Please enable JavaScript.
Coggle requires JavaScript to display documents.
Compliance management tools - Coggle Diagram
Compliance management tools
Compliance policies and procedures
An organisation may have policies and procedures that are focused on compliance management or it may have policies and procedures focused on other activities that have a compliance element
Policies that are focused on compliance management will specify how compliance risks are to be identified, assessed, monitored and controlled
They will also explain the various roles and responsibilities that exist for compliance management
Compliance management procedures will specify how particular compliance risks are to be monitored and controlled
eg KYC procedures, customer complaints
Compliance codes of conduct
An organisation may have one or more codes of conduct in place
Regulators may implement codes of conduct for specific roles, such as board directors and the functions that provide assurance to them, notably the risk function, compliance function and internal audit function
Codes of conduct specify the type of conduct that is expected of relevant staff members, managers and directors within an organisation
Codes may include rules, which must be followed at all times, as well as guidance on the standards of behaviour that are expected.
Codes may cover
General principles such as behaving lawfully, ethically, honestly and without bias or idscrimination
The use of organisational assets and information
Declaring and managing conflicts of interests
Receiving corporate hospitality
Dealing with customers and service users, including the handling of complaints
Behaviour when using the internet and social media
Reporting concerns about the conduct of staff members and other stakeholders
Compliance reviews and audits
Compliance reviews are a form of internal audit that review and report on the effectiveness of compliance related controls. Reviews may look at specific laws and regulations or specific operational areas, such as payments, payroll, health and safety or IT security
Compliance reviews will investigate whether compliance controls are used in an appropriate manner and whether additional controls are required
Where weaknesses are identified, these may be ranked in order of priority from low to medium or high
Actions will be agreed with the relevant managers to ensure that any weaknesses are addressed in a timely manner
Other internal audits of key organisational processes and functions may identify compliance related issues linked to weaknesses in these processes or associated controls, for example an audit of an organisations treasury function or data integrity processes may identify compliance issues relating to financial crime regulations or data protection laws
Compliance impact analysis
A compliance impact analysis is a form of risk assessment that investigates the impact of a compliance breach
Compliance impact analyses will assess the direct and indirect financial costs of a breach - they may also assess non-financial impacts such as reputation effects
The direct financial costs are any fines or costs that are incurred in the event of a breach, this includes legal and court costs.
The indirect financial costs include the costs associated with managing the effects of a breach. One key indirect cost is the cost of staff time that may be devoted to managing the aftermath of a breach, such as dealing with regulators, lawyers and the media
In terms of non-financial impacts, organisations found to be in breach of law or regulation may suffer adverse media and social media coverage - this may affect how they are perceived by stakeholders and consequently damage their reputation
Compliance impact analyses may attempt to quantify in broad monetary terms the direct and indirect financial costs of a breach
Alternatively, an ordinal scale (one to three or one to five) may be used to provide a rough estimate of the financial impacts
Non-financial impacts are usually calculated using an ordinal scale because of the difficulties associated with adding numerical values to intangible factors such as reputation loss
The completion of an effective compliance impact analysis requires
Input from a cross functional range of experts
The analysis of any existing information within the organisation such as pre-existing risk assessments, information on historical breaches and compliance reviews
Regular updates as new information is obtained, for example information about compliance breaches perpetrated by similar organisations
Gap analysis and action planning
A compliance gap analysis helps an organistion to assess whether its existing policies, processes, procedures and compliance controls are sufficient to comply with relevant was and regulations
Gap analyses may be performed on specific laws or sets of regulations
In each case, the law or regulation is broken down by article, subsection or paragraph and an assessment is made as to whether existing policies, processes, procedures and compliance controls are sufficient to ensure compliance with each article, subsection or paragraph
A gap analysis works best when completed by a small team of relevant experts. This will include a compliance manager and the relevant business managers that are responsible for the processes, procedures and activities subject to the relevant legal requirements or regulations
Compliance gap analyses are common for new laws and regulations or where there are major changes to existing laws and regulations
Compliance reporting
Compliance reports may include the output from a range of other compliance activities, including risk based compliance assessments, compliance impact analyses, compliance reviews and compliance gap analyses
Compliance reports include a summary of any new laws and regulations or change to existing laws and regulations
A range of metrics may be monitored to assess the effectiveness of existing compliance controls
Metrics might include the number of reported compliance breaches or near miss breaches, delays in IA actions or metrics on specific topics such as data protection
Compliance reports will be produced by the compliance function or the co-sec
HR related controls
Recruitment controls to ensure that fit and proper employees are recrutied
Performance management and personal development planning processes to help ensure that employees have the incentives, skills and training that they need to support an organisations compliance management activities
Discplinary procedures to take action where a member of staff is not fulfilling their compliance management responsibilities
Whistleblowing policies and prcoedures
Whistleblowing policies and procedures outline how staff members should report any concerns that they may have about the conduct of a colleague, manager, director, other employee or third party contractor working with an organisation
This might include reporting criminal activities, observed breaches of policies and procedures and poor behaviour such as workplace bullying or discrimination
Establishing an appropriate culture
A compliance culture is the general attitudes and behaviours that staff members have in relation to compliance and compliance management
An organisations compliance culture will affect the conduct of stafff members and their willingness to support the effective implementation of compliance related policies, procedures and controls
Mechanisms include
Having a clear set of organisation values and related codes of conduct that reinforce the importance of behaving with honesty and integrity and the need for effective compliance management
Performance management and bonus arrangements that reinforce an organisation's values and codes of conduct
A commitment from directors and senior managers to maintaining. compliant organisations, this includes a consist tone from the top
Providing staff training to ensure all staff are aware
Explaining to employees the benefits of effective compliance management and how it contributes to organisational succes
Reinforcing openness and honesty via a no blame ethos where employees are encoruaged to report potential or actual compliance rbeaches