570 likes | 796 Views
Operational Compliance: Creating A Partnership of Risk Mitigation. Association of Insurance Compliance Professionals (AICP) Annual Conference October 1, 2012, San Antonio, Texas. Operational COMPLIANCE Risk Management: 3 levels of Defense.
E N D
Operational Compliance: Creating A Partnership of Risk Mitigation Association of Insurance Compliance Professionals (AICP) Annual Conference October 1, 2012, San Antonio, Texas.
Operational COMPLIANCE Risk Management: 3 levels of Defense Board of Directors / Office of the Chief Executive Officer Oversight and Assessment 1st Line Individual Products & Services (IPS) Property & Casualty Consultation / Advisory Relationship 2nd Line Compliance 3rd Line Internal Audit
Yvette Knott Nationwide Financial Services Regulatory Director
BUSINESS RISK ManaGeMenT • We exist because of a need for a: • a) Centralized governance support for Nationwide Financial Services • b) Common framework for compliance risk management assuring coordinated business implementation (Nationwide Financial & Nationwide Life) • c) Coordination of efforts at a global level
BUSINESS RISK ManaGeMenT OUR VISION: Provide efficient solutions that are tailored to meet the specific risk exposures facing our business and members. • Proactively identify potential regulatory issues for IPSO • Ensure operational processes and procedures are in line with state/federal regulations • Avoid imposed company fines during internal and external audits • Help the business identify control deficiencies through internal assessments • Promote innovative business solutions that enhance how we operate and sell Nationwide in accordance with state/federal regulations CRITICAL SUCCESS FACTORS
BUSINESS RISK ManaGeMenTRegulatory Governance Team Yvette Knott Regulatory Director Ops Regulatory Manager Consultant Consultant Consultant Consultant Sr. Analyst Specialist Virtual Team Sr. Analyst Specialist • Office of Internal Audits • Legal • Anti-Money Laundering • Government Relations • Corporate Compliance • PCIO • Lobbyists • Sales & Services • Enterprise & NF Risk Management • Operations • Nationwide Health Plans • Business Continuity • Office of Privacy • Office of Ethics • Internal Investigation Unit • Marketing • Business Development Sr. Analyst Specialist Sr. Analyst
Business Risk managementour structure Governance Support – Regulatory Filing Business Units Office of Internal Audits Fraud Partners Anti Money Laundering Disaster Response Compliance Government Relations Legal
Business Risk management Our Functions Prevention Demand Control • Market Conduct Exams • State and Federal Requests • Financial Audits (KPMG) • NW Internal Audits • External Audits (SEC Exams) • AML Audits • Reinsurance Audits • Information Security Audits • Legislative Regulatory Model Changes (LRCU’s) • IPSO Assessments • Compliance Control Assessment Testing (CCAT Controls) • Procedure Reviews • FRC Controls (Model Audit Rule Financial Controls) • Fraud/AML Controls & Monitoring • NOSS Monitoring • STOA/STOLI Controls & Monitoring • Subpoena/Litigation Requests • Business Continuity • Advisor Watchlist • Annual Privacy Mailings • Fund Trading/Settlements • Regulatory Requests/Inquiries • Compliance Certification Program • Return Mail • AccurintAccess Monitoring • Business Consulting • Regulatory Project Management
Business Risk management Change management model Preparing the business and our customers for upcoming changes through proactive planning, education and business readiness. INDIVIDUAL Viewed through two lenses… ORGANIZATION
Business Risk management change mgmt strategy • Change Management Strategy • Current-Future State Analysis • Risk Summary • Performer impact • Organizational readiness and resistance • Sponsor alignment • Realization risk • Change Management Team • Team structure and staffing • Sponsor coalition • Special Tactics and Actions • Develop full change mgmt plan • Change Management Plan • Sponsor Actions • Communication Actions • Training Actions • Coaching Actions • Adoption Actions
Business Risk management Tools (continued) Regulatory Audit Summary Regulatory Matrix
Business Risk management Tools (continued) Regulatory Requests/Inquiries Database
Lisa Cooper Corporate Compliance Director
Individual Life and AnnuitiesAt-A Glance Products Individual Life and Annuities Group Life supporting NBSG (a/k/a COLI/BOLI) NW Companies NLAIC – Nationwide Life and Annuity Insurance Company NLIC – Nationwide Life Insurance Company NISC – Nationwide Investment Services Corporation NSLLC – Nationwide Securities LLC NFGA – Nationwide Financial General Agency Regulators State DOI State Securities SEC FINRA IRS DOL* *Individual annuities inside of retirement plans Distribution Channels Affiliated: NFN Agents & NSLLC Non-Affiliated: Wholesalers through Financial Institutions, Independent BDs, Wirehouses, IMOs and BGAs. Operations – Service Customer Accounts Process transfers, additional contributions and loans. Process surrenders, partial withdrawals and claims. Assist with contract/policy changes. Operations – Set Up New Business Process New Customer Applications and set up customer accounts.
Operational Compliance - Mission & Vision 7 Mission • We create value by developing and maintaining a risk-based sustainable compliance program by: • providing guidance and oversight to our business partners; • promoting the integration of compliance into firm values, activities and processes; and • ensuring ethical business standards. Vision • We assess the regulatory risk and assist our business partners in making informed decisions that mitigate risk while maintaining or improving the overall business objectives by: • building and maintaining strong relationships with our business partners to ensure compliance remains a trusted source for guidance and direction on all important business decisions; and • building and maintaining strong external connections to industry committees and colleagues to stay current within the regulatory environment. 18
9 Elements of an Effective Compliance Program • High Level Responsibility • Risk Assessment • Written Policies & Procedures • Training & Education • Monitoring & Testing • Response & Prevention • Enforcement & Discipline • Reporting • Regulatory Exam, Inquiry & Relationship Management
The 9 Elements of the IPS Compliance Program 1) High Level Responsibility • A high-level awareness that building a compliance culture is a part of everyone’s job from Executive Management to Individual Contributors. • Compliance partnership with the Business.
The 9 Elements of the IPS Compliance Program 2) Risk Assessments Phase I: Research, validate compliance and document gaps. Phase II: Communicate and consult w/Business on action plans. Develop remediation plan to determine risk and self- reporting. Phase III: Communicate remediation plan to Business and work on recommended resolutions and action plan(s) Validate gaps are closed 30 days after Business confirmation received that action plan complete. Phase IV:Develop monitoring plan - consider annual communication, training and auditing).
The 9 Elements of the IPS Compliance Program • Written Policies and Procedures • Registered Separate Accounts – 38a-1 Program • Annual review and Business acknowledgement of compliance 38a-1 policies. • Consistently reviewing 38a-1 policies to verify compliance with day-to-day inquiry or project work. • State Compliance – Model Laws/Regs. • Utilize model laws/regs to create state-based compliance programs and manage changes through regulatory life cycle.
The 9 Elements of the IPS Compliance Program 4) Training and Education • State Laws • New York Regulation 60 annual training and on-boarding • New York Regulation 60 monthly Q&A collaboration meeting between Compliance and the Business • NAIC Suitability Operational Review Team • Puerto Rico Senior Vulnerability Training per Rule 93 • Federal Securities Laws • Transaction processing around Rule 22c-1 (4:00 cut off) • Business participation in external compliance conferences
The 9 Elements of the IPS Compliance Program 5) Monitoring, Testing and Surveillance • Registered Separate Accounts – 38a-1 Program • CCAT 38a-1 Registered Separate Account Objective Testing • Periodic Business self-assessments and/or Compliance Testing around business processes, compliance policies and procedures. • State Compliance Programs • Quarterly NAIC Suitability Reg. Surveillance • Fixed Annuity • NY Reg. 60 Surveillance • Compliance-Business-Internal Audits • Collaboration among the 3 areas to conduct appropriate auditing, testing and monitoring of IPS Compliance Program.
The 9 Elements of the IPS Compliance Program 6) Response and Prevention • Consumer complaints follow a formal review process and are systematically tracked via epower center. • Consistent review of compliance policies, operational procedures and contract obligations through compliance day-to-day inquiry and project work assists with identifying issues. • Potential compliance issues use formal mechanism for reporting and remediating issues. • Continuous collaboration with Internal Audit, Compliance and the Business to assist with risk mitigation of IPS Compliance Program.
The 9 Elements of the IPS Compliance Program 7) Enforcement and Discipline • Result in disciplinary action that could result in termination of employment.
The 9 Elements of the IPS Compliance Program 8) Reporting • Life Company Board of Director Reports • Annual 38a-1 CCO Report to the Board • State Annuity Suitability Regulation Annual Report to Senior Management • Quarterly Report of Compliance • Heat Map • Metrics
The 9 Elements of the IPS Compliance Program 9) Regulatory Exams, Inquiries and Relationship Management • SEC 38a-1 Registered Separate Account Exam and inquiries • State DOI market conduct exams and inquiries • Other Federal exams (IRS/DOL/Federal Reserve Bank)
OPERATIONAL RISK MANAGEMENT AND MITIGATION • Common Risks • Business Volume and Quality Control. • System constraints causing manual processing. • Frequency of associates changing positions without adequate training and understanding of compliance issues. • Lack of regulatory understanding tied to business transaction process. • Mitigation Plan • Creating a culture of compliance. • Developing partnerships with business partners. • Developing and maintaining formal compliance programs.
Scott Whitaker Compliance Director
P&C Compliance OverView Installation Path Training Agency Audits IAA Reviews HO Matched Pair Testing Reporting Agency Compliance P&C Sales Compliance Do Not Call Violent Crimes Act Social Media Review Compliance Websites
P&C Compliance OverView Installation Path Training Agency Audits IAA Reviews HO Matched Pair Testing Pre-visit Data Collection Reporting Agency Compliance P&C Sales Compliance NSS Reviews Do Not Call On-site Review Violent Crimes Act Reporting Social Media Review Follow-up Compliance Websites
P&C Compliance OverView Installation Path Training Agency Audits IAA Reviews HO Matched Pair Testing Reporting Pre-visit Data Collection Agency Compliance P&C Sales Compliance NSS Reviews Do Not Call On-site Review Violent Crimes Act Reporting Fiduciary Audits Social Media Review Follow-up Fiduciary Reporting Fiduciary Revisits & Follow-ups Compliance Websites Fiduciary Remote Audits Fiduciary Installation Path
P&C Compliance OverView Installation Path Training Agency Audits IAA Reviews HO Matched Pair Testing Reporting Pre-visit Data Collection Agency Compliance P&C Sales Compliance NSS Reviews Do Not Call On-site Review Violent Crimes Act Reporting Fiduciary Audits Contract Admin Follow-up Social Media Review Fiduciary Reporting Fiduciary Revisits & Follow-ups Compliance Websites Fiduciary Remote Audits Fiduciary Installation Path Brokerage Contract Admin
P&C Compliance OverView Installation Path Training Pre-visit Data Collection Agency Audits On-site Review Action Plans & Follow Up IAA Reviews Reporting HO Matched Pair Testing Best Practices Field Sales Appraisal Reporting Pre-visit Data Collection Agency Compliance P&C Sales Compliance NSS Reviews Do Not Call On-site Review Violent Crimes Act Reporting Fiduciary Audits Contract Admin Follow-up Social Media Review Fiduciary Reporting Compliance Websites Fiduciary Revisits & Follow-ups Fiduciary Remote Audits Fiduciary Installation Path Brokerage Contract Admin
P&C Compliance Staffing Chart AVP Compliance John English Compliance Analyst Compliance Manager Compliance Manager Field Sales Appraisal Sr. Consultant Contract Administration Sr. Consultant Compliance Director Contract Administration Consultant Field Sales Appraisal Sr. Consultant Compliance Specialist Field Auditors (8) Field Auditors (7) Compliance Specialist Fiduciary Auditors (5) Sr Fiduciary Auditor
P&C Compliance Value Add Compliance Validation - through our on-site Agency audits and Field Sales Appraisals, we validate Agent and Regional Sales Operation Compliance. Reporting - Compliance Results are reported individually to agents and Sales Managers. Field Sales Appraisal results are provided to Regional and Sales Support Leadership. Recommendations are provided to improve sales organizational effectiveness. Training - we complete on-line training as well as training at our training center for Agents and Sales Leaders. Protect the Brand - help avoid adverse publicity and Department of Insurance activity. Avoid Federal/State fines from Do Not Call list violation. Subject Matter Experts - review programs from a Compliance standpoint–Customer Experience, Standards for Safeguarding Customer Information, Specialty Auto processes, Adverse Decision Lettersand Privacy Pre-notice. Coordination - with other areas including OGC, Privacy and Agency Relations to stay on top of changing State/Federal Compliance requirements and their impact on the Sales Operation.
P&C Compliance Partners with Business Units • Underwriting • Product • Market Conduct • Regulatory Compliance • OGC • Internal Investigations • Claims • Regional Operations
Greg Jordan Vice President Internal Audit
NationwideRisk Coverage Structure BOD C-Suite 1st Line Of Defense Risk Ownership C A B Line Of Business Management Investment Risk ERM Credit Risk 2nd Line Of Defense Risk Control & Monitoring Selected Risk & Control Functions Compliance Market Risk IT Risk 3rd Line Of Defense Risk Management Assurance Internal Audit Assurance & Validation
Keys to Compliance Program Reliance An effective compliance program... ...benefits regulatory capital, earnings and reputation …involves an assessment of legal, regulatory and operational risks on an enterprise-wide basis …is progressive and proactive in working with management in risk management activities …is collaborative with other risk management partners in your organization
Managing Emerging Risks Strategic Reputation Legal Productivity Data Confidentiality Regulatory Transactional
Internal Influences on Audit and Compliance Planning …and Others
External Influences on Audit and Compliance Planning Internal Audit shares many outside clients with Compliance and risk Management Partners Records Retention Services
Which Compliance Functions to Audit? Audit the formal functions • Informal functions often serve • as controls within the larger • business process • Often reviewed when testing • controls during audit of • process/area • Formal functions are usually • process in itself • Entire function typically • considered control • Perform full scope audit of the Compliance function Informal Formal
What IA Looks for when Auditing Compliance Structure/Objectivity • Understand key risks and what could go wrong in process Reporting Sampling Measurement/ Scoring Execution Issue Follow-Up