Compliance Capability

Towards a Compliance Capability
Nikat Malik
January 2014
All Rights Reserved
Compliance Capability

Compliance Capability - Principles
End-to End View of the process path encompassing the business life cycle to completion. This will provide
effective compliance control of functional business processes and activities along the desired path.
Ownership of the compliance process must be explicitly clear and accountability held from leadership
through to operational level.
Compliance processes should be positioned at forefront of business functions , not as an after event.
Regulatory and compliance requirements should be addressed as part of the business operating model in
a partnering approach to be effective.
The compliance function together with processes should be fully automated to account for operational
risk and efficiency.
Compliance processes should be identified and integrated into the transaction life cycle route for
comprehensive control and to ensure business processes are compliant with requirements.
Consistency of controls and procedures should be maintained at both strategic and operational level with
change methodology applied judiciously.
High risk audit points must be examined across business processes and controls applied adequately.
Clear escalation path for efficient resolution must be put in place to ensure efficient business operations.

Compliance Capability – Applied Methodology
Understand business model and strategic objectives comprising of profit model,
customer model, product model and control model.
Evaluate impact of regulation and compliance requirements on business model.
Develop and confirm integrated operating model.
Undertake self assessment to identify compliance capability and its strengths and
weaknesses.
Identify gaps in specific level of capability required.
Develop the capability framework...
In reference to ….
• Business Context
• Operating Environment
• Customer Base
• Risk Appetite
• Technology
Comprising ….
• Behaviour
• Performance
• Conduct
• Skills Training
• Systems Required

Compliance Capability – Self Assessment (1 of 2)
Objectives
• To identify levels of capability required in light of operating environment and regulatory demands
in local, regions and host country
• To assess current compliance standards
• To proactively manage risk exposures
• To define target state to fulfil business objectives
Self Assessment is completed through facilitated expert judgement that considers risk and controls information to
define a set of impacts and directive efforts
Risk and Control Framework
• Money Laundering
• Sanctions
• Bribery
• Terrorist Financing
• PEP Finance/Payments
• Cross Border Breech
• Unlawful Payments
• Conduct / Mis-Selling
• Client Identification
• Fraud & Security
Regulatory Risks Risk & Control Assessment
Key Indicators
Internal Incidents
External Events
Expected Loss
Self Assessment
Results
Financial & Reputation Impact
Proactive &
Remedial
Action
Governance Identify Risk Appetite Assess Control Report

Compliance Capability – Self Assessment (2 of 2)
Self Assessment Process
Scope Build Assess Validate
• Develop draft Self
Assessment
Questionnaire for
each risk including
drivers and impacts
• Ensure appropriate
involvement from
functional experts,
businesses and legal
• Agree audit and
compliance points for
each risk by business /
country
• Plan Self Assessment
workshops and
attendees
• Leadership provided
by Group Risk &
Compliance
Committee and Self
Assessment Task Force
• Involvement and input
from Business and
Global Functions
• Agreement on Risks to
be included and
Businesses to cover
• Assess impact of
questionnaire results
• Assessment to include
an assessment of local
controls and
management actions
required taking into
account risk appetite
• Undertake impact
assessment for all
possible scenarios incl.
typical and rare events
• Validate impact of risk
and functional review
• Undertake
quantitative validation
incl. severity and
benchmarking
• Action Plan to Group
Risk & Compliance
Committee
• Annual model review

Compliance Capability – Structure
Front Office Mid Office Back Office
Customer Centric Control Centric Service Centric
Prevention Investigation Detection
EntityFocusRoleComplianceRequirements
KYC / KYCC
FATCA
CDD / PDD / EDD
SANCTIONS
ATF
ABC
AML
C/P FRAUD
DODD FRANK
EMIR
BCBS 248
BASEL
FDSF / Stress Test
MIFIR
BCBS 239
COREP / FINREP
SOX
FRAUD – Internal
SECURITY

Compliance Capability – In Action
Trade Management Process, an example
Customer
Management
Trade
Validation
Trade
Execution
Trade
Processing
Clearing &
Settlement
Compliance &
Accounting
Checks:
•Terms & product
•Legal Agreement
•Credit Limit
•Collateral
•Margin
Addl. Compliance
Control Checks:
•Sanctions
•KYCC
•FATCA
•CDD
•ATF
•AML
•Customer/Country
Risk Rating
•Capital/Liquidity
•Matching
•Confirmation
•Allocation
•Booking
•Netting
•Exposure
Management
•Pricing
•Valuation
•Analytics
•Portfolio Position
•Trade Initiation
•Relationship
Management
•Client On
Boarding
•Limit Setting
•Payment
•Settlement
•Custody
•Exchange
•Collateral
Management
•P/L
•Counter Party
Management
•Regulatory
Reporting
•Compliance
Control
CurrentStateTargetStateProcess
“ “ “ “ “
Trade Compliance Committee –
escalation & governance procedure to manage Alerts & Suspicious Activity for timely clearance and resolution
Value Statement
Positions compliance at forefront of business process
Mitigates risk at potential point of occurrence
Real time feedback result
Ease of monitoring & efficient control
Clean data ensures accuracy

Compliance Capability

More Related Content

What's hot

Viewers also liked

Similar to Compliance Capability

More from nikatmalik

Recently uploaded

Compliance Capability