At 1RS, we work with Compliance departments of all sizes and at varying degrees of maturity. Here are some of the key challenges we find in the Compliance department of a growing firm. If any of these resonate with you, don’t worry, you are not alone!
Which Rules do you need to comply with?
Obviously a firm knows which rule books are in scope for their operations, but we find our clients are looking for a simply and effective way to identify exactly which specific sections (and sub-sections and guidance!) are relevant to their processes.
Without having this detailed view, how can you ensure or demonstrate compliance with the regulations?
With thousands and thousands of individual lines of regulatory rules in just the FCA handbook alone, it is no wonder that this daunting task may be put to ‘on the list for tomorrow’.
Once you know which rules are relevant to your Firm, how can you be sure you know which areas of your business you might be at risk of breaching them, or what the impact could be?
What and where are the risks in my business that relate to these rules?
Have the specific risks in each of the processes that could breach these regulations been identified? Do you know what is the likelihood and the impact? That inherent risk assessment is key to so much – from determining your treatment of these risks, to your compliance monitoring plans, to the level of resource in your department.
How are you monitoring these risks and the level of the risk?
What Controls do you have to mitigate breaches to the Rules?
Once you know what are your risks, the next challenge is how to get a clear view of the controls that mitigate your risks. What controls? Who owns them? Are the working effectively?
So once you have identified your controls, and who owns them, which controls need to be monitored and which need to be tested? How often do you need to monitor and test them? Ideally your Compliance Monitoring Plan will be risk based, depending on the level of risk and the rules they are mitigating to ensure focus on the highest priority controls.
Challenge No 4.
How can you demonstrate you are complying to the Rules?
This is the ultimate challenge- what do you need to have in place to be able to demonstrate that the firm and its employees are complying with all relevant rules, and how can you do this simply and effectively?
Can you triangulate the results of your testing, your risk events, your audit points and action plans to link to the control effectiveness and the level of risk?
Implementing Self-Assessments by the Control Owners, the Risk Owners and the Process Owner demonstrates more than just a process is in place, but that the accountability and responsibility for these activities is in place, and embeds an appreciation of the linkage between rule, risk and control.
The ability to be able to report on your Compliance of a rule book, of the results of your Compliance monitoring plan or breaches, and the assessments of the controls and risks by those responsible for them.
The Solution. 1RS.
- IDENTIFY YOUR RULES– Based on your regulatory approvals, products and business lines, 1RS can swiftly identify which sections of which rules would be in scope for your regulatory compliance. We also provide a quarterly update process to alert you of any new or changed relevant rules.
- IDENTIFY YOUR RISKS & CONTROLS– 1RS has developed Risk Intelligence that can suggest the risks and controls that could be relevant to your business processes to comply with the specific rules. We can also leverage from our best practice standard risk and control libraries to ensure good quality, value-add risk information.
- IMPLEMENT AN INTEGRATED GRC – with ERIC, our 1RS Risk & Compliance Solution, you can automate your mapping of rules to risks, controls, testing, issues, risk events, audit points. You can automate your reporting and MI and control, risk and process self assessments.
Contact Us FOR MORE INFO ON 1RS and ERIC- the cost-effective, intuitive compliance management solution.