Under the SMCR risk management is now very “personal” across the whole of the regulatory financial services industry and the concept of “risk ownership and management” resting with the SMF, has changed the role of compliance.
Regulatory compliance requirements have grown exponentially in recent years and now touch almost all operational areas. Compliance has become very complex and expensive with extensive new regulations, multiple overlapping information sources, and operational impacts that are difficult to identify and track. Financial Institutions typically manage compliance workflows manually. As a result, compliance and operational costs are high, compliance requirements and timelines are missed, exam and audit exceptions occur and liability risk increases.
A risk based compliance approach to compliance involves identifying the areas of high risk within your organisation's compliance universe and building and prioritising your investment compliance monitoring program around these risks. Compliance risk management will focus your organisation, and your compliance resources, on the areas which are most likely to cause concern. This risk-based approach also re-positions compliance from a function executed in a vacuum to one that provides real value, and reaches into each part of the business supported by relevant analysis, understanding, and documentation.