17 September 2014: Protecht was proud to be a part of Compliance Solutions Day 2014 hosted by Lexis Nexis and Compliance Network Australia at the C3 Convention Centre in Vienna, Austria.
The following post is an overview of David Tattam's presentation:
Optimising the Compliance Function in 2014 and Beyond
Compliance means conforming to a rule. That rule may arise from an external source such as a law or regulation or an internal source such as a policy, code or control. Compliance with these two main sources gives rise to external and internal compliance.
The issue for an organisation is: how can conforming with the rule(s) be ensured? This is the key objective of a compliance function. The methods we can use to ensure we conform with the rules are many and varied and an organisation needs to determine what compliance methodology will be used. The compliance methodology should balance a desired level of compliance against the cost and time in achieving that level of assurance. Getting this balance right will lead to an optimal compliance function.
Considerations when designing an optimal compliance function include:
1. Understanding what the relevant rules are
Before we can consider conforming to a rule, we need to understand what the rules are and what they mean. For external compliance this necessitates having access to a library of relevant laws and regulations that is kept up to date at all times. For most organisations this is a difficult task due to the sheer volume of rules. This library may be maintained internally which will require dedicated compliance / legal staff to remain aware of all relevant obligations and ensuring they are always kept up to date. Alternatively, this library may be accessed externally through a subscription service and maintained by a third party such as LexisNexis.
For internal compliance, there needs to be a library of policies, procedures and controls which is also kept up to date across the business.
2. Once the rules are understood, processes must be put in place to ensure the rules are met and that assurance is provided to senior management and the board. This can be achieved using one or more methods including:
An appropriate combination of these methods results in the specific compliance methodology and creates the basis of the organisation’s compliance plan(s).
The optimal compliance function
In order to be optimal, the compliance function should consider the following:
Apply a risk based approach to compliance. Compliance requirements should be assessed as to their level of risk. This will include assessing the impact (both financial and non-financial) resulting from non-compliance and the assessed level of likelihood that non-compliance will occur. The level of risk should drive the approach to compliance, the higher the risk, the more extensive the process.
Compliance is an essential component of any successful organisation. The key is to maximise the value created by the function and this requires a fine balance between effectiveness and efficiency. Optimisation of the compliance function requires an informed weighing up of costs and benefits and when made correctly will result in the compliance function being viewed as an enabler of the business rather than a hindrance.
If you would like to know more about how to optimise your compliance function and capability, please contact the Protecht.EME team via phone +43 1 53 712 4843 or email email@example.com
Author of 'A Short Guide to Operational Risk', David Tattam is an internationally recognised specialist in all facets of risk management, particularly at the enterprise level. His career includes many years working with PwC, as well as two Australian banks. His achievements include the creation of the Middle Office (Risk Management Department) for The Industrial Bank of Japan in Australia and the complete implementation of all Australian operations, systems, procedures and controls for Westdeutsche Landesbank (WestLB).