Vycki’s 10 Can’t-Miss Compliance Management Tips
As part of our discussions with industry, I wanted to share what compliance peers are seeing, and providing the latest tips and tricks for making compliance more effective.
Here are 10 key tips:
- When it comes to monitoring, touch on every regulation at least once a year.
Create a compliance monitoring schedule based on regs and every month sample test specific regulations. Some regulations are high risk or relate to exam or audit findings or comments and require daily or monthly monitoring. Others are low risk and only need to be looked at once a year. If there’s a new rule, make sure to revisit it more often in the beginning just to make sure the changes stick.
2. Keep up with training.
It’s important to receive as much training on key regulations as possible. Even if it’s an old regulation, regulators often have a different focus each year as they find hot new areas. When it comes to Money Laundering there can never be too much training. Try to set aside an hour a week just for training.
3. The Regulator loves minutes – it really helps when documenting oversight,
One compliance officer provides a summary compliance monitoring report to either the compliance committee or the board’s compliance committee each month. It includes a summary of findings, any root causes, and recommendations for courses of action. It also addresses CRA dashboards, regulatory complaints received, and actions taken. Make sure someone is taking minutes from these meetings and that person knows what regulators will be looking for in those minutes. Make sure the minutes document the reaction of the board and management.
4. If you’re having trouble getting the budget you need for technology and tools, give management a cost-benefit analysis.
Management respond to hard facts and figures. By conducting a cost-benefit analysis to show bottom-line savings in pounds, pence and efficiency gains. Take efficiencies, equate them to hours, and then equate them to pounds.
5. Compliance Risk Assessment, privacy and data protection are some of the areas where compliance officers would like to see some additional guidance.
The web of privacy laws & data protection regulation is cumbersome and scary for compliance departments, which compliance officers have to track and implement. Compliance Risk Assessment could also benefit from more consistent guidance.
6. If the Board ignores your recommendations, document the decision and move on.
Don’t need to go to battle with them. Management ultimately makes the call on compliance. If their decisions contradict your recommendations, document their decision for your own protection.
7. When trying to balance innovation with compliance, someone always seems to ask what would happen if the company broke a
The best answer is to walk them through the ROI calculation on noncompliance. Present the penalties for ignoring a rule using as much factual information as you can find. If you do ROI calculation on noncompliance, 99% of the time they will find the cost of violating a regulation, whether its reputational risk in the community or actual cost of litigation, findings, and resolution, will exceed the cost of proper controls to mitigate noncompliance. Some compliance officers have had luck reviewing the budget and asking how many settlements and judgments the FI can afford. Before decision-makers go forward, make sure they understand where the risks are and state that they are willing to accept them.
8. When you make a mistake, disclose it to the regulator.
There are two types of violations: wilful disobedience and honest mistakes. When you makes a mistake, own the mistake and show what was done to fix it. The consequences are much worse if you don’t tell examiners and they find the problem. The Regulator understands that mistakes happen and would rather you be open about them.
9. Examiners say they will give grace when it comes to needing time to get materials together, but compliance officers aren’t seeing any change in monitoring requirements.
The trend observed by compliance officers is that regulator demands for documentation haven’t changed.
10. Compliance officers need to keep an eye on the compliance ball because management is focused on other areas right now.
The Board and the day t0 day management have a really large amount to deal with. Compliance is probably not top of mind (although it probably should be!) Be the compliance eyes and ears your management team needs to make sure compliance remains at the forefront. When it comes to making decisions, you are less likely to have your decision criticised as long as they are well thought out and documented.
With the assistance of Sabre, we can start to make a difference with sustaining regulatory compliance while driving efficiency.
For more information, contact Vycki at Sabre Advisory.