Assessment Task 3

Knowledge Test

1. Concept Description of a “Compliance Management System” within the context

of a financial services institution

A CMS is how an institution:

 Learns about its compliance responsibilities

 Ensures that employees understand these responsibilities
 Ensures that requirements are incorporated into business processes
 Reviews operations to ensure responsibilities are carried out and requirements
are met
 Takes corrective action and updates materials as necessary

A financial institution should generally establish a formal, written compliance program.

In addition to being a planned and organized effort to guide the institution’s compliance
activities, a written program represents an essential source document that will serve as
a training and reference tool for all employees. A well planned, implemented, and
maintained compliance program will prevent or reduce regulatory violations, provide
cost efficiencies, and is a sound business step.

2. The key components of an effective Compliance Management System :

 Questionnaire management
 Security enabled workflow
 Corrective action management
 Granular security management
 Support for multiple auditing bodies
 Secure dashboard for external parties
 Self-assessment capability
 Risk-aware compliance management
 Easy-to-use, online audit conduct
 Notifications
 Total mobility
 Cost sharing
 Top management support
 Support services

3. Key compliance documentation required to maintain compliance :

  Information systems and retention processes should be designed to
protect information against unauthorised access, loss or destruction.
 Organisations need to maintain a policy and set up appropriate guidelines
for moving information from one archiving system to another.
 Systems for the electronic retention of information should be designed to
ensure the information remains accessible, auditable, authentic, reliable
and usable during the retention period, regardless of any system changes.
 Organisations need to be able to prove that the content of a particular
electronic record or data file has not been altered since its creation at the
date of storage.

4. Key responsibilities of the senior management in maintaining effective

compliance and compliance culture within the organization:

The role of a compliance officer

The role of a compliance officer, sometimes called a compliance manager, is to

make sure that a company is conducting its business in full compliance with all
national and international laws and regulations that pertain to its particular
industry, as well as professional standards, accepted business practices, and
internal standards. There is both an ethical component and a pragmatic
component to compliance - a role that is crucial in helping organizations manage
risk, maintain a positive reputation, and avoid lawsuits. Compliance officers must
have an innate and intuitive knowledge of the company’s goals and culture, as well
as of the greater industry and standard business law. They are charged not just
with keeping a company’s business dealings ethically sound and legally pristine,
but with educating the entire company and instituting practices that will ensure the
highest possible level of compliance.

Levels of responsibility

 Compliance with the external rules that are imposed upon an organization as a
whole
 Compliance with internal systems of control that are imposed to achieve
compliance with the externally imposed rules.

5. List internal and external job roles that focus on managing compliance within an
organisations/institute.
 Accountancy
 Charity/not-for-profit
 digital and technology
 Environmental services
  financial services
 insurance
 pharmaceuticals
 Property.

6. Explain how a compliance culture can be supported within organization in your

own understanding and words

Culture has always been important to how organizations operate. So why is it

getting so much attention lately? One reason is that regulators have come to the
realization that without a culture of integrity, organizations are likely to view their
ethics and compliance programs as a set of check the-box activities, or even
worse, as a roadblock to achieving their business objectives. In fact,
organizations responsible for some of the most egregious acts of malfeasance
have had quite impressive, formalized ethics and compliance guidelines. The
problem was that either leadership or a group of influential insiders operated
outside of those guidelines. Organizations with strong positive cultures create
trusting relationships with stakeholders. In our experience, those relationships
become reciprocal; that is, stakeholders trust the organization and the brand.
This creates employee, customer, and supplier loyalty. A strong culture helps to
build positive relationships with regulators and it helps attract long-term investors.
Ultimately, a culture of integrity is reflected in superior, long-term performance.

7. Outline a typical compliance planning processes of the organization in your own

words.
An effective corporate compliance program integrates all compliance efforts – from
compliance with external regulations to compliance with internal rules and procedures.
When employees are trained in compliance, they are more likely to recognize and report
illegal or unethical activity. Maintaining compliance enables your employees to do their
jobs well, keep customers happy, and reach their career goals. In turn, this helps your
company grow and achieve organizational goals. By making sure all areas of your
organization are working together and maintaining standards, corporate compliance can
help prevent major disasters and failures.

8. Explain reporting processes on compliance management including reports on

breaches and rectifications.
a) provide a systematic process for the reporting and investigation of compliance
breaches or potential breaches so they can be appropriately addressed;
b) reinforce the importance of compliance, so that all staff members are encouraged
to proactively raise compliance issues as soon as possible and address any
weaknesses in the control environment(1);
 c) enable the gathering of information to facilitate monitoring and reporting of
compliance performance within the University; and
d) ensure that no staff member is penalised or disadvantaged as a result of
reporting a compliance breach and that repercussions of breaches themselves
are determined on a case-by-case basis.

9. Provide examples of some of the measures to assess compliance performance

For example, say you work in at a big retail corporation. The marketing team sends out
a customer survey to a segmented list of customers to determine shopping patterns in
the top 100 highest-active accounts over a five-year period. The data comes back with
information on individual purchase history. The marketing team then sees that a handful
of these accounts show a purchasing trend of larger sized clothing over the last few
quarters. The marketing team then wants to slice that data in such a way to target those
individual customers with weight-loss messaging or the new fitness line as a “hint.”
Their strategy here is that if you are more confident in your body, you will want to spend
more money on more clothes, which means better business. Since there is a
compliance voice at that table, you can put the brakes on that “strategy” fast, thankfully,
stating that it is not the company’s business to tell your customers to lose weight or
assume this based-off interpretation of data in this way.

Don’t confuse process and activities metrics with outcome metrics. Just because
you’ve got all of the elements of the US Organizational Sentencing Guidelines’ seven
elements of and effective compliance and ethics program and have done thousands of
hours of compliance training does not mean you’ve succeeded in improving your firm’s
compliance and ethics performance. You need an independent set of Outcome metrics
to show whether all your efforts are yielding results.

Only select and use the metrics your organization needs to make sound
decisions and/or drive behaviour. You can measure yourself to death. Have a
conversation with your management team to see what data they would find useful in
allocating limited resources to better manage compliance and ethics risks. Since most
managers will give you a blank stare when you ask them what compliance and ethics
metrics they’d like to see, be prepared to provide them with a menu of options and help
them understand how they could be put to use.

Use simple dashboards. Your management team is already suffering from KPI
overload. Find an easy way to present your metrics to them that is easy to understand
at a glance.

Correlate process and activities metrics with related outcome metrics. It is

important to gather data in a manner to determine whether there is a cause and effect
relationship between your compliance and ethics program and key outcomes. Without
such a correlation, you will continue to cast around in the darkness, never knowing
whether you are making progress toward your intended destination.

10. Standards for quantitative and qualitative data analysis techniques relevant to
compliance related evaluation.
Compliance practitioners point out that compliance activities are triggered by regulatory
requirements and by how well businesses manage regulatory risks. Regulatory
demands, they argue, are outside the control of the compliance function, while the
adroit management of regulatory risks takes time to mature. In our view, the key to
sustainable compliance is how well the compliance function responds to these
demands. Below we lay out seven practical for quantitative and qualitative data analysis
techniques relevant to compliance related evaluation:.
 Transform frontline units into a true first line of defense.
 De-risk and reengineer business and compliance processes.
 Optimize the compliance operating model.
 Focus on what matters.
 Actively manage controls and management-information systems.
 Optimize testing and monitoring activities.
 Effectively manage supervisory and audit issues.

Reference:
Devore, J. (2021). What is a Compliance Management System? And Why is it
Important?. Available at: https://blog.screensteps.com/compliance-management-
system-basics. (Accessed: March 9, 2023)

COMPLIANCE EXPERTS. (2022). Essentials For Your Compliance Management

System. Available at: https://www.complianceexperts.com/2015/05/15/14-essentials-for-
your-compliance-management-system/ (Accessed: March 9, 2023)

Farnham, K. (2021). How to Create a Culture of Compliance. Available at:

https://www.diligent.com/en-au/insights/grc/culture-of-compliance/ (Accessed: March 9,
2023)

Sartore, M. (2021). What Does a Compliance Officer Do?. Available at:

https://www.accounting.com/careers/compliance-officer/ (Accessed: March 9, 2023)

NPC. (20212). Exercising Breach Reporting Procedures. Available at:

https://www.privacy.gov.ph/exercising-breach-reporting-procedures/ (Accessed: March
9, 2023)

Nortz, J. (2010). Using Metrics To Measure Compliance PerformanceAvailable at:

https://www.corporatecomplianceinsights.com/using-metrics-to-measure-compliance-
performance/ (Accessed: March 9, 2023)

SAMSHA. (2021). Qualitative and Quantitative Assessment Methods Available at:

https://www.samhsa.gov/workplace/employer-resources/assessment-methods
(Accessed: March 9, 2023)

Kaminski, P. (2017). Sustainable compliance: steps toward effectiveness and efficiency

Available at: https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/
sustainable-compliance-seven-steps-toward-effectiveness-and-efficiency (Accessed:
March 9, 2023)