Under the SMCR, risk management is now very ‘personal’ across the whole regulatory financial services industry; the concept of ‘risk ownership and management’ resting with the SMF, has changed the role of compliance.
Regulatory compliance requirements have grown exponentially in recent years, now touching almost all operational areas. Compliance has become extremely complex and expensive with extensive new regulations, multiple overlapping information sources, and operational impacts that are difficult to identify and track. Financial Institutions typically manage compliance workflows manually. As a result, compliance and operational costs are high, compliance requirements and timelines are missed, exam and audit exceptions occur and liability risk increases. Compliance risk management training should be in place before things escalate to this point.
A risk based approach to compliance involves identifying high risk areas within your organisation's compliance universe and building and prioritising your investment compliance monitoring program around these risks. Compliance risk management focuses your organisation and compliance resources on the areas most likely to cause concern. This risk-based approach also re-positions compliance from a function executed in a vacuum to one that provides real value and reaches into each part of the business supported by relevant analysis, understanding and documentation.