Compliance Study_complet - pwc

More documents

Recommendations

Info

© PricewaterhouseCoopers - Protecting the brand, May 2005 25 What are the roles and responsibilities of the compliance function? A number of the questions in the questionnaire were designed to probe the current roles and responsibilities of the compliance function. The study found that these were changing in line with the objectives discussed earlier. Although to some, Compliance was still primarily a control function, the emphasis was noticeably shifting towards a balance between a “counsellor” (trusted advisor) and “police officer”, in line with the objectives discussed above. 30% of respondents indicated that the roles and responsibilities of the compliance function were formalised at group and business line level, through a compliance charter, formal terms of reference, or similar. 33% indicated that these were implicit in compliance policies. Respondents largely agreed with the list of compliance activities set out in the table (below). Their activities could be split between the two roles, but respondents stressed that there was substantial interplay between them (it must be stressed again that the percentages included in the table are purely indicative). Certain trends however were evident. In the Anglo-Saxon countries (United States, Canada, Australia and the UK), there appeared to be more emphasis on a “friendly police officer” approach. Compliance monitoring activity represents a higher percentage than the international average, with “advice” representing an equal percentage. However, this could also reflect a more manual approach to compliance monitoring activities, and a lack of technological support. Organisations in Japan and Hong Kong placed significantly more emphasis on training and education of business units, and embedding the compliance culture. Continental European respondents generally seemed to place more emphasis on i) establishing compliance policies and procedures, ii) monitoring and interpreting regulatory developments, and iii) providing advice to business. Percentage of compliance function activity ANGLO CONTINENTAL TOTAL SAXON ASIA EUROPE Police officer Monitoring compliance with procedures 16 26 11 10 Reporting to management 8 10 10 5 Counsellor Promoting the adoption of a compliance culture within the organisation 5 3 10 6 Interface with regulators 6 7 1 5 Monitoring and interpreting regulatory developments 12 7 12 13 Taking preventative or corrective measures* 5 5 7 3 Establishing compliance policies and procedures 16 11 12 22 Providing advice (including a helpline) 19 19 23 22 New product/market approval processes 5 4 2 6 Training and education of business units 6 5 11 6 Further developing the compliance function’s role 2 3 1 2 100 100 100 100 “It is not yet clear whether I’m a vicar or a policeman.” Compliance charter/terms of references 23 4 4 6 33 30 Explicity in charter (or similar) Implicity in policies/instructions No charter or similar Update underway/required Developing No response * Corrective measures generally fall more under the “police officer” role.
26 © PricewaterhouseCoopers - Protecting the brand, May 2005 Police officer Monitoring compliance with policies and procedures “Three line of control approach: • Business unit - execution of controls • Group compliance - oversight of monitoring and testing • Group audit - independent assurance” Over 95% of respondents indicated that Compliance was responsible for monitoring adherence to policies and procedures, often working closely with internal audit. However, in a few cases - generally where compliance functions were less developed - this was the sole responsibility of internal audit. In some European countries, however, where explicit requirements for compliance functions were relatively recent, less emphasis was placed on Compliance’s role with regards to compliance monitoring (the primary emphasis being advice to business). Monitoring day-to-day business transactions (suspicious transactions, employee dealing, etc.) was often an intrinsic part of local compliance staff responsibility. These compliance staff might be simultaneously responsible for oversight of monitoring and testing at the business unit level, potentially creating tensions and confusion about the differentiation between the roles. Regular reporting was both to local management, and through the compliance network. Where appropriate technological infrastructures were in place, Group Compliance backed up this “real-time” monitoring (e.g. with global trading position monitoring). Group compliance also undertook special monitoring visits, sometimes in conjunction with internal audit and legal. One European respondent carried out three to four wider “theme” reviews per annum into specific risk areas. A North American respondent indicated that internal audit undertook some 20 to 30 special reviews into compliance on an annual basis. More broadly, Compliance collaborated closely with internal audit to monitor compliance, often providing advice to internal audit as to what should be covered in its annual audit plan. However, although the roles of compliance and internal audit were sometimes clarified through compliance charters or service level agreements (SLAs), some respondents mentioned also the blurring of lines between the two functions, and the fact that senior management and business did not always understand the differences between their roles. Others stressed frequent communication as a means to avoid overlap between Compliance and internal audit. Compliance’s ability to comprehensively prepare its monitoring plan was dependent on its awareness of both past events, and future regulatory and business developments. Where Compliance was not involved directly in new business initiatives, respondents indicated that both business and internal audit kept Compliance informed of potential compliance risks emerging from new business in the majority of cases (see p. 33). Taking corrective measures Business line management was deemed responsible, in the main, for the rectification of compliance breaches and weaknesses, although, this was seen as Compliance’s responsibility in a number of cases. In leading organisations,
Page 1 and 2: Protecting the brand The evolving r
Page 3 and 4: Protecting the brand*
Page 5 and 6: complying with management’s strat
Page 8 and 9: Structure of the Report Executive S
Page 10 and 11: © PricewaterhouseCoopers - Protect
Page 16 and 17: Setting the scene - defining compli
Page 20 and 21: Challenges to achieving compliance
Page 40 and 41: Based on our analysis, we suggest t
Page 52 and 53: Compliance contributing value to bu
Page 58 and 59: © PricwaterhouseCoopers - Protecti
Page 66 and 67: Annex I Overview of regional and na
Page 76 and 77:
© PricewaterhouseCoopers - Protect
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 85 and 86:
PricewaterhouseCoopers (www.pwc.com
Page 87:
www.pwc.com
show all

Compliance Study_complet - pwc

Create successful ePaper yourself

Delete template?

Save as template?