Proactive Risk Management Essential for Success
Compliance Monitoring and Testing Challenges
The changing regulatory landscape continues to be a challenge for compliance. Although many of the large changes to regulations have been implemented within the banking industry, banking enforcement actions within industry and other regulator guidance continue to shape and increase expectations for bank compliance. Continuous review of products and services for compliance with regulations as well as for expectations set forth in enforcement actions and regulator guidance is necessary for an effective compliance management program. As a best practice, a bank should incorporate reviews of banking enforcement actions and regulator guidance as a part of their compliance monitoring and testing plan.
"A clear understanding of the role of the first line of defense, the business, and the second line of defense, Compliance, is critical to establishing an effective compliance risk management program"
Understanding Responsibilities for Better Communication
Clear roles and responsibilities as well as robust communication with business lines are essential. The importance of front line risk management within the business, the “first line of defense,” is integral to effective compliance risk management. A clear understanding of the role of the first line of defense, the business, and the second line of defense, Compliance, is critical to establishing an effective compliance risk management program. We often say that compliance is a “village approach,” meaning that each line of defense must play its role to ensure that compliance risks are adequately managed. Once roles and responsibilities are understood, ongoing robust communication between the first and second lines of defense is essential.
Bridging the gap between Compliance and Technology
In order to bridge the gap between Compliance and Technology, it is important that processes are in place for the inclusion of compliance guidance in technology solutions. In a mature compliance risk management model, processes are established for the provision of compliance guidance for significant technology implementations and other projects affecting core business platforms. Ideally, Compliance engagement at a pre-implementation stage would occur to enable compliant technology solutions for the organization at the time of launch.
Advice to fellow CCOs
In order to have a successful compliance management program, the program must be proactive. Often times, banks are struggling to put out fires and are not at a place for proactive compliance risk management. Turning the corner to proactive compliance risk management is essential for success. In my experience, spending the time to develop and implement a robust compliance risk management program assists with proactive compliance management.