Risk‐based compliance monitoring
| Date | 01 January 1999 |
| Published date | 01 January 1999 |
| Pages | 22-26 |
| DOI | https://doi.org/10.1108/eb024993 |
| Author | Dawn Batchelor |
| Subject Matter | Accounting & finance |
Journal of Financial Regulation and Compliance Volume 7 Number 1
Risk-based compliance monitoring
Dawn Batchelor
Received: 27th November, 1998
PricewaterhouseCoopers, 1 Embankment Place, London WC2N 6NN; tel: 0171 212 5276;
fax: 0171 212 5280.
Dawn Batchelor is a senior manager in the
Financial Services Specialist Team specia-
lising in regulatory and compliance issues
for retail financial services. She is
involved in all aspects of regulation under
the Financial Services Act.
ABSTRACT
This paper sets out the fundamental generic
concepts behind applying a risk-based approach
to monitoring compliance with PIA's regula-
tions. It also looks at some of the
practical
con-
siderations for implementing such a system.
Every insurance company understands the
concept
of identifying and measuring risk for the
purpose of underwriting — but few apply this
skill to risks the company faces in terms of
com-
pliance with PIA regulations.
Each of
the regulators
is beginning to use risk
assessments to focus their monitoring activity.
IMRO have recently issued a
'scorecard'
which
includes ten questions, positive answers to
which would indicate an effective compliance
regime. The other regulators are at varying
stages of
designing
and implementing such sys-
tems. The ultimate objective of
such
tools is a
reduction in the level of
monitoring
by the regu-
lators
for those firms who are able to demon-
strate a sound
compliance
culture.
The benefits of
risk-based
compliance moni-
toring can be huge. In addition to potentially
substantial cost savings in the longer term, this
approach should lead to better control of the
business and
increased
flexibility in response to
changes in the marketplace and the customer
base.
WHAT IS 'RISK'?
The starting point is to define 'risk'. To do
this,
we need to understand the compo-
nents of risk and how these can be dealt
with. The components of risk are shown in
Table 1.
The residual risk is the risk of an event
happening, the control not working and of
the monitoring not identifying it. Regula-
tory risk is the risk of a material failure to
comply with PIA's regulations.
In order to respond to the regulatory
risk, an organisation needs to have an inte-
grated control framework where the con-
trols lock together and reduce any residual
risk to an acceptable level. This is demon-
strated in Figure 1.
The basis of the pyramid is a strong
compliance culture. This is supported by
an assessment of the compliance risks
which the business faces. Built on this is a
system of effective controls and good qual-
ity, focused monitoring. As the diagram
demonstrates, where there are controls in
place, the monitoring can be reduced.
However, if the controls were removed,
the monitoring part of the pyramid would
become far larger and this is a more time
consuming and expensive part of the pro-
cess.
One of the key success factors of this
system is the management information
which is shown along the sides of the pyra-
mid. This is the bonding which holds the
system together, the pyramid would
clearly crumble if the management infor-
mation did not exist.
Journal of Financial Regulation
and Compliance, Vol. 7, No. 1,
1999, pp. 22-26
Henry Stewart Publications,
1355-1988
Page 22
To continue reading
Request your trial