Compliance Study_complet - pwc

More documents

Recommendations

Info

© PricewaterhouseCoopers - Protecting the brand, May 2005 27 Compliance: • decided whether a breach should be reported to the regulator, • informed senior management if the breach had to be reported to the regulator and/or was considered material from an internal perspective, • advised business on rectification, • monitored progress on rectification (in conjunction with internal audit) and • reported to senior management/the board on rectification progress. If not reported to the regulator, breaches were nonetheless escalated to senior management or the board depending on the materiality of the breach or deficiency (according to pre-established parameters). One respondent had an incident grading system, which predetermined who was responsible for rectification (see also p. 42). Over 90% of respondents said they ensured root cause analysis was undertaken to identify cases of potential systemic weakness, ensuring appropriate actions are taken, including penalising personnel where appropriate. Notably, however, no established breach rectification process was in place in some organisations where i) the compliance function was new, and ii) there had been no significant incidents in that country. How often does the compliance function report to the board of directors ? 3 3 11 9 3 3 40 14 14 Reporting to the board/senior management 84% of respondents reported directly to the board or appropriate board committee; the remaining 16% reporting to senior management. In over 95% of organisations, either a member of senior management was directly responsible for compliance, or the compliance officer reported directly to a member of senior management. 40% of respondents indicated that formal reporting to the board took place quarterly: an additional 17% said that reporting was actually more frequent (either five times per year, or monthly). 3% did not prepare formal reports for the board. annually semi-annually quarterly 5 times annually bi-monthly monthly regularly on request do not report
28 © PricewaterhouseCoopers - Protecting the brand, May 2005 Group Compliance responsibilities • Set vision, profile, appetite and culture • Set framework, policy, strategy • Communicate that the management of compliance and operational risk is an institutional priority • Provide and reward “no surprises” openness attitude • Act as a counsellor to business on policy implementation • Oversight control environment • Manage stakeholder interaction to achieve awareness and collaboration • Obtain and act on relevant management information. Business unit compliance responsibilities • Create a risk awareness profile and culture • Implement and manage risk strategy consistently throughout the organisation • Communicate that the management of compliance and operational risk is an institutional priority • Translate strategy into policies, processes and procedures • Promote and reward “no surprises” openness attitude. • Implement and maintain effective control environment • Generate and utilise effective management information systems. Counsellor International institutions saw Compliance as better placed to add value to the organisation, on both a strategic and day-today transactional basis, if perceived as a trusted advisor to management at all levels in the business. This trend was evident in the majority of the regions covered in the study, although in some organisations there appeared to be a disconnection between the goal of fostering a compliance culture and the empowerment of the compliance function. In Continental Europe (e.g. Belgium, the Netherlands, Sweden), the concept appeared generally well understood - although the necessary structures and resources were not yet in place to realise it fully. In the UK and Canada, there was a consistent move in this direction, although some respondents suggested this was creating some political tensions within the organisation. Assuming a role as an advisor to business created different roles and responsibilities at group, regional and local levels, and between business lines and legal entities. One Australian institution allocated responsibilities between the group and business units as shown in the box. Promoting the adoption of a compliance culture within the organisation As an over-arching activity - impinging to a greater or lesser extent on all the other activities - the relatively low percentage rate in the table above (p. 25) is understandable. Few projects or ongoing activities were tagged “promoting the adoption of a compliance culture” although a wide range of activities could be designed with this goal in mind, either explicitly or implicitly. The primary role that Compliance played in promoting a compliance culture was one of communication, designed to facilitate consistent interpretation of the “tone at the top” at the business level. Respondents described the role as a “vital”, “critical”, “central”, but also “subtle” and “intrinsic”. However, for some organisations no formal role was conceived. Other respondents said that they were aware that the role needed to be broader than it is. To be effective, though, Compliance needed the respect of business units and this depended not only on Compliance’s demonstrating sound business understanding but also its recognised senior status - acknowledged explicitly by senior management - within the organisation. Respondents mostly indicated that Compliance was an active advisor to both the board and management in effecting changes necessitated by specific new regulations. Compliance informed the board of the business impact of regulatory developments, put forward proposals for changes required, and subsequently supported management in implementation. A North American respondent indicated that Compliance’s role then went further in evaluating the effectiveness of the changes through obtaining employee feedback, and sustaining the changes through developing enhanced scenario or other training tools to help the business cope with the changes on a daily basis. Only in a few cases, however, were there clear indications of Compliance’s active role - and authority - in terms of coherent change management programmes, targeting ongoing improvements to the compliance culture.
Page 1 and 2: Protecting the brand The evolving r
Page 3 and 4: Protecting the brand*
Page 5 and 6: complying with management’s strat
Page 8 and 9: Structure of the Report Executive S
Page 10 and 11: © PricewaterhouseCoopers - Protect
Page 16 and 17: Setting the scene - defining compli
Page 20 and 21: Challenges to achieving compliance
Page 40 and 41: Based on our analysis, we suggest t
Page 52 and 53: Compliance contributing value to bu
Page 58 and 59: © PricwaterhouseCoopers - Protecti
Page 66 and 67: Annex I Overview of regional and na
Page 78 and 79:
© PricewaterhouseCoopers - Protect
Page 80 and 81:
Page 82 and 83:
Page 85 and 86:
PricewaterhouseCoopers (www.pwc.com
Page 87:
www.pwc.com
show all

Compliance Study_complet - pwc

Create successful ePaper yourself

Delete template?

Save as template?