1 / 55

Association of Insurance Compliance Professionals (AICP) Annual Conference October 1, 2012, San Antonio, Texas.

Operational Compliance: Creating A Partnership of Risk Mitigation. Association of Insurance Compliance Professionals (AICP) Annual Conference October 1, 2012, San Antonio, Texas. Operational COMPLIANCE Risk Management: 3 levels of Defense.

errin
Download Presentation

Association of Insurance Compliance Professionals (AICP) Annual Conference October 1, 2012, San Antonio, Texas.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Operational Compliance: Creating A Partnership of Risk Mitigation Association of Insurance Compliance Professionals (AICP) Annual Conference October 1, 2012, San Antonio, Texas.

  2. Operational COMPLIANCE Risk Management: 3 levels of Defense Board of Directors / Office of the Chief Executive Officer Oversight and Assessment 1st Line Individual Products & Services (IPS) Property & Casualty Consultation / Advisory Relationship 2nd Line Compliance 3rd Line Internal Audit

  3. Yvette Knott Nationwide Financial Services Regulatory Director

  4. BUSINESS RISK ManaGeMenT • We exist because of a need for a: • a) Centralized governance support for Nationwide Financial Services • b) Common framework for compliance risk management assuring coordinated business implementation (Nationwide Financial & Nationwide Life) • c) Coordination of efforts at a global level

  5. BUSINESS RISK ManaGeMenT OUR VISION: Provide efficient solutions that are tailored to meet the specific risk exposures facing our business and members. • Proactively identify potential regulatory issues for IPSO • Ensure operational processes and procedures are in line with state/federal regulations • Avoid imposed company fines during internal and external audits • Help the business identify control deficiencies through internal assessments • Promote innovative business solutions that enhance how we operate and sell Nationwide in accordance with state/federal regulations CRITICAL SUCCESS FACTORS

  6. BUSINESS RISK ManaGeMenTRegulatory Governance Team Yvette Knott Regulatory Director Ops Regulatory Manager Consultant Consultant Consultant Consultant Sr. Analyst Specialist Virtual Team Sr. Analyst Specialist • Office of Internal Audits • Legal • Anti-Money Laundering • Government Relations • Corporate Compliance • PCIO • Lobbyists • Sales & Services • Enterprise & NF Risk Management • Operations • Nationwide Health Plans • Business Continuity • Office of Privacy • Office of Ethics • Internal Investigation Unit • Marketing • Business Development Sr. Analyst Specialist Sr. Analyst

  7. Business Risk managementour structure Governance Support – Regulatory Filing Business Units Office of Internal Audits Fraud Partners Anti Money Laundering Disaster Response Compliance Government Relations Legal

  8. Business Risk management Our partners

  9. Business Risk management Our Functions Prevention Demand Control • Market Conduct Exams • State and Federal Requests • Financial Audits (KPMG) • NW Internal Audits • External Audits (SEC Exams) • AML Audits • Reinsurance Audits • Information Security Audits • Legislative Regulatory Model Changes (LRCU’s) • IPSO Assessments • Compliance Control Assessment Testing (CCAT Controls) • Procedure Reviews • FRC Controls (Model Audit Rule Financial Controls) • Fraud/AML Controls & Monitoring • NOSS Monitoring • STOA/STOLI Controls & Monitoring • Subpoena/Litigation Requests • Business Continuity • Advisor Watchlist • Annual Privacy Mailings • Fund Trading/Settlements • Regulatory Requests/Inquiries • Compliance Certification Program • Return Mail • AccurintAccess Monitoring • Business Consulting • Regulatory Project Management

  10. Business Risk management Change management model Preparing the business and our customers for upcoming changes through proactive planning, education and business readiness. INDIVIDUAL Viewed through two lenses… ORGANIZATION

  11. Business Risk management change mgmt strategy • Change Management Strategy • Current-Future State Analysis • Risk Summary • Performer impact • Organizational readiness and resistance • Sponsor alignment • Realization risk • Change Management Team • Team structure and staffing • Sponsor coalition • Special Tactics and Actions • Develop full change mgmt plan • Change Management Plan • Sponsor Actions • Communication Actions • Training Actions • Coaching Actions • Adoption Actions

  12. Business Risk management tools

  13. Business Risk management Tools (continued) Regulatory Audit Summary Regulatory Matrix

  14. Business Risk management Tools (continued) Regulatory Requests/Inquiries Database

  15. Lisa Cooper Corporate Compliance Director

  16. Individual Life and AnnuitiesAt-A Glance Products Individual Life and Annuities Group Life supporting NBSG (a/k/a COLI/BOLI) NW Companies NLAIC – Nationwide Life and Annuity Insurance Company NLIC – Nationwide Life Insurance Company NISC – Nationwide Investment Services Corporation NSLLC – Nationwide Securities LLC NFGA – Nationwide Financial General Agency Regulators State DOI State Securities SEC FINRA IRS DOL* *Individual annuities inside of retirement plans Distribution Channels Affiliated: NFN Agents & NSLLC Non-Affiliated: Wholesalers through Financial Institutions, Independent BDs, Wirehouses, IMOs and BGAs. Operations – Service Customer Accounts Process transfers, additional contributions and loans. Process surrenders, partial withdrawals and claims. Assist with contract/policy changes. Operations – Set Up New Business Process New Customer Applications and set up customer accounts.

  17. Compliance iS What we DO

  18. Operational Compliance - Mission & Vision 7 Mission • We create value by developing and maintaining a risk-based sustainable compliance program by: • providing guidance and oversight to our business partners; • promoting the integration of compliance into firm values, activities and processes; and • ensuring ethical business standards. Vision • We assess the regulatory risk and assist our business partners in making informed decisions that mitigate risk while maintaining or improving the overall business objectives by: • building and maintaining strong relationships with our business partners to ensure compliance remains a trusted source for guidance and direction on all important business decisions; and • building and maintaining strong external connections to industry committees and colleagues to stay current within the regulatory environment. 18

  19. 9 Elements of an Effective Compliance Program • High Level Responsibility • Risk Assessment • Written Policies & Procedures • Training & Education • Monitoring & Testing • Response & Prevention • Enforcement & Discipline • Reporting • Regulatory Exam, Inquiry & Relationship Management

  20. The 9 Elements of the IPS Compliance Program 1) High Level Responsibility • A high-level awareness that building a compliance culture is a part of everyone’s job from Executive Management to Individual Contributors. • Compliance partnership with the Business.

  21. The 9 Elements of the IPS Compliance Program 2) Risk Assessments Phase I: Research, validate compliance and document gaps. Phase II: Communicate and consult w/Business on action plans. Develop remediation plan to determine risk and self- reporting. Phase III: Communicate remediation plan to Business and work on recommended resolutions and action plan(s) Validate gaps are closed 30 days after Business confirmation received that action plan complete. Phase IV:Develop monitoring plan - consider annual communication, training and auditing).

  22. The 9 Elements of the IPS Compliance Program • Written Policies and Procedures • Registered Separate Accounts – 38a-1 Program • Annual review and Business acknowledgement of compliance 38a-1 policies. • Consistently reviewing 38a-1 policies to verify compliance with day-to-day inquiry or project work. • State Compliance – Model Laws/Regs. • Utilize model laws/regs to create state-based compliance programs and manage changes through regulatory life cycle.

  23. The 9 Elements of the IPS Compliance Program 4) Training and Education • State Laws • New York Regulation 60 annual training and on-boarding • New York Regulation 60 monthly Q&A collaboration meeting between Compliance and the Business • NAIC Suitability Operational Review Team • Puerto Rico Senior Vulnerability Training per Rule 93 • Federal Securities Laws • Transaction processing around Rule 22c-1 (4:00 cut off) • Business participation in external compliance conferences

  24. The 9 Elements of the IPS Compliance Program 5) Monitoring, Testing and Surveillance • Registered Separate Accounts – 38a-1 Program • CCAT 38a-1 Registered Separate Account Objective Testing • Periodic Business self-assessments and/or Compliance Testing around business processes, compliance policies and procedures. • State Compliance Programs • Quarterly NAIC Suitability Reg. Surveillance • Fixed Annuity • NY Reg. 60 Surveillance • Compliance-Business-Internal Audits • Collaboration among the 3 areas to conduct appropriate auditing, testing and monitoring of IPS Compliance Program.

  25. The 9 Elements of the IPS Compliance Program 6) Response and Prevention • Consumer complaints follow a formal review process and are systematically tracked via epower center. • Consistent review of compliance policies, operational procedures and contract obligations through compliance day-to-day inquiry and project work assists with identifying issues. • Potential compliance issues use formal mechanism for reporting and remediating issues. • Continuous collaboration with Internal Audit, Compliance and the Business to assist with risk mitigation of IPS Compliance Program.

  26. The 9 Elements of the IPS Compliance Program 7) Enforcement and Discipline • Result in disciplinary action that could result in termination of employment.

  27. The 9 Elements of the IPS Compliance Program 8) Reporting • Life Company Board of Director Reports • Annual 38a-1 CCO Report to the Board • State Annuity Suitability Regulation Annual Report to Senior Management • Quarterly Report of Compliance • Heat Map • Metrics

  28. The 9 Elements of the IPS Compliance Program 9) Regulatory Exams, Inquiries and Relationship Management • SEC 38a-1 Registered Separate Account Exam and inquiries • State DOI market conduct exams and inquiries • Other Federal exams (IRS/DOL/Federal Reserve Bank)

  29. OPERATIONAL RISK MANAGEMENT AND MITIGATION • Common Risks • Business Volume and Quality Control. • System constraints causing manual processing. • Frequency of associates changing positions without adequate training and understanding of compliance issues. • Lack of regulatory understanding tied to business transaction process. • Mitigation Plan • Creating a culture of compliance. • Developing partnerships with business partners. • Developing and maintaining formal compliance programs.

  30. Scott Whitaker Compliance Director

  31. P&C Compliance OverView Installation Path Training Agency Audits IAA Reviews HO Matched Pair Testing Reporting Agency Compliance P&C Sales Compliance Do Not Call Violent Crimes Act Social Media Review Compliance Websites

  32. P&C Compliance OverView Installation Path Training Agency Audits IAA Reviews HO Matched Pair Testing Pre-visit Data Collection Reporting Agency Compliance P&C Sales Compliance NSS Reviews Do Not Call On-site Review Violent Crimes Act Reporting Social Media Review Follow-up Compliance Websites

  33. P&C Compliance OverView Installation Path Training Agency Audits IAA Reviews HO Matched Pair Testing Reporting Pre-visit Data Collection Agency Compliance P&C Sales Compliance NSS Reviews Do Not Call On-site Review Violent Crimes Act Reporting Fiduciary Audits Social Media Review Follow-up Fiduciary Reporting Fiduciary Revisits & Follow-ups Compliance Websites Fiduciary Remote Audits Fiduciary Installation Path

  34. P&C Compliance OverView Installation Path Training Agency Audits IAA Reviews HO Matched Pair Testing Reporting Pre-visit Data Collection Agency Compliance P&C Sales Compliance NSS Reviews Do Not Call On-site Review Violent Crimes Act Reporting Fiduciary Audits Contract Admin Follow-up Social Media Review Fiduciary Reporting Fiduciary Revisits & Follow-ups Compliance Websites Fiduciary Remote Audits Fiduciary Installation Path Brokerage Contract Admin

  35. P&C Compliance OverView Installation Path Training Pre-visit Data Collection Agency Audits On-site Review Action Plans & Follow Up IAA Reviews Reporting HO Matched Pair Testing Best Practices Field Sales Appraisal Reporting Pre-visit Data Collection Agency Compliance P&C Sales Compliance NSS Reviews Do Not Call On-site Review Violent Crimes Act Reporting Fiduciary Audits Contract Admin Follow-up Social Media Review Fiduciary Reporting Compliance Websites Fiduciary Revisits & Follow-ups Fiduciary Remote Audits Fiduciary Installation Path Brokerage Contract Admin

  36. P&C Compliance Staffing Chart AVP Compliance John English Compliance Analyst Compliance Manager Compliance Manager Field Sales Appraisal Sr. Consultant Contract Administration Sr. Consultant Compliance Director Contract Administration Consultant Field Sales Appraisal Sr. Consultant Compliance Specialist Field Auditors (8) Field Auditors (7) Compliance Specialist Fiduciary Auditors (5) Sr Fiduciary Auditor

  37. P&C Compliance Value Add Compliance Validation - through our on-site Agency audits and Field Sales Appraisals, we validate Agent and Regional Sales Operation Compliance. Reporting - Compliance Results are reported individually to agents and Sales Managers. Field Sales Appraisal results are provided to Regional and Sales Support Leadership. Recommendations are provided to improve sales organizational effectiveness. Training - we complete on-line training as well as training at our training center for Agents and Sales Leaders. Protect the Brand - help avoid adverse publicity and Department of Insurance activity. Avoid Federal/State fines from Do Not Call list violation. Subject Matter Experts - review programs from a Compliance standpoint–Customer Experience, Standards for Safeguarding Customer Information, Specialty Auto processes, Adverse Decision Lettersand Privacy Pre-notice. Coordination - with other areas including OGC, Privacy and Agency Relations to stay on top of changing State/Federal Compliance requirements and their impact on the Sales Operation.

  38. P&C Compliance Partners with Business Units • Underwriting • Product • Market Conduct • Regulatory Compliance • OGC • Internal Investigations • Claims • Regional Operations

  39. Greg Jordan Vice President Internal Audit

  40. A Little Audit Humor

  41. NationwideRisk Coverage Structure BOD C-Suite 1st Line Of Defense Risk Ownership C A B Line Of Business Management Investment Risk ERM Credit Risk 2nd Line Of Defense Risk Control & Monitoring Selected Risk & Control Functions Compliance Market Risk IT Risk 3rd Line Of Defense Risk Management Assurance Internal Audit Assurance & Validation

  42. Keys to Compliance Program Reliance An effective compliance program... ...benefits regulatory capital, earnings and reputation …involves an assessment of legal, regulatory and operational risks on an enterprise-wide basis …is progressive and proactive in working with management in risk management activities …is collaborative with other risk management partners in your organization

  43. Managing Emerging Risks Strategic Reputation Legal Productivity Data Confidentiality Regulatory Transactional

  44. Internal Influences on Audit and Compliance Planning …and Others

  45. External Influences on Audit and Compliance Planning Internal Audit shares many outside clients with Compliance and risk Management Partners Records Retention Services

  46. Which Compliance Functions to Audit? Audit the formal functions • Informal functions often serve • as controls within the larger • business process • Often reviewed when testing • controls during audit of • process/area • Formal functions are usually • process in itself • Entire function typically • considered control • Perform full scope audit of the Compliance function Informal Formal

  47. How to Approach the Compliance Audit

  48. What IA Looks for when Auditing Compliance Structure/Objectivity • Understand key risks and what could go wrong in process Reporting Sampling Measurement/ Scoring Execution Issue Follow-Up

  49. Common Compliance Risks

  50. Common Compliance Risks

More Related