2. REDUCE REGULATORY PERSONAL LIABILITY
Regulators including the U.S. Department of Justice (DOJ) and the Securities and Exchange
Commission (SEC) have declared their intent to hold individuals personally liable for corporate
misconduct.
WHAT TO DO
»» Prove that you did everything in your power to keep
employees up to date with rules and regulations.
»» Make sure your training records are
up-to-date. Training records are nearly
always reviewed during an inspection
or audit by regulatory authorities to
check that employees have received
the appropriate compliance training and
their certifications are current and valid.
»» Use a Learning Management System
(LMS) for managing compliance
training and certifications to ensure
your organization is always ready for a
compliance audit.
FACTS
¶¶ Libor Scandal in the UK: a
14-year prison sentence
was handed down to a
trader for fraud.
¶¶ The U.S. SEC fined a former
Chief Compliance Officer
$25,000 for failures
after the president of the
company stole $670,000
from client accounts
(June 2015) 1
.
¶¶ The Hong Kong Securities
and Futures Commission
reprimanded a former
Compliance Officer of a
financial group and fined her
$150,000 for managerial
and supervisory failures.
(August 2014)1
.
1
3. WHAT TO DO
»» Develop detailed job descriptions that clearly state employee
responsibilities.
»» Keep job descriptions up to date.
»» Use an integrated Learning and Performance Management
System to manage job profiles and build job profiles to cover
both current and future roles.
Job descriptions, when done correctly and maintained, provide a tremendous layer of compliance protection
and can mitigate risk2
.
Chief Compliance Officers and Senior Managers need to collect and maintain the evidence to show how they
discharged all their obligations and responsibilities3
.
CREATE JOB DESCRIPTIONS
2
4. FACTS
¶¶ Financial institution
have typically more
than 20,000 suppliers6
.
¶¶ In 2012, $25 billion
in fines was issued
against five leading
mortgage servicers, in
part for missteps by
their suppliers6
.
The Office of the Comptroller of the Currency (OCC) and the Consumer
Financial Protection Bureau (CFPB) indicated that banks and other
financial institutions will be facing increased scrutiny by auditors.
Indeed banks and other financial institutions are expected to review the third
party’s program to train and hold employees accountable for compliance with
policies and procedures. Banks need to review training programs to ensure that
the third party’s staff is knowledgeable about changes in laws, regulations,
technology, risk, and other factors that may affect the quality of the activities
provided4
.
WHAT TO DO
»» Move from a reactive approach to compliance
to a proactive one by managing all (staff &
third party) training records using one system.
»» Ensure documentation remains current.
Training records need to be accurately updated
with the exact version of each course taken.
»» Be prepared for compliance audits and have
training records always ready for inspection
by using the efficient centralized reporting
tools for a complete view of the whole supplier
network.
MANAGE THIRD PARTY RISK
3
5. WHAT TO DO
With an electronic system, training records are
always up-to-date and inspection-ready. You
won’t need to waste time to gather and check if
your training records are up-to-date. An electronic
system assures that everything is in order and
easily accessed.
KEEP TRAINING RECORDS UP-TO-DATE
Banks have been hit with big fines in recent years for failing to keep adequate records.
In this new regulatory landscape the UK Financial Conduct Authority (FCA) wants to ensure that boards and senior
management take a closer look at record keeping (SYSC 9)7
.
FCA rules on record-keeping (SYSC 9), state that firms must:
(( Arrange for orderly
records to be kept
of its business and
internal organization.
(( Enable the
appropriate regulator
to monitor the firm’s
compliance8
.
(( Maintain appropriate records to demonstrate
compliance with the rules in this sourcebook
and keep them for at least 3 years after
an employee stops carrying on the activity9
.
FACTS
¶¶ In 2014, a UK bank
was fined £37.7 million
for failing to keep
appropriate records10
.
4
6. WHAT TO DO
»» Train your employees on information security policies and
procedures on a regular basis.
»» Training programs should be continuously updated to
address the constantly evolving threat landscape as well as
organizational changes impacting data privacy and security12
.
»» Use an LMS to maintain a certification list, keep track of
which individuals are certified, identify individuals whose
certifications may need renewal and automatically send
reminders to those individuals and their managers who lack
key certification prerequisites.
Analysis of more than 15 billion transactions in the past 12 months revealed a 40% increase in cyber criminal
activity targeting the financial sector. Over the past few years, large U.S. banks have been subjected to a barrage
of cyber attacks, which have been extremely costly. As a result of attacks, their stock prices dropped by 0.4% to
1%11
.
Each year companies implement the latest security technologies, but most breaches can actually be traced back
to human errors.
AVOID CYBER THREATS
FACTS
¶¶ In 2016, the average
annualized cost
of cyber crime for
companies in financial
services is $16.53
million - it is higher
than any other
industry13.
5
7. 1. https://risk.thomsonreuters.com/content/dam/openweb/documents/pdf/risk/report/rising-personal-liability-perception-and-reality-how-best-
manage-personal-regulatory-report.pdf
2. http://www.symbiancehr.net/the-importance-of-a-job-description/
3. https://risk.thomsonreuters.com/content/dam/openweb/documents/pdf/risk/infographic/10-things-compliance-ofcers-need-do-2016-infographic.pdf
4. https://www.occ.gov/news-issuances/bulletins/2013/bulletin-2013-29.html
5. http://www.pwc.com/us/en/financial-services/publications/viewpoints/assets/pwc-third-party-vendor-risk-management.pdf
6. McKinsey Working Paper on Risk, Number 46, McKinsey & Company
7. https://www.bba.org.uk/news/insight/keeping-on-top-of-sysc-9-and-evidencing-record-keeping/#.V-pUyE196M8
8. https://www.handbook.fca.org.uk/handbook/SYSC/9.pdf
9. https://www.handbook.fca.org.uk/handbook/TC/3/1.html?date=2016-12-31
10. https://www.ft.com/content/13bb28fe-431d-11e4-9a58-00144feabdc0
11. https://securityintelligence.com/the-damage-of-a-security-breach-nancial-institutions-face-monetary-reputational-losses/
12. http://www.cybersecuritytrend.com/topics/cyber-security/articles/421821-human-error-to-blame-most-breaches.htm
13. https://ssl.www8.hp.com/ww/en/secure/pdf/4aa6-8392enw.pdf
SOURCES:
www.NetDimensions.com • Sales@NetDimensions.com
NetDimensions, NetDimensions Talent Suite, NetDimensions Learning, NetDimensions eLearning, NetDimensions Exams, NetDimensions Performance,
NetDimensions Analytics, and NetDimensions Talent Slate are trademarks or service marks of NetDimensions Limited. All other trademarks, trade names,
service marks and logos referenced herein belong to their respective owners.
Did you like this collateral? Then you might also be interested in our
White Paper: Make Compliance Easy with your LMS
Download Now