Compliance and Risk Management groups within Financial Services organizations are responsible for setting up and managing an effective compliance program covering:
- Establish and adopt written policies, procedures, and standards of conduct
- Create a programming oversight
- Provide staff training and education
Compliance Programs are setup for
Identify the different types of risks an organization may face e.g. fraudulent customer, customer engaging in activities which are not permitted etc.
Analyze the impact of each risk on the organization e.g. will it result in non compliance with laws or generally accepted business practices? Could it result in closure of the business, censure and fines or loss of business?
Based on the above, determine if the risk needs to be flagged for review and approval, declining the business or something else.
If directed to review and approval, what are the steps that may be taken to mitigate the risk.
Risk is not static, if it can change over time, should the risk be periodically monitored and at what frequency
Regulatory authorities are increasing the coverage of their oversight on compliance.
- GDPR – General Data Protection Regulation
- PCI DSS – Payment Card Industry Data Security Standard
- SOX – Sarbanes Oxley Act
- GLBA – Gramm-Leach-Bliley Act
- PSD2 – Payment Services Directive
- Basel III
- NYDFS – New York Department of Financial Services Cybersecurity Regulation
- CCPA – California Consumer Privacy Act