Compliance and Risk Management groups within Financial Services organizations are responsible for setting up and managing an effective compliance program covering:
- Establish and adopt written policies, procedures, and standards of conduct
- Create a programming oversight
- Provide staff training and education
Compliance Programs are setup for
Risk Identification
Identify the different types of risks an organization may face e.g. fraudulent customer, customer engaging in activities which are not permitted etc.
Risk Analysis
Analyze the impact of each risk on the organization e.g. will it result in non compliance with laws or generally accepted business practices? Could it result in closure of the business, censure and fines or loss of business?
Response Planning
Based on the above, determine if the risk needs to be flagged for review and approval, declining the business or something else.
Risk Mitigation
If directed to review and approval, what are the steps that may be taken to mitigate the risk.
Risk Monitoring
Risk is not static, if it can change over time, should the risk be periodically monitored and at what frequency
Regulatory authorities are increasing the coverage of their oversight on compliance.
Examples are:
- GDPR – General Data Protection Regulation
- PCI DSS – Payment Card Industry Data Security Standard
- SOX – Sarbanes Oxley Act
- GLBA – Gramm-Leach-Bliley Act
- PSD2 – Payment Services Directive
- Basel III
- NYDFS – New York Department of Financial Services Cybersecurity Regulation
- CCPA – California Consumer Privacy Act
