Compliance Monitoring Program
Five Basic Elements
Developing a compliance culture within an organization is vital to an effective compliance function.
There are five basic elements for a compliance monitoring program.
—–
Developing a compliance culture within an organization is vital to an effective compliance function. This allows the implementation of an effective compliance monitoring program, which is linked into senior management. This will help to demonstrate to the regulator that the firm has the right compliance mindset. Job done!
Well, don’t go home just yet. Now you need to make sure that your compliance monitoring program is effective, ongoing, and well documented – it needs to deliver and live up to those expectations. By ensuring that your program covers the following five basic elements, you can be sure that this will happen. I will also cover the role of a compliance software like Compliance Track in creating a compliance culture.
1 – Compliance Testing Process
Let us take a step back. The firm needs to comply with the regulator’s rules and regulations (for example, the FSA in UK and the SEC in the US for the financial sector, or the FDA in the US for the pharmaceutical sector). The Compliance manual tells you that you will comply. From this, a procedure manual can be developed which tells you how you are going to comply with the regulator’s rules. As long as you follow this, your firm will be in compliance.
So how will you know that your firm has been following those procedures and the compliance manual? The answer is by conducting compliance testing on a regular basis.
So what are you testing? You are checking to see whether those procedures are working as expected, and what the exceptions are. In this way, a history and profile is built up that can more easily demonstrate that you are in fact following those procedures that will help you comply with the FSA rules and regulations.
Most of the regulators put the onus on senior management to prove they have been complying with the regulator’s rules. Implementing a compliance monitoring program will go a long way to demonstrating this to the regulator during an inspection.
2 - Compliance Testing Frequency
How often should the compliance tests be carried out? Every week? Every month? Once a quarter? Annually?
There is a fair amount of subjectivity around this question, and a large part of this will be to determine in a methodical way what you perceive to be the risks of something failing. In short, you need to start with a risk assessment first before deciding how often a compliance test be carried out.
A simple assessment could include the probability of failure and the impact that would result. Higher risk areas should be tested more regularly, at least monthly, while medium risk areas should be tested at least quarterly and lower risk areas at least annually. These are just guidelines; other factors may need to be considered before deciding.
3 - Compliance Testing Approach
A methodical approach will reap rewards later. Use a checklist of tests, categorizing them into various areas, either using the FSA handbook categories or business areas. I tend to use business areas, as I find this focuses the mind.
Tests should be completed clearly, concisely, and accurately. Use reasonable sample sizes when testing areas with a volume of data, say trades.
4 - Compliance Testing Documentation
Documenting the results and keeping a record of backing documentation is critical to a good monitoring program. Without this audit history, the monitoring program has no teeth – there is no ability to demonstrate to the regulator that you have been complying.
Ideally, the backing documents should be indexed or referred to the main testing plan to allow an easy follow through the tests and results.
5 - Follow up actions
There may be follow up points and further queries and questions resulting from of those tests. It would be good practice to record and document these and link to the corresponding tests.
The importance of having a compliance monitoring program is clear – without one, you lose a powerful defense in being able to demonstrate compliance with the regulations on a consistent basis over a period of time. The considerations discussed here are guides only, and a good place to start; however, one may need to consider other firm-specific considerations while developing a comprehensive compliance monitoring program.
**********
About the Author
John Cyriac is the CEO of the “Compliance Software as a Service” company Compliance Track. The views expressed in this article are based on his interviews with various compliance managers across the industry and across the globe. Follow the link to visit Mr. Cyriac’s compliance monitoring software company Compliance Track to see how these five basic elements are implemented.
PDF 
