Risk Based Compliance Monitoring Programme

• Redcliffe is a market leader in risk & compliance training and has been the primary supplier of trainers to two of the world’s largest banks for several years.
• This is a core competency for us and we are certain nobody trains more effectively than we do when it comes to this topic.
• The course director is an acknowledged subject matter expert and is also a Master Trainer in both Compliance and Risk Management at the world’s biggest trade finance bank
• We don’t use academics as trainers. All our trainers are practitioners who achieved at least senior management status over long careers.
• Your course director has been in the industry for over 40 years and was a former main board director of a London-based merchant bank
• The workshop is packed full of real-life case studies and discussion sessions and delegate involvement is encouraged at all times
• We are judged solely by our results and we are proud to say that delegates’ feedback over many years has always been excellent

• Understand the importance of an effective Compliance function
• How to successfully employ a risk-based approach to allocate resources effectively function
• Understand the immediate impact of an effective compliance program
• Recognise the damage caused by an ineffective process
• Appreciate that good compliance must be embedded into the culture of an organisation. It can’t just be imposed
• The importance of keeping up with regulatory changes
• Ensure that processes are robust and effective and that this can be demonstrated to all stakeholders

The course will use numerous case studies and will involve a considerable element of interactive class discussions. The Director will encourage delegates to question and test their knowledge at each stage of the course.

Introduction

• The role of compliance in a 2023 financial services firm

• Oversight but NOT ownership
• Acting as an Oracle
• Quality control
• Assurance
• Challenge

• The 2023 Three lines of defence model – risk now owned and managed by the relevant Senior Management function
• The four-eyes approach
• Regulatory expectations
• Challenging the business
• Creating the right culture
• Defensive reporting
• Ensuring effective systems and processes are in place
• Ensuring that they actually work
• Compliance as a partner not just “the enemy” 

The Risk-Based Approach

• Regular Compliance Risk Assessment – The Risk Taxonomy
• Identify all key risks – a challenging process without firm-wide buy-in
• Determine the frequency and impact of each using the heat method approach
• Risk appetite statements – a key driver
• Risk Monitoring – planning, controlling and managing
• Allocate Risks into different categories

• Inherent
• Residual
• Reject
• Accept
• Manage

• Oversee appropriate and effective controls and mitigants
• Consider whether controls and mitigants are successful
• Determine the acceptability of residual risks to the business 

Regulatory Expectations

• Responsibility Map
• Clear risk taxonomy
• Clear accountabilities – especially ownership and management
• Effective and user-friendly compliance policies and procedures
• Training of key staff – defined, verifiable & effective programmes
• SREP reviews
• More comprehensive examinations
• The impact of new legislation/guidelines
• The importance of using key metrics & compliance KPIs
• Placing the interests of the customer at the heart of the business
• The impact of Principle 12
• Clear supervision, and governance
• Testing procedures including stress testing and scenario analysis
• Regulatory relations 

Risk-Based Compliance in Practice

• What are the critical activities
• Providing regulatory advice to the business
• Compliance surveillance, reporting, and defined compliance metrics
• Dealing with conflict clearing: personal account dealing, political contributions,
• Handling registrations and designations
• Examinations and desk reviews
• Working with internal audit
• Working with external audit
• Working with regulators
• Reviewing, developing, modifying and communicating procedure changes
• Challenge, when necessary
• Position monitoring
• Control oversight: Chinese wall, chaperoning, watch list, the restricted list
• Communications with the public and electronic communications review
• Anti-money laundering compliance and embargoes
• Regulatory inquiries, complaints 

Structuring a Risk-Based compliance function

• Creating an effective oversight system
• Centralised vs decentralised structure
• Risks inherent in each type of structure
• What content knowledge should a compliance officer have
• What are the competencies of a successful compliance officer?
• How big should the team be?
• Managing compliance monitoring in a small firm
• Integration of the various areas of compliance
• Collaboration with other control areas of the firm
• How do you know if the compliance team is effective?

Current Hot Topics

• The Senior Managers Regime – Industry-wide
• Responsibility Maps
• Taking “Reasonable Steps”
• Cybercrime and business continuity
• FCC & AML (Financial Crime Compliance & Anti-Money Laundering) – effectiveness of systems
• Conflicts of Interest
• Aggressive tax avoidance
• Insider trading risks
• Dealing with mistakes and supervisory lapses
• Managing reputational risk fallout
• Importance of keeping the regulator in the loop – as early as possible
• Outsourcing and smart sourcing – a focus of recent regulatory attention

The trainer had a highly successful, long and varied “fast track” career in Lloyds Bank which led him to a very senior management position in the bank’s private banking and wealth management division at an early age. He was then “headhunted” to join a merchant bank at the main board director level to head both the private bank and the group risk management function. He now has over 40 years of experience in managing risk in the UK banking and financial services sector.

He has been a freelance risk management training consultant since retiring and is currently an external Master Trainer at both HSBC and Bank of China where he has delivered major projects on a wide range of topics. At HSBC he helped design their global flagship Risk Management Programme for senior middle managers and has delivered this globally for the past 5 years. He has also created and delivered training to a vast range of clients, from global giants to small firms and partnerships. He is an accomplished global trainer and has delivered extensive programmes in the UK, USA, South America, Europe, Africa, Asia and the Middle East.

Under the SMCR risk management is now very “personal” across the whole of the regulatory financial services industry and the concept of “risk ownership and management” resting with the SMF, has changed the role of compliance.

Regulatory compliance requirements have grown exponentially in recent years and now touch almost all operational areas. Compliance has become very complex and expensive with extensive new regulations, multiple overlapping information sources, and operational impacts that are difficult to identify and track. Financial Institutions typically manage compliance workflows manually.  As a result, compliance and operational costs are high, compliance requirements and timelines are missed, exam and audit exceptions occur and liability risk increases.

A risk based compliance approach to compliance involves identifying the areas of high risk within your organisation's compliance universe and building and prioritising your investment compliance monitoring program around these risks. Compliance risk management will focus your organisation, and your compliance resources, on the areas which are most likely to cause concern. This risk-based approach also re-positions compliance from a function executed in a vacuum to one that provides real value, and reaches into each part of the business supported by relevant analysis, understanding, and documentation.