corporate compliance: compliance framework and hot topics
DESCRIPTION
Corporate Compliance: Compliance Framework and Hot Topics. Tammy Eisenberg Executive Director, Corporate Compliance CLS Group March 6, 2014. Disclaimer. The views represented herein are solely those of the author and do not necessarily represent the views of the CLS Group. - PowerPoint PPT PresentationTRANSCRIPT
www.cls-group.com
® CLS and the CLS Logo are registered trademarks of CLS UK Intermediate Holdings Ltd © 2014 CLS UK Intermediate Holdings Ltd.
Corporate Compliance: Compliance Framework and Hot Topics
Tammy EisenbergExecutive Director, Corporate Compliance
CLS GroupMarch 6, 2014
2
The views represented herein are solely those of the author and do not necessarily represent the views of the CLS Group.
Disclaimer
3
At it’s most fundamental, a bank Corporate Compliance program is about ethics and managing conflicts of interest. Put simply, it’s about doing the right thing.
What is Corporate Compliance?
4
Compliance Policy
Framework
Compliance Risk
Framework
TrainingMonitoring&
Testing
Elements of a Corporate Compliance Program
» How does your organization define “Compliance Risk?”
» Basel Committee on Banking Supervision – “Compliance and the Compliance Function in Banks.”
» Compliance Risk is the risk of legal or regulatory sanctions, material financial loss, or loss of reputation a bank may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory standards, and codes of conduct applicable to its banking activities.
What is Compliance Risk
5
6
» A Compliance Risk Framework is a tool that identifies, measures, documents and assesses compliance risk associated with a bank’s activities, including:
» Development of new products/services» New business practices» New types of business/customer relationships» Material changes to any of the above
What is a Compliance Risk Framework
7
» Federal Reserve SR 08-8 “Compliance Risk Management Programs at Large Banking Organizations with Complex Compliance Profiles.”
» SEC Release Nos. IA-2204; IC-26299 “Compliance Programs of Investment Companies and Investment Advisers.”
» FINRA Rule 3012 “Supervisory Control System.”
Expectations of Regulators
8
Board of Directors
Senior Management
Employees
Roles and Responsibilities
9
Governance
Risk Assessment
Monitoring and Testing
Training
Reporting & Communication
Process
10
• Define Roles & ResponsibilitiesStructure
• Initial Inventory of Laws• Updates to Inventory of LawsMethodology
• Document in PolicyPolicy
Governance
12
Changes to Inventory of
Laws/Inherent Risk
Changes to Control
Environment
Changes to Residual
Risk
Monitoring and Testing
13
» Ensure understanding of:
» Purpose of Compliance Risk Framework» Roles and Responsibilities» Methodologies» Information to be Reported
Training
14
Business Units
Senior Management
Board of Directors
Reporting and Communication
15
Classifications• Type of policy
documents
Governance• Approval process• Review process• Reporting of
violations• Training
Requirements• Format• Required content
What is a Compliance Policy Framework?
16
Policy
• Describes how law/regulation/rule/standard applies and the requirements that must be met in order to achieve compliance.
• Generally, policies must be “reasonably designed” to achieve compliance.
Guidelines
• Additional guidance or specifications underlying the policy
Procedure
• A series of steps taken to accomplish the requirements of a policy or guideline.
• Describes: who is responsible, what must be done, how the procedure is followed, how often and how the procedure is documented.
Types of Policy Documents
17
Compliance Risk
Framework (identifies type and severity of
risk)
Compliance Policy
Framework (policy +
procedures)
Compliance Program
Relationship between Frameworks
18
Types of Compliance Policies
CODE OF CONDUCT
Anti-Money Laundering
Supervisory Affairs
Records Retention
Anti Bribery & Corruption
Gifts and Entertainment
Information Barrier Policy
19
There are hot topics for almost every kind of compliance policy!
Hot Topics
20
Hot topic• Any impact on
current/potential activity?
Assessment
• Is this risk identified in the Compliance Risk Framework?
Analysis•Are there policies and procedures which are reasonably designed to address (i.e., control environment)?
Lessons Learned