Governance, Compliance and Supervision in the Capital Markets by Sarah Swammy & Michael McMaster

Author:Sarah Swammy & Michael McMaster [Swammy, Sarah & McMaster, Michael]
Language: eng
Format: epub
ISBN: 9781119380641
Published: 2018-05-22T00:00:00+00:00

ASSESSING THE EFFECTIVENESS OF THE PROGRAM

The first step in assessing the effectiveness of a compliance program is to understand all of the laws, rules, and regulations applicable to a firm's business. Without performing this initial task, it is impossible to know for certain whether the firm is addressing all its regulatory requirements. Here, the CCO needs to compile, maintain, and update (as necessary) an inventory of laws, rules, and regulations applicable to the firm's business activities and to ensure new or amended laws, rules, and regulations are added to the inventory as they are approved and become effective.

The inventory of applicable laws, rules, and regulations is the starting point for the compliance program. Once completed, the CCO should map all existing firm policies and procedures to this inventory. The purpose of this exercise is to make sure the firm has implemented policies and procedures to address all the relevant laws, rules, and regulations. If there are gaps, then those gaps must be remediated in a timely manner. Next, to ensure there is an effective supervisory process, the CCO should verify that every policy and procedure mapped to the inventory of laws, rules, and regulations has a written supervisory procedure to detail the supervisor's obligations with respect to that policy. In this case, the CCO wants to ensure that there is supervision for all of the policies and procedures applicable to the business. If there are any gaps, these gaps should be remediated in a timely manner with the business supervisors for those businesses.

Next, the CCO will want to do a risk assessment of the laws, rules, and regulations that are applicable to the firm's business. Firms may use various types of systems to rate the risks of the laws, rules, and regulations, but a simplified system may be to review the inventory and apply a three‐tier rating system to each law, rule, or regulation of high, medium, or low risk. A firm should define what each of these risk categories means, but another simplified system would be to define laws, rules, or regulations as high risk, where violations by the firm would have a significant effect on customers and/or are matters that would lead to significant regulatory implications such as large fines, censure, and/or a determination by a regulator that such violations are matters requiring immediate attention of the firm to rectify. Medium risk could be those that would have a small impact to customers, and/or regulators may have some concerns and implement small fines or require firms to implement certain amended processes but not as significant as high risk. Low‐risk laws, rules, and regulations could be those where violations will have little to no effect on customers, and regulators would mostly likely require firms to amend their processes but not result in fines or censure.

As a result of this risk rating system, the CCO could determine a time schedule for a firm to monitor (and possibly audit) or test a business's policies, procedures, and written supervisory procedures. For example,

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.