Leveraging on Compliance Risk Management to Create Value

Leveraging on Compliance Risk
Management to Create Value

Eneni Oduwole
April 10, 2013

Outline

 Introduction

 Risk-based Approach

 Functions of a Compliance Department

 Roles of the Board and Management

 Internal and External Drivers

 Risks and Consequences for Non-Compliance

 Required Measures

 Developing an Effective Programme

 Integrating Compliance with ERM

FITC Compliance Risk Mgt Workshop - April 2013

What is Compliance?

 According to the International Compliance Association, the term Compliance describes the
ability to act according to an order, set of rules or request. In business, it operates at two
levels:
 Level 1: Compliance with the external rules that are imposed upon an organisation as a whole
 Level 2: Compliance with internal systems of control that are imposed to achieve compliance with
the externally imposed rules

 Investorwords.com describes it as “The state of being in accordance with the relevant
Federal or regional authorities and their requirements.”

 In summary, Compliance describes the act of adhering to a pre-determined set of rules
whether they are internal policies and procedures or externally driven statutory or
regulatory guidelines and rules. Compliance also assures that best practices are upheld in
the organization

 Compliance Risk is defined as the current and prospective risk to earnings or capital arising
from violations of or non-conformance with set rules and regulations, best practices,
internal policies, and ethical standards. Compliance Risk also arises where the laws
governing products or services offered by the organization are vague or untested


Risk-based Compliance Approach

 Enables expedient deployment of resources to specific / required areas

 Puts in place steps for identifying and assessing compliance risk exposures

 Ensures the application of appropriate compliance measures for controlling related
risks

Benefits:
 Tailored compliance strategies for effectively dealing with key compliance risks
 Efficiency gains; improved compliance adherence outcomes
 Reduced financial losses
 Greater business support for compliance – risk management processes by business


Functions of a Compliance Department

 Identification of Related Risks: recognize regulatory risk exposures in an
organisation and advise accordingly
 Awareness: Establish and communicate the organization’s compliance policy
to ensure that it is observed
 Monitoring and Detection: continuously review and report on the
effectiveness of controls put in place to assure effective Compliance Risk
Management
 Prevention: ensure design and implementation of controls that would
protect an organisation from Compliance Risk exposures
 Resolution: have strategies in place to ensure timely management and
redress of Compliance Risk exposures as they crystallize or are identified
 Consultation: provide advice to the Board and Management of the
organization on new trends, risks identified and controls required

Roles and Responsibilities of the Board and Mgt in
Regulatory Compliance

The Board Management
 Oversight function over all compliance • Ensures the execution and adherence
functions in the Bank to the Compliance Policy stipulations

 Reviews Compliance reports • Ensures a centrally controlled
periodically at Board meetings to Compliance function led by a Chief
ensure that the organization complies Compliance Officer exists to manage
with all regulatory and internal compliance exposures organization
procedures
wide

 Ensures that the provisions of the • Provides sufficient resources and
organization’s Compliance policy is ensures that compliance functions are
strictly adhered to properly carried out, staff are
adequately trained, and the periodic
audit on the compliance function and
framework conducted


What drives Compliance Exposure Internally and
Externally?

Internal Policies
 These ensure that all staff comply with the organization’s internal rules and
regulations that govern its business model, corporate objectives, ethical
standards, Code of Corporate Governance and the Code of Professional
Conduct
 The Chief Compliance Officer should monitor the development and
implementation of these policies and ensure consistency with regulatory and
legal stipulations; the Compliance Group in liaison with Management should
ensure that no regulatory guideline is violated or breached in the
implementation of its internal policies and procedures
 Corporate Governance should be ensured in the development and
implementation of internal policies, and all Members of staff should comply
with all internal policies


Externally? (cont’d)

Laws and Regulatory Guidelines
 The Compliance function advises and monitors adherence with all legal,
statutory, regulatory guidelines affecting the organization by ensuring
transparent practices fashioned along local / international regulatory
standards, and global best control practices are upheld
 Compliance with the Code of Corporate Governance issued by key local
regulators (such as the Securities and Exchange Commission , the Central
Bank of Nigeria) and globally accepted standards such as Sarbanes Oxley
should be taken into consideration in drafting policies and procedures of the
organization
 The Compliance function should ensure that all stakeholders are aware and
adhere to local and international regulatory requirements; it is important
that policies are drafted in line with relevant local regulations in all
jurisdictions where the organization is operational


Laws and Regulatory Guidelines (cont’d)
 The guidelines of the key regulators in the home country of the organizations
must be upheld at all times

 Periodical review and update of all laws, policies and regulations affecting the
organization should be ensured

 Compliance levels organization-wide should be ascertained, and staff notified
of new and revised policies and laws



Rendition of Returns
 All regulatory and statutory returns and reports should be rendered to
regulators and law enforcement agencies as and when due to improve the
organization’s rating by regulators and minimize sanctions and penalties
against the organisation

 Maintaining a tracking system that would ensure timely and correct
rendition of returns is required

 Business areas that breach the stipulated timelines should be appropriately
sanctioned to ensure that the discipline required is inculcated organization-
wide



Relationship Management
 The Compliance function ensures timely and satisfactory responses are
provided to regulatory enquiries in compliance with the laws and regulatory
requirements

 It liaises with external regulators and law enforcement agencies on its
compliance responsibilities by maintaining an open, honest and transparent
relationship with these authorities


Risks and Consequences for Non-Compliance

 Sanctions and penalties

 Increased customer complaints

 Costly errors made by the organization

 Financial losses / Increased expenses

 Poor rating by External Auditors, Regulators and Rating Agencies

 Loss of licence


Required Compliance Measures

 Advice – Agencies respond to direct requests for advice or proactively make
contact with people or businesses to inform them of their obligations

 Guidance material – These materials made available on agency websites or
through pamphlets to explain requirements

 Education campaigns – Agencies advertise to inform people and businesses
about laws to persuade them to comply; these campaigns usually explain the
reasons why regulations are in place or the negative impacts of non-
compliance

 Warnings or cautions – A person or business is warned or cautioned that
they have not complied with regulatory requirements and that they may be
penalised for this


Required Compliance Measures (cont’d)

 Monitoring measures (data collection, auditing and inspection) – Data
collection from people and businesses for regulatory compliance purposes;
Auditing / spot checks of the regulatory compliance records of people and
businesses; Inspection of the activities of people or business to check
compliance with the regulations

 Publication of names of offenders – Review details of people or businesses
that have breached regulations

 Enforceable undertakings – After a requirement is breached, some agencies
accept undertakings from non-compliers to do certain things to remedy
breaches; penalties exist for failure to comply



 Improvement notices – An agency requires a person or business to comply
with a requirement within a specified time frame with a failure to do so
resulting in a penalty

 Prohibition notices – An agency requires a person or business to stop an
activity where a regulatory breach has occurred; the activity can continue
when the breach has been remedied

 Penalty notices – An ‘on the spot fine’ is given for a breach of a regulatory
requirement; the person or business is required to pay or elect to challenge it
in court

 Civil pecuniary penalties – A right created under legislation for a person or
business to claim compensation from another party for a regulatory breach



 Injunctions – A court order that stops a person or business from continuing
to do a particular thing after a regulatory breach

 Negative licences – The person is restricted from undertaking an activity that
otherwise requires no authorisation

 Action against licences/accreditation/certification – The authorisation of a
person or business to undertake an activity is restricted or withdrawn after a
failure to comply with the conditions of the authorisation

 Criminal prosecution – Legal proceedings are brought by the agency against
a person or business because the law has been broken; a decision to
prosecute is made when it is considered to be in the public interest; a range
of very serious penalties can be given to a person found guilty of a criminal
offence including large fines and imprisonment


Developing an Effective Compliance Programme

• Describe the meaning of compliance for your organisation and its response to
its relevant demands

• Know what drives your compliance exposure both locally and abroad;
internally and externally

• Identify the risks and consequences of non-compliance on the continued
existence of your organization

• Appreciate and demonstrate in simple understandable ways, the
relationship between corporate governance, risk management and
compliance (GRC)


Developing an Effective Compliance Programme
(cont’d)

• Ensure delineation of the roles and responsibilities of the Board of Directors
and Management in managing Compliance Risk

• Understand the implications of regulatory guidelines for corporate
accountability and ethical behaviour

• Develop an effective fit-for-purpose compliance

• Ensure full integration of the organization’s ERM in optimising relevant
structures and procedures for both compliance and proactive risk
management


Integrating Compliance with ERM

 Largely driven by IT Compliance strategies

 Ensure that ERM systems have modules for monitoring compliance with
internal and external policies

 IT Governance strategies should take into consideration procedures that
drive and monitor Compliance risks organization-wide

 IT should drive the integration of Governance, ERM and Compliance for
optimal output and value add from these three key elements of business
management to the success of the organization

 Assures proactive and holistic risk management


Integrating Compliance with ERM
for Proactive Risk Management


“The fact was that I was not a master of my actions, because
I was not so insane as to attempt to bend events to conform
to my policies. On the contrary, I bent my policies to accord
with the unforeseen shape of events” – Napoleon Bonaparte

“YOU CANNOT ALLOW ANY OF YOUR PEOPLE TO
AVOID THE BRUTAL FACTS. IF THEY START LIVING
IN A DREAM WORLD, IT’S GOING TO BE BAD.” -
GENERAL JAMES “MAD DOG” MATTISS

References

 www.grc-resource.com
 www.betterregulation.nsw.gov.au

Thank You...
Contact Details
eneni.oduwole@gtbank.com
enenioduwole@yahoo.co.uk


Leveraging on Compliance Risk Management to Create Value

More Related Content

What's hot

Viewers also liked

Similar to Leveraging on Compliance Risk Management to Create Value

More from Eneni Oduwole

Recently uploaded

Leveraging on Compliance Risk Management to Create Value