Limited 15
- 16. Procedures
General template prepared by the compliance
Operational procedure prepared by the middle
management of a functional department in
accordance with the general template
Include manuals, checklists, templates and forms
Reviewed by the compliance
Approved by the department head
Reviewed and updated whenever there are any
regulatory and/or operational changes
Copyright © 2018 CapitaLogic Limited 16
- 17. IT systems
Efficiency
Effectiveness
Operational control
Two level authorization
MIS reports
Centralized historical records
Copyright © 2018 CapitaLogic Limited 17
- 18. MIS reports
Customer risk classification
No. of exception reports
No. of cases under internal investigations
Departmental comparison
Trend analysis
Copyright © 2018 CapitaLogic Limited 18
- 19. Training and awareness
All staff
New staff
Front office
Back office
Senior management and internal audit
Compliance
Copyright © 2018 CapitaLogic Limited 19
- 20. Compliance review
Regular
Once every year, comprehensive coverage in a few
selected departments
Once every quarter, thematic coverage for major
departments on selected subject
Event driven
Regulatory initiatives
Triggered by incidents
Triggered by media reports
Copyright © 2018 CapitaLogic Limited 20
- 21. Independent assessment
An independent external expert to review,
comment and suggest improvements to a
compliance programme
Independent external expert
Big 4 accounting firms
Solicitor firms
University professors
Copyright © 2018 CapitaLogic Limited 21
- 22. Audit and examination
Internal audit
Local office
Regional office
Head office
External audit
Big 4 accounting firms
Regulatory examination
HKMA
SFC
IA
Copyright © 2018 CapitaLogic Limited 22
- 24. Challenges facing compliance
External
Regulatory requirements keep on tightening
Regulatory documents are not written in human
language
Internal
Compliance is a cost centre
Limited budget
Lacking manpower
High staff turn over rate
No loyalty between employers and employees
Copyright © 2018 CapitaLogic Limited 24
- 26. Major issues of regulatory documents
Guidelines, guidance papers, circulars, codes
and best practices have no legal power but
interpretive power
Principle base
Full of “suitable”, “adequate”, “appropriate”,
“necessary”, “sufficient”, “reasonable” etc.
Most written by somebody totally without FI
experience
Copyright © 2018 CapitaLogic Limited 26
- 27. Myth of regulatory documents
Basel documents
Banking policy
Banking supervision
Bank operations
Bank compliance
Copyright © 2018 CapitaLogic Limited 27
- 28. Compliance as a difficult middle man
Pressure from FI operations
As relax as possible
Pressure from regulators
As stringent as possible
Pressure from senior management
Highest profits + Good compliance records
Copyright © 2018 CapitaLogic Limited 28
- 29. Compliance not an easy job
High professional requirements
Long working hours
Everything in a FI may be subject compliance
review
Confrontation with other colleagues
Confrontation with regulators
Copyright © 2018 CapitaLogic Limited 29
- 30. Common issues
Lack FI operations experience
Do too much daily operations
Lack professional inputs
How not to do business by following the regulation?
How to make profit without violating regulations?
Overlook the backdoors
Neglect the words between the lines
Copyright © 2018 CapitaLogic Limited 30
- 31. Sound practices
Never get into daily operations
Learn more about the daily operations
Maintain an compliance professional network
Use professional firms and academic scholars
skillfully
Use compliance automation tools
Streamline the schedule of internal audit,
external audit and/or regulatory examination
Copyright © 2018 CapitaLogic Limited 31
- 32. Regulatory expectation management
Willing to be pin pointed by regulators
Demonstrate improvement instead of
perfection
Design strategically imperfect compliance
program
Show action plan instead of corrective action
results
Prioritize corrective actions
Copyright © 2018 CapitaLogic Limited 32
- 33. Regulatory relationship management
Handle regulators as peers instead of superiors
Senior management never entertain front line
regulators directly
Never submit requested information to regulators
before due dates
Use e-mail as the primary communications channel
with regulators
Keep all communications records with regulators
Ask regulator “Yes” or “No” instead of open end
questions
Never commit in written support of any regulatory
initiatives
Copyright © 2018 CapitaLogic Limited 33
- 34. Professional services
Independent
To maintain relationship with other business units
To eliminate biases
To avoid cutting corners
Expert
To avoid blind spots
To bring in external practices
To inform latest industry development
Copyright © 2018 CapitaLogic Limited 34
- 35. Professional services
Providing improvements to a compliance
programme
Small firms better than large firms in terms of
quality of deliverables
Providing confidence to regulators
Large firms better than small firms in terms of the
brand name effect
Copyright © 2018 CapitaLogic Limited 35
- 36. Compliance tool box
Ordinance
Subsidiary legislations
Guidelines
Guidance papers
Circulars
Codes of conduct
Best practices
Exam study manuals
Reports from
professional firms
FATF documents
MAS, OCC, SEC, FSA
and APRA documents
Academic researches
Copyright © 2018 CapitaLogic Limited 36
- 38. Control self-assessment
A business unit assesses its operations and
activities against a list of control procedures
extracted from a procedural document
Internally driven and often incorporates
checklists and/or workshops to identify the
potential risk facing the business unit
Copyright © 2018 CapitaLogic Limited 38
- 39. Self-assessment of control procedures
Compliance level
Control procedure Full Partial Not N/A
The dept. should do this *
The dept. should do that *
The dept. should not do this *
The dept. should not do that *
The dept. should … *
The dept. should not … *
Copyright © 2018 CapitaLogic Limited 39
- 40. Supplementary information
Fully compliant
Why?
Partially compliant
Which part not
complaint?
Which part complaint?
Why?
Not compliant
Not applicable
Why?
Supporting document
Title
Version date
Author
Reviewer
Approval authority
Copyright © 2018 CapitaLogic Limited 40
- 41. For partially or not compliant
control procedures
Corrective action plan
Action items
Completion date
Justification of not to compliant
Cost out weights materially the benefit
Alternative control procedure in placed already
Copyright © 2018 CapitaLogic Limited 41
- 42. CSA summary by subsidiary banks
Copyright © 2018 CapitaLogic Limited 42
- 43. CSA summary by control procedures
Copyright © 2018 CapitaLogic Limited 43
- 44. CSA summary by subsidiary banks
and control procedures
Copyright © 2018 CapitaLogic Limited 44