270 likes | 444 Views
Compliance Function & Risk Management. Andrae Tulloch Deputy Chief Regulatory Officer, Regulations June 3, 2010. disclaimer. This presentation expresses the author’s views and does not necessarily reflect those of the Jamaica Stock Exchange, its Divisions, or other members of staff.
E N D
Compliance Function & Risk Management Andrae Tulloch Deputy Chief Regulatory Officer, Regulations June 3, 2010
disclaimer This presentation expresses the author’s views and does not necessarily reflect those of the Jamaica Stock Exchange, its Divisions, or other members of staff.
Key topics • Role of Compliance and Risk Management • Importance of Compliance to Risk Management • Common Deficiencies in Compliance • Developing an Effective Compliance Function
Role of compliance to risk management The Compliance Function involves: • Identification, assessment and monitoring of compliance risk • The reporting of such risks to senior management
Role of compliance to risk management What is Compliance Risks? According to several sources, it is the “ risk impairment to the organization’s business model, reputation and financial condition resulting from failure to meet laws, regulations, internal standards and policies, and expectations of key stakeholders such as customers, employees and society as a whole.”
Role of compliance to risk management Examples of Compliance Risks as it relates to the JSE include: • Breaches of JSE Rules for Member-Dealers (e.g. late financial filings) • Breaches of JSE Rules for Listed Companies (Failure to meet deadlines for Unaudited Results) • Breaches of JSE’s Trading Rules
Role of compliance to risk management Other Examples of Compliance Risks are: • Breaches of the Securities Act of Jamaica • Breaches of the Companies Act of Jamaica • Non-adherence to organizational limits, policies and procedures
Role of compliance to risk management Compliance & Operational Risk Management are similar in many areas: • Identification and assessment of risks • Recommending strategies to mitigate risks • Updating of policies and procedures • Determining inherent risks of new products and services • Ongoing Training in company’s policies and risk management techniques • Continued Assessment of risk management programme
Importance of compliance to risk management The importance of the compliance function warrants that: • The compliance tone is cultivated from the top • Ample resources are committed to the area
Importance of compliance to risk management Consequences of a weak compliance programme includes: • Increase in non-compliance to applicable rules and regulations • Increase in malpractices by employees • Disruption in Business Continuity, and • Revocation of Licenses
Importance of compliance to risk management Consequences of a weak compliance programme as it relates to the JSE includes: • Increase in Fines and Penalties • Suspensions, and • Delistings
Importance of compliance to risk management Reasons for a weak compliance programme are: • Compliance is viewed as a “policing function.” • Senior Management do not realize the value added to an enterprise’s risk management programme • Disconnect between top, middle and compliance management’s objectives
Importance of compliance to risk management In changing its perception senior management must realize: • The Compliance Function cannot stand alone • Support must be given by all to promote a culture of compliance
Common Deficiencies in compliance According to the U.S. Securities and Exchange Commission common weaknesses in compliance include: • Breakdown in communication between compliance personnel and senior management • Compliance function reduced to that of advisory with little or no monitoring • Lack of independence in relation to reporting and compensation • Inadequate compliance and supervisory procedures
Common Deficiencies in compliance According to the U.S. Securities and Exchange Commission common weaknesses in compliance include: • Surveillance reports were not risk based • Heavy reliance on complaints rather than surveillance systems • Inadequate follow-up on exceptions • Absence of compliance review for new products and business activities • Knowledge, experience and training gaps with compliance staff
Developing an effective compliance programme Develop an Organization Culture of Compliance through: • Board approved Compliance Policy and Procedures • Organization of wide awareness and sensitization • Aligning the organization’s policies on ethical conduct to compliance policies • Train new and existing staff on ethical conduct • Promote and provide channels for internal whistle blowing
Developing an effective compliance programme Understand the functions of Business Units by: • Reviewing existing policies and procedures for each business unit • Try to develop a working knowledge of the processes of each business unit • Liaise with internal auditors
Developing an effective compliance programme Identify Inherent Risk in Business Unit functions by: • Reviewing internal audit reports • Review external inspections by regulatory and other bodies • Identifying motivating factors that result in unethical behavior and malpractices
Developing an effective compliance programme Develop a Formal Reporting System by: • Documenting the necessary process flow for communicating material and other compliance issues to senior management • Designing a report that quickly captures deficiencies and recommendations for senior management to consider in remedial actions • Integrate risk assessment in compliance reports that assist in ascertaining the severity of risk exposure
Developing an effective compliance programme Create and Update Policies and Procedures: • Review relevant rules and laws covering compliance and supervisory responsibilities • Ensure that written procedures address risks identified • Evaluate controls over business functions and incorporate in written policies and procedures
Developing an effective compliance programme Ongoing Training and Education • Identify using risk based assessment areas of priority for training • Internal communication channels • Applicable rules and regulations should be explained through workshops and other forums • Continued education and training should be made available to compliance personnel
Developing an effective compliance programme Monitoring of Compliance Function: • Requires periodic reports from heads of compliance on compliance activities • Ensures that there is periodic review by an independent third party • Ensures that there are clear strategic objectives to be accomplished on a periodic basis • Mandates that disciplinary actions are conducted without bias
Compliance function & risk management Conclusion • There is no single solution for all firms • Developing an effective compliance function should consider the organizational structure, business, customers and other relevant factors