Building a Compliance Framework

Module 1: Statutory Framework & Mandate

This module establishes the legal and regulatory basis for the function's existence.

• The Regulatory Landscape: Mapping the specific statutory requirements (e.g., UK FCA/PRA, GDPR, or sectoral-specific legislation) that necessitate a compliance function.
• Defining the Mandate: Distinguishing between "advisory" compliance (guidance) and "monitoring" compliance (oversight) – SYSC 6.
• Independence and Authority: The evidentiary requirements for demonstrating functional independence from the front office or commercial operations.
• The "Three Lines of Defence" Model: Defining the compliance function as the second line of defence.

Module 2: Risk Assessment & Methodology

A compliance function must be risk-based to be effective. This section covers the data-driven approach to identifying focus areas.

• Establishing a Risk Universe: Identifying all regulatory risks applicable to the entity.
• Risk Scoring (Impact vs. Probability): Utilising a quantitative matrix to prioritize resources.
• Gap Analysis: Assessing the "As-Is" state against the "To-Be" regulatory requirement.
• The Compliance Monitoring Plan (CMP): Designing a schedule based on the findings of the risk assessment.
• EXERCISE - The "Risk Heat Map" Live Build
  • Goal: Practice the quantitative assessment of risk

Module 3: Policy, Process, and Controls

This module addresses the "How" of compliance - turning legal requirements into repeatable business processes.

• Policy Hierarchy: Differentiating between high-level principles, detailed policies, and Standard Operating Procedures (SOPs).
• Designing Effective Controls:
  • Preventative Controls: Automation or "hard" stops in a process.
  • Detective Controls: Reconciliations and post-event reviews.
• Evidence of Compliance: Establishing the "audit trail" required to prove to regulators that controls are functioning as intended.
• Training & Culture: Methods for disseminating policy and measuring employee comprehension
• EXERCISE – Reflection and Self-assessment – Where do you identify weaknesses – group-source three positive actions to strengthen your position.

Module 4: Monitoring, Reporting, and Remediation

The final module focuses on the feedback loop: finding issues and fixing them.

• The Monitoring Cycle:
  • Sampling and Testing.
  • Finding Identification.
  • Management Response.
• Management Information (MI) & Reporting: Creating fact-based reports for the Board or Audit Committee. Key Performance Indicators (KPIs) vs. Key Risk Indicators (KRIs).
• Handling Breach Management: The evidentiary process for identifying, logging, and reporting regulatory breaches.Continuous Improvement: Using "Root Cause Analysis" to ensure remediation addresses the source of the failure, not just the symptom.

Summary and Close

Our trainer has over 30 years of experience within the financial services sector, specialising in regulatory and financial crime compliance. He previously served as the Head of Education for HSBC, covering the UK and Europe, where he was responsible for compliance learning during the bank’s Deferred Prosecution Agreement. His career includes tenures at Barclays within the Private Clients and Wealth functions, as well as a Senior Vice President role at a major US-based bank, leading Global Risk & Compliance training.

He brings significant technical expertise from his time at the Financial Conduct Authority (formerly the FSA) in the Insurance Firms division. During this period, he served as the divisional expert for the rules and outcomes required under the Training & Competence handbook. Additionally, his background in the second line of defence includes leading the Monitoring and Testing programme for a prominent UK Wealth Manager, providing him with a comprehensive view of the practical application of compliance frameworks.

Our trainer’s delivery style is informed by his extensive experience working across retail, commercial, wholesale, and private banking channels. He has a proven track record of collaborating with compliance, HR, and operational teams to enhance regulatory understanding across private equity firms, investment houses, and wealth managers. A former member of the Investment Management Association Training & Education Committee, he was also the recipient of the 2010 Thomson Reuters award for “Most Effective Compliance Training at a Regulated Firm”.

• Identify the core components required for a comprehensive and effective compliance framework.
• Evaluate the maturity of existing governance structures against industry best practices.
• Apply risk assessment methodologies to prioritise compliance activities based on organisational impact.
• Design preventative and detective controls that address specific regulatory obligations.
• Demonstrate how to document and manage compliance breaches through a structured issue management process.
• Navigate the complexities of training and communication to ensure framework adoption across the business.

• Compliance Officers and Managers.
• Risk Management Professionals.
• Internal Audit Staff.
• Legal and Regulatory Counsel.
• Company Secretaries and Governance Leads.
• Senior Managers with regulatory oversight responsibilities.

This intensive half-day course examines the critical components of a modern compliance framework, from initial risk assessment to the management of ongoing issues.

Through interactive discussion, delegates will explore how to integrate governance, policies, and monitoring into a cohesive system.

The session is designed for professionals who need to build or refine an evidence-based framework that satisfies both internal stakeholders and external regulators.