Documente Academic
Documente Profesional
Documente Cultură
Speakers
The event commenced with Welcome and introduction from Rebecca Bond, Group Marketing Director. The key presentation, explaining regulatory risk issues, was given by: David Wilford Director Compliance Products Lombard Risk The webinar focused on the BANKING sector, having attracted the most publicity and not in a good way, although the issues addressed apply equally to insurance companies, asset managers anyone in the financial sector or companies subject to considerable regulatory demands and supervision.
Regulatory risk
Given the enormous task faced by compliance functions in ensuring compliance in an ever-changing and demanding regulatory environment, regulatory risk is the biggest challenge firms now face. Defined as the risk to earnings, capital and reputation associated with a failure to comply with regulatory requirements and expectations. The financial sector is subject to a plethora of regulations governing every aspect of an institutions business.
IN CONCLUSION regulatory pressure is already severe but unfortunately is destined to get much worse, which means that many compliance functions are facing an extremely serious situation, especially given the lack of investment in appropriate resources. In fact, they themselves may become a risk to the institution.
www.lombardrisk.com
Event summary
Whats wrong with the current approach?
Compliance has moved from a tick-box approach to being montiored and measured on a RISK basis As a result, firms focus on high-risk areas (where non-compliance most impacts the bottom line) and low-risk areas were moved off-the-radar Compliance with new regulations embedded within implementation Reliance placed upon the majority of simple business operations being inherently compliant The result is that, even today, reliance is placed upon the majority of simple business operations being inherently compliant with applicable regulations and therefore off-theradar as far as a detailed examination - to determine the state of compliance - is concerned. And then to aggravate the situation, many compliance functions are expected to work with hard copies of the regulations, manual files and spreadsheets (which the FSA is introducing demands be subject to strict governance).
All of the above processes were no doubt deemed simple and straightforward and as a consequence, only warranted the occasional cursory review, yet the financial and reputational impact on individual banks for non-compliance with the relevant regulations has been enormous. And then we have UBS providing an additional $968m in provisions during the first 9 months of this year for litigation and regulatory matters alone! And so it goes on
www.lombardrisk.com
Event summary
A new approach
Ensuring full compliance with every applicable prudential and non-prudential regulation is obviously an impossible task given the sheer quantity of the regulations, the dynamics of the financial institution and the resources available to compliance and audit functions who, historically, have suffered from a lack of investment.
Deficiencies in compliance and audit functions in terms of both approach and resources - must be addressed if a firm is to minimise regulatory risk and avoid the consequences of non-compliance
Tactical vs strategic
Tactical solutions are no longer viable. Firms require a strategic solution to address the PRAs approach to supervision: All-encompassing, demanding firms not only comply with the spirit of the regulations but also each and every applicable regulation.
The answer may therefore be to assess regulations not only in terms of the impact on the bottom line, but also in terms of the regulatory consequences of non-compliance. In other words, a regulation may be deemed low-risk if the institution believes that the consequences of non-compliance would just be a disapproving look from the regulator, whilst noncompliance with a high-risk regulation may prompt a Pillar 2 capital levy or drop in share price as a result of reputational damage. Certainly, it would be inappropriate to focus simply on highrisk regulations for exactly the same reason as focusing on high-risk business areas diverted attention from areas that subsequently proved to be costly when breaches in compliance were uncovered. However, combining the two approaches may assist an institution in avoiding the same mistakes made by some institutions this year. Compliance and audit functions are clearly caught between a rock and a hard place, having responsibility for compliance with thousands of regulations but often restricted as to appropriate resources, on the grounds of cost. Indeed, it is fair to say that these functions have in the past been deemed to be a necessary evil, costing an institution money to run but with no apparent benefit.
ComplianceASSESSOR has been designed to address these requirements by: Accommodating an unlimited and searchable library of multi-jurisdictional prudential and non-prudential regulatory books applicable to the firms businesses, including internal regulations e.g. the FSA Prudential Sourcebooks, European Directives, Sarbanes Oxley and even the various UK laws applicable to in this case - the financial sector Accommodating four categories of book that cover business and governance regulations, training material and consultative / discussion documents
Unfortunately, it is failures in compliance that are headlined, not the success of ensuring compliance.
www.lombardrisk.com
Event summary
Highlighting new and amended regulations for review and / or possible assessment, thereby avoiding inadvertent breaches in compliance Identifying a change to a policy or procedure that may inadvertently result in a breach in compliance Mapping policies & procedures, or indeed any documents, to the relevant regulations in order to evidence compliance with the relevant regulations on the assumption that policies & procedures are adhered to in practice. Providing that the institution maintains strict version control over such documents, any changes to the mapping are identified and the relevant regulations highlighted for review and possible re-assessment management to monitor and manage compliance more efficiently throughout the organisation. And finally, all of this information - relating to the assessment of applicable regulations, including all supporting documentation and reports - is immediately identifiable and retrieval, saving considerable time and expense when responding to a query or demand.
Accommodating an assessment process where not only are policies & procedures mapped to the relevant regulations, but action plans may be established to address deficiencies in compliance, each action plan being documented where appropriate Accommodating the four-eyes approach by requiring assessments to be approved by an independent officer The ability to code the regulations in terms of the consequences of non-compliance, as mentioned previously. And more importantly, requiring assessments relating to high risk regulations to be approved not only by an independent officer but also by an appropriate executive or senior manager which should prove a useful tool given the PRAs intended approach to executive responsibility. This Risk Severity Indicator (RSI) is also used extensively in the dashboard to highlight, for example, action plans associated with the assessment of high-risk regulations that exceed their anticipated completion date or where confidence in achieving compliance moves to red on a RAG code. As one would expect, all of this information and much more is captured and displayed, focusing attention on compliance issues and enabling senior
Online survey
The audience were polled 3 times to gain their input: 1. Do you think your compliance team will be able to handle compliance with regulations in the future, given the anticipated changes in the regulatory landscape? Nearly 40% of respondents did not think the compliance department could manage without additional resources. 2. To what extent does your firm hold applicable regulations in electronic format? NOBODY could say that their firm was paper-free: but 86% indicated that MOST of the documents were now stored in electronic format. 3. What do you use to maintain a record of compliance against current regulations? An overwhelming 70% indicated that they use SPREADSHEETS to maintain compliance records.
www.lombardrisk.com