Compliance

Question 1

What does the term ‘compliance’ describe?

Answer 1

The term compliance describes the ability to act according to an order, set of rules or request.

Question 2

Describe the two levels, in the context of financial services businesses, at which compliance operates.

Answer 2

Level 1 - compliance with the external rules that are imposed upon an organisation as a whole

Level 2 - compliance with internal systems of control that are imposed to achieve compliance with the externally imposed rules.

Question 3

What duty, objective and responsibility does a Compliance Officer fulfill?

Answer 3

DUTY - The Compliance Officer has a duty to his employer to work with management and staff to identify and manage regulatory risk.

OBJECTIVE - the overriding objectives of a compliance officer should be to ensure that an organization has systems of internal control that adequately measure and manage the risks that it faces.

RESPONSIBILITY - The general responsibility of the Compliance Officer is to provide an in-house compliance service that effectively supports business areas in their duty to comply with relevant laws and regulations and internal procedures.

Question 4

What are the five key functions of a Compliance Department?

Answer 4

1. Identification: To identify the risks that an organisation faces and advise on them
2. Prevention: To design and implement controls to protect an organisation from those risks
3. Monitoring and detection: To monitor and report on the effectiveness of those controls in the management of an organisations exposure to risks
4. Resolution: To resolve compliance difficulties as they occur
5. Advisory: To advise the business on rules and controls

Question 5

What is Corporate Governance?

Answer 5

Corporate governance is a highly inclusive concept that covers a number of different aspects about the way in which an organisation is managed, directed and governed.

It can be described as a set of relationships between a company’s management, board, shareholders, and other stakeholders, which provides the structure through which the objectives of the company are set. Furthermore it provides the means of attaining and monitoring performance against those objectives.

Question 6

What does the term ‘regulation’ mean?

Answer 6

The term ‘regulation’ generally refers to a set of binding rules issued by a private or public body with the necessary authority to supervise compliance with them and apply sanctions in response to violation of them.

Question 7

What are five generally accepted key core objectives of financial services regulation?

Answer 7

Although there is no unified theory of financial services the key objectives of regulation is as follows:

1. The protection of investors/consumers
2. Ensuring that the markets are fair, efficient and transparent
3. The reduction of systemic risk
4. The reduction of financial crime
5. The maintenance of consumer confidence in the financial system

Question 8

What are three key attributes of effective regulation?

Answer 8

Effective regulation is regulation that:

1. Contributes to the fulfillment of one or more of the core objectives of financial services regulation.
2. Maintains an open market that can be participated in by the widest range of appropriate participants with no unnecessary barriers to entry and exit; and
3. Provides an equal regulatory burden on all participants that meet minimum criteria.

Question 9

What is primary legislation?

Answer 9

Primary legislation refers to the Law, Act or Ordinance passed by the legislative of a particular jurisdiction.

Question 10

What is secondary legislation?

Answer 10

The legislature in many jurisdictions has the power to delegate or subordinate law making powers to other agencies that may then make delegated or subordinate legislation often referred to as “secondary” legislation.

In the context of financial services, secondary legislation is generally legislation that has been drafted by a regulatory body empowered to do so pursuant to the primary law by which it is established.

Question 11

What are regulatory codes or rules?

Answer 11

Codes generally set out the broad principles by which a regulated business is expected to conduct its business.

Rules are generally very detailed and relate to every regulated activity and function.

Question 12

What are regulatory guidance notes?

Answer 12

Guidance can either be in the form of a statement of best practice or a statement of minimum best practice.

Occasionally a regulatory authority will feel compelled to issue detailed guidance to regulated businesses on how it expects them to actually discharge their legal and regulatory obligations.

Anti money laundering and terrorist financing is one area where most regulators around the World have issued guidance.

Question 13

What seven functions does a regulator usually fulfill?

Answer 13

In broad terms regulators fulfill the following seven functions:

1. They lay down rules or principles that determine who can conduct financial services business
2. They authorise financial services businesses
3. They lay down the rules by which regulated financial services businesses must conduct their business (both prudential and conduct of business rules)
4. They supervise compliance with the rules either through desk based supervision or onsite inspections or a mixture of the two
5. They conduct investigations into suspected breaches of the rules sometimes in conjunction with other law enforcement bodies
6. They enforce the rules
7. They co-operate and exchange information with other regulators

Question 14

What four steps does a regulator utilize in it’s supervisory process?

Answer 14

Many regulators adopt a risk-based approach to supervision and follow a process of supervision that can be divided into the following four steps:

Step 1. Defining the objectives

Step 2. Obtaining information from regulated businesses

Step 3. Assessing the risk that regulated businesses face and pose

Step 4. Taking action in response to the risk assessment

Question 15

What two key methods does the regulator utilize in supervising regulated businesses?

Answer 15

There are essentially two methods by which compliance with regulatory rules is monitored – Onsite supervision and Offsite desk based supervision.

1. On site supervision: entails visits by the staff of a regulator to the offices of a regulated entity, with the objective of satisfying etc
2. Offsite desk based supervision: requires regulated financial services businesses to provide relevant information by means of ‘supervisory returns’ normally prescribed within legislation and or license conditions.

Question 16

What are the two commonly accepted objectives of prudential regulation?

Answer 16

1. To maintain a low probability of insolvency and any consequential loss to an organisation’s ultimate customers; and
2. To ensure the resolution of the position of any organisation whose viability is impaired, while protecting the interests of their customers to the maximum possible extent.

Question 17

What are conduct of business rules?

Answer 17

Conduct of business rules:

• govern the manner in which a business conducts itself in its relationships with consumers.
• impose minimum standards of acceptable conduct upon regulated businesses.

Question 18

What nine aspects of the activity of a financial services business would be subject to the conduct of business rules?

Answer 18

1. Advertising
2. Customer communications
3. Customer agreements
4. Conflicts of interest
5. Customer understanding and suitability
6. Customer dealings
7. Customer due diligence
8. Client assets and money
9. Breaches, errors and/or near misses.

Question 19

What is regulatory enforcement?

Answer 19

Enforcement is:

• a necessary product of the process of authorisation and supervision, in the sense that a regulator must enforce compliance with rules.
• as much about investigating, gathering and sharing information as it is about imposing penalties.

Question 20

What five processes does regulatory enforcement normally entail?

Answer 20

Enforcement generally entails the following:

1. Inspection
2. Investigation powers
3. Surveillance powers
4. The imposition of corrective or remedial action
5. The imposition of penalties

Question 21

What are the seven common enforcement powers of a regulator?

Answer 21

1. Power to inspect and request information
2. Power to seek orders to compel a business to comply
3. Power to remove directors and auditors;
4. Power to appoint an administrator
5. Power to impose administrative sanctions and / or to seek orders from courts or tribunals;
6. Power to initiate or to refer matters for criminal prosecution;
7. Power to suspend operations or trading

Question 22

What six basic factors should you consider when looking at risks in your organisation?

Answer 22

1. The nature of the operation
2. The diversity of its operations
3. The complexity of its business
4. The scale of its business
5. The volume of transactions
6. The size of the transactions

Question 23

What are four possible compliance strategies?

Answer 23

• Policies, standards and awareness
• Reporting hotline
• Audits and assessments
• Tone at the top (leadership backing compliance)

Question 24

What is the Sarbanes-Oxley Act (SOX)

Answer 24

The Sarbanes-Oxley Act of 2002 is a federal law that established sweeping auditing and financial regulations for public companies.

Lawmakers created the legislation to help protect shareholders, employees and the public from accounting errors and fraudulent financial practices.

Additionally, the legislation, commonly referred to as SOX, established penalties for noncompliance with its provisions.

Question 25

Who enforces the Sarbanes-Oxley Act (SOX)?

Answer 25

The Securities and Exchange Commission (SEC) enforces SOX.

Question 26

Does the Sarbanes-Oxley Act (SOX) only affect publicly traded companies?

Answer 26

SOX primarily sought to regulate financial reporting and other business practices at publicly traded companies.

However, some provisions apply to all enterprises, including private companies and not-for-profit organizations.

Question 27

What are the two key provisions of the Sarbanes-Oxley Act (SOX)?

Answer 27

Two sections of particular note are Section 302 and Section 404.

• Section 302: pertains to “Corporate Responsibility for Financial Reports.” It established, in part, that CEOs and CFOs must review all financial reports and that the reports are “fairly presented” and don’t contain misrepresentations. This section also established that CEOs and CFOs are responsible for the internal accounting controls.
• Section 404: deals with “Management Assessment of Internal Controls” and requires companies to publish details about their internal accounting controls and their procedures for financial reporting as part of their annual financial reports. Section 404 requires corporate executives to personally certify the accuracy of their company’s financial statements and makes them individually liable if the SEC finds violations.

Question 28

What are more general provisions under SOX?

Answer 28

Other key provisions under SOX include:

• mandated disclosure of transactions and relationships that are off-balance sheet that could impact financial status;
• near-ubiquitous prohibition of personal loans from a corporation to executives;
• establishment of fines and terms of imprisonment for tampering or destroying documents in events of investigations or court action; and
• requirements for attorneys who represent public companies before the SEC to report security violations to the CEO.
• Protection for whistleblowers (Whistleblower Protection Act). SOX states that employees (and even contractors) who report fraud and/or testify about fraud committed by their employers are protected against retaliation, including dismissal and discrimination.
• New requirements for corporate auditing practices, such as: SOX requires public corporations to hire independent auditors to review their accounting practices.
• Rules for separation of duties by detailing a number of nonaudit services that a company’s auditor cannot perform during audits. These rules are designed to further guard against fraudulent financial practices.

Question 29

What is the PCAOB?

Answer 29

The Public Company Accounting Oversight Board (PCAOB) sets standards and rules for audit reports and investigates and enforces compliance at the registered accounting firms.

Under SOX, all accounting firms that audit public companies are required to register with the PCAOB.