Embedding Compliance III CPD Lunchtime Lecture - PowerPoint PPT Presentation


PPT – Embedding Compliance III CPD Lunchtime Lecture PowerPoint presentation | free to view - id: 237406-YjQ5Y


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Embedding Compliance III CPD Lunchtime Lecture


... of treating compliance as a box to tick when the business of the day is done. ... The tools most frequently used to promote a strong compliance culture are ... – PowerPoint PPT presentation

Number of Views:91
Avg rating:3.0/5.0
Slides: 55
Provided by: insurance


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Embedding Compliance III CPD Lunchtime Lecture

Embedding ComplianceIII CPD Lunchtime Lecture
Clive Kelly 3rd December 2009
  • What is Compliance/Role?
  • Regulator/Commentator Views
  • How to?
  • FR Role/Expectations
  • Conclusion

  • What is Compliance/Role?
  • Regulator/Commentator Views
  • How to?
  • FR Role/Expectations
  • Conclusion

IFR on Compliance
  • The appointment of a Compliance Officer is
    designed to supplement, not supplant, the
    responsibility of the Board of Directors and of
    senior management to ensure compliance with
    legislation and applicable requirements.
  • An authorised undertaking must appoint an
    individual to act as Compliance Officer.
    Reflecting the size and complexity of some
    undertakings, the Compliance Officer may
    simultaneously hold other offices within a
    company (e.g. Company Secretary, General Manager
    etc). In appropriate circumstances, a single
    individual could also be a Compliance Officer for
    more than one undertaking (e.g. in the case of
    captives managed by the same management company).
  • 8.1 Functions of Compliance Officer
  • The functions of the Compliance Officer must
    encompass the following tasks
  • To ensure the undertaking is kept up to date with
    the Financial Regulators compliance standards
  • To obtain the approval of the Board of Directors
    for a policy statement on compliance with
    applicable regulations, with the requirements of
    the Financial Regulator and with any other
    applicable legislation
  • To monitor the implementation of compliance and
    to report periodically to the senior management
    and to the Board of Directors thereon
  • To review products, procedures and systems on a
    planned basis from the viewpoint of effective
    compliance and to advise as to steps necessary to
    ensure compliance
  • To monitor anti-money laundering policies and
    procedures for effectiveness and ensure any
    suspicions are reported to the relevant
    authorities and
  • To review staff training processes so as to
    ensure appropriate compliance competencies.

  • Assurance Provider means any party providing
    Assurance, such as Management, Compliance, Risk
    Management, Audit and supported by Legal.
  • Assurance means
  • confidence,
  • based on sufficient evidence,
  • that objectives are being achieved,
  • risks are identified and appropriately managed
  • that internal controls are in place and operating
  • Role of Compliance To provide Assurance to the
    Chief Executive Officer and the Board that the
    company is managing the compliance risks arising
    from the key external requirements with direct
    impact of non-compliance that fall within the
    functions scope.

Assurance Delivery
  • three lines of defence model comprising of
    Management in the first line, Risk management and
    Compliance in the second and independent
    assurance i.e. Internal and External audit in the
    third line.

Compliance Framework
Compliance Function
compliance responsibility Board (overall)
Management (day-to-day sets the
tone) Staff (operationally)
Compliance Program
  • The Compliance Program consists of the following
    activities and drivers
  • a) Promote a Culture of Compliance
  • The Compliance function supports the entity and
    its management to promote and embed a culture of
    compliance and ethics within the entity.
  • b) Perform Compliance Risk Assessments
  • The Compliance function produces an annual
    Compliance Risk Assessment.
  • c) Establish a Compliance Plan
  • The Compliance function develops a risk-based
    annual Compliance Plan, based on the Compliance
    Risk Assessment.
  • d) Identify External Requirements and Trends
  • The Compliance function should drive the tracking
    and analysis of significant legal and regulatory
  • e) Issue Policies and provide Guidance
  • The Compliance function determines the need for
    new or revised compliance policies and supporting

Compliance Program
  • The Compliance Program consists of the following
    activities and drivers
  • f) Provide Business Advice
  • The Compliance function acts as a business
    partner by providing strategic, transactional and
    day-to-day compliance advice and direction. This
    includes providing interpretation and judgment in
    respect of business practices and applicable
    rules within its scope.
  • g) Training and Communications
  • The Compliance function proactively drives and
    supports the delivery of appropriate compliance
    training and communication activities within the
  • h) Compliance Monitoring and Oversight
  • The Compliance function performs risk-based
    Compliance Monitoring, including Compliance
    Reviews to identify potential compliance issues
    on a timely basis and in order to provide
    compliance risk assurance to management.
  • i) Reporting, Analysis and Remediation
  • The Compliance function analyses identified
    compliance risks, issues and ongoing remediation
    efforts and reports on them to the respective
    Audit Committees and management bodies.

Legal and Regulatory Risks
Solvency Risk / Capital Management / Actuarial
Stock Exchange Requirements Legal
Prudential Supervision Finance
Tax Law/RegulationFinance
Adequate FinancialDisclosuresFinance
Compliance Risk Universe
Market Abuse
Conduct of Business
Financial Crime
  • Product Design
  • Product Marketing
  • Product Suitability
  • Sales and Intermediaries
  • Complaints handling
  • Customer Anti-Discrimination
  • Customer Privacy
  • Insider Dealing
  • Anti-Trust / Competition Laws
  • Conflict of Interest
  • Anti-Money Laundering
  • Anti-Terrorist Financing
  • AML Surveillance
  • Client Intermediary Due Diligence
  • Trade Economic Sanctions
  • Internal Restrictions
  • Misappropriation of Data
  • Anti-Bribery / -Corruption
  • Entities
  • Products

Data Management
Regulatory Relationship
  • Data Protection
  • Record Retention
  • Periodic Filing
  • Examinations /Visits

Corporate Governance LegislationLegal
Accounting Standards RequirementsFinance
Health Safety RegulationsHR
  • What is Compliance/Role?
  • Regulator/Commentator Views
  • How to?
  • FR Role/Expectations
  • Conclusion

Some Views/Quotes
  • Compliance is a key component of a successful
    business, an integral part of good business
    conduct and important in projecting standards of
    excellence and unparalleled ethics to its clients
    and the market in general. CITIGROUP ASSET
    MANAGEMENT, Compliance Department Statement
  • Compliance is one of the main repositories of the
    conscience of a financial services business - the
    guardian of an institutions soul and ethics. The
    compliance function strengthens the principles of
    conducting business in accordance with all
    applicable law, rules, codes and standards
    required by regulators, respecting the principles
    of integrity and fair dealing at all times, which
    is essential. Good compliance can enhance
    reputation through improved services and
    efficient implementation of new business
  • The key challenge for all institutions is to
    develop a culture within their organisations that
    fosters compliance and high ethical standards.
  • Former CEO Irish Financial Regulator.

Lip Service
  • But the suspicion remains that changes to
    boardroom structures and composition are ones of
    process, not substance. When survey respondents
    were asked which areas were the critical
    priorities for board members, an issue of process
    ensuring adequate internal controls came out
    well on top. This hierarchy may accurately
    reflect the regulatory pressures under which many
    companies are operating but the broader
    responsibilities of the board risk being
    neglected as a result. Good governance is not
    just about turning boards into a high-level
    Compliance function - nor is it about investing
    in the actual Compliance function.
  • Too many financial institutions around the world
    are still stuck on the idea that the best way to
    improve standards of governance is to ensure that
    employees are complying with the letter, but not
    necessarily the spirit, of the law.
  • Too often financial institutions have fallen into
    the trap of treating compliance as a box to tick
    when the business of the day is done. What they
    need to do, he says, is think of compliance less
    as a function and more as an institutional state
    of mind, helping firms to anticipate risk as well
    as avoid it.

Compliance Gap
  • Behaviour that may be legally defensible can
    still damage the reputation of the business.
  • What is regarded as sharp practice by informed
    customers today often becomes the subject of
    regulation tomorrow.
  • The compliance department alone cannot resolve
    the inherent conflict of interest between an
    organisations desire for profits and its duty to
    wider stakeholders, including customers. Rules
    are meaningless if they go against the grain of
    the organisation as a whole if, in other words,
    there is a culture of non-compliance.
  • A new vision of compliance is needed one that
    puts the consumer first, that embraces internal
    guidelines as well as outside regulations, that
    prevents damage to the business rather than just
    detecting it after the damage is done, and that
    embeds a culture of compliance into the marrow of
    financial institutions.

  • What is Compliance/Role?
  • Regulator/Commentator Views
  • How to?
  • FR Role/Expectations
  • Conclusion

Embedding Culture of Compliance
  • Existing Culture
  • CEO role
  • Values Statement
  • Internal Policies
  • Training
  • Objective Setting/Reward Measurement

  • Our job is not just to comply. As a leader
    your job is also to actively help sustain the
    kind of environment where integrity is not seen
    as a trade-off to commercial success, but as a
    necessary ingredient for it. Everyone understands
    the need for preventive, robust compliance
    efforts. We value both results and ethical
  • J Schiro CEO Zurich Financial Services

Embedding Culture of Compliance
  • Existing Culture
  • CEO role
  • Values Statement
  • Internal Policies
  • Training
  • Objective Setting/Reward Measurement

BIS - August 2008
  • Promoting a strong compliance culture
  • The tools most frequently used to promote a
    strong compliance culture are training and the
    existence of a written policy established by
    senior management. Follow-up mechanisms by senior
    management to ensure that appropriate remedial or
    disciplinary action is taken if breaches are
    identified were also mentioned by 13

Embedding a Culture
Ethical Culture
Code of Conduct
  • Principles
  • Participation from multiple stakeholders and
    multiple levels of the organization
  • Understandable
  • Addresses all legal requirements
  • Addresses voluntary policies and values

Code of Conduct
communicate the values and principles that should
guide both individual and organizational conduct
the values and principles for which the
organization stands.
  • Define the entity's principles/values statements
    either separately or as part of another document
    (mission/vision statement, code of conduct,
  • Involve appropriate internal stakeholders in the
    development of principles/values.
  • Obtain senior management/board commitment to
    statement of principles/values.
  • Communicate statement of principles/values to all
    internal stakeholders including employees and
    other agents.
  • Communicate statement of principles/values to
    selected external stakeholders
  • gt on the entity's website
  • gt in reports and communications to shareholders
    other stakeholders.
  • Periodically review principles/values to consider
    appropriate revisions based upon business,
  • management, legal or cultural environment

(No Transcript)
Embedding Culture of Compliance
  • Existing Culture
  • CEO role
  • Values Statement
  • Internal Policies
  • Training
  • Objective Setting/Reward Measurement

Internal Policies Controls
  • Empowering Everyone
  • Responsibility for sound business management
    rests not just with those in the compliance
    department or even the traditional risk
    disciplines, but with everyone in the
    organisation. Internal controls embed compliance
    in peoples roles and responsibility more
    effectively than external regulations. Although
    the personal liability of senior managers for
    regulatory non-compliance has risen exponentially
    in the last two years, the mindset of employees
    lower down the management chain is different
    thinking about regulations is not their concern,
    but the job of the compliance department.
  • Internal codes of business practice are
    intuitively different they manifestly apply to
    everyone in the institution. Only through
    internal controls can a culture of compliance
    become embedded throughout the organisation

Compliance a Gap at heart of risk management
  • Anti-Money Laundering and Anti-Terrorism
  • Proper Retaining and Discarding of Records and
  • Money and other Gifts Business Entertainment,
    Political / Other Contributions
  • Anti-trust, Competition, and Related Areas
  • Use of External Auditors for Non-Audit Services
  • Reporting Concerns

Whistleblower Processes
  • Section 806 of Sarbanes-Oxley provides that a
    company is prohibited from firing or
    discriminating against an employee who reports a
    violation of the securities laws or fraud
  • An employee who alleges discharge or
    discrimination in such a context has a private
    right of action to seek relief for reinstatement,
    back pay and compensation for any special damages
  • Companies are creating and clearly communicating
    a policy establishing that employees are
    encouraged and required to report suspected
    legal, ethical, or policy violations to the
    appropriate individual(s) or department(s).
  • It should be clear that employees should report
    suspected misconduct without fear of retaliation
    of any kind for a report made in good faith.
  • Such a policy should
  • Establish multiple avenues for reporting
    compliance or other business conduct concerns
    (i.e. Supervisors/managers, compliance officer,
    legal department, ethics officer, HR, toll-free
    helpline, ombudsperson)
  • Establish guidelines for the fair and impartial
    investigation of purported misconduct (i.e.
    Protection of confidentiality to the greatest
    extent possible, no adversarial role to any
    parties involved in the investigation, frequent
    communication with reporting party)
  • Establish and consistently enforce a disciplinary
    policy (i.e. Standards of responsibility for
    management/non-management, verbal warnings,
    written warnings, corrective actions, follow-up
    review and report and dismissal)

(No Transcript)
(No Transcript)
Embedding Culture of Compliance
  • Existing Culture
  • CEO role
  • Values Statement
  • Internal Policies
  • Training
  • Objective Setting/Reward Measurement

  • Why ?
  • Compliance Training must be recognized as
    providing reputation and cost benefits to the
    organization by empowering stakeholders, managers
    and employees to identify proper courses of
    action when doing business
  • The US sentencing guidelines for organisations
    set out a multi-step model (to define a model of
    good ethics/compliance) one of the seven steps
    in this model is communications and training.
  • Your organisations greatest compliance resource
    is your staff they are your best compliance
    officers. It is essential that you not only tell
    your employees how you expect them to behave but
    that you train them in these expected behaviours.
  • Scope
  • Policy - e.g. Whistleblowing
  • Area Specific e.g. AML
  • Ongoing e.g. Reinforce culture

Compliance Training
  • Principles - OCEG
  • Initial continuous training for all employees
    on the code of conduct
  • Test for knowledge transfer not just attendance
  • General compliance training (awareness) on
    ongoing basis with refresher training for all at
    least annually
  • Integrate with other job training

  • Objectives
  • Promote awareness of compliance principles
  • Demonstrate the right attitudes and behaviour in
    the workplace
  • Reinforce existing knowledge on compliance
  • Impart technical information on
    compliance-relevant issues
  • Provide information on Compliance - including
    Policy, procedure and key contact information

  • Training design must be flexible to address
    differences in size, scope of business,
  • culture, educational level of trainees, and other
    factors that influence the need for customized
  • training
  • Training should be developed or procured with
    involvement of line management and end-users
  • (students) to help reduce resistance to the
    training and increase relevance to the specific
    job /
  • role
  • All training (awareness and job specific) needs
    to be tracked and monitored by employee so
  • training can be altered if not effective
  • Delivery of relevant content in a consistent
    manner, and in a way that promotes the retention
    and application of knowledge
  • Targeted training applicable to job

  • Methodology Comparison

  • Monitor/Measure
  • Reports on the attendance and completion of
    training activities conducted by employees must
    be checked.
  • A Temperature check survey at events may be
    issued to find out if messages are received and
    accepted by the target audiences.
  • Performance indicators may also be used count
    of hits on intranet pages, quick polls,
    interviews of people recently trained and
    feedback forms.
  • Online documented Compliance training modules
    have the advantage of proving to your regulator
    that you have informed employees of their
    relevant obligations and have trained them
    accordingly which can be an advantage in the
    event of a regulatory or compliance breach.

  • Report
  • Data with regard to completion of training should
    include the following
  • Number of participants per training course
  • Percentage of participants who completed the
    training within required time frame
  • Percentage of participants who did not complete
    the training within the required time frame
  • Budget
  • Include Compliance Training Communication in
    budget planning

Sample Training Plan
Embedding Culture of Compliance
  • Existing Culture
  • CEO role
  • Values Statement
  • Internal Policies
  • Training
  • Objective Setting/Reward Measurement

(No Transcript)
Making Compliance Famous
  • Some of the more practical ways organisations
    have promoted compliance or made it famous
  • All Senior managers have compliance objectives
    against which they are measured and rewarded
    (annual bonus impact).
  • Introduce a compliance intranet page containing
    applicable policies/standards/code of conduct.
  • Introduce a compliance newsletter new
    legislation/internal policies.
  • Publicise compliance breaches on
  • Coach CEO to mention compliance/ethical behaviour
    at staff briefings/performance reviews/financial
    analyst meetings etc.
  • Include compliance in introduction day training.
  • Introduce Compliance days on-line quiz,
    promotional toys coffee coasters etc.

Making Compliance Famous
  • Mandatory on-line compliance training.
  • Set up a compliance champion in each
    area/department/section of the business.
  • Set a constant message, e.g. Values statement and
    reinforce it.
  • Introduce an annual personal compliance sign off
    process for key staff a statement which says
    I have read compliance charter/policy and confirm
    I am in compliance.
  • Mapping Behaviours to Values
  • Creating Job-Specific Behaviour Expectations
  • Incorporating Behaviours into Performance Goals
  • Focusing Performance Reviews on Results and

Compliance Communication Objectives The
Compliance Communication objective is to build
understanding of Compliance and to help instil a
culture of compliance . Specifically,
Communications should assist to Make all
audiences aware of compliance mission, compliance
issues, and Policies Create transparency and
understanding of Compliances role Aim at
getting engagement and support across the
organisation Create enthusiasm among target
audiences and willingness to contribute
Mobilize Senior Management to drive key messages
down to operational level Have visible and
aligned leadership to support communication
Ensure Management (GEC, GMB, line managers)
understands how compliance aids profitable growth
and operational transformation and is committed
to help ensure that every employee understands
the importance of doing the right thing
Ensure employees understand the importance of
doing the right thing from a Compliance
perspective and how they can contribute to it
Include reference to the Reporting Concerns
procedure Provide case studies Focus on
compliance-related news and latest developments
Sample Communication Strategies
  • What is Compliance/Role?
  • Regulator/Commentator Views
  • How to?
  • FR Role/Expectations
  • Conclusion

  • Available to FR
  • 1. Caution or Reprimand
  • 2. Direction to refund or hold money
  • 3. Monetary Penalty 5,000,000 max corp
    unincorp body, 500,000 in case of person
  • 4. Disqualification of persons involved
  • 5. Direction to cease the prescribed
  • 6. Direction to pay costs of investigation

FR Approach to Sanctions
  • Consequently, major factors which we will
    consider before we decide to pursue a sanctions
    case will be
  • The availability of other regulatory actions
  • The nature and seriousness of the contravention
  • The conduct of the financial service provider
    after it came to light and
  • The previous compliance record of the financial
    service provider.
  • In pursuing our sanctions policy our strategy
    will be to
  • Promote compliance in the financial services
  • Operate in the public interest and
  • Support the economic, efficient and effective
    pursuit of our strategy.

Reporting Concerns Regulatory Expectation
Financial Regulator Guidance note The Financial
Regulator expects regulated financial service
providers to maintain an open and co-operative
relationship with it. In determining when to
report concerns about a compliance concern to the
Financial Regulator, regard should be had by
regulated financial service providers to the
following indicators (a) Whether there are
facts which a reasonable person might construe as
suggestive of deliberate, dishonest or reckless
conduct (b) Likely duration and frequency of the
compliance concern (c) The possible amount of
any benefit gained or loss avoided due to the
compliance concern (d) Whether the compliance
concern is of a type that could reveal serious or
systemic weaknesses of the management systems or
internal controls relating to all or a part of
the business (e) The extent to which the facts
of concern would depart from the required
standard of compliance
Reporting Concerns Regulatory Expectation
(f) The impact of the compliance concern on the
orderliness of the financial markets, including
whether public confidence in those markets has
been, or would be likely to be damaged (g) The
loss or risk of loss caused to consumers or other
market users (h) The nature and extent of any
financial crime facilitated, occasioned or
otherwise attributable to the compliance
concern (i) Whether there are a number of
smaller linked issues, which individually may not
justify reporting to the Financial Regulator, but
which do so or are likely to do so when taken
collectively (j) Whether the regulated financial
service provider or person concerned in its
management have previously been requested to take
remedial action (k) Action taken by the
Financial Regulator in previous publicised
similar cases (l) Any other consideration
relevant to the unique features of the compliance
concern. The regulator also expects the financial
institution should not wait to establish
definitively the facts of a compliance concern
but should act on the basis of the apparent facts
when the matter is initially discovered and in
addition that the financial service provider
should keep adequate records relating to the
  • What is Compliance/Role?
  • Regulator/Commentator Views
  • How to?
  • FR Role/Expectations
  • Conclusion

Best Practice
  • Future For Compliance
  • More and more firms are encouraging or demanding
    that their Compliance
  • Departments move to a more value added frontier
  • enhancing strategy, improving business processes,
    better managing risk,
  • providing a consultancy to management and
    unlocking new possibilities
  • in their markets of choice.
  • Key functions
  • The four aspects of operation are
  • Demonstrating Compliance with relevant
  • Embedding Compliance within their organisation
  • Managing the cost of Compliance and
  • Identifying, addressing and resolving regulatory
  • Compliance generally spend too much time on the
    first and last of these aspects, whereas they
    should be focusing their efforts and resources on
    the middle two.

Evolving role of compliance
  • Compliance like performance - is a prerequisite
    for doing and staying in business. The compliance
    function provides one, albeit essential, tool to
    enable management to fulfil stakeholders
    expectations of integrity and to protect the
    brand. Compliance costs would certainly appear
    modest when compared to the billions that can be
    wiped off share values if lapses in probity,
    governance or codes of conduct come to light.
    Essentially, meeting these challenges requires a
    more holistic and proactive approach to
    compliance which moves beyond statutory
    expectations to embrace broader ethical and
    strategic considerations. It means understanding
    the essential link between integrity, ensuring
    the right behaviours throughout the business and
    meeting strategic objectives. This approach
    should focus squarely on encouraging appropriate
    behaviours and the achievement of compliant
    business practices and processes (i.e., compliant
    outcomes) - rather than placing the onus solely
    on the compliance function.
  • Certain common elements underpin such an
  • Closer integration of governance, risk
    management and compliance structures, forming a
    practical continuum underpinning the overall
    integrity of the organisation and aligned to
    innovation and the achievement of strategic
  • A culture which breeds the right behaviours and
    instils integrity into the DNA of the
    organisation, fostering awareness and ownership
    of compliance at all levels of the organisation,
    supported by appropriate rewards, processes and

Thank you for your attention
Clive Kelly 3rd December 2009
About PowerShow.com