Presentation is loading. Please wait.

Presentation is loading. Please wait.

Systemise your compliance management Peter Scott Consulting www.peterscottconsult.co.uk.

Published byTiffany Grant Modified over 9 years ago

Similar presentations

Presentation on theme: "Systemise your compliance management Peter Scott Consulting www.peterscottconsult.co.uk."— Presentation transcript:

1 Systemise your compliance management Peter Scott Consulting www.peterscottconsult.co.uk

2 Why manage compliance risks? “The pursuit of excellence, with the aim of doing things better for the clients” Director of Risk of a ‘top ten’ UK law firm

3 “If you cannot demonstrate compliance we may take regulatory action” SRA – OFR at a glance

4 The scope and volume of compliance requires a different approach For example, under Chapter 7 of SRA Code the Outcomes provide that firms must: - have appropriate systems and controls in place to achieve and comply with all Principles, rules and outcomes and other requirements of the Handbook - identify, monitor and manage risks to the achievement of all outcomes, rules, Principles and other requirements in the Handbook if applicable and take steps to address issues identified Do you already have appropriate systems and controls in place to comply?

5 Your challenge.... Is not merely to ensure your firm is compliant but … to be able to DEMONSTRATE to the SRA that your firm and everyone in the firm is compliant on an on-going basis How will you be able to do this?

6 Outcomes focused regulation is about managing processes How can these processes be systemised to provide a cost effective method to manage your compliance?

7 Do you know your compliance risks? What are your compliance risks Where does the knowledge of your compliance risk reside? Can you access it? Do you have systems to monitor, review and upgrade your knowledge?

8 A Risk Management / KM integrated approach Approach risk from a KM viewpoint and vice versa Need to manage the risks relating to knowledge in any event Managing the risks – Quality assurance – Greater competitiveness

9 Failure to manage your knowledge will involve serious risk Compliance / Risk Management Knowledge Management

10 Establishing the resources you will need to effectively manage your compliance For example: Internal or external? Part time partners or professionals? Paper records or use of IT If IT is used - bespoke or ‘off the peg’ systems?

11 Planning your resources Carry out a cost / benefit analysis to establish the most resource effective method for you to manage your compliance risks

12 Where to start? A systematic approach is needed Needs to be management driven, with top level buy-in Zero tolerance is required – no exceptions – just do it! Managing compliance risk needs to be seen as ‘everyone’s job’ – a mind set change is needed Need a ‘no blame’ culture to encourage disclosure Training and education programmes to build awareness and change mindsets Continuous and systematic monitoring and reporting Otherwise everyone is at risk

13 A systematic approach is required Put in place a formal compliance risk management process to identify and manage every area of compliance risk for the SRA Handbook and Code Establish a comprehensive database covering all compliance risk areas Standards such as Lexel and ISO 9000 are likely to help

14 Implementing a compliance risk management Strategy DIAGNOSIS Identification and assessment MITIGATION Control, transfer and avoidance MONITORING Auditing, tracking and reporting When a risk crystallises LIMITATION Minimising the effect of crystallised risks

15 Use of risk management tools? Use an integrated risk management system to quantify, assess and control risk by : – streamlining diagnosis, mitigation and monitoring – embedding common risk management procedures – providing information access to all who need it – creating and maintaining one central, up to date risk database

16 Identifying and assessing your compliance risks

17 Compliance Risk Mapping

18 Compliance risk identification and assessment Incidence - probability Impact - severity

19 Some examples of compliance risks Lack of management commitment to best practice and compliance risk management Lack of knowledge by management Lack of supervision High risk work Lack of client vetting / fraud Lack of client care / matter care Lack of resource capability Lack of knowledge / expertise / experience Precedents / multiple use of advice International work / overseas offices Mergers

20 Using ‘brainstorming’ as a method of identifying and assessing compliance risks ‘Top down – bottom up’ brainstorming sessions in each group in your firm to: - to identify every compliance risk area - are we achieving every Outcome under the new Code? - are we compliant in every area? - do we have gaps? - what will be required to fully comply? - to what standards should we comply? - how should we prioritise our efforts?

21 Assessment of compliance risks Consider the impact of, inter alia: Disciplinary action Bad publicity and loss of reputation Lost clients Complaints and claims Increased P.I. premiums

22 Risk Diagnosis Assess severity of high-level risks Identify high level risks Set criteria for assessing risks Identify detailed risks Assess severity of detailed risks Risk map Risk summary

23 Compliance risk Mitigation Designed to:- Ensure effective compliance Avoid / reduce non compliance Avoid / reduce incidence of risks Transfer some risks

24 Risk mitigation Risk map Risk summary Consider impact / probability correlation Required controls summary Insurance requirements summary Contingency plan requirements Residual risk summary Consider available mitigation techniques

25 Compliance risk monitoring involves… Auditing, tracking and reporting Comparing actual outcomes to pre-set indicators Confirming effectiveness of your risk responses Reporting compliance and exceptions Establishing [annual / periodical] compliance risk management reports

26 Risk monitoring Required controls summary Contingency plan requirements Insurance requirements summary Set risk indicators and methods to monitor them Annual Risk Management Report

27 Risk limitation involves Risk crystalisation scenarios Contingency plans Limitation procedures Post event assessment

28 Advantages of a formal compliance risk management process for the new SRA Code? Structured approach focuses on key compliance risk areas Can demonstrate how a firm is complying and the effectiveness of compliance / outcomes Continuous monitoring ensures management of compliance and risk is “lived” day to day Universal application to all compliance and risk areas Comfort / assurance to PI insurers [and SRA?]

29 Effective use of IT systems for compliance risk management? Use an integrated compliance risk management system to cost effectively manage compliance risk areas by: – creating and maintaining one central, up to date compliance and risk database – providing information access to all who need it in relation to exposure to risk – embedding compliance and risk management procedures – e.g. client inception procedures – streamlining identification, assessment, mitigation and monitoring of compliance risks

30 Outcomes focused regulation is about processes Using IT systems is likely to be the most cost effective and compliant method to manage these processes. Any questions?

Download ppt "Systemise your compliance management Peter Scott Consulting www.peterscottconsult.co.uk."

Similar presentations

The Risk Management Process (AS/NZS 4360, Chapter 3)

The Risk Management Process (AS/NZS 4360, Chapter 3)
A Joint Code of Practice Objectives and Summary Presentation

A Joint Code of Practice Objectives and Summary Presentation
Audit Committee Risk Management Training September 2010 John Allsop Marcus Richards.

Audit Committee Risk Management Training September 2010 John Allsop Marcus Richards.
How to put in place a compliance plan

How to put in place a compliance plan
Internal Control–Integrated Framework

Internal Control–Integrated Framework
Www.marsh.com Member Training ALARM South East - November 2007 Abigail Simpson and Bob Ellison.

Member Training ALARM South East - November 2007 Abigail Simpson and Bob Ellison.
Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
© Sigma (Bookham) Ltd British Computer Society 19 March 2007 'Embedding Benefit Realisation Management – Friends Provident’s experiences Ann Watts – Head.

© Sigma (Bookham) Ltd British Computer Society 19 March 2007 'Embedding Benefit Realisation Management – Friends Provident’s experiences Ann Watts – Head.
How to approach outcomes focused regulation and the new Code of Conduct Peter Scott Consulting www.peterscottconsult.co.uk.

How to approach outcomes focused regulation and the new Code of Conduct Peter Scott Consulting
1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.

1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.
“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”

“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”
What makes for a successful merger? Peter Scott Peter Scott consulting www.peterscottconsult.co.uk.

What makes for a successful merger? Peter Scott Peter Scott consulting
Outcomes focused regulation and compliance in practice Peter Scott Peter Scott Consulting www.peterscottconsult.co.uk.

Outcomes focused regulation and compliance in practice Peter Scott Peter Scott Consulting
IOR Scottish Chapter Annual Conference Glasgow Caledonian University – 1 st November 2013 Relevance of Operational Risk to the FCA Jill Savager Manager,

IOR Scottish Chapter Annual Conference Glasgow Caledonian University – 1 st November 2013 Relevance of Operational Risk to the FCA Jill Savager Manager,
How to Audit an ERP System via the Risk Management Route Presented by: Gabriel Lung ISACA London Chapter Events 2003/2004 ABN-AMRO, 250 Bishopsgate, London.

How to Audit an ERP System via the Risk Management Route Presented by: Gabriel Lung ISACA London Chapter Events 2003/2004 ABN-AMRO, 250 Bishopsgate, London.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Partner reward – a help or a hindrance to effective business development? Peter Scott Peter Scott Consulting www.peterscottconsult.co.uk.

Partner reward – a help or a hindrance to effective business development? Peter Scott Peter Scott Consulting
SAFA- IFAC Regional SMP Forum

SAFA- IFAC Regional SMP Forum
Purpose of the Standards

Purpose of the Standards
PETER SCOTT CONSULTING Business Management Systemize your compliance with Rule 5 Peter Scott Peter Scott Consulting www.peterscottconsult.co.uk.

PETER SCOTT CONSULTING Business Management Systemize your compliance with Rule 5 Peter Scott Peter Scott Consulting

Similar presentations

Ads by Google