Is our Compliance program operating effectively? Join us at the Compliance Workshop in June.
Join us in London for the Compliance Forum and Workshop. The Compliance Workshop on day 2 will be presented by Neil Tyson from Rightway Compliance.
For an insight into some of the key challenges that compliance, audit and risk teams face in implementing their compliance programs and what to expect from the Compliance Workshop we’ll hand you over to Neil…
Is our Compliance Program Operating Effectively?
Sometimes the job of an MLRO or Compliance Officer can be a lonely one. Entrusted with responsibility but also seen by some in the organisation as just a necessary evil and a cost to be managed. In this environment it can often be hard to know if you are doing the right things and even harder to know if the rest of your organisation is also doing what they should. Even for those who work in more enlightened supportive environments where the true value of compliance is understood it can be a struggle to know that your policies and procedures are truly best in class and operating effectively on a day to day basis.
So how do you sense check whether what you are asking people to do in your organisation is realistic and as efficient as it can be whilst also meeting all of the regulatory requirements? In Internal Audit language – is your compliance program designed effectively? How do you verify that those carefully crafted policies and procedures are actually happening consistently, day in day out across your organisation, in my Internal Audit world – is your compliance program operating effectively?
Any independent audit or regulatory visit is going to look at whether you can answer both of those questions. In my experience those in second line of defence roles (again my internal audit speak for MLROs and Compliance Officers) often focus on the first question of design effectiveness, and to be fair that is a good starting point since it is pointless to consider the second question of operational effectiveness until you are satisfied your scheme is designed effectively.
Most conferences also focus on the design effectiveness question too, keeping you up to date on regulatory requirements, on trying to clarify what certain requirements actually mean, what does good look like from that perspective. All of that is valid but we ignore the second question of operational effectiveness at our peril. This is what could trip up us on audit or inspection even if we have the most beautifully crafted (designed) compliance program.
Even if our policies and procedures were operating effectively yesterday or last week or last month has anything changed? Any change might mean they are not operating effectively today – a key personel change perhaps or even something as simple as a key person out sick or a gap in recruiting a replacement could be enough to cause problems. IT systems failures or access problems can also cause manual workarounds. Manual workarounds are also a key point of failure for operational effectiveness (workarounds are sure signal to an auditor that all is not well with the design either – hint!).
In many sectors I work in I see the question of operational effectiveness being answered through a system of regular file reviews or other simple controls that sense check that policies and processes are actually being followed. Such checks not only identify potential problems at a design level with the compliance program itself but also individual needs of particular staff members where more support, guidance or training might be required.
So my question to you is – Are you leaving this second question of operational effectiveness to chance or do you have a framework for checking that policies and procedures are operating consistently and as expected? You’d be well advised to have an answer to this before the auditor or regulator comes calling, as well as helping you to sleep well at night of course!
Neil is an accredited counter fraud specialist with over 30 years’ experience in helping senior managers take an ethical and proactive risk-based approach to compliance. He has worked in a variety of industries across the private and public sectors, including a number of multinational FTSE 100 companies. Importantly, his quite unique experience covers all three lines of defence. This puts Neil in the position of being able to not only identify areas for improvement in an organisation but also to help implement necessary pragmatic changes. Neil runs his own risk, audit and training consultancy Rightway Compliance.
The Compliance Workshop.
Neil is leading the Compliance workshop on day 2 of our Compliance Forum and Workshop. This will be a very practical focused day in which he will help you to consider the operational effectiveness aspect of your compliance program. View the full agenda for the 2 days here.