Lecture 2 Compliance risk Flashcards
What are the six steps of the compliance cycle?
❑ Legal Framework
❑ Control measures
❑ Risk assessment
❑ Risk Based compliance programme
❑ Reporting
❑ Follow up
What is the purpose, approach and result of Legal Framework?
Purpose
❑ Insight applicable rules
Approach
❑ Create a legal framework
Result
❑ Overview of applicable legislation
What is the purpose, approach and result of Control measures?
Purpose
❑ Mitigate risks
Approach
❑ Advice business on control measures
❑ Formulate control measures for
compliance risks
Result
❑ Processes and procedures that manage
the risks
What is the purpose, approach and result of Risk Assessment?
Purpose
❑ Insight in compliance risks
Approach
❑ Use legal framework and control
measures to identify compliance risks
❑ Identify compliance risk per subject:
▪ General assessment
▪ Detailed assessment
Result
❑ Overview of (mitigated) compliance risks
What is the purpose, approach and result of Risk based Compliance Programme?
Purpose
❑ Establish a compliance plan
Approach
❑ Use outcome risk analysis and annual
agenda of supervisors to draw a plan
❑ Must show how the compliance
function assesses the design an
operation of the main control
measures
❑ Training of staff
Result
❑ Compliance annual plan and
monitoring plan
What is the purpose, approach and result of Reporting?
Purpose
❑ Insight into compliance-related topics/issues
Approach
❑ Monitoring: Set-up, existence and functioning
❑ Use outcome of monitoring activities to identify
shortcomings
❑ Report must contain:
❑ The status of identified compliance risks;
❑ Any newly identified compliance risks;
❑ Results of compliance investigations or
compliance monitoring activities;
❑ Any new relevant laws and regulations;
❑ Status communication with supervisors; and
❑ Any identified incidents or breaches of
(internal and external) rules
Result
❑ Compliance report
What is the purpose, approach and result of Follow up?
Purpose
❑ Insight into follow- up of
compliance-related topics/issues
Approach
❑ Use monitoring outcome and
compliance report to identify follow
up actions
❑ Log the follow-up action in a file
❑ Monitor whether follow-up actions
are implemented
Result
❑ Overview of status of follow-up
actions
What is the purpose, role compliance and result of Securities Industry Regulatory Authorithy (SIRA)?
Purpose
❑ Insight in inherent integrity risks and control measures
Role compliance
❑ Management is owner
❑ Compliance gives advices
Result
❑ Overview with integrity risks of the financial institution including controlmeasures
What is the Approach: “Three steps” of SIRA (Securities Industry Regulatory Authority)?
Approach: “Three steps”
❑ Preparation and risk identification
❑ Risk Assessment
❑ Net risk and control measures
What are the three Steps of Step 1: Preparation and risk identification?
❑ Description of organisation
❑ Define risk appetite
Scenario’s
❑ Identify all possible integrity risks that could materialise at the organisation.
What are the four Steps of Step 2: Risk assessment?
❑ Assess whether the identified risks are complete
❑ Identify the possible causes of the risk
❑ Determine the impact and likelihood of the risks
❑ Rank the risks
What are the four Steps of Step 3: Net risk?
❑ Formulate for each risk the control measures that have been taken
❑ Determine the impact and likelihood of the risks while taking into account the control
measures
❑ Rank the risk again
❑ Determine whether additional mitigating measures should be taken and if so, what these
should be
