1 / 30

Systemise your compliance management

Systemise your compliance management. Peter Scott Consulting www.peterscottconsult.co.uk. Why manage compliance risks?. “The pursuit of excellence, with the aim of doing things better for the clients” Director of Risk of a ‘top ten’ UK law firm.

janus
Download Presentation

Systemise your compliance management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Systemise your compliance management Peter Scott Consulting www.peterscottconsult.co.uk

  2. Why manage compliance risks? “The pursuit of excellence, with the aim of doing things better for the clients” Director of Risk of a ‘top ten’ UK law firm

  3. “If you cannot demonstrate compliance we may take regulatory action”SRA – OFR at a glance

  4. The scope and volume of compliance requires a different approach For example, under Chapter 7 of SRA Code the Outcomes provide that firms must: - have appropriate systems and controls in place to achieve and comply with all Principles, rules and outcomes and other requirements of the Handbook - identify, monitor and manage risks to the achievement of all outcomes, rules, Principles and other requirements in the Handbook if applicable and take steps to address issues identified Do you already have appropriate systems and controls in place to comply?

  5. Your challenge .... Is not merely to ensure your firm is compliant but … to be able to DEMONSTRATE to the SRA that your firm and everyone in the firm is compliant on an on-going basis How will you be able to do this?

  6. Outcomes focused regulation is about managing processesHow can these processes be systemised to provide a cost effective method to manage your compliance?

  7. Do you know your compliance risks? What are your compliance risks Where does the knowledge of your compliance risk reside? Can you access it? Do you have systems to monitor, review and upgrade your knowledge?

  8. A Risk Management / KM integrated approach • Approach risk from a KM viewpoint and vice versa • Need to manage the risks relating to knowledge in any event • Managing the risks • Quality assurance • Greater competitiveness

  9. Failure to manage your knowledge will involve serious risk Knowledge Management Compliance / Risk Management

  10. Establishing the resources you will need to effectively manage your compliance For example: Internal or external? Part time partners or professionals? Paper records or use of IT If IT is used - bespoke or ‘off the peg’ systems?

  11. Planning your resources Carry out a cost / benefit analysis to establish the most resource effective method for you to manage your compliance risks

  12. Where to start? A systematic approach is needed Needs to be management driven, with top level buy-in Zero tolerance is required – no exceptions – just do it! Managing compliance risk needs to be seen as ‘everyone’s job’ – a mind set change is needed Need a ‘no blame’ culture to encourage disclosure Training and education programmes to build awareness and change mindsets Continuous and systematic monitoring and reporting Otherwise everyone is at risk

  13. A systematic approach is required Put in place a formal compliance risk management process to identify and manage every area of compliance risk for the SRA Handbook and Code Establish a comprehensive database covering all compliance risk areas Standards such as Lexel and ISO 9000 are likely to help

  14. DIAGNOSIS Identification and assessment MITIGATION Control, transfer and avoidance MONITORING Auditing, tracking and reporting When a risk crystallises LIMITATION Minimising the effect of crystallised risks Implementing a compliance risk management Strategy

  15. Use of risk management tools? Use an integrated risk management system to quantify, assess and control risk by : • streamlining diagnosis, mitigation and monitoring • embedding common risk management procedures • providing information access to all who need it • creating and maintaining one central, up to date risk database

  16. Identifying and assessing your compliance risks

  17. Compliance Risk Mapping

  18. Compliance risk identification and assessment • Incidence - probability • Impact - severity

  19. Some examples of compliance risks • Lack of management commitment to best practice and compliance risk management • Lack of knowledge by management • Lack of supervision • High risk work • Lack of client vetting / fraud • Lack of client care / matter care • Lack of resource capability • Lack of knowledge / expertise / experience • Precedents / multiple use of advice • International work / overseas offices • Mergers

  20. Using ‘brainstorming’ as a method of identifying and assessing compliance risks • ‘Top down – bottom up’ brainstorming sessionsin each group in your firm to: - to identify every compliance risk area - are we achieving every Outcome under the new Code? - are we compliant in every area? - do we have gaps? - what will be required to fully comply? - to what standards should we comply? - how should we prioritise our efforts?

  21. Assessment of compliance risks Consider the impact of, inter alia: Disciplinary action Bad publicity and loss of reputation Lost clients Complaints and claims Increased P.I. premiums

  22. Set criteria for assessing risks Identify detailed risks Assess severity of detailed risks Identify high level risks Assess severity of high-level risks Risk map Risk summary Risk Diagnosis

  23. Compliance risk Mitigation Designed to:- Ensure effective compliance Avoid / reduce non compliance Avoid / reduce incidence of risks Transfer some risks

  24. Residual risk summary Consider impact / probability correlation Contingency plan requirements Risk map Insurance requirements summary Consider available mitigation techniques Required controls summary Risk summary Risk mitigation

  25. Compliance risk monitoring involves… Auditing, tracking and reporting Comparing actual outcomes to pre-set indicators Confirming effectiveness of your risk responses Reporting compliance and exceptions Establishing [annual / periodical] compliance risk management reports

  26. Required controls summary Contingency plan requirements Insurance requirements summary Annual Risk Management Report Set risk indicators and methods to monitor them Risk monitoring

  27. Risk limitation involves • Risk crystalisation scenarios • Contingency plans • Limitation procedures • Post event assessment

  28. Advantages of a formal compliance risk management process for the new SRA Code? Structured approach focuses on key compliance risk areas Can demonstrate how a firm is complying and the effectiveness of compliance / outcomes Continuous monitoring ensures management of compliance and risk is “lived” day to day Universal application to all compliance and risk areas Comfort / assurance to PI insurers [and SRA?]

  29. Effective use of IT systems for compliance risk management? Use an integrated compliance risk management system to cost effectively manage compliance risk areas by: creating and maintaining one central, up to date compliance and risk database providing information access to all who need it in relation to exposure to risk embedding compliance and risk management procedures – e.g. client inception procedures streamlining identification, assessment, mitigation and monitoring of compliance risks

  30. Outcomes focused regulation is about processes Using IT systems is likely to be the most cost effective and compliant method to manage these processes. Any questions?

More Related