The 20 Rising Stars of Compliance 2007 - (Page 18) RISING STARS 20 COMPLIANCE sponsored article COMPLIANCE EFFECTIVENESS: ARE OUR INVESTMENTS PAYING OFF? THE DEMAND FOR effective compliance programs at financial services firms continues to grow. The blitz of new laws and regulations implemented over recent years—Sarbanes-Oxley, the USA PATRIOT Act, Basel II, and Regulation NMS, to name a few—have caused compliance officers to kick into overdrive. In addition, many board members and senior managers are operating under a “fear factor” inspired by the onslaught of recent regulatory enforcement actions covering areas as diverse as anti-money laundering compliance, market timing and manipulation, back-dating of stock options, and accounting fraud. The hefty fines that can accompany such enforcement actions – some in excess of $50 million – add to the pressure for effective compliance. Successfully navigating the growing maze of regulations requires, among other things, a sophisticated compliance team, sufficient talent and headcount in related front-office and back-office functions, appropriate technology tools and comprehensive staff education and training. This costs money—and in some cases lots of it. Recent surveys and reports indicate that spending by U.S. financial institutions on regulatory compliance has risen by more than 50% during the past three years. Large institutions are pouring tens of millions of dollars into their compliance programs. And the proportional cost to the smaller shops can be even higher. But how can a bank’s CEO know whether the compliance program is effective and that the investment is paying off? To ensure that compliance programs are working as intended, many institutions are developing methods for testing compliance effectiveness. This article outlines the benefits of testing the effectiveness of a compliance program, distinguishes effectiveness testing from the typical internal audit review, and sets forth some suggested methods for conducting effectiveness testing. 18 COMPLIANCE RISING STARS BY ELLEN ZIMILES, CHIEF EXECUTIVE OFFICER AND MICHAEL BOWMAN, MANAGING DIRECTOR, DAYLIGHT FORENSIC & ADVISORY WHY TEST “EFFECTIVENESS?” Well-documented policies and robust procedures aren’t worth the paper on which they’re written if they are not effective—i.e. properly implemented, working as intended and sufficient in light of the institution’s business/client risk-profile. Good policies alone will not protect the institution from missteps, and possible reputational and financial damage. Through effectiveness testing the institution can achieve a level of comfort regarding its state of compliance. And the chief compliance officer can sleep better at night. In addition, it is always best if problems lurking beneath the surface of a compliance program are self-identified by the institution, and not the regulators. Deficiencies in a compliance program are likely to be less damaging in the context of a regulatory review if the institution can demonstrate that it had identified the issue through its own proactive review process, and that a corrective action plan is already underway. Furthermore, a well-designed testing program will identify not only deficiencies within a program, but also inefficiencies in procedures or system applications. Through effectiveness testing, an institution is— by design—in a position to periodically re-assess controls and procedures. Through this process, the institution is always striving to build a “better mousetrap,” rather than relying on the status quo. Lastly, effectiveness testing is simply good business. As noted above, financial institutions are investing large sums of money into their compliance programs. Like any investment, its success should be measured and tracked. EFFECTIVENESS TESTING VERSUS AUDIT Internal audits of compliance functions often boil down to simple testing to determine whether documented procedures are followed. This is quite different from assessing the effectiveness of a documented procedure or control, or the competence of a specific technology tool. SEPTEMBER 2007
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.