SlideShare uma empresa Scribd logo

Compliance Risk Assessment

Compliance Consultant
Compliance Consultant

CEI Compliance is the UK's fastest growing regulatory consultancy and provides associate opportunities to consultants and cost effective value to financial services and other regulated companies. We show you the methodology for conducting the Compliance Risk Assessment and how to provide meaningful action plans.

NegóciosEconomia e finanças
1 de 8
Baixar para ler offline
Steps for Compliance Risk Assessment Identification and mitigation of controls Auditing your Compliance Risk Areas can be daunting and time consuming unless you have a planned and agreed methodology. CEI Compliance Provide you with that strategy in this document CEI Compliance
COMPLIANCE RISK ASSESSMENT 2010 has seen a number of new rules and changes to old rules following the Walker Review and the publication of PS10/15. The role of good governance in financial services firms continues to be high on the international and domestic agenda. Internationally, since January, the Basel Committee on Banking Supervision issued a set of principles in March 2010 for consultation. These principles are for enhancing sound corporate governance practices within banking organisations. In June, the European Commission published its Green paper on Corporate Governance. Domestically, the Financial Reporting Council has now published a new (May 2010) edition of the UK Corporate Governance Code and in July 2010, published The UK Stewardship Code. The Financial Services Authority (FSA) Chief Executive Hector Sants’s made a speech on 17 June to the Chartered Institute of Securities and Investments (CISI) conference drew attention to the importance of a firm’s culture in developing good regulatory outcomes and the role that governance plays in this. Sir David Walker’s Review made several recommendations including the role of the Chief Risk Officer and the establishment of Risk Committees and the temptation of many firms will be to say “we are too small to consider risk officers or committees”, or using the FSA’s term of appropriate and proportionate would claim that they are not of significant size, turnover or risk rating to In 2010, 10 individuals warrant such attention. In some cases this may be true but in many it could be a false assumption. There and companies were could be a number of items that get overlooked fined over £3,500,000 because you have been running the business for years and are “on top of everything.” Unfortunately a for “failing to have number of firms have found that they are often lacking adequate systems and in Systems & Controls (SYSC) requirements, even Article 3 Exempt firms, which quickly become apparent controls” or “failing to after a themed visit from the FSA and a Section 166 have suitable Report demand dropping into their inbox. This can be avoided and our eBook, A General Guide to S166 compliance and risk Reports, available from the CEI Compliance website. management processes Risk assessment can be difficult to anyone who is too in place”. close to the business. However, that said, it is not impossible and often a good 75% can be done effectively in this way. It is often best to get a third party overview of the work done, just as you would expect a quality assurance check on people who check files. If you plan your activity and spend time using each step properly and thoroughly then you will form the basis of a Compliance Risk Register (CRR), supporting document to your Management Information (MI) and provide a dashboard for presenting/reporting to the other senior managers within the firm. This also provides a handy tool (historic and contemporary) for any regulatory visits and keeps you focussed on the higher risk elements and any that are nearing your Compliance Risk Appetite (CRA). This not only makes good business sense but also helps to show you have considered the elements to demonstrate that you are Treating Customers Fairly Whitepaper by CEI Compliance Jan 2011 Author: Lee Werrell Page 1 of 7
COMPLIANCE RISK ASSESSMENT (TCF), specifically Outcomes 1 & 2. A free guide for TCF self-appraisal is available from the CEI Compliance website. PHASE 1 – Data Collection Step One: Products and Services, employment and production environment Make a list of all products and services that are offered. These could include any Mortgage, General Insurance as well as Life and Pensions or Investment products, Will writing referrals, Tax Planning, Debt Counseling or any areas that your firm is involved in. Step Two: Systems and Controls If necessary, meet with Departmental Management or the Office Manager (depending on size) to identify what types of company or department policies, procedures, systems, and automation are in place? List these carefully as they form your controls.  Interview Department Management to identify controls o Policies and procedures to maintain compliance o Degree to which processes are centralised or decentralised o Degree to which processes are automated or manual o Location where these products/services are sold o Location where the customers of these products/services are located o Degree of staff turnover o Training to maintain compliance o Are there plans for new products/services? o Have there been any changes in the product/service/controls in the past year?  If so describe o What about your Disaster Recovery/Business Continuity plans? CEI can also help advise o How is your IT managed?  Summarise your controls you on your Disaster  Meet again to ensure that you have a complete and Recovery and Business accurate summary of controls (and not just your interpretation) Continuity Planning including Pandemic Step Three: Applicable Regulations Preparations With the list of products and services, produce a table where you can record any primary regulations that apply to the products and services offered? This is known as mapping your regulatory universe and is not restricted to just FSA rules. There are Advertising Standards Authority rules to consider as well as new and existing legislation concerning the business right down to employment and other obligations to consider.  Identify the primary regulations that apply to the list you have formed in Step One. Whitepaper by CEI Compliance Jan 2011 Author: Lee Werrell Page 2 of 7
COMPLIANCE RISK ASSESSMENT Phase 2 – Inherent Risk Analysis Whatever you do today there is risk. There is a risk of companies defaulting, there are risks concerned with service level agreements not being honoured, and there are risks that clients may not fully understand the range of products you advise on and it is important to redouble your controls in these areas, for obvious reasons. Step One: Regulatory Risk The regulator has “hot buttons” and these may be Unregistered Collective Investment Schemes (UCIS) or it may be Structured Products and the guarantees offered. You need to be aware of the regulator’s expectations for compliance in the areas you operate in? What issues are at the top of their current list? What is the complexity of the regulatory requirements or is there a lack of specific regulatory guidance. Risk rating these areas will help you form a potential identifier for where you may need to concentrate your efforts in risk mitigation. The Financial Ombudsman Report (FOS) is a good indicator of things that people complain about. Check it out and relate it to The FSA fines in 2010 total your business, products or services. were over £89, 121,000. Although this is provided as guidance you could define The smallest was £5,000 – further levels and it is often useful to attach a monetary Riaz Ahmad – “For failing or number of customers value to them (as appropriate) so that you can start to form a risk appetite. to act with competence …. Failing to have suitable Risk elements to consider are; compliance & risk  Low – management”. o None or minor penalties or Details can be found on the FSA consequences; website o Not a current regulatory priority; http://www.fsa.gov.uk/pages/abo o Noncomplex requirement ut/media/facts/fines o Not an area that we generally have issues with  Medium – o Potential for moderate penalties and/or consequences; o Currently a moderate focus or priority for regulators o Moderately complex with incomplete regulatory guidance o Periodic errors noted by examiners and testers  High – o Potential for significant penalties and/or consequences o Currently a high priority of regulators Whitepaper by CEI Compliance Jan 2011 Author: Lee Werrell Page 3 of 7
COMPLIANCE RISK ASSESSMENT o Highly complex requirement with incomplete regulatory guidance o One of the leading areas where errors are noted Step Two: Reputation Risk What is the level of public and customer Warren Buffet said; “It concern/publicity over noncompliance? takes twenty years to  Low – No or low concern likely; build a reputation and  Medium – Moderate concern possible; five minutes to destroy  High – Significant concern or loss of customer it.” He also said “If you confidence likely lose dollars for the firm, I will be understanding: Step Three: Inherent Risk If you lose reputation, I Using the regulatory risk and reputation risk identified will be ruthless.” in steps 1 and 2, what is the inherent risk in each product and service? Inherent risk is defined as the risk before any controls are exercised or effected? Rank the risk by Regulatory Risk and Reputation Risk. High Regulatory Moderate High High Risk Moderate Regulatory Low Moderate High Risk Low Regulatory Low Low Moderate Risk Low Reputation Moderate Reputation Inherent Risk High Reputation Risk Risk Risk Phase 3 Residual Risk Analysis Step One: Operational Risk Although this can often be subjective, we have found it best carried out with at least two people, preferably as a workshop. These are only guidelines and can be amended by you as required. Simply evaluate the risk associated with: the presence or absence of internal controls, processes, and procedures to maintain compliance; the degree of centralisation or decentralisation; level of automation to eliminate human error; staff turnover that could contribute to errors; and existence of adequate training, annual testing or other competence measures. Whitepaper by CEI Compliance Jan 2011 Author: Lee Werrell Page 4 of 7
COMPLIANCE RISK ASSESSMENT  Low – o Presence of good internal controls, processes, and procedures to maintain compliance o Centralised o Partially or fully automated o Low staff turnover o Adequate training has been provided o Account opened Face-to-Face on site (no distance sales) o Client is local, (lives/works)  Medium – o Some weaknesses or soft areas in internal controls, processes, or procedures o Partially decentralised o Some automation o Moderate staff turnover o Minimal training provided infrequently o Account opened Face-to-Face off site (no distance sales) o Customer located relatively local (within 100 miles) and is maintained adequately  High – o Weak or no internal controls, processes or procedures o Decentralized o Not automated o High staff turnover o No training provided o Account not opened Face-to-Face o Customer located over 100 miles away Probability of error can be and much business is done by phone/fax/email. described as frequency of event. By estimating the Step Two: Probability of Error Risk frequency (1:20 Evaluate the risk that error will occur due to prior history operations pa is 5%, 1:100 of error and changes in regulatory requirements, operations is 1%) and you products, and/or services. can work out your comfort  Test/Audit/Exam Results level or risk appetite and o Low – No errors in last review; o Moderate – Minor errors in last review; likely impact of costs if left o High – Significant errors in last review to run their course.  Change in regulatory requirements o Low – No changes since last monitored; o Moderate – Minor changes since last monitored; o High – Significant changes since last monitored Whitepaper by CEI Compliance Jan 2011 Author: Lee Werrell Page 5 of 7
COMPLIANCE RISK ASSESSMENT  Change in product / service o Low – No changes since last monitored; o Moderate – Minor changes since last monitored; o High – Significant changes since last monitored Step Three: Residual Risk Using the information gathered in steps 1 and 2, what is the residual risk in each product and service? That is, what is the risk after controls? Rank the risk by Operational Risk and Probability of Error Risk, which is the likelihood that an error will occur. High Operational Risk Moderate High High Moderate Operational Low Moderate High Risk Low Operational Risk Low Low Moderate Low Probability Moderate Probability High Probability of Residual Risk of Error Risk of Error Risk Error Risk Phase 4 Overall Risk Analysis and Follow-up Step One: Overall Risk At this point, the risks can be charted on a sliding scale by product or service. For example: High Inherent Moderate High High Risk Moderate Inherent Risk Low Moderate High Low Inherent Low Low Moderate Risk Low Residual High Residual Overall Risk Moderate Residual Risk Risk Risk Where the words Low, Moderate and High Appear, will be the product or service name(s). At this point, the chart can be color coded so that cells that show Low Risk are Yellow, cells showing Moderate are Orange and cells showing High are Red. This provides information “at a glance” for management, the business lines and regulators. Step Two: Management Tolerance of Compliance Risk What is management’s tolerance (risk appetite) of compliance risk? Are there instances where overall risk can be high, despite controls, and still be acceptable to management? If so, document why. If management’s appetite for risk is low, the adequacy of controls must be rigorously monitored to ensure that residual risk is low. Note that the risk may be different by product or service. Take that into consideration along with management’s overall view of compliance risk. Whitepaper by CEI Compliance Jan 2011 Author: Lee Werrell Page 6 of 7
COMPLIANCE RISK ASSESSMENT Step Three: Direction of Risk Consider the direction of risk and probable change in risk over the next twelve months. Categorise this for each product and service using the definitions listed below. Management should take additional action through more controls or increased Increasing review. Stable No additional action is required. Management may want to consider decreasing controls and improving Decreasing efficiencies. The directions of risk can be monitored as part of the annual Compliance Monitoring Plan either by auditors, compliance or departmental responsible in conjunction with management on a more regular basis. There are alternative methods to use such as bottom up and top down assessments with Worst Case Scenarios and most likely occurrences to gauge and demonstrate the range of controls and their effectiveness. This is only a very generic guide and if you need a specific assessment please call us on 0800 689 9 689 or email compliancerisk@ceicompliance.co.uk CEI Compliance can help provide a full compliance support service, reducing required management time, ensuring all areas are up to date and working for your firm’s long term benefit. Call 0800 689 9 689 today or go online at www.ceicompliance.co.uk This whitepaper was written by Lee Werrell FInstSMM Chartered MCSI Cert PFS, founder of CEI Compliance Limited. Lee is contactable at any time and welcomes enquiries from all businesses. Call 0800 689 9 689 Whitepaper by CEI Compliance Jan 2011 Author: Lee Werrell Page 7 of 7

Recomendados

Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & complianceHR Globe Consulting
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and complianceMagdalena Matell
 
Legal Governance, Risk Management and Compliance
Legal Governance, Risk Management and ComplianceLegal Governance, Risk Management and Compliance
Legal Governance, Risk Management and ComplianceEffacts
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITMax Neira Schliemann
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk pptNehaKamboj10
 

Recomendados

Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & complianceHR Globe Consulting
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and complianceMagdalena Matell
 
Legal Governance, Risk Management and Compliance
Legal Governance, Risk Management and ComplianceLegal Governance, Risk Management and Compliance
Legal Governance, Risk Management and ComplianceEffacts
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITMax Neira Schliemann
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk pptNehaKamboj10
 
Certified Risk and Compliance Management Professional (CRCMP) Prep Course Pa...
Certified Risk and Compliance Management Professional (CRCMP) Prep Course Pa...Certified Risk and Compliance Management Professional (CRCMP) Prep Course Pa...
Certified Risk and Compliance Management Professional (CRCMP) Prep Course Pa...Compliance LLC
 
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATIONOPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATIONFrackson Kathibula-Nyoni
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance frameworkCeyeap
 
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler, MBA CPA
 
Corporate Compliance Overview
Corporate Compliance OverviewCorporate Compliance Overview
Corporate Compliance OverviewSam Carr
 
127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0Rachael Phelan
 
Chapter 6 aml compliance programme
Chapter 6 aml compliance programmeChapter 6 aml compliance programme
Chapter 6 aml compliance programmeQuan Risk
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk ManagementAsad Hameed
 
Leveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationLeveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationInternational Federation of Accountants
 
Compliance Strategy and Performance
Compliance Strategy and PerformanceCompliance Strategy and Performance
Compliance Strategy and PerformanceEthisphere
 
Enterprise Risk Management.pdf
Enterprise Risk Management.pdfEnterprise Risk Management.pdf
Enterprise Risk Management.pdfSelf Employed
 
GRC Fundamentals
GRC FundamentalsGRC Fundamentals
GRC Fundamentals3Sixty Insights
 
Segregation of Duties
Segregation of DutiesSegregation of Duties
Segregation of DutiesPECB
 
Compliance framework
Compliance frameworkCompliance framework
Compliance frameworkManoj Agarwal
 
Coso framework
Coso frameworkCoso framework
Coso frameworkDarryl Woolley
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceResolver Inc.
 
Anti-Money Laundering (AML) Risk Assessment Process
Anti-Money Laundering (AML) Risk Assessment ProcessAnti-Money Laundering (AML) Risk Assessment Process
Anti-Money Laundering (AML) Risk Assessment Processaccenture
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
Strategic Planning For Compliance
Strategic Planning For ComplianceStrategic Planning For Compliance
Strategic Planning For ComplianceAnn Oglanian
 
Corporate compliance powerpoint
Corporate compliance powerpointCorporate compliance powerpoint
Corporate compliance powerpointsmcmanus3
 

Mais conteúdo relacionado

Mais procurados

Certified Risk and Compliance Management Professional (CRCMP) Prep Course Pa...
Certified Risk and Compliance Management Professional (CRCMP) Prep Course Pa...Certified Risk and Compliance Management Professional (CRCMP) Prep Course Pa...
Certified Risk and Compliance Management Professional (CRCMP) Prep Course Pa...Compliance LLC
 
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATIONOPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATIONFrackson Kathibula-Nyoni
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance frameworkCeyeap
 
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler, MBA CPA
 
Corporate Compliance Overview
Corporate Compliance OverviewCorporate Compliance Overview
Corporate Compliance OverviewSam Carr
 
127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0Rachael Phelan
 
Chapter 6 aml compliance programme
Chapter 6 aml compliance programmeChapter 6 aml compliance programme
Chapter 6 aml compliance programmeQuan Risk
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk ManagementAsad Hameed
 
Leveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationLeveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationInternational Federation of Accountants
 
Compliance Strategy and Performance
Compliance Strategy and PerformanceCompliance Strategy and Performance
Compliance Strategy and PerformanceEthisphere
 
Enterprise Risk Management.pdf
Enterprise Risk Management.pdfEnterprise Risk Management.pdf
Enterprise Risk Management.pdfSelf Employed
 
Segregation of Duties
Segregation of DutiesSegregation of Duties
Segregation of DutiesPECB
 
Compliance framework
Compliance frameworkCompliance framework
Compliance frameworkManoj Agarwal
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceResolver Inc.
 
Anti-Money Laundering (AML) Risk Assessment Process
Anti-Money Laundering (AML) Risk Assessment ProcessAnti-Money Laundering (AML) Risk Assessment Process
Anti-Money Laundering (AML) Risk Assessment Processaccenture
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 

Mais procurados (20)

Certified Risk and Compliance Management Professional (CRCMP) Prep Course Pa...
Certified Risk and Compliance Management Professional (CRCMP) Prep Course Pa...Certified Risk and Compliance Management Professional (CRCMP) Prep Course Pa...
Certified Risk and Compliance Management Professional (CRCMP) Prep Course Pa...
 
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATIONOPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
OPERATIONAL RISK MANAGEMENT FRAMEWORK PRESENTATION
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance framework
 
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
 
Corporate Compliance Overview
Corporate Compliance OverviewCorporate Compliance Overview
Corporate Compliance Overview
 
127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0
 
Chapter 6 aml compliance programme
Chapter 6 aml compliance programmeChapter 6 aml compliance programme
Chapter 6 aml compliance programme
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk Management
 
Leveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationLeveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your Organization
 
Compliance Strategy and Performance
Compliance Strategy and PerformanceCompliance Strategy and Performance
Compliance Strategy and Performance
 
Enterprise Risk Management.pdf
Enterprise Risk Management.pdfEnterprise Risk Management.pdf
Enterprise Risk Management.pdf
 
GRC Fundamentals
GRC FundamentalsGRC Fundamentals
GRC Fundamentals
 
Segregation of Duties
Segregation of DutiesSegregation of Duties
Segregation of Duties
 
Compliance framework
Compliance frameworkCompliance framework
Compliance framework
 
Coso framework
Coso frameworkCoso framework
Coso framework
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and Performance
 
Anti-Money Laundering (AML) Risk Assessment Process
Anti-Money Laundering (AML) Risk Assessment ProcessAnti-Money Laundering (AML) Risk Assessment Process
Anti-Money Laundering (AML) Risk Assessment Process
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 

Destaque

Strategic Planning For Compliance
Strategic Planning For ComplianceStrategic Planning For Compliance
Strategic Planning For ComplianceAnn Oglanian
 
Corporate compliance powerpoint
Corporate compliance powerpointCorporate compliance powerpoint
Corporate compliance powerpointsmcmanus3
 
6 Steps to Legal Risk Management
6 Steps to Legal Risk Management6 Steps to Legal Risk Management
6 Steps to Legal Risk ManagementBerkman Solutions
 
How to measure and manage legal risk
How to measure and manage legal riskHow to measure and manage legal risk
How to measure and manage legal riskBerkman Solutions
 
Internal Control and Compliance.
Internal Control and Compliance.Internal Control and Compliance.
Internal Control and Compliance.Mohammad Robiul
 
mpx Replay, Expedite Your Catch-Up and C3 Workflow 2 of 2
mpx Replay, Expedite Your Catch-Up and C3 Workflow 2 of 2mpx Replay, Expedite Your Catch-Up and C3 Workflow 2 of 2
mpx Replay, Expedite Your Catch-Up and C3 Workflow 2 of 2thePlatform
 
Diarrhea:Myths and facts, Precaution
Diarrhea:Myths and facts, Precaution Diarrhea:Myths and facts, Precaution
Diarrhea:Myths and facts, Precaution Wuzna Haroon
 
Energy Strategy Group_Report 2012 efficienza energetica
Energy Strategy Group_Report 2012 efficienza energeticaEnergy Strategy Group_Report 2012 efficienza energetica
Energy Strategy Group_Report 2012 efficienza energeticaEugenio Bacile di Castiglione
 

Destaque (12)

Strategic Planning For Compliance
Strategic Planning For ComplianceStrategic Planning For Compliance
Strategic Planning For Compliance
 
Corporate compliance powerpoint
Corporate compliance powerpointCorporate compliance powerpoint
Corporate compliance powerpoint
 
6 Steps to Legal Risk Management
6 Steps to Legal Risk Management6 Steps to Legal Risk Management
6 Steps to Legal Risk Management
 
How to measure and manage legal risk
How to measure and manage legal riskHow to measure and manage legal risk
How to measure and manage legal risk
 
Internal Control and Compliance.
Internal Control and Compliance.Internal Control and Compliance.
Internal Control and Compliance.
 
Nt1310 project
Nt1310 projectNt1310 project
Nt1310 project
 
Context Based Authentication
Context Based AuthenticationContext Based Authentication
Context Based Authentication
 
Basics of Coding in Pediatrics Medical Billing
Basics of Coding in Pediatrics Medical BillingBasics of Coding in Pediatrics Medical Billing
Basics of Coding in Pediatrics Medical Billing
 
mpx Replay, Expedite Your Catch-Up and C3 Workflow 2 of 2
mpx Replay, Expedite Your Catch-Up and C3 Workflow 2 of 2mpx Replay, Expedite Your Catch-Up and C3 Workflow 2 of 2
mpx Replay, Expedite Your Catch-Up and C3 Workflow 2 of 2
 
Information från Läkemedelsverket #5 2013
Information från Läkemedelsverket #5 2013Information från Läkemedelsverket #5 2013
Information från Läkemedelsverket #5 2013
 
Diarrhea:Myths and facts, Precaution
Diarrhea:Myths and facts, Precaution Diarrhea:Myths and facts, Precaution
Diarrhea:Myths and facts, Precaution
 
Energy Strategy Group_Report 2012 efficienza energetica
Energy Strategy Group_Report 2012 efficienza energeticaEnergy Strategy Group_Report 2012 efficienza energetica
Energy Strategy Group_Report 2012 efficienza energetica
 

Semelhante a Compliance Risk Assessment

Embedding compliance: how to integrate sarbanes-oxley in your projects
Embedding compliance: how to integrate sarbanes-oxley in your projectsEmbedding compliance: how to integrate sarbanes-oxley in your projects
Embedding compliance: how to integrate sarbanes-oxley in your projects3gamma
 
risk management POV Digital (V.08)
risk management POV Digital (V.08)risk management POV Digital (V.08)
risk management POV Digital (V.08)Isabel Viegas
 
Effective Internal Controls over Financial Reporting with Business Process Ou...
Effective Internal Controls over Financial Reporting with Business Process Ou...Effective Internal Controls over Financial Reporting with Business Process Ou...
Effective Internal Controls over Financial Reporting with Business Process Ou...RNayak3
 
Effective Internal Controls over Financial Reporting with Business Process Ou...
Effective Internal Controls over Financial Reporting with Business Process Ou...Effective Internal Controls over Financial Reporting with Business Process Ou...
Effective Internal Controls over Financial Reporting with Business Process Ou...RNayak3
 
White Paper: A summary of the FSA thematic review
White Paper: A summary of the FSA thematic reviewWhite Paper: A summary of the FSA thematic review
White Paper: A summary of the FSA thematic reviewLexisNexis Benelux
 
The Sarbanes Oxley ( Sox ) Act
The Sarbanes Oxley ( Sox ) ActThe Sarbanes Oxley ( Sox ) Act
The Sarbanes Oxley ( Sox ) ActDana Boo
 
Fit for Service - A strategy for service organizations.
Fit for Service - A strategy for service organizations. Fit for Service - A strategy for service organizations.
Fit for Service - A strategy for service organizations. Michael Werneburg
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk ConsultingPrashant Jain
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...LexisNexis Benelux
 
Making Connections
Making ConnectionsMaking Connections
Making ConnectionsTina Jordan
 
7 steps to build an effective corporate compliance strategy
7 steps to build an effective corporate compliance strategy7 steps to build an effective corporate compliance strategy
7 steps to build an effective corporate compliance strategyMaarten BOONEN
 
Regulatory Change is a Business Opportunity, not a Burden
Regulatory Change is a Business Opportunity, not a Burden Regulatory Change is a Business Opportunity, not a Burden
Regulatory Change is a Business Opportunity, not a Burden Amit Agrawal
 
My presentation at Simon-page Biz Sch in 2012
My presentation at Simon-page Biz Sch in 2012My presentation at Simon-page Biz Sch in 2012
My presentation at Simon-page Biz Sch in 2012abiodunmamora
 

Semelhante a Compliance Risk Assessment (20)

S166 Guide For Senior Managers
S166 Guide For Senior ManagersS166 Guide For Senior Managers
S166 Guide For Senior Managers
 
Embedding compliance: how to integrate sarbanes-oxley in your projects
Embedding compliance: how to integrate sarbanes-oxley in your projectsEmbedding compliance: how to integrate sarbanes-oxley in your projects
Embedding compliance: how to integrate sarbanes-oxley in your projects
 
Ey segregation of_duties
Ey segregation of_dutiesEy segregation of_duties
Ey segregation of_duties
 
risk management POV Digital (V.08)
risk management POV Digital (V.08)risk management POV Digital (V.08)
risk management POV Digital (V.08)
 
Effective Internal Controls over Financial Reporting with Business Process Ou...
Effective Internal Controls over Financial Reporting with Business Process Ou...Effective Internal Controls over Financial Reporting with Business Process Ou...
Effective Internal Controls over Financial Reporting with Business Process Ou...
 
Effective Internal Controls over Financial Reporting with Business Process Ou...
Effective Internal Controls over Financial Reporting with Business Process Ou...Effective Internal Controls over Financial Reporting with Business Process Ou...
Effective Internal Controls over Financial Reporting with Business Process Ou...
 
White Paper: A summary of the FSA thematic review
White Paper: A summary of the FSA thematic reviewWhite Paper: A summary of the FSA thematic review
White Paper: A summary of the FSA thematic review
 
The Sarbanes Oxley ( Sox ) Act
The Sarbanes Oxley ( Sox ) ActThe Sarbanes Oxley ( Sox ) Act
The Sarbanes Oxley ( Sox ) Act
 
Audit Committee
Audit CommitteeAudit Committee
Audit Committee
 
Fit for Service - A strategy for service organizations.
Fit for Service - A strategy for service organizations. Fit for Service - A strategy for service organizations.
Fit for Service - A strategy for service organizations.
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk Consulting
 
Gaap Essay
Gaap EssayGaap Essay
Gaap Essay
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
 
Audit Fee
Audit FeeAudit Fee
Audit Fee
 
Khazi Sox A
Khazi Sox AKhazi Sox A
Khazi Sox A
 
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
 
Making Connections
Making ConnectionsMaking Connections
Making Connections
 
7 steps to build an effective corporate compliance strategy
7 steps to build an effective corporate compliance strategy7 steps to build an effective corporate compliance strategy
7 steps to build an effective corporate compliance strategy
 
Regulatory Change is a Business Opportunity, not a Burden
Regulatory Change is a Business Opportunity, not a Burden Regulatory Change is a Business Opportunity, not a Burden
Regulatory Change is a Business Opportunity, not a Burden
 
My presentation at Simon-page Biz Sch in 2012
My presentation at Simon-page Biz Sch in 2012My presentation at Simon-page Biz Sch in 2012
My presentation at Simon-page Biz Sch in 2012
 

Mais de Compliance Consultant

The ideal length of everything online - like a zoo
The ideal length of everything online - like a zooThe ideal length of everything online - like a zoo
The ideal length of everything online - like a zooCompliance Consultant
 
Need for a Social Media Policy: What You Need In Your Policy
Need for a Social Media Policy: What You Need In Your PolicyNeed for a Social Media Policy: What You Need In Your Policy
Need for a Social Media Policy: What You Need In Your PolicyCompliance Consultant
 
Senior Manager's Regime Changes 2015 - Next Steps
Senior Manager's Regime Changes 2015 - Next StepsSenior Manager's Regime Changes 2015 - Next Steps
Senior Manager's Regime Changes 2015 - Next StepsCompliance Consultant
 
Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...
Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...
Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...Compliance Consultant
 
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...Compliance Consultant
 
Reducing regulatory capital by instigating risk management system and operati...
Reducing regulatory capital by instigating risk management system and operati...Reducing regulatory capital by instigating risk management system and operati...
Reducing regulatory capital by instigating risk management system and operati...Compliance Consultant
 
Operational risk and risk management across multi-jurisdictions for internati...
Operational risk and risk management across multi-jurisdictions for internati...Operational risk and risk management across multi-jurisdictions for internati...
Operational risk and risk management across multi-jurisdictions for internati...Compliance Consultant
 
Increasing your chances of success by engaging with a niche consultancy
Increasing your chances of success by engaging with a niche consultancyIncreasing your chances of success by engaging with a niche consultancy
Increasing your chances of success by engaging with a niche consultancyCompliance Consultant
 
Interpretation of regulatory rules and guidance for an international investme...
Interpretation of regulatory rules and guidance for an international investme...Interpretation of regulatory rules and guidance for an international investme...
Interpretation of regulatory rules and guidance for an international investme...Compliance Consultant
 
FSA CP12/25 effectiveness of the UK Listing Regime
FSA CP12/25 effectiveness of the UK Listing RegimeFSA CP12/25 effectiveness of the UK Listing Regime
FSA CP12/25 effectiveness of the UK Listing RegimeCompliance Consultant
 
The price of breaching the FSA principles
The price of breaching the FSA principlesThe price of breaching the FSA principles
The price of breaching the FSA principlesCompliance Consultant
 
The price of breaching the fsa principles
The price of breaching the fsa principlesThe price of breaching the fsa principles
The price of breaching the fsa principlesCompliance Consultant
 
Cp1230 FSA consultation paper summary: complaints against the regulators
Cp1230 FSA consultation paper summary: complaints against the regulatorsCp1230 FSA consultation paper summary: complaints against the regulators
Cp1230 FSA consultation paper summary: complaints against the regulatorsCompliance Consultant
 
CP12_31 removing the simplified ILAS BIPRU firm automatic scalar increase
CP12_31 removing the simplified ILAS BIPRU firm automatic scalar increaseCP12_31 removing the simplified ILAS BIPRU firm automatic scalar increase
CP12_31 removing the simplified ILAS BIPRU firm automatic scalar increaseCompliance Consultant
 
UK Regulatory Visit Coaching for Senior management
UK Regulatory Visit Coaching for Senior managementUK Regulatory Visit Coaching for Senior management
UK Regulatory Visit Coaching for Senior managementCompliance Consultant
 

Mais de Compliance Consultant (20)

The ideal length of everything online - like a zoo
The ideal length of everything online - like a zooThe ideal length of everything online - like a zoo
The ideal length of everything online - like a zoo
 
Need for a Social Media Policy: What You Need In Your Policy
Need for a Social Media Policy: What You Need In Your PolicyNeed for a Social Media Policy: What You Need In Your Policy
Need for a Social Media Policy: What You Need In Your Policy
 
Video marketing
Video marketingVideo marketing
Video marketing
 
Alex the Compliance Director
Alex the Compliance DirectorAlex the Compliance Director
Alex the Compliance Director
 
Senior Manager's Regime Changes 2015 - Next Steps
Senior Manager's Regime Changes 2015 - Next StepsSenior Manager's Regime Changes 2015 - Next Steps
Senior Manager's Regime Changes 2015 - Next Steps
 
Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...
Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...
Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...
 
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
 
Reducing regulatory capital by instigating risk management system and operati...
Reducing regulatory capital by instigating risk management system and operati...Reducing regulatory capital by instigating risk management system and operati...
Reducing regulatory capital by instigating risk management system and operati...
 
Operational risk and risk management across multi-jurisdictions for internati...
Operational risk and risk management across multi-jurisdictions for internati...Operational risk and risk management across multi-jurisdictions for internati...
Operational risk and risk management across multi-jurisdictions for internati...
 
Increasing your chances of success by engaging with a niche consultancy
Increasing your chances of success by engaging with a niche consultancyIncreasing your chances of success by engaging with a niche consultancy
Increasing your chances of success by engaging with a niche consultancy
 
Interpretation of regulatory rules and guidance for an international investme...
Interpretation of regulatory rules and guidance for an international investme...Interpretation of regulatory rules and guidance for an international investme...
Interpretation of regulatory rules and guidance for an international investme...
 
FSA CP12/25 effectiveness of the UK Listing Regime
FSA CP12/25 effectiveness of the UK Listing RegimeFSA CP12/25 effectiveness of the UK Listing Regime
FSA CP12/25 effectiveness of the UK Listing Regime
 
The price of breaching the FSA principles
The price of breaching the FSA principlesThe price of breaching the FSA principles
The price of breaching the FSA principles
 
The price of breaching the fsa principles
The price of breaching the fsa principlesThe price of breaching the fsa principles
The price of breaching the fsa principles
 
Cp1230 FSA consultation paper summary: complaints against the regulators
Cp1230 FSA consultation paper summary: complaints against the regulatorsCp1230 FSA consultation paper summary: complaints against the regulators
Cp1230 FSA consultation paper summary: complaints against the regulators
 
CP12_31 removing the simplified ILAS BIPRU firm automatic scalar increase
CP12_31 removing the simplified ILAS BIPRU firm automatic scalar increaseCP12_31 removing the simplified ILAS BIPRU firm automatic scalar increase
CP12_31 removing the simplified ILAS BIPRU firm automatic scalar increase
 
Whats wrong with UCIS?
Whats wrong with UCIS?Whats wrong with UCIS?
Whats wrong with UCIS?
 
UK Regulatory Visit Coaching for Senior management
UK Regulatory Visit Coaching for Senior managementUK Regulatory Visit Coaching for Senior management
UK Regulatory Visit Coaching for Senior management
 
Management information v1 6
Management information v1 6Management information v1 6
Management information v1 6
 
Reducing Regulatory Capital
Reducing Regulatory CapitalReducing Regulatory Capital
Reducing Regulatory Capital
 

Último

9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 DelhiCall Girls in Delhi
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Tina Ji
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in managementchhavia330
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingShawn Pang
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaShree Krishna Exports
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...noida100girls
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfOnline Income Engine
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 

Último (20)

9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in management
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in India
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdf
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 

Compliance Risk Assessment

  • 1. Steps for Compliance Risk Assessment Identification and mitigation of controls Auditing your Compliance Risk Areas can be daunting and time consuming unless you have a planned and agreed methodology. CEI Compliance Provide you with that strategy in this document CEI Compliance
  • 2. COMPLIANCE RISK ASSESSMENT 2010 has seen a number of new rules and changes to old rules following the Walker Review and the publication of PS10/15. The role of good governance in financial services firms continues to be high on the international and domestic agenda. Internationally, since January, the Basel Committee on Banking Supervision issued a set of principles in March 2010 for consultation. These principles are for enhancing sound corporate governance practices within banking organisations. In June, the European Commission published its Green paper on Corporate Governance. Domestically, the Financial Reporting Council has now published a new (May 2010) edition of the UK Corporate Governance Code and in July 2010, published The UK Stewardship Code. The Financial Services Authority (FSA) Chief Executive Hector Sants’s made a speech on 17 June to the Chartered Institute of Securities and Investments (CISI) conference drew attention to the importance of a firm’s culture in developing good regulatory outcomes and the role that governance plays in this. Sir David Walker’s Review made several recommendations including the role of the Chief Risk Officer and the establishment of Risk Committees and the temptation of many firms will be to say “we are too small to consider risk officers or committees”, or using the FSA’s term of appropriate and proportionate would claim that they are not of significant size, turnover or risk rating to In 2010, 10 individuals warrant such attention. In some cases this may be true but in many it could be a false assumption. There and companies were could be a number of items that get overlooked fined over £3,500,000 because you have been running the business for years and are “on top of everything.” Unfortunately a for “failing to have number of firms have found that they are often lacking adequate systems and in Systems & Controls (SYSC) requirements, even Article 3 Exempt firms, which quickly become apparent controls” or “failing to after a themed visit from the FSA and a Section 166 have suitable Report demand dropping into their inbox. This can be avoided and our eBook, A General Guide to S166 compliance and risk Reports, available from the CEI Compliance website. management processes Risk assessment can be difficult to anyone who is too in place”. close to the business. However, that said, it is not impossible and often a good 75% can be done effectively in this way. It is often best to get a third party overview of the work done, just as you would expect a quality assurance check on people who check files. If you plan your activity and spend time using each step properly and thoroughly then you will form the basis of a Compliance Risk Register (CRR), supporting document to your Management Information (MI) and provide a dashboard for presenting/reporting to the other senior managers within the firm. This also provides a handy tool (historic and contemporary) for any regulatory visits and keeps you focussed on the higher risk elements and any that are nearing your Compliance Risk Appetite (CRA). This not only makes good business sense but also helps to show you have considered the elements to demonstrate that you are Treating Customers Fairly Whitepaper by CEI Compliance Jan 2011 Author: Lee Werrell Page 1 of 7
  • 3. COMPLIANCE RISK ASSESSMENT (TCF), specifically Outcomes 1 & 2. A free guide for TCF self-appraisal is available from the CEI Compliance website. PHASE 1 – Data Collection Step One: Products and Services, employment and production environment Make a list of all products and services that are offered. These could include any Mortgage, General Insurance as well as Life and Pensions or Investment products, Will writing referrals, Tax Planning, Debt Counseling or any areas that your firm is involved in. Step Two: Systems and Controls If necessary, meet with Departmental Management or the Office Manager (depending on size) to identify what types of company or department policies, procedures, systems, and automation are in place? List these carefully as they form your controls.  Interview Department Management to identify controls o Policies and procedures to maintain compliance o Degree to which processes are centralised or decentralised o Degree to which processes are automated or manual o Location where these products/services are sold o Location where the customers of these products/services are located o Degree of staff turnover o Training to maintain compliance o Are there plans for new products/services? o Have there been any changes in the product/service/controls in the past year?  If so describe o What about your Disaster Recovery/Business Continuity plans? CEI can also help advise o How is your IT managed?  Summarise your controls you on your Disaster  Meet again to ensure that you have a complete and Recovery and Business accurate summary of controls (and not just your interpretation) Continuity Planning including Pandemic Step Three: Applicable Regulations Preparations With the list of products and services, produce a table where you can record any primary regulations that apply to the products and services offered? This is known as mapping your regulatory universe and is not restricted to just FSA rules. There are Advertising Standards Authority rules to consider as well as new and existing legislation concerning the business right down to employment and other obligations to consider.  Identify the primary regulations that apply to the list you have formed in Step One. Whitepaper by CEI Compliance Jan 2011 Author: Lee Werrell Page 2 of 7
  • 4. COMPLIANCE RISK ASSESSMENT Phase 2 – Inherent Risk Analysis Whatever you do today there is risk. There is a risk of companies defaulting, there are risks concerned with service level agreements not being honoured, and there are risks that clients may not fully understand the range of products you advise on and it is important to redouble your controls in these areas, for obvious reasons. Step One: Regulatory Risk The regulator has “hot buttons” and these may be Unregistered Collective Investment Schemes (UCIS) or it may be Structured Products and the guarantees offered. You need to be aware of the regulator’s expectations for compliance in the areas you operate in? What issues are at the top of their current list? What is the complexity of the regulatory requirements or is there a lack of specific regulatory guidance. Risk rating these areas will help you form a potential identifier for where you may need to concentrate your efforts in risk mitigation. The Financial Ombudsman Report (FOS) is a good indicator of things that people complain about. Check it out and relate it to The FSA fines in 2010 total your business, products or services. were over £89, 121,000. Although this is provided as guidance you could define The smallest was £5,000 – further levels and it is often useful to attach a monetary Riaz Ahmad – “For failing or number of customers value to them (as appropriate) so that you can start to form a risk appetite. to act with competence …. Failing to have suitable Risk elements to consider are; compliance & risk  Low – management”. o None or minor penalties or Details can be found on the FSA consequences; website o Not a current regulatory priority; http://www.fsa.gov.uk/pages/abo o Noncomplex requirement ut/media/facts/fines o Not an area that we generally have issues with  Medium – o Potential for moderate penalties and/or consequences; o Currently a moderate focus or priority for regulators o Moderately complex with incomplete regulatory guidance o Periodic errors noted by examiners and testers  High – o Potential for significant penalties and/or consequences o Currently a high priority of regulators Whitepaper by CEI Compliance Jan 2011 Author: Lee Werrell Page 3 of 7
  • 5. COMPLIANCE RISK ASSESSMENT o Highly complex requirement with incomplete regulatory guidance o One of the leading areas where errors are noted Step Two: Reputation Risk What is the level of public and customer Warren Buffet said; “It concern/publicity over noncompliance? takes twenty years to  Low – No or low concern likely; build a reputation and  Medium – Moderate concern possible; five minutes to destroy  High – Significant concern or loss of customer it.” He also said “If you confidence likely lose dollars for the firm, I will be understanding: Step Three: Inherent Risk If you lose reputation, I Using the regulatory risk and reputation risk identified will be ruthless.” in steps 1 and 2, what is the inherent risk in each product and service? Inherent risk is defined as the risk before any controls are exercised or effected? Rank the risk by Regulatory Risk and Reputation Risk. High Regulatory Moderate High High Risk Moderate Regulatory Low Moderate High Risk Low Regulatory Low Low Moderate Risk Low Reputation Moderate Reputation Inherent Risk High Reputation Risk Risk Risk Phase 3 Residual Risk Analysis Step One: Operational Risk Although this can often be subjective, we have found it best carried out with at least two people, preferably as a workshop. These are only guidelines and can be amended by you as required. Simply evaluate the risk associated with: the presence or absence of internal controls, processes, and procedures to maintain compliance; the degree of centralisation or decentralisation; level of automation to eliminate human error; staff turnover that could contribute to errors; and existence of adequate training, annual testing or other competence measures. Whitepaper by CEI Compliance Jan 2011 Author: Lee Werrell Page 4 of 7
  • 6. COMPLIANCE RISK ASSESSMENT  Low – o Presence of good internal controls, processes, and procedures to maintain compliance o Centralised o Partially or fully automated o Low staff turnover o Adequate training has been provided o Account opened Face-to-Face on site (no distance sales) o Client is local, (lives/works)  Medium – o Some weaknesses or soft areas in internal controls, processes, or procedures o Partially decentralised o Some automation o Moderate staff turnover o Minimal training provided infrequently o Account opened Face-to-Face off site (no distance sales) o Customer located relatively local (within 100 miles) and is maintained adequately  High – o Weak or no internal controls, processes or procedures o Decentralized o Not automated o High staff turnover o No training provided o Account not opened Face-to-Face o Customer located over 100 miles away Probability of error can be and much business is done by phone/fax/email. described as frequency of event. By estimating the Step Two: Probability of Error Risk frequency (1:20 Evaluate the risk that error will occur due to prior history operations pa is 5%, 1:100 of error and changes in regulatory requirements, operations is 1%) and you products, and/or services. can work out your comfort  Test/Audit/Exam Results level or risk appetite and o Low – No errors in last review; o Moderate – Minor errors in last review; likely impact of costs if left o High – Significant errors in last review to run their course.  Change in regulatory requirements o Low – No changes since last monitored; o Moderate – Minor changes since last monitored; o High – Significant changes since last monitored Whitepaper by CEI Compliance Jan 2011 Author: Lee Werrell Page 5 of 7
  • 7. COMPLIANCE RISK ASSESSMENT  Change in product / service o Low – No changes since last monitored; o Moderate – Minor changes since last monitored; o High – Significant changes since last monitored Step Three: Residual Risk Using the information gathered in steps 1 and 2, what is the residual risk in each product and service? That is, what is the risk after controls? Rank the risk by Operational Risk and Probability of Error Risk, which is the likelihood that an error will occur. High Operational Risk Moderate High High Moderate Operational Low Moderate High Risk Low Operational Risk Low Low Moderate Low Probability Moderate Probability High Probability of Residual Risk of Error Risk of Error Risk Error Risk Phase 4 Overall Risk Analysis and Follow-up Step One: Overall Risk At this point, the risks can be charted on a sliding scale by product or service. For example: High Inherent Moderate High High Risk Moderate Inherent Risk Low Moderate High Low Inherent Low Low Moderate Risk Low Residual High Residual Overall Risk Moderate Residual Risk Risk Risk Where the words Low, Moderate and High Appear, will be the product or service name(s). At this point, the chart can be color coded so that cells that show Low Risk are Yellow, cells showing Moderate are Orange and cells showing High are Red. This provides information “at a glance” for management, the business lines and regulators. Step Two: Management Tolerance of Compliance Risk What is management’s tolerance (risk appetite) of compliance risk? Are there instances where overall risk can be high, despite controls, and still be acceptable to management? If so, document why. If management’s appetite for risk is low, the adequacy of controls must be rigorously monitored to ensure that residual risk is low. Note that the risk may be different by product or service. Take that into consideration along with management’s overall view of compliance risk. Whitepaper by CEI Compliance Jan 2011 Author: Lee Werrell Page 6 of 7
  • 8. COMPLIANCE RISK ASSESSMENT Step Three: Direction of Risk Consider the direction of risk and probable change in risk over the next twelve months. Categorise this for each product and service using the definitions listed below. Management should take additional action through more controls or increased Increasing review. Stable No additional action is required. Management may want to consider decreasing controls and improving Decreasing efficiencies. The directions of risk can be monitored as part of the annual Compliance Monitoring Plan either by auditors, compliance or departmental responsible in conjunction with management on a more regular basis. There are alternative methods to use such as bottom up and top down assessments with Worst Case Scenarios and most likely occurrences to gauge and demonstrate the range of controls and their effectiveness. This is only a very generic guide and if you need a specific assessment please call us on 0800 689 9 689 or email compliancerisk@ceicompliance.co.uk CEI Compliance can help provide a full compliance support service, reducing required management time, ensuring all areas are up to date and working for your firm’s long term benefit. Call 0800 689 9 689 today or go online at www.ceicompliance.co.uk This whitepaper was written by Lee Werrell FInstSMM Chartered MCSI Cert PFS, founder of CEI Compliance Limited. Lee is contactable at any time and welcomes enquiries from all businesses. Call 0800 689 9 689 Whitepaper by CEI Compliance Jan 2011 Author: Lee Werrell Page 7 of 7