๐ญ๐ณ ๐ฆ๐ฒ๐ฝ๐๐ฒ๐บ๐ฏ๐ฒ๐ฟ ๐ฎ๐ฌ๐ฎ๐ฐ ASIC Chair Joe Longo has provided some great insights talking about the role of the compliance professional. Key points: – the role of a compliance professional is a critically important one. You are part of the fabric of the business โ not only to help your organisation meet its legal obligations, but to help create an ethical culture, where employees act in the best interests of its customers – Itโs the role of the directors of a company to set the tone, establish & lead a culture of compliance. This includes monitoring the arrangements the company has in place to ensure compliance with regulatory obligations. But itโs the compliance professionals who are closer to the nuts & bolts of how the business runs. They actually do the work to support & implement those arrangements. – An effective regulatory compliance program must reflect the organisationโs key values & ethos โ & focus on putting customers at the centre of how the organisation operates. – A compliance professional is, in essence, a gatekeeper โ a trusted adviser to the board, relied on for well-thought-out advice. – Written policies & procedures provide the framework for compliance. Systems, processes, & technology can be used to underpin & support compliance. But compliance in practice requires a culture of integrity, ethics, & trust. – Whatโs needed is an attitude of compliance, based on a curious mind that asks the right questions. Questions like: What are our obligations? What are the risks? How can we manage them? What systems & controls should be in place to ensure we meet our obligations? Is what we are doing both legal & ethical? How can we make sure theyโre being followed? Do I have an open line to the board? Am I keeping them informed? – Your role (as a compliance professional) is to refine the systems & controls, & to call out whatโs working & what can be improved. That will enable the board to look ahead to spot the risks, think about how to balance the legal & commercial perspectives, & monitor the compliance arrangements that the company has in place. – And so, more than ever, you play an influential & strategic role in the boardroom โ a role that is critical in ensuring effective compliance.
A common issue I observe when reviewing risk & compliance frameworks is the absence of a logical flow. Risk & compliance should be managed in a systematic manner ensuring that nothing is missed & no gaps emerge. The purpose of compliance is to protect. Protect the business, its people, stakeholders & customers. To do this, all component parts must work in sync. ๐๐๐ ๐๐ค๐ข๐ฅ๐ค๐ฃ๐๐ฃ๐ฉ๐จ ๐ค๐ ๐ ๐จ๐ฎ๐จ๐ฉ๐๐ข๐๐ฉ๐๐ ๐๐ฅ๐ฅ๐ง๐ค๐๐๐ ๐ฉ๐ค ๐ง๐๐จ๐ & ๐๐ค๐ข๐ฅ๐ก๐๐๐ฃ๐๐ 1. What you do & how you do it. Within the insurance industry, the services & products you provide & on whose behalf, determine the need for you to be APRA authorised, AFS Licensed, Authorised Rep, Code subscriber, Distributor, Service Supplier etc. This in turn shapes your risk profile. Unpacking what you do & how you do it, is always the starting point in any risk & compliance framework. 2. Governance Roles & responsibilities: whose doing what, who provides oversight & the mechanics of ‘doing & oversight’, is the next step & creates an environment within which business can be safely conducted & layers of protection. 3. Risk management Understanding your risks & managing those risks [in 6 simple steps] within the boundaries of the firm’s risk appetite provides an internal mechanism for decision-making. 4. Licence management For AFS Licensees, I call out licence management as a separate component. Your Licence, is, after all, your ticket to play [including any Authorised Reps]. 5. Material obligations. AFS Licence, APRA authorisation, Code & AFCA membership, Binder & Authorised Rep Agreements, Distribution & Claim service supplier arrangements all create obligations. These obligations must be identified. You can’t manage what you don’t know. Depending on the size of the firm, I include the key control(s) within the obligations section. I find its best to have a single source of truth [manual] rather than multiple referenced documents. 6. Obligations management This sets in place a systematic approach to managing the obligations including the sources of new/amended obligations & how these are incorporated into the framework. 7. Control testing A control that is not tested (design & operational) is no control. 8. Monitoring & supervision This extends to staff & AR’s & forms another layer of protection. The M&S needs to be independent, fit-for-purpose & risk-based. 9. Reporting Data from risk & compliance registers, control testing, monitoring & supervision provides an indication of the health of the compliance system. 10. Incident & breach management Things do go wrong. The quicker they are identified the less harm caused. ๐๐๐จ๐ & ๐๐ค๐ข๐ฅ๐ก๐๐๐ฃ๐๐ ๐๐จ๐จ๐๐จ๐ฉ๐๐ฃ๐๐ Contact me to understand how a systematic approach to risk & compliance protects your business, people & customers.