This document discusses considerations for enhancing Canada's financial consumer protection framework. It outlines four key aspects that must be addressed when establishing or reviewing any regulatory regime: 1) defining clear regulatory objectives, 2) identifying and evaluating key risks, 3) determining acceptable risk tolerance, and 4) ensuring adequate resourcing. The document then examines different types of regulatory frameworks from highly prescriptive rules-based models to more flexible principles-based approaches. It argues that an ideal framework provides flexibility, economy and effectiveness.
Presented by Jerry Sogoli at the 4th Annual East Africa Finance Summit
A comparative analysis of the independent regulatory agency approach vis-à-vis direct government oversight and the appropriateness of the former in regulating today’s insurance sector
Cyber security reguations: The shape of things to come for captives?Daniel Message
Article discussing the potential impact of emerging cyber security regulations on captive insurance companies. Originally published in Captive Insurance Times, 5 April 2017.
Following the financial crisis and exasperated by head-lined breaches of compliance, regulated firms are now subject to a plethora of regulations as governments seek to regulate as a means of protecting individual economies. As a result, firms now face the biggest challenge yet … Regulatory Risk, being the risk of non-compliance and the penalties and reputational risk that follow.
How to integrate risk into your compliance-only approachAbhishek Sood
Information security policies and standards can oftentimes cause confusion and even liability within an organization.
This resource details 4 pitfalls of a compliance-only approach and offers a secure method to complying with policies and standards through a risk-integrated approach.
Uncover 4 Benefits of integrating risk into your compliance approach, including:
Reduced risk
Reduced deployment time
And 2 more
From complex coding requirements to strict patient referral rules, physicians are scrambling to avoid entanglements in a broad net of federal, state, and commercial payer requirements. Get ideas on how you can help protect your practice.
For more resources and information:
http://sites.mckesson.com/practiceconsulting/kc_coding.htm
CEI Compliance is the UK's fastest growing regulatory consultancy and provides associate opportunities to consultants and cost effective value to financial services and other regulated companies.
We show you the methodology for conducting the Compliance Risk Assessment and how to provide meaningful action plans.
An effective compliance program has several key components: conducting a legal risk assessment to identify areas of focus, ensuring the program meets regulatory guidelines, tailoring the program to a company's unique operations, establishing standards and procedures to minimize risks and demonstrate commitment to ethical conduct, and providing training, monitoring, reporting, and investigations to foster a pro-compliance culture. An effective program is process-oriented, integrated into daily operations, and subject to continuous improvement.
The document discusses the importance and benefits of implementing an effective compliance program at a health care organization. It outlines the key elements that should be included in a comprehensive compliance program, such as policies and procedures, oversight, education and training, auditing, reporting, and enforcement. An effective compliance program can help communicate an organization's commitment to ethics, prevent fines and penalties, and protect from liability. It is essential for health care providers to follow guidelines from the Office of Inspector General.
Presented by Jerry Sogoli at the 4th Annual East Africa Finance Summit
A comparative analysis of the independent regulatory agency approach vis-à-vis direct government oversight and the appropriateness of the former in regulating today’s insurance sector
Cyber security reguations: The shape of things to come for captives?Daniel Message
Article discussing the potential impact of emerging cyber security regulations on captive insurance companies. Originally published in Captive Insurance Times, 5 April 2017.
Following the financial crisis and exasperated by head-lined breaches of compliance, regulated firms are now subject to a plethora of regulations as governments seek to regulate as a means of protecting individual economies. As a result, firms now face the biggest challenge yet … Regulatory Risk, being the risk of non-compliance and the penalties and reputational risk that follow.
How to integrate risk into your compliance-only approachAbhishek Sood
Information security policies and standards can oftentimes cause confusion and even liability within an organization.
This resource details 4 pitfalls of a compliance-only approach and offers a secure method to complying with policies and standards through a risk-integrated approach.
Uncover 4 Benefits of integrating risk into your compliance approach, including:
Reduced risk
Reduced deployment time
And 2 more
From complex coding requirements to strict patient referral rules, physicians are scrambling to avoid entanglements in a broad net of federal, state, and commercial payer requirements. Get ideas on how you can help protect your practice.
For more resources and information:
http://sites.mckesson.com/practiceconsulting/kc_coding.htm
CEI Compliance is the UK's fastest growing regulatory consultancy and provides associate opportunities to consultants and cost effective value to financial services and other regulated companies.
We show you the methodology for conducting the Compliance Risk Assessment and how to provide meaningful action plans.
An effective compliance program has several key components: conducting a legal risk assessment to identify areas of focus, ensuring the program meets regulatory guidelines, tailoring the program to a company's unique operations, establishing standards and procedures to minimize risks and demonstrate commitment to ethical conduct, and providing training, monitoring, reporting, and investigations to foster a pro-compliance culture. An effective program is process-oriented, integrated into daily operations, and subject to continuous improvement.
The document discusses the importance and benefits of implementing an effective compliance program at a health care organization. It outlines the key elements that should be included in a comprehensive compliance program, such as policies and procedures, oversight, education and training, auditing, reporting, and enforcement. An effective compliance program can help communicate an organization's commitment to ethics, prevent fines and penalties, and protect from liability. It is essential for health care providers to follow guidelines from the Office of Inspector General.
This document discusses developing a culpability matrix for ethics investigations. It explains that misconduct comes in many forms with varying root causes, impacts, and levels of intent. A culpability matrix can help ensure consistent disciplinary actions that are appropriate to the type of misconduct. The key factors discussed for determining disciplinary actions are: the act of misconduct itself, the role of the subject, any motivations, behavioral aspects, and the organization's perspective. Consistent guidelines help ensure transparency and prevent arbitrary decision making, while still allowing flexibility. Organizations should structure disciplinary guidelines but also continue evolving them over time.
The document provides 5 steps for conducting better risk assessments, including adopting a root-cause approach to risk identification, standardizing a 1-10 assessment scale and criteria, linking risks to controls and strategic goals, and embedding risk management into everyday activities. It explains how prioritizing risks based on their root causes and using a consistent 1-10 scale allows organizations to better understand their top risks and prioritize mitigation activities. Following these best practices can help risk assessments add more value to businesses by providing transparent and actionable risk information.
Building-world-class-ethics-and-compliance-programs.pdfL. S.
This document discusses the key ingredients of a world-class ethics and compliance program. It identifies five key ingredients: Tone at the top, corporate culture, compliance risk assessments, the Chief Compliance Officer, and testing and monitoring. For tone at the top, it emphasizes that the board, CEO, and CCO play critical roles in setting the expectations and values that instill a culture of integrity throughout the organization. Corporate culture involves initiatives that contribute to an ethical and compliant culture. Compliance risk assessments identify and address the most significant risks facing the organization. The CCO oversees management of compliance risks on a daily basis. Testing and monitoring helps ensure controls are effective through implementation, testing, auditing and monitoring on a regular basis
Cerini & Associates | Compliance Information And RiskConrad
Boards need to establish appropriate policies, budgets, and controls and exhibit fiduciary responsibility that:
Are mission and priority driven
Promotes accuracy, integrity, compliance, and transparency
Promotes quality of service (and has a system to monitor and improve)
Builds confidence at all levels
Creates on-going viability and maximizes utility
Develops appropriate accountability
Ensures proper controls at all levels including the Board
Fosters education
Develops proper communication channels with internal and external sources (i.e. compliance officer, internal auditors, external auditors)
Performing a legal and compliance risk assessment. A Step-by-Step Implementation Guide-
Planning the Risk Assessment
Assessing and Prioritizing Risks
Improving Legal Risk Mitigation
Implementing, Documenting and Testing Compliance Controls Hernan HuwylerHernan Huwyler, MBA CPA
How to prioritize action plans and remediation activities to address assessed compliance risks: consolidation of risks, global/aggregated compliance risks, corporate and local initiatives, tips for monitoring action plans, updates and emerging compliance risks; examples of reports on action plans, roles for compliance risk management, synergies with internal audit and risk management, the use of assurance maps
How to make action plans workable: regulatory alerts, reporting of mitigation actions, how to promote the accountability for treating compliance risks, tracking and measuring the managing of compliance risks, tailoring compliance to deal with the most significant risks, control failures at design or compliance levels, tips for change management
How to document compliance and operational issues. Monitoring and testing techniques for compliance controls, sharing templates and compliance control matrix. Analytical testing to identify risks (e.g. adobe-average fees for anti-corruption controls, transaction splitting for anti-fraud controls).
Discussion case for testing SOX entity level controls related to compliance, sampling techniques in compliance audits, setting the materiality, identifying and documenting findings, testing the awareness of the code of conduct and crisis protocol, testing conflict of interests, testing access rights and segregation of duties (for fraud and privacy risks), testing the delegation of authority including for banks, testing anti-bribery and fraud controls, auditing the whistleblowing channel, the role of general computer controls in compliance
1) Enterprise risk management (ERM) and governance-risk-compliance (GRC) are approaches that have emerged in the past decade but there is no consensus on how they relate.
2) Currently, GRC is seen as a top-down process that sets risk requirements, while ERM identifies and reports on risks, but the document argues this view is flawed.
3) The document contends that ERM should drive risk assessment and response, informing governance and compliance, rather than the other way around. With ERM in charge of holistic risk management, conflicts can be reduced and risks better addressed.
The document introduces an OECD toolkit for assessing regulatory enforcement and inspections. It aims to build on previous OECD best practice principles and provide a simple tool to evaluate inspection systems or individual agencies. The toolkit contains 12 criteria corresponding to best practices covering policies, institutions, and tools. It requests evidence and suggests ratings on a scale. The document provides examples of key questions for each criterion. The overall goal is to test the toolkit in practice and conduct enforcement and inspection reviews of countries' systems.
The document discusses thematic compliance review mechanisms. It describes assessing emerging and prevalent risks, identifying stakeholders, conducting self-evaluations and benchmarking against peers. Key aspects of thematic compliance include regulatory surveillance, monitoring asset pools, financial promotions management, and market trends analysis. Metrics like stressed pool performance, unencumbered assets, and sustainable liquidity management are analyzed. Governance focuses on cybersecurity, collateral management, due diligence, risk profiling, and enterprise risk management.
This document summarizes a presentation on compliance frameworks. It defines a framework and its key components: policy, process, and people. It provides examples of policy documents, compliance manuals, checklists, and training. The presentation emphasizes establishing a tone at the top, following all applicable laws and regulations, implementing processes to ensure compliance, and defining roles and responsibilities. It also discusses issues like balancing business needs with compliance and the need for common definitions.
The SEC & FINRA released their priorities for 2016 examinations. Asset management firms need to review + update their policies, procedures and business activities to reflect both sets of priorities so they can strengthen business practices and prepare for potential exams.
Governance Risk and Compliance - in Higher Education - AustraliaMarissa McCauley
This is a short presentation on governance, risk and compliance in the higher education industry. It also highlights key TEQSA threshold standards expectations from higher education providers.
The Integrity Framework is a comprehensive approach developed by the OECD to help countries effectively manage integrity and prevent corruption in public organizations. It has three main pillars: instruments, processes, and structures. Instruments include ethics codes and conflict-of-interest policies to foster integrity, while processes involve planning, implementation, evaluation, and adaptation. Structures determine roles and coordination. The Framework also considers implementation factors inside and outside organizations that influence integrity. The OECD helps countries apply this Framework through a diagnostic "Checklist" tool to review integrity management solutions.
Get an overview of what compliance management means, the common categories of compliance in businesses as well as how software solutions can support your Organisational and Regulatory compliance journey.
To know more, visit corporater.com/compliance
The New Finmeccanica Compliance- Finmeccanica at Paris Air Show 2013Leonardo
Walter Vasselli, the Group Senior Compliance Officer at The New Finmeccanica, presented on the company's Compliance Program for business ethics and trade controls. The compliance program aims to prevent legal risks and liability for any violations through dedicated compliance units and coordinated activities across subsidiaries. It focuses on processes that could significantly impact the group, has clear interplay with other corporate units, and gives compliance officers authority at all levels. The compliance program establishes principles, systems, and standard processes to manage risks in high-impact legal areas like anti-corruption and trade controls. It also defines protocols for matters like consultant relations. Finmeccanica is making changes like new corporate body appointment rules and a risk management structure
This document discusses governance, risk, and compliance (GRC). It outlines various components of a GRC framework including a compliance quotient, risk index, risk intelligence, and governance and ethics module. It also describes GRC core metrics like achieving principled performance through integration, revolutionized assurance mapping, and collaboration between technology solutions and GRC strategy. Finally, it discusses a GRC maturity model and the impact of GRC like business continuity, regulatory compliance, and cybersecurity optimization.
Third Party Risk Management IntroductionNaveen Grover
On October 30, 2013 the Office of the Comptroller of the Currency (OCC) issued updated guidance on third-party risks and vendor management. The OCC's bulletin points out that its updated guidance replaces OCC Bulletin 2001-47, "Third-Party Relationships: Risk Management Principles," and OCC Advisory Letter 2000-9, "Third-Party Risk."
An analysis of the value of external studies to risk managers, and how to improve them
Once again during the last part of the year, academic institutions, consultancy firms, think-tanks and insurance companies are publishing studies on top risks. But what is the value of these studies to risk managers? The impact on the media and social networks surely justifies the marketing value for the organisations funding the reports. However, the impact on street-level risk managers is to be discussed.
1) The document discusses conducting a compliance risk assessment for IE Law School's Master's program in Global Corporate Compliance. It covers topics like why assessments are needed, what kinds of risks will be addressed, and what students will learn.
2) Different types of compliance risks are defined, including regulatory, criminal, internal, and ethical risks. The roles and responsibilities of the compliance officer are explored.
3) A case study example of assessing risks at Uber is presented and risks related to licenses, bribery laws, privacy laws, and employment laws are discussed.
This document discusses developing a culpability matrix for ethics investigations. It explains that misconduct comes in many forms with varying root causes, impacts, and levels of intent. A culpability matrix can help ensure consistent disciplinary actions that are appropriate to the type of misconduct. The key factors discussed for determining disciplinary actions are: the act of misconduct itself, the role of the subject, any motivations, behavioral aspects, and the organization's perspective. Consistent guidelines help ensure transparency and prevent arbitrary decision making, while still allowing flexibility. Organizations should structure disciplinary guidelines but also continue evolving them over time.
The document provides 5 steps for conducting better risk assessments, including adopting a root-cause approach to risk identification, standardizing a 1-10 assessment scale and criteria, linking risks to controls and strategic goals, and embedding risk management into everyday activities. It explains how prioritizing risks based on their root causes and using a consistent 1-10 scale allows organizations to better understand their top risks and prioritize mitigation activities. Following these best practices can help risk assessments add more value to businesses by providing transparent and actionable risk information.
Building-world-class-ethics-and-compliance-programs.pdfL. S.
This document discusses the key ingredients of a world-class ethics and compliance program. It identifies five key ingredients: Tone at the top, corporate culture, compliance risk assessments, the Chief Compliance Officer, and testing and monitoring. For tone at the top, it emphasizes that the board, CEO, and CCO play critical roles in setting the expectations and values that instill a culture of integrity throughout the organization. Corporate culture involves initiatives that contribute to an ethical and compliant culture. Compliance risk assessments identify and address the most significant risks facing the organization. The CCO oversees management of compliance risks on a daily basis. Testing and monitoring helps ensure controls are effective through implementation, testing, auditing and monitoring on a regular basis
Cerini & Associates | Compliance Information And RiskConrad
Boards need to establish appropriate policies, budgets, and controls and exhibit fiduciary responsibility that:
Are mission and priority driven
Promotes accuracy, integrity, compliance, and transparency
Promotes quality of service (and has a system to monitor and improve)
Builds confidence at all levels
Creates on-going viability and maximizes utility
Develops appropriate accountability
Ensures proper controls at all levels including the Board
Fosters education
Develops proper communication channels with internal and external sources (i.e. compliance officer, internal auditors, external auditors)
Performing a legal and compliance risk assessment. A Step-by-Step Implementation Guide-
Planning the Risk Assessment
Assessing and Prioritizing Risks
Improving Legal Risk Mitigation
Implementing, Documenting and Testing Compliance Controls Hernan HuwylerHernan Huwyler, MBA CPA
How to prioritize action plans and remediation activities to address assessed compliance risks: consolidation of risks, global/aggregated compliance risks, corporate and local initiatives, tips for monitoring action plans, updates and emerging compliance risks; examples of reports on action plans, roles for compliance risk management, synergies with internal audit and risk management, the use of assurance maps
How to make action plans workable: regulatory alerts, reporting of mitigation actions, how to promote the accountability for treating compliance risks, tracking and measuring the managing of compliance risks, tailoring compliance to deal with the most significant risks, control failures at design or compliance levels, tips for change management
How to document compliance and operational issues. Monitoring and testing techniques for compliance controls, sharing templates and compliance control matrix. Analytical testing to identify risks (e.g. adobe-average fees for anti-corruption controls, transaction splitting for anti-fraud controls).
Discussion case for testing SOX entity level controls related to compliance, sampling techniques in compliance audits, setting the materiality, identifying and documenting findings, testing the awareness of the code of conduct and crisis protocol, testing conflict of interests, testing access rights and segregation of duties (for fraud and privacy risks), testing the delegation of authority including for banks, testing anti-bribery and fraud controls, auditing the whistleblowing channel, the role of general computer controls in compliance
1) Enterprise risk management (ERM) and governance-risk-compliance (GRC) are approaches that have emerged in the past decade but there is no consensus on how they relate.
2) Currently, GRC is seen as a top-down process that sets risk requirements, while ERM identifies and reports on risks, but the document argues this view is flawed.
3) The document contends that ERM should drive risk assessment and response, informing governance and compliance, rather than the other way around. With ERM in charge of holistic risk management, conflicts can be reduced and risks better addressed.
The document introduces an OECD toolkit for assessing regulatory enforcement and inspections. It aims to build on previous OECD best practice principles and provide a simple tool to evaluate inspection systems or individual agencies. The toolkit contains 12 criteria corresponding to best practices covering policies, institutions, and tools. It requests evidence and suggests ratings on a scale. The document provides examples of key questions for each criterion. The overall goal is to test the toolkit in practice and conduct enforcement and inspection reviews of countries' systems.
The document discusses thematic compliance review mechanisms. It describes assessing emerging and prevalent risks, identifying stakeholders, conducting self-evaluations and benchmarking against peers. Key aspects of thematic compliance include regulatory surveillance, monitoring asset pools, financial promotions management, and market trends analysis. Metrics like stressed pool performance, unencumbered assets, and sustainable liquidity management are analyzed. Governance focuses on cybersecurity, collateral management, due diligence, risk profiling, and enterprise risk management.
This document summarizes a presentation on compliance frameworks. It defines a framework and its key components: policy, process, and people. It provides examples of policy documents, compliance manuals, checklists, and training. The presentation emphasizes establishing a tone at the top, following all applicable laws and regulations, implementing processes to ensure compliance, and defining roles and responsibilities. It also discusses issues like balancing business needs with compliance and the need for common definitions.
The SEC & FINRA released their priorities for 2016 examinations. Asset management firms need to review + update their policies, procedures and business activities to reflect both sets of priorities so they can strengthen business practices and prepare for potential exams.
Governance Risk and Compliance - in Higher Education - AustraliaMarissa McCauley
This is a short presentation on governance, risk and compliance in the higher education industry. It also highlights key TEQSA threshold standards expectations from higher education providers.
The Integrity Framework is a comprehensive approach developed by the OECD to help countries effectively manage integrity and prevent corruption in public organizations. It has three main pillars: instruments, processes, and structures. Instruments include ethics codes and conflict-of-interest policies to foster integrity, while processes involve planning, implementation, evaluation, and adaptation. Structures determine roles and coordination. The Framework also considers implementation factors inside and outside organizations that influence integrity. The OECD helps countries apply this Framework through a diagnostic "Checklist" tool to review integrity management solutions.
Get an overview of what compliance management means, the common categories of compliance in businesses as well as how software solutions can support your Organisational and Regulatory compliance journey.
To know more, visit corporater.com/compliance
The New Finmeccanica Compliance- Finmeccanica at Paris Air Show 2013Leonardo
Walter Vasselli, the Group Senior Compliance Officer at The New Finmeccanica, presented on the company's Compliance Program for business ethics and trade controls. The compliance program aims to prevent legal risks and liability for any violations through dedicated compliance units and coordinated activities across subsidiaries. It focuses on processes that could significantly impact the group, has clear interplay with other corporate units, and gives compliance officers authority at all levels. The compliance program establishes principles, systems, and standard processes to manage risks in high-impact legal areas like anti-corruption and trade controls. It also defines protocols for matters like consultant relations. Finmeccanica is making changes like new corporate body appointment rules and a risk management structure
This document discusses governance, risk, and compliance (GRC). It outlines various components of a GRC framework including a compliance quotient, risk index, risk intelligence, and governance and ethics module. It also describes GRC core metrics like achieving principled performance through integration, revolutionized assurance mapping, and collaboration between technology solutions and GRC strategy. Finally, it discusses a GRC maturity model and the impact of GRC like business continuity, regulatory compliance, and cybersecurity optimization.
Third Party Risk Management IntroductionNaveen Grover
On October 30, 2013 the Office of the Comptroller of the Currency (OCC) issued updated guidance on third-party risks and vendor management. The OCC's bulletin points out that its updated guidance replaces OCC Bulletin 2001-47, "Third-Party Relationships: Risk Management Principles," and OCC Advisory Letter 2000-9, "Third-Party Risk."
An analysis of the value of external studies to risk managers, and how to improve them
Once again during the last part of the year, academic institutions, consultancy firms, think-tanks and insurance companies are publishing studies on top risks. But what is the value of these studies to risk managers? The impact on the media and social networks surely justifies the marketing value for the organisations funding the reports. However, the impact on street-level risk managers is to be discussed.
1) The document discusses conducting a compliance risk assessment for IE Law School's Master's program in Global Corporate Compliance. It covers topics like why assessments are needed, what kinds of risks will be addressed, and what students will learn.
2) Different types of compliance risks are defined, including regulatory, criminal, internal, and ethical risks. The roles and responsibilities of the compliance officer are explored.
3) A case study example of assessing risks at Uber is presented and risks related to licenses, bribery laws, privacy laws, and employment laws are discussed.
Dokumen tersebut membahas sistem saraf pada manusia, yang terdiri atas sistem saraf pusat, sistem saraf tepi, dan sistem saraf tak sadar. Sistem saraf pusat meliputi otak besar, otak kecil, sumsum lanjutan, dan sumsum tulang belakang, yang berperan dalam mengontrol dan mengatur kerja seluruh jaringan saraf. Sistem saraf tepi menghubungkan sistem saraf pusat dengan organ tubuh, sedangkan sistem saraf
During WWII, African Americans and Japanese Americans faced discrimination but still served in the U.S. military with distinction. The Tuskegee Airmen were the first African American military pilots who overcame obstacles to complete over 1,500 successful missions in Europe and North Africa. The 442nd Regimental Combat Team, composed mostly of Japanese Americans, became the most decorated unit for its size despite their families facing internment; members proved their loyalty to the U.S. while rescuing the "Lost Battalion" at great cost. Navajo code talkers also served critically by transmitting messages in their native language that the enemy could not understand.
Ilmu Pengeahuan Alam Bab Sistem Koordinasi salsazull
Dokumen tersebut membahas sistem saraf pada manusia, yang terdiri atas sel saraf, sistem saraf pusat (otak besar, otak kecil, sumsum lanjutan, sumsum tulang belakang), sistem saraf tepi, dan sistem saraf tak sadar (simpatetik dan parasimpatetik). Sistem saraf pusat berperan mengontrol dan mengatur kerja jaringan saraf hingga sel saraf.
The document discusses using "Ticket Out the Door" as a formative assessment strategy in a history class. At the end of each class, students will be presented with a question related to the day's lesson and will have to answer it in a minimum of five sentences. This assessment helps students reflect on what they learned and allows the teacher to identify topics needing more attention or students falling behind. Sample questions provided will assess understanding of Jim Crow laws, the Tuskegee Airmen, Japanese internment, and the contributions of the 442nd Regimental Combat Team and Navajo Code Talkers during World War II.
Assurancebase Integrated Limited is a Nigerian company established in 2008 that provides non-destructive testing (NDT) services. It operates based on international quality standards and has a customer-centric approach. The company aims to provide total customer satisfaction through superior inspection, an experienced workforce, excellent after-sales support, and customized solutions. It offers various NDT services including inspection, calibration, quality management, and technical support. Assurancebase has completed over a dozen projects for clients in the oil and gas industry such as Addax Petroleum and Chevron Nigeria Limited.
Brian Johnson is seeking an entry-level position in construction, engineering, or mechanical fields. He has over 3 years of welding experience in high school and on various jobs. He also has 2 years of automotive training and experience in general construction projects since childhood. His resume lists his work history including positions as a ride operator, welder for multiple companies, bar staff, and drywaller/painter. He is willing to learn on the job and work hard.
Dokumen ini membahas sistem saraf manusia, termasuk sel saraf, bagian otak, dan sistem saraf pusat, tepi, dan tak sadar. Sistem saraf pusat terdiri atas otak besar, otak kecil, sumsum lanjutan dan sumsum tulang belakang yang mengatur kerja saraf. Sistem saraf tepi menghubungkan sistem saraf pusat dengan organ, terbagi atas somatis dan autonom. Sistem tak sadar terdiri atas simpatetik dan parasimpatetik yang
The document discusses several topics related to family relationships and adolescent development. It addresses how parents change during midlife, transformations in family relations as adolescents mature, different parenting styles and their effects, and how families are changing in modern society. Key factors that influence adolescent development include parental relationships, economic stress, divorce, remarriage, and parental employment. Overall, supportive family relationships promote healthier adolescent adjustment.
The document describes testing different variables of the Hach Arsenic Test Kit to determine its effectiveness in measuring arsenic concentrations in contaminated soil samples. Soil samples were contaminated with varying levels of arsenic from 1 to 1000 ppm. Testing different masses of soil (0.05g, 0.1g, etc.), concentrations, and reaction times, it was found that using 0.1g of soil and running the test for 45 minutes produced the most accurate and sensitive results up to 250 ppm arsenic. Below this concentration, the kit performed best, while higher concentrations were more difficult to measure precisely.
The document discusses the Project Management Body of Knowledge (PMBoK) which presents standard terminology and guidelines for project management. It is published by the Project Management Institute (PMI). The PMBoK consists of 47 processes grouped into 5 process groups and 10 knowledge areas. It also discusses the importance of stakeholder management, defining stakeholders as those impacted by a project, and the project manager's role in understanding stakeholder needs, addressing issues, and fostering engagement through communication.
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free downloadAlexei Sidorenko, CRMP
Risk appetite refers to an individual or organization’s willingness to take on risks in pursuit of potential returns. It is an important consideration for businesses, as it can determine the types of investments and strategic decisions they make. A high risk appetite may lead to a focus on high-growth, speculative investments, while a low risk appetite may result in a preference for more conservative, steady returns. It is important for businesses to carefully assess and manage their risk appetite in order to make informed decisions and achieve their financial goals.
But before beginning the conversation about risk appetite, it is important to remember that most non financial organizations have already documented their appetites for different common decisions or business activities. Segregation of duties, financing and deal limits, vendor selection criteria, credit limits, treasury limits on banks, investment criteria, zero tolerance to fraud or safety risks – are all examples of how organizations set risk appetite.
What is risk appetite:
10% of the time risk appetite is imposed by laws and regulations, not set – Often risk appetite is imposed by government, regulators, markets, not set by management. Examples include zero-tolerances or limits on safety, bribery and corruption, AML, pollution, sanctions, privacy.
10% of the time risk appetite is the gentlemen’s agreement between Board and management – Boards have an important oversight role and help them set the direction and boundaries for management decision making. Those management decision making boundaries is risk appetite. Examples include deal approvals only by Board above a certain limit, limits on holding percentage of cash in certain pre-approved banks, market risk limits, credit risk limits, insurance thresholds, rules on credit limits for certain types of customers, limits on investments in different countries, etc.
80% of the time risk appetite is the risk reward trade-off for a specific decision – The key is making uncertainty around decisions presented to the Board transparent to allow decision makers choose the alternative which offers the most appropriate risk reward balance according to their individual appetites.
Download the full guide to read about documenting risk appetite, reviewing risk appetite, case studies and examples and addition video resources: Guide to risk appetite 2023
The document discusses three major security compliance models - checklists, risk-based, and hybrid approaches. It analyzes examples of each: HIPAA uses a hybrid model combining checklists and risk-based guidance; PCI relies solely on checklists; and GLBA emphasizes a risk-based approach allowing flexibility for organizations. Regulators design compliance models based on objectives, goals and industry characteristics.
This presentation by Anna Pisarkiewicz (Research Fellow, EUI Centre for a Digital Society) was made during a discussion on Remedies and commitments in abuse cases at the 21st meeting of the OECD Global Forum on Competition on 2 December 2022. More papers and presentations on the topic can be found out at https://oe.cd/rcac.
This presentation was uploaded with the author’s consent.
Embedding compliance: how to integrate sarbanes-oxley in your projects3gamma
Internal controls are incredibly important to business operations but are often seen as something abstract and separate while they in fact should be part of business as usual and all ongoing development activities. Trying to resolve and remedy a lack of internal controls as a separate, post-event activity is not only risky – it’s also expensive. Control and assurance must be based on the business risk, be in line with external rules and regulations and be built in from the start.
RISK-ACADEMY’s guide on compliance risk in non-financial companies. Free down...Alexei Sidorenko, CRMP
Attention all risk management professionals! We are proud to announce the publication of our comprehensive guide to compliance risk management. This guide covers the latest industry best practices and provides practical advice for managing compliance risks in your organization. Whether you are new to the field or an experienced professional, this guide is designed to help you effectively identify, assess, and mitigate compliance risks.
Get your copy today and stay ahead of the game in the ever-evolving world of compliance risk management.
Your company is required to comply with laws within all the countries it operates in, the legal and regulatory requirements vary between different regions adding to the need to have the understanding and confidence in the risk management processes in place. Your company faces considerable uncertainty when making decisions and taking actions that may have significant compliance consequences. The management of compliance risks helps your company protect and increase its value.
This document provides guidance on the activities to be undertaken to support decision makers to assess and treat compliance risks efficiently and cost effectively to meet the expectations of a wide range of stakeholders. Failure to meet legal requirements and stakeholder expectations can have considerable and immediate negative consequences that could affect performance, reputation and might lead to criminal prosecution of top management.
Third Party Due Diligence - Know Your Third Party - EY IndiaErnst & Young
This document discusses key components of an effective third-party due diligence program to manage compliance risks. It recommends taking a risk-based approach, with varying levels (I, II, III) of investigation based on perceived risk. Level I involves open-source checks, Level II adds localized records searches and reference calls, and Level III includes on-site inspections. An effective program incorporates consistency, management oversight, objectivity, and reasonableness. Management should establish standards, provide oversight, and take appropriate actions. Due diligence procedures should be documented, centralized, and follow predictable rules to reduce ambiguity and demonstrate a fact-based, defensible process.
Cyber Security Program Realization in the Mid Market - Executive SummarySteve Leventhal
Mid-market firms comprise approximately one third of the US economy according to the U.S. Census Bureau. The purpose of this paper is to outline a logical, practical, and actionable approach to effective cyber security program realization in the mid-market ($100M - $3B in revenue).
Comments on insolvency frameworks for sub-national governments (Item4c)OECDtax
Presentation delivered during the 13th Annual Meeting of the OECD Network on Fiscal Relations Across Levels of Government, 23-24 November 2017, Paris, France.
NEMEA Compliance Center - the most powerful survey creation, management, and reporting solution available. It intuitively collects responses, writes, and produces standardized regulatory compliance reports. In fact, it even supports the use of many different standards at once. Our compliance software has a fully featured user-interface that lets you rapidly compare the laws and regulations that govern your industry and business.
A risk-based approach to segregation of duties (SoD) focuses on managing the greatest risks to the business from individuals having excessive access across business processes. The document outlines a five-phase approach: 1) Define sensitive business transactions and thresholds for SoD conflicts, 2) Map transactions to technical systems, 3) Test for SoD conflicts, 4) Remediate highest risks, and 5) Apply mitigating controls to remaining risks. This balanced approach manages but does not eliminate all risks of fraud or financial misstatement.
Financial regulators have issued an advisory to remind institutions to remind institutions of supervisory expectations regarding sound practices for managing interest rate risk. BankRisk from TriNovus can assisit financial institutions with this requirement. www.trinovus.com
This document discusses compliance programs that companies can implement to prevent anti-competitive practices. It outlines common features of effective compliance programs, including endorsement from senior management, clear policies and procedures, identification of responsibilities, training, controls, and evaluation. It also discusses trends in compliance among competition authorities in different jurisdictions, noting guidance and templates provided. Finally, it discusses international cooperation on compliance through UN principles for enterprises operating across borders.
The role of audit committees continues to expand to keep pace with the modern business operating environment. In addition to responsibility for a company’s financial reporting and management, audit committees increasingly take an active role in an organization’s risk management strategy.
Audit committees can be instrumental in helping their organizations implement procedures to address the challenges they face. They can also assist with addressing internal and external audit findings or with exploring best practices for addressing areas of operations that may be vulnerable to disruption or extraordinary risks.
Under the amended Heavy Vehicle National Law, all parties in the transport supply chain will have a primary duty to ensure safety. This includes eliminating risks and preventing breaches of transport laws. Authorities will have increased powers to investigate compliance with primary duties across the entire supply chain. Penalties for breaches of primary duties will be similar to workplace health and safety laws, with maximum fines of $3 million for corporations. The National Heavy Vehicle Regulator is developing guidance materials to help parties implement risk management practices and understand their chain of responsibility obligations.
2002’s Sarbanes-Oxley Act (SOX) led to the establishment of SOX 404 programs. Many, though, haven’t been updated since their inception, and don’t account for new developments in technology, business environment, and operating methods. What’s the first step in modernizing your SOX program? A SOX assessment can help you extract new value.
Conducting a Governance Audit April 11 2012 _finalBethune Whiston
This document provides an overview of conducting a governance audit for a pension plan. It discusses that a governance audit reviews a plan's documents, procedures, delegation of duties, investments, and documentation to ensure compliance with laws and best practices. The summary identifies that a governance audit serves to ensure legal compliance, improve administration, and preemptively identify and manage risks. It also covers what a governance audit typically involves and that it is generally conducted by an independent third party with governance experience.
Don’t let the title fool you. Establishing a comprehensive AML Program may involve “Five Steps” – but the steps are giant. We’ll break them down, but each area is time-consuming and takes a focused mindset.
We don’t suggest holding someone new to the AML profession solely responsible for implementing an AML Programme. Senior Management needs to understand that there are significant financial and reputational risk exposures if you have an underdeveloped AML Programme. Seek the input of an experienced advisor rather than trying to build a programme alone if you don’t have the experience.
Financial institutions often need to upgrade or replace their anti-money laundering (AML) systems due to increasing regulatory pressures, expanding products and services, and growing transaction volumes. Properly planning such an implementation is essential to avoid delays, overruns, and non-compliance. Key challenges include understanding regulatory expectations, allocating resources, and testing the new system. Successful planning requires comprehensive approaches like vetting vendors, implementing in phases, acquiring necessary data, and ensuring awareness and alignment across all relevant departments.
The Volcker Rule places limits on proprietary trading and investments in hedge funds and private equity funds by banking entities. It was approved in December 2013 and takes full effect in July 2015, though entities face various compliance requirements based on their size and activities. Larger entities must implement enhanced compliance programs involving metrics reporting, while smaller entities may only need to update existing policies. The rule presents a significant compliance challenge for banking entities as they prepare their implementation strategies.
Compliance, in general, means in compliance to a rule, such as a specification, policy, standard or law. Risk management is the identification, assessment, prioritization and mitigation of the effect that can be placed upon an organization.
1. 1
Canada’s Financial Consumer Protection
Framework Consultation
Submission by James Callon
Financial Sector Consultant;
Former Acting Commission; Deputy Commissioner
Financial Consumer Agency of Canada
February 28, 2014
This paper is provided in response to the initiative by the Minister of Finance to launch
public consultations on a series of questions and issues related to financial consumer
protection.
POSSIBLE ENHANCEMENTS TO EXISTING REGIME
Supervisory Powers for Accountability and Enforcement
To respond to some of these issues we should first consider why and what are we trying
to accomplish in regulating market conduct.
In establishing or reviewing any regulatory regime there are certain fundamental issues
which must be addressed:
Defining clearly the regulatory objectives / outcomes / mandate of the agency;
Identifying and evaluating the key risks that exist within the scope of the
mandate;
Determining the current level of risk tolerance by the government and setting
expectations out in writing.
Resourcing
2. 2
A. Clarity of Regulatory Objectives / Outcomes / Mandate:
The first requirement in the design of a regulatory framework is to be clear as to the
objectives / outcomes / mandate of the regulatory regime. This should be clearly stated
in the legislation, but if it is not, then it is essential to ensure there is a common
understanding among the regulator, the government and those being regulated. It
should be clear to as to what are the high level outcomes expected to be attained by the
regulatory regime.
B. Defining Risks:
With clarity of objectives, outcomes and mandate in mind, the next step is to consider
the risks that could create obstacles or barriers in terms of being able to carry out the
mandate, to meet the set objectives and to attain the expected outcomes. This will
require a thorough analysis of the legislative requirements placed upon the regulator
and the stakeholders; an understanding of the dynamics of the environment in which the
agency will carry out its work and an understanding of the corporate behaviour,
maturity, sophistication and attitude of the stakeholders that will be regulated.
With key risks having been identified, each risk should be evaluated based on several
criteria such as the likelihood that the risk could occur; the frequency that the risk could
occur; the potential magnitude of harm that would be caused; the type of harm caused;
whether one can rectify the harm done and to what degree and how quickly. An
assessment should also be made as to the degree to which the risk within one
stakeholder or compliance area could quickly spread and become a systemic risk, i.e.
contagion; and to what degree.
C. Risk Tolerance:
Another aspect of a framework design is to make a determination as to the degree of
tolerance that the government / public are willing to endure in terms of incidents of
regulatory failure or non-compliance. For example, for a prudential regulator, it must be
clear as to whether the objective of the government’s regulatory intervention is to
promote sound financial institutions which would limit the chance of failure; or is it “zero
3. 3
risk tolerance” whereby the regulator must prevent any chance of an institutional failure.
Clearly the choice will have a dramatic influence on the type of regulatory regime that a
regulator would create and of course impact the costs on the system.
There are very few regulatory regimes that are based on “zero risk tolerance” given the
costs of such a regime. Instead, most regulatory frameworks are founded upon some
level of risk based supervision whereby the regulator will assign it resources to the
areas that create the highest degree of risk based on the analysis of the criteria
previously described and then will normally apply a baseline level of supervision to the
areas of lowest risk. One can envision a regulatory ladder whereby as the risks
increase so too does the amount of supervision and the type of regulatory framework
that will be applied from a rules based framework to a less onerous principles based
framework.
D. Choices Of Regulatory Frameworks
There can be some confusion when labelling the type of a regulatory framework that is
applied as there are hybrid models that can consist of a fusion of models depending on
the range of risks that exist within the regulated community. However, the following are
the key types of regulatory frameworks that may be applied, that being Rules /
Prescriptive Based, Process Based, Performance / Standards Based and finally
Principles Based. The following order of presentation reflects the level of regulatory
burden from high to low and an example of where one might find each framework being
applied will be given.
i. Rules Based / Prescriptive Regulatory Framework
A Rules Based or Prescriptive Regulatory Framework is a framework which is focused
on addressing risks in the system by creating a book of rules that will prevent or mitigate
those risks. The rules or prescribed behaviours may originate from legislation, or from
detailed regulations or from the regulator who has established a complexity of binding
4. 4
rules. Therefore a jurisdiction can claim that the legislation / regulations are Principles
Based but then the regulator institutes a plethora of binding rules resulting essentially in
a Rules Based Framework.
Such a framework may leave very little discretion or flexibility to the regulated
community as it creates detailed rules that apply equally to all regulated firms both large
and small. The regulator will try to keep the rule book up to date to cover any gaps or to
anticipate new risks that may develop. In terms of oversight, this system assumes that
the regulator has the expertise to prescribe what is best for the sector.
Where a government has determined that there is zero tolerance of risk regarding
regulatory failure, the regulatory framework will need to be able to prevent or mitigate
each and every risk that may be evident in the regulated sector. This type of
environment would necessitate the development of an extensive rules based regulatory
framework with the objective of total control over the management and activities of the
regulated stakeholders.
ii. Principles Based Regulatory Framework
A Principles Based Regulatory Framework will set out high level expectations /
principles as to outcomes expected of the regulatory regime and the regulated
community. Under this framework stakeholders are provided with the responsibility of
determining the details as to how the organization will comply with the expectations /
principles set out by legislation, regulations and / or by the regulator.
A Principles Based Regulatory Framework sets down principles governing particular
areas of concern such as product disclosure, consumer rights and dispute resolution,
appropriate sales techniques, governance of the firm’s management, investments risks,
etc. The principles should set out compliance expectations rather than creating a
manual of detailed rules. In the context of statutory drafting, principles based regulation
means that the legislation will contain compliance requirements articulated at a high
5. 5
level of generality to allow maximum flexibility as to how the regulated community will
meet those principles.
It is argued that it is essential in this type of framework to provide the regulator with
sufficient legislative authority to issue guidelines and binding directions / rules so as to
allow the regulator to react in a timely fashion to issues of consistent non-compliance. If
such authority is granted, then it is equally important that the regulator manages its rule-
making authority through proactive guidance, emphasizing communication with industry,
exercising restraint creating detailed rules so that the framework can remain flexible and
outcome oriented.
The major risk under this framework is the reliance on the capabilities, maturity,
competency and resources of the regulated community to implement their own
compliance strategies and programs so as to ensure strong levels of compliance exist
within the firms.
iii. The Ideal Framework - Flexibility, Economy and Effectiveness:
Over the years there has been substantial criticism regarding various regulatory
frameworks around the world and probably in every regulated sector. In reaction to
these criticisms, governments often tend to respond by taking a range of tactics to
address the concerns including:
taking an arbitrary decision ordering all regulators to reduce the number of
regulations by a certain percentage or reducing regulations based on themes
such as reduction of paper burden on small business, or to remove regulatory
barriers that prevent competition, etc;
the establishment of a stricter process and tighter guidelines for assessing the
need for and the cost of proposed regulations or capping the number of
regulations with the one in one out system;
simply outsourcing responsibility of regulation to self-regulatory regimes;
reducing or merging overlapping regulatory regimes;
6. 6
sun-setting of regulations;
the adoption of what is considered to be a less burdensome framework such as a
“principles based” regulatory framework;
etc..
Criticisms of regulatory frameworks by various communities may cite an array of
concerns:
Regulatory burden has become too complex / costly for the capacity and
resources of the regulated community or certain members of the community such
as smaller enterprises.
Detailed and complex rules focus the regulated community’s attention on ticking
the box rather than ensuring that the overall intent of the regulation is respected.
Detailed rules that do not make sense to a firm may promotes evasive behaviour
by the firm that then focuses on trying to find regulatory gaps in the “stupid” rules
and or find ways around them.
A rules based framework often makes it difficult for senior management to be
engaged in carrying out its responsibilities given the lack of knowledge as to the
detailed requirements of the book of rules.
Given the complexities of today’s business, it is not realistic to expect that a
regulator can have up to date rules that will be able to govern each activity of a
financial institution.
Regulators often do not have the knowledge and expertise to stay ahead of the
market place in terms of product innovation, thus they slow down the introduction
of change.
Rule books have become so detailed that it is impossible to comply and it
becomes increasing difficult to train new staff to become proficient in the
application of all the rules and related jurisprudence.
Regulators have also been frustrated by the limitations of regulatory frameworks:
Often the rigidity of the law and regulations provides little flexibility to the
regulator in applying them within the context of a changing world. The fact that
7. 7
today’s financial world is spinning at such an accelerated pace is highlighting this
problem. Almost daily, new products or variations on existing products hit the
marketplace or financial institutions seek out new activities or new investments
vehicles. In such a dynamic world, detailed regulations that are focused
specifically on each type of product or service will not stand the test of time.
Legislation and regulations can quickly become dated, to the point where the law
cannot be applied as intended. When a financial institution offers a hybrid
product that combines the characteristics of two or three products and claims
that it is a new product not covered by existing regulations, how does a regulator
react when there is doubt regarding its jurisdiction? The regulator may either
engage in costly enforcement and litigation to hope to win or retreat to the
sidelines until there are amendments to provide clarity in the law or regulation.
There must be an understanding by the public and legislators as to the level of
risk tolerance upon which the framework was built. Regulatory frameworks are
rarely based on a “no risk” scenario, thus there must be tolerance of the fact that
there will be real risks of regulatory failures.
It must be understood that regulators are rarely resourced to respond to every
incident of non-compliance or every complaint by the public.
In summary of all these concerns, the key motivations for seeking regulatory reform
often are tied to the search for a framework that can offer flexibility, economy and
effectiveness:
Flexibility to conform to an array of circumstances and environments.
Economy in terms of simplifying a regulatory framework to the point of fully
meeting its mandate and mitigating risks, but at minimum costs on the
government, on industry and on the public. One does need to pay for a Porsche
if a Ford Escort will do.
Effectiveness in terms of the framework being able to effectively address
identified and developing risks at the level of risk tolerance that the government
has expressed as being acceptable.
8. 8
E. Moving to a Principles Based Regulatory Framework
Many firms recognize the opportunities that a Principles Based Regulatory Framework
presents by way of increased flexibility in complying with the law. However moving from
a rules / prescriptive based framework to outcome based or principle based framework
poses a multitude of challenges:
i. Challenges for the Regulated Community to Address:
Smaller firms will likely find that an outcome / principle based framework
actually places more regulatory burden upon them as they do not have the
capacity or resources to design and implement their own internal compliance
strategies and programs. Firms may feel that a principles base framework
simply transfers the workload from the regulator to the stakeholder as it
becomes the stakeholders’ responsibility to define, implement and audit
compliance strategies and programs in lieu of the regulator simply telling the
firms what to do.
Senior management and Boards of Directors must adapt; they must fully
appreciate their regulatory responsibilities in ensuring that the regulatory
principles / outcomes are attained.
Regulated firms will need to:
to adopt a more strategic approach to regulation and to develop the
capacity to interpret and enforce principles rather than detailed
regulations within their own operations;
ensure that their risk management, compliance and internal audit
functions are proactive in carrying out their responsibilities;
instill and promote a corporate culture of compliance that will set the
standards of behaviour and decision making with which they conduct
their activities;
ensure their staff have sufficient focus and understanding of their
responsibility for compliance and of the principles and the desired
outcomes;
9. 9
accept a high degree of uncertainty in terms of how a firm should to
comply with the principle correctly and be able to determine the best
course of action to take when in doubt and corrective actions will cost
millions to implement;
ensure proper documentation of decisions taken in line with the
defined principles and expected outcomes;
ensure proper compliance training for staff so that they too are in a
position to make key judgment calls.
Adopting a principles based approach to regulatory oversight has a number of
implications for the regulator:
ii. Challenges for the Regulator
A principles based approach to regulatory oversight requires a regulator to
assume high degree of trust and transparency between the regulator and the
firms being regulated;
Regulators must be proactive in communicating their expectations clearly
perhaps by issuing guidelines or best practices to stakeholders in order that
stakeholders can be fully educated and informed of the regulator’s focus;
Regulators need to strengthen stakeholders’ capacity to make proper
decisions in determining the best way to achieve compliance;
Regulators will always be worried by a principles based framework as it is
recognized that a key consideration for profit motivated businesses will be to
minimize the costs of compliance programs. As such, there will be
uncertainty as to the actual strength and rigor of the regulatory system as a
whole as there are no bonus points for firms that develop the best compliance
system in the sector;
Regulators will need the resources and authorities to be highly proactive and
demanding in their scrutiny of the design, the operation and the outcomes of
each firm’s compliance program.
10. 10
Regulators must be properly tooled to be able to educate, influence and
correct stakeholder conduct in a timely manner;
Regulators must respect the flexibility of principles-based regulation and not
institute major regulatory changes through its powers to issue burdensome
rules.
iii. Challenges for the Government
A government must be prepared to clearly understand the regulatory risks
and be engaged in determining the level of risk that it will accept as the
regulatory system moves to a trust based relationship with the regulated
community in a principles based framework;
Governments must not consider that the move towards a principles based
framework is simply a way to try and save money on the cost of the regulator
as a principles based system will still have substantial but different
requirements for a regulator;
A legislature moving to a principles based framework must also balance it
with the powers the regulator should be provided in order to implement rules
should it be necessary. Clearly the regulator will need a degree of power to
flesh out the intent of high level principles by issuing compliance guidelines
and as well as powers to implement and enforce binding rules. The challenge
is determining how much scope the legislature wants to provide to the
regulator regarding the interpretation of the principles and the powers to make
binding rules
F. General Observations About Frameworks
Over the past decade it had become very fashionable in the political and regulatory
community to claim to have a principles based regulatory framework as it seemed to
11. 11
denote a more modern approach with a lighter touch regime. This trend of pushing
towards a principles based regulatory framework could be interpreted as meaning that:
less regulatory burden had become a requirement despite the risks from the
regulated community;
there was strong trust of the regulated community to comply;
that governments felt they could limit or cut budgets of a regulator as the
regulated community could look after compliance themselves;
governments could cut regulations as principles and guidelines were enough
to protect the public interest;
moving away from the rule book would allow the regulated community to use
its creativity, innovation and flexibility in terms of how it could comply with the
principles;
perhaps that some regulators felt with all this rhetoric that they had to take a
back seat as hardnosed regulators were out of style and instead had to rely on
self-reporting, risk based analysis and integrity of the regulated firms;
perhaps appointments to regulatory positions seemed less demanding by
governments and appointments were not necessarily based on hiring the best
qualified.
In looking at the three foreign jurisdictions that suffered the worst in the financial crisis,
the UK, the US, and Ireland, two of the three jurisdictions claimed to be principles based
while the US is considered more rules based. In reviewing the finding of various reports
that focused on trying to fix blame for the financial crisis, it does not appear that one
type of regulatory framework withstood the crisis any better than another, e.g. rules
based versus principles based. Instead, concerns were raised more about the attitude
of the regulator and the developing regulatory complexities and voids. There seemed to
be focus in each of the three countries on a few key areas of concern:
the behavior or culture of the regulators in terms of being proactive and rigorous
in their interventions and enforcement;
whether the regulators had a proper level of resources and tools required; and
12. 12
limited regulatory scopes, regulatory gaps and overlaps in terms of mandates,
objectives and in defining the responsibility for the macro-vision of the financial
sector.
The regulatory systems appear to have been lulled into a false sense of security with
the use of principles as well as alleged improvements to corporate governance. A
regulator should not be seen as taking a back seat in any regulatory framework given
the constant change in risks and people within the regulated community.
Regardless of whether the framework uses rules or principles, the lessons learned from
the financial crisis are simple; governments must:
demand a high level of professionalism from its regulatory personnel;
expect proactive oversight of the framework;
provide proper resources; and
provide sufficient authorities and discretion to address not only current risks but
to be able to identify and respond to the risks to come.
A framework should not be pigeon holed as rules based or principles based as
elements of both types are required to make the financial system work effectively and
responsibly. It should be a combination of guiding principles that then allows for action
by regulator to proceed up the regulatory ladder with progressive steps offering
guidance, then directives, then rules and then enforcement and punishment.
G. New Standards Of Consumer Protection Mandates
The new standards of consumer protection mandates being discussed and
implemented in the major economies represents a wave of change with respect
to how market conduct regulators will regulate sellers of financial products and
services. The United States has created a new agency that will consolidate
regulatory oversight for financial market conduct, is funded with more than half
billion dollars and has powers for proactive market intervention.
13. 13
The UK is splitting out market conduct into a separate organization with a clear
consumer focus. The new agency is also being given an aggressive mandate
that includes proactive market intervention powers.
Although Ireland is not splitting out the market conduct supervision from the
Central Bank, it has given the branch an aggressive mandate that includes
proactive market intervention powers.
The Australians were less impacted by the financial crisis but the government
has still been proactive in reviewing the risks in the marketplace and revising the
mandate of the Australian Securities and Investments Commission. ASIC will
now license and regulate the retail credit granting market and has been given an
aggressive mandate that sets standards and includes market intervention
powers.
In one of many responses to the financial crisis, the Financial Stability Board (FSB)
issued a report entitled, Consumer Finance Protection with particular focus on credit,
October, 2011. It states clearly that:
In the wake of the global financial crisis, national and international efforts to
strengthen consumer protection policies have intensified in order to promote
financial stability. As the crisis showed, the effects of irresponsible lending
practices can be transmitted globally through the sale of securitized risk,
particularly mortgages which are by far the largest single credit for many
consumers. (page 1 of FSB report)
It is interesting to note the vocabulary in the Report as it refers to strengthening
consumer protection when in fact the only objective of this renewed interest in how
consumer products are sold is entirely related to promoting financial stability - not really
the protection of the consumer. The FSB report also put forward three
recommendations to enhance consumer finance protection. They are:
14. 14
1. Call upon an international organisation of regulators to take the lead on
global financial consumer protection efforts.
- To help maintain the international momentum on consumer protection;
strengthen the connection with domestic developments; facilitate
engagement with consumer advocacy groups and other stakeholders;
and steer the work in a productive direction.
2. Launch work on institutional arrangements and, if appropriate, develop best
practices to guide institutional reform.
- Make sure consumer protection authorities have the authority,
capabilities, tools and resources to effectively and efficiently regulate and
supervise the consumer finance market.
3. Strengthen supervisory tools by identifying gaps and weaknesses by:
(i) establishing indicators of unsuitable product features;
(ii) aligning and disclosing incentive compensation arrangements
(iii) evaluating the benefits of offering consumers and providers with
benchmarks for financial products that can be used safely by a wide variety
of unsophisticated users. (page 2 of FSB report)
H. Implications For Canada
Currently, federal and provincial regulators operate in a passive / reactive mode when it
comes to consumer protection and product development and suitability. Given that
companies have broad discretion to create many financial products and market them
15. 15
without government approvals, regulators tend to wait to determine if problems arise.
Canadian regulators will then address product shortcomings through education material
given limited authority to intervene in the marketplace. Early intervention in product
development would certainly mean that Canadian market conduct regulators would
have to adapt their approach to compliance monitoring.
It would be a significant change for the Financial Consumer Agency of Canada (FCAC)
to move to a proactive role (almost a consumer advocacy role) of intervention when
inappropriate products are marketed or promoting better business practices such as
setting criteria for credit assessments performed by credit granters.
The oversight for consumer affordability assessments on credit granting by federally
regulated financial institutions could fall under the mandate of the FCAC and could take
the form of a code of conduct which the FCAC could monitor as proactively promoting
best practices for assessments. Clearly this would be a complex process to adopt
criteria for assessment for the full range of credit products. While FCAC could publish
guidelines for credit products it would be difficult to monitor compliance given the
amount of credit being provided outside the scope of federal jurisdiction.
It will be important for FCAC to monitor the progress of the Irish Central Bank and other
jurisdictions that have moved to a more interventionist supervisory model to determine
whether the increased oversight has positive outcomes for consumers. That being said,
there still is merit in exploring moving forward more quickly on affordability assessments
for credit products to protect consumers from over-indebtedness.
16. 16
I. Need For Changes To The FCAC Mandate?
The track records of poor market conduct and unethical corporate behaviour
experienced in the United States, the UK and Ireland are substantially different than
what has been experienced in Canada and Australia. However, even though Australia
did not experience these difficulties, the government has still implemented a very strong
regulatory response but remained focused on controlling the sale and allocation of
consumer credit. It has launched an extensive licensing and qualification program
required of firms that provide credit to consumer including retail businesses.
Like the experience of Australia, Canada did not see the same level of irresponsible
behaviour by its financial institutions as in the US, UK or Ireland. But it may still be time
for Canada to consider whether there is a need to proactively review the mandate of the
FCAC to respond to market stability concerns as well as pressures for new tough
international standards for a more interventionist approach to protect the marketplace.
Canada was a leader in the world when it set up the FCAC in 2001 with its financial
education and compliance mandate….but the world has changed. Therefore after more
than 10 years of operation it is timely to review its mandate.
J. Recommendations
The following improvements are seen as minimum mandate changes that should be
made to make the FCAC more effective in its role within the current environment.
The Australian approach appears to be most relevant to Canada’s situation whereby its
industry has for the most part acted responsibly over the past years with respect to both
prudential and market conduct matters. The government still decided to put a stronger
regulatory framework in place but focused on the major risk to financial stability, that
being the provision of consumer credit products. The powers of the regulator have also
been bolstered substantially but the assumption is that they will be applied only as
17. 17
necessary and there appears to be full trust by the government that the regulator will
apply these powers in a responsible manner.
There is not sufficient justification for giving the FCAC the powers to intervene and
screen financial products and services before they are marketed and sold. However to
offset the regulatory risks and gaps, FCAC does need certain powers to act quickly and
effectively to address risk to consumers and the harm being done to the marketplace.
Therefore the following recommendations are made with the objective of strengthening
FCAC’s regulatory framework and certain aspects of financial consumer protection.
Establish Overriding Legislated Principles
The Government should determine key principles of market conduct behaviour
expected of the stakeholders in carrying out their business and of the regulator.
These principles would guide the industry in terms of expected behaviour
especially when the technicalities of the law do not cover or adequately address
consumer protection matters related to new products and services or changes to
existing ones that are being introduced into the marketplace. Violating these
principles would constitute a contravention and be subject to FCAC’s AMP
regime.
Research
To allow the FCAC to be more effective in its oversight role, it should be
mandated to become the research body for analyzing financial consumer trends
and consumer protection issues. This will put the FCAC in a better position to
identify and anticipate future market conduct risks. The FCAC would share the
research publicly. The Department of Finance would use the research to
determine if any policy issues are evident. The scope of research would not be
limited to the federal financial sector as issues like consumer credit granting goes
beyond federally regulated institutions.
18. 18
Promoting Literacy
The Government should follow through with its promises. Provide FCAC with the
clear mandate to provide leadership on promoting financial literacy and allowing
it to increase its public profile and awareness of its work. There is no point
spending millions of dollars on literacy if no one knows about it.
Improving Government Services to the public
When Government departments are providing lump sum payments and benefits
to Canadians who often are vulnerable Canadians, the departments should be
required to partner with the FCAC regarding the provision of financial information
and advice to Canadians who will be the recipients of the funds.
Issuance of Compliance Guidelines
The Government should confirm in FCAC’s mandate, the Agency’s responsibility
to be proactive in promoting and recommending industry best practices. The
regulated community should understand that the FCAC has the jurisdiction to
interpret the law and regulations in order to address unacceptable inconsistency
in industry compliance and marketplace practices.
Issuing Binding Directions
The FCAC should be provided the authority to issue binding and enforceable
directions to an individual company to address compliance deficiencies. FCAC
should be required to publicly post each directive that it issues. Violating a
directive would constitute a contravention and be subject to FCAC’s
Administrative Penalty Regime.
Issuing Binding Rules
The FCAC should be given the authority put into place industry wide rules that
are enforceable as regulations and to which the AMP scheme would apply. The
rules would be used to respond quickly to risks that emerge in the marketplace
caused by banks not meeting appropriate standards for existing and new
19. 19
products and services.
Clearly this requires trust by the government and the regulated community that
the regulator will act responsibly. It is feasible that the rules proposed by FCAC
could be pre-approved by the Minister as a check and balance within the
framework and provides accountability.
Oversight of ADR Service
FCAC should be mandated to have audits regarding the awareness,
effectiveness and timelines of the bank’s internal complaint procedures and its
approved external ADR services. FCAC would post its audit results publicly and
would have the authority to issue a directive to correct deficiencies.
Improved Redress Process
FCAC should have the authority to issue enforceable order to banks found guilty
of non-compliance and to provide consumer refunds in cases where there the
amount of financial harm done is clear. For non-compliance cases when the type
of redress is more complex than a simple refund, the matter is then referred by
FCAC to the bank’s external ADR services. FCAC should then be able to share
its investigation findings with the ADR service to speed up the redress process.
Consumer debt
Banks should be required to carrying out a Suitability and Affordability Test (SAT)
as set in regulation. FCAC should be mandated to audit credit granting practices
for compliance with the SAT. Where a bank has been found to be non-complaint
with applying the SAT, the ADR service should be empowered to apply redress
up to and including the right to revoke the bank’s right to collect on the loan.
FCAC should be mandated to act as a public advocate promoting responsible
use of credit by consumers by improving consumer guidance / profiles on
appropriate consumer debt loads; by providing advice on the use of the
20. 20
appropriate credit products based on the types of consumer needs; and by
publicly reporting on consumer debt management issues including highlights of
consumer insolvency and bankruptcy trends.
There are many more aspects of FCAC’s mandate that could be expanded to make the
marketplace even more secure, but for the sake applying a reasonable risk based
approach to its regulatory framework; I have limited the recommendations to essential
areas of consumer protection.
Q. Applying A Principles Based Regime To Financial Consumer
Protection
Despite the fact there is an abundance of detailed regulations under the Bank Act to
help protect consumers, there is no guidance / principles that could be readily applied to
the issuing of any new product or service that does not fit neatly under any particular set
of regulations. Given amount of the time needed to justify the need for more regulations
and then for the government to actually react leaves a large void in the marketplace.
An example is the amount of time it took to have regulation in place dealing with
principle-protected investments, almost 5 years where the federal marketplace was
without any consumer protection standards. Having legislated principles with the
authority being given to the regulator to issues rules would close that void during which
it becomes an era of “consumer beware”.
Therefore there should set out sound high level principles regarding behavior by banks
in terms of the types of products and services that are presently or in the future may be
sold. The objective is simple no matter what the product t or service may be: when
selling a product or service to a consumer, the consumer must be informed of their
rights, their options, the costs, the risks, the obligations and the terms and it must be
done in plain and simple language.
21. 21
Principles should not be set out only by type of product / service but should focus on the
activities related to the sale of the products and services:
• Effective disclosure;
• Effective and adequate notices of change of fees, service levels or contract
changes to conditions;
• Integrity in assuring product suitability especially in selling debt products
• Competent and qualified sales professional
• Effective, unbiased and timely redress mechanisms
• Truth in marketing and advertising
• Conflicts of interest;
• etc.