Category Archives: Operational Risk Management

Underpinning Better Decision-Making By Using MI

Underpinning better decision-making by employing Effective Management information for conduct risk

compliance consultants london specialist remedial risk management fca handbookThe conception of “conduct risk” has risen to the top of firms’ and regulators’ agendas in the last few years. In the UK, the FCA presumes conduct risk management as being implanted into firms’ risk management frameworks, maintained by suitable management information (MI).

Building on current regulatory and supervisory expectations and our years of experience of what works well in operations at firms, ten principles of strong conduct risk MI have been identified that our team believe serve as a solid base for conduct risk MI across all of financial services firms and sectors.

The 10 principles of strong conduct risk MI are;

  • Linked to strategy, culture and risk management framework
  • Outcomes-focused
  • Holistic and used to support analysis of trends
  • Forward-looking
  • Efficient and proportionate
  • Accurate and timely
  • Measured and reported on at an appropriate frequency
  • Comprehensible and traceable
  • Supports open communication and challenge
  • Acted upon and recorded

Associated to strategy, culture and risk management framework
Conduct risk MI is taken into consideration when the firm discusses its strategy and the firm implements a process to examine the conduct risk MI it accumulates, if the strategy or business surroundings should change (e.g. due to the economy, developments in policy and regulation, or technology).

Conduct risks are supervised with the same rigour, and given the same priority, as prudential risks.

A stable of indicators are operated to inform senior management on how correctly the firm’s culture has been embedded. Conduct risk MI is used as a component of performance appraisals and in looking into staff remuneration and promotions, for example, as a part of a balanced scorecard.

Firms go on to form conduct risk appetite statements for key risks and report MI against conduct risk appetite limitations and triggers.

compliance doctor consultants london fca handbookOutcomes-focused
As a component of the product governance approach, firms articulate what a good outcome would likely be for the target end client, including the inherent risks of the product and services, and distinguish the MI they need to keep an eye on this.

MI enables a diagnosis of whether good outcomes are achieved continuously, such as, through monitoring whether the product offers value for money, instead of just concentrating on whether poor outcomes are avoided.

Deep-dive investigations, mystery shopping, customer sales reviews, branch visits and other exercises are often used to develop an image of the product and services from the client’s viewpoint.

Not all conduct risk metrics must be outcomes-focused, as firms need a suite of metrics to build up an overall understanding of conduct risk. As an example, it is still necessary to receive MI on customer satisfaction, even when, by itself, this does not necessarily indicate a good customer outcome.

Holistic and in support of trend analysis
Enterprises use a suite of MI, formed on an appraisal of what is needed, instead of what is readily obtainable through existing systems and processes, in order that a combination of indicators is measured and used to identify potential problems to be investigated further. Using existing risk or control indicators may only provide a skewed view of the situation. We always encourage firms to set an ideal scenario and employ back from the future thinking.

MI is analysed in different ways to identify trends:
– Over a period of time (consistent on a period-to-period basis) e.g. to identify increases in complaints over time for a product;
– Across products e.g. to identify products with remarkably low claims ratios or low investment returns;
– Across business lines e.g. examining breaches of conflicts of interest policies in different areas in the business; and
– Focusing on one team or individual e.g. considering a range of indicators from a trading desk to identify patterns.

Forward-looking
MI reports on possible and emerging conduct risks, besides crystallised risks, as an example, monitoring whether a product is promoted to the target market.

The company considers the emerging conduct risks and trends from the FCA, e.g. those highlighted in the Risk Outlook, as well as lessons gained from previous mis-selling scandals or other regulatory enforcement action, and talks about whether any realignments are needed to MI and whether current MI suggests there may be issues that call for additional investigation. For instance, when the FCA’s Risk Outlook for 2014 highlighted that house price growth may give rise to conduct issues, firms that provide mortgages should have focused on, for instance, affordability and equity release loans.

The business is starting to use analytics tools to link data and enable recognition of underlying conduct risks, for instance, linking post codes with types of mortgages sold and house price growth in the area to understand the risk of customers falling into arrears or the risk of customers being sold an unsuitable product. Many firms will already have this data for credit risk purposes.

values compliance consultant london compliance framework annual monitoring planEfficient and proportionate
Business takes a risk-based approach to reporting MI to avoid a flood of information; information that would not provide value to senior management is not included in MI.

There is a clear delineation of the purpose of conduct risk MI from other MI to eliminate duplication and overlap.

Accurate and timely
Decisions are made based upon the right information, collected sufficiently quickly after the relevant business activity has transpired, to enable action.

The second and third lines of defence are participating in open conversations with the business on expectations in relation to the quality and timeliness of data and what is achievable.

Internal Audit reviews the process governing how MI is collected, analysed and reported, and managers review and sense-check information on a sample basis.

Measured and reported on at an appropriate frequency
To allow practical, in lieu of just reactive responses, conduct risk MI is provided to senior management as a part of monthly, quarterly and annual reporting (as agreed with senior management), and on an ad hoc basis e.g. where risk appetite triggers are breached.

The firm’s resources, systems and processes allow sufficient flexibility in the frequency with which MI is measured and reported; if necessary, data may be aggregated quickly.

Comprehensible and traceable
Senior management is in receipt of clear and concise MI that feature the key messages and risks in an easily digestible format; it is possible to drill down into the information for more detail and to trace where the information was derived.

Conduct risk MI includes a mix of both quantitative and qualitative analysis, which is accompanied by remarks that explain what the MI means, why any conduct risk issues have come about and how substantial they are, how MI was measured (including any limitations), and the proposed actions.

Supports open communication and challenge
Senior Managers discuss and challenge ratings across the ‘Red Amber Green’ (RAG) rating spectrum, as opposed to just targeting ‘red’ ratings, and drill down into the analysis to support risk ratings.

Firms ensure robust thresholds to avoid just ‘green’ and ‘amber’ ratings being reported, giving an inaccurate sense of comfort.
Anomalous or unexpected results are challenged and verified e.g. more than expected sales volumes in certain products, or continued successful market predictions from a certain trading desk.

Senior management openly discusses and seeks to understand weaknesses in how MI is collected and analysed.

Acted upon and recorded
Once probable, emerging and crystallised conduct risks are identified, the origin are investigated and actions are tracked and gone over to ensure they addressed the risks.

Conduct risk MI includes reporting on agreed remedial action and whether the action addressed the conduct risk properly.
An audit trail is maintained detailing how areas of concern acknowledged within conduct risk MI have been acted upon and monitored.

If you have any queries, please call us on 0207 097 1434
Lee Werrell Chartered FCSI

Compliance Doctor

http://www.complianceconsultant.org

compliance consultants London

Using Effective Management information for conduct risk

Underpinning better decision-making by using effective Management information for conduct risk

values compliance consultant london compliance framework annual monitoring planThe principle of “conduct risk” has risen to the top of firms’ and regulators’ agendas recently. In the UK, the FCA assumes conduct risk management to be embedded into firms’ risk management frameworks, assisted by relevant management information (MI).

Building on latest regulatory and supervisory requirements and our prior experience of what works well in practice at firms, ten principles of strong conduct risk MI have been identified that we believe form an intelligent foundation for conduct risk MI across all of the financial services firms and sectors.

The 10 principles of strong conduct risk MI are;

  • Linked to strategy, culture and risk management framework
  • Outcomes-focused
  • Holistic and used to support analysis of trends
  • Forward-looking
  • Efficient and proportionate
  • Accurate and timely
  • Measured and reported on at an appropriate frequency
  • Comprehensible and traceable
  • Supports open communication and challenge
  • Acted upon and recorded

Connected to strategy, culture and risk management framework
Conduct risk MI is considered when the firm reviews its strategy and the organisation implements a process to examine the conduct risk MI it gathers, if the strategy or business environment should evolve (e.g. due to the economy, developments in policy and regulation, or technology).

compliance consultants LondonConduct risks are supervised with the same rigour, and given the same priority, as prudential risks.

A stable of indicators are used to inform senior management on how productively the firm’s culture has been embedded. Conduct risk MI is used as part of performance appraisals and in looking at staff remuneration and promotions, for instance, as a part of a balanced scorecard.

Firms go on to cultivate conduct risk appetite statements for key risks and report MI against conduct risk appetite limits and triggers.

Outcomes-focused
As part of the product governance approach, firms articulate what a good outcome would most likely be for the target end client, along with the inherent risks of the product and services, and distinguish the MI they need to observe this.

MI enables an appraisal of whether good outcomes are achieved routinely, such as, through monitoring whether the product offers value for money, rather than just focusing on whether poor outcomes are avoided.

Deep-dive probes, mystery shopping, customer sales reviews, branch visits and other activities are often used to strengthen an image of the product or service from the client’s point of view.

Definitely not all conduct risk metrics must be outcomes-focused, as firms need a package of metrics to gather an overall image of conduct risk. For example, it is still necessary to receive MI on customer satisfaction, despite the fact that, by itself, this does not always demonstrate a good customer outcome.

Holistic and in support of trend analysis
Enterprises use a suite of MI, formed on an evaluation of what is needed, as opposed to what is readily obtainable through existing systems and processes, to ensure a combination of indicators is measured and used to identify potential problems to be investigated further. Using existing risk or control indicators may only provide a skewed view of the situation. We always encourage firms to set an ideal scenario and employ back from the future thinking.

MI is analysed in different ways to identify trends:
– Over a time period (consistent on a period-to-period basis) e.g. to identify increases in complaints over time for a product;
– Across products e.g. to identify products with comparatively low claims ratios or low investment returns;
– Across business lines e.g. looking at breaches of conflicts of interest policies in different operations in the business; and
– Focusing on one team or individual e.g. assessing a variety of indicators from a trading desk to identify patterns.

compiance doctor compliance risk management complaintsForward-looking
MI reports on potential and emerging conduct risks, alongside crystallised risks, for instance, monitoring whether a product is promoted to the target market.

The company takes into account the emerging conduct risks and trends from the FCA, e.g. those highlighted in the Risk Outlook, as well as lessons learned from previous mis-selling scandals or other regulatory enforcement action, and examines whether any changes are needed to MI and whether present MI suggests there may be challenges that require additional investigation. For instance, when the FCA’s Risk Outlook for 2014 highlighted that house price growth may trigger conduct issues, firms that provide mortgages should have concentrated on, for instance, affordability and equity release loans.

The company is starting to use analytics tools to link data and enable identification of underlying conduct risks, for example, linking post codes with types of mortgages sold and house price growth in the area to understand the risk of customers falling into arrears or the risk of customers being sold an unsuitable product. Many firms will already have this data for credit risk purposes.

Efficient and proportionate
The business takes a risk-based approach to reporting MI to steer clear of a flood of information; information that would not provide value to senior management is not included in MI.

There is a clear delineation of the purpose of conduct risk MI from other MI to eliminate duplication and overlap.

Accurate and timely
Decisions are made built upon the right information, received sufficiently quickly after the relevant business activity has come about, to enable action.

The second and third lines of defence are participating in open conversations with the business on expectations relative to the quality and timeliness of data and what is obtainable.

Internal Audit reviews the process governing how MI is collected, analysed and reported, and managers review and sense-check information on a sample basis.

Measured and reported on at an appropriate frequency
To allow active, in lieu of just reactive responses, conduct risk MI is provided to senior management as an aspect of monthly, quarterly and annual reporting (as agreed with senior management), and on an ad hoc basis e.g. where risk appetite triggers are breached.

The firm’s resources, systems and processes allow adequate overall flexibility in the frequency with which MI is measured and reported; if necessary, data might be aggregated quickly.

Comprehensible and traceable
Senior management is given clear and concise MI that accentuate the key messages and risks in an easily digestible format; it is possible to drill down into the information for more detail and to trace where the information was derived.

Conduct risk MI includes a mix of both quantitative and qualitative analysis, which is accompanied by remarks that explain what the MI means, why any conduct risk issues have developed and how important they are, how MI was measured (including any limitations), and the proposed actions.

Supports open communication and challenge
Senior Managers explore and confront ratings across the ‘Red Amber Green’ (RAG) rating spectrum, instead of just focusing on ‘red’ ratings, and drill down into the analysis to support risk ratings.

Firms ensure robust thresholds to avoid just ‘green’ and ‘amber’ ratings being reported, giving an untrue sense of comfort.
Anomalous or unexpected results are challenged and verified e.g. more than expected sales volumes in certain products, or continued successful market predictions from a certain trading desk.

Senior management openly reviews and seeks to understand weaknesses in how MI is collected and analysed.

Acted upon and recorded
Once inherent, emerging and crystallised conduct risks are identified, the source are investigated and actions are tracked and studied to ensure they addressed the risks.

Conduct risk MI includes reporting on agreed remedial action and whether the action addressed the conduct risk properly.
An audit trail is maintained detailing how areas of concern detected within conduct risk MI have been acted upon and monitored.

If you have any queries, please call us on 0207 097 1434
Lee Werrell Chartered FCSI

Compliance Doctor

http://www.complianceconsultant.org

38 Top Basic Questions to ask 3rd Party Outsourcers

compliance consultants london specialist regulatory complianceEmploying a 3rd Party Outsourcer is a huge move, exactly like consenting to manage an Appointed Representative.

This article will offer you lots of concerns to raise.

NB: You may possibly be required to sign a Non-Disclosure agreement prior to obtaining any answers to a few (nonetheless certainly not all) of these particular questions. If you discover a company hesitates to respond to these concerns, that can tell you something, should it not?

1. Is the company a member of any trade bodies or organisations?

NB: Membership is optional – if companies are members, it might provide a degree of credibility, nevertheless, many excellent companies are not always members.

2. Does the firm have experience in or comply fully with FCA Handbook in all regards? Is it FCA authorised?

NB: Firms do not have to be FCA Authorised provided they are not carrying out any regulated activities. We can conduct an audit to assist you in these matters.

3. Was business effectively providing services with previous financial services clients?

4. For how long has the firm worked?

5. The amount of companies they have services for/are servicing?

6. How many companies there are in their group?

7. Can you get an organisational diagram clarifying the structure of the business (Ownership/Management/Staff?

8. How many companies that have used their company on a continual basis i.e., rolled over contracts?

9. The frequency of board meetings discussing company earnings and revenue projections?

10. The amount of legal claims from clients made against them/outstanding?

11. How many company board meetings have been held in last 12 months?

12. What marketing is produced by the outsourcer? Samples?

13. What level of Training and CPD requirement is provided/required?

14. What level of ongoing Management Information (MI) is offered?

15. How is training and assistance supplied to new staff?

16. What is the makeup of the local management structure (more detail than 7)?

17. What are the Client profiles?

18. Working times (5 days a week, 7 days a week, etc.)?

19. Are shift-workers needed? If yes, what are the busiest times of each day (as an average)?

20. What warranties are provided if any, regarding service level compliance for complaints/escalation/quality of data?

21. Ask to talk to random financial services firms as referees and ask that they provide you some contact names and numbers?

22. When you have spoken to a business get them to give a rating out of 5, where 5 is highest, 1 is most affordable about: a) Marketing support b) Level of continuous Support c) Level and quality of Training d) General satisfaction

23. Ask for staff turnover particulars from their HR.

24. Is the firm planning any strategic acquisitions or expansion in the next 12 – 36 months

25. In their opinion, is the marketplace for the product or services most likely to grow soon?

26. What market share does the business have/ how strong are the competitors?

27. Is it easy for rivals to launch substitute companies? Are there entry barriers?

28. What market awareness (branding) does the firm have in their market?

29. Are they the leading player in the sector? How is this assessed?

30. What is their competitive advantage?

31. Is their competitive advantage distinct or can it be quickly copied?

32. Are they considered to be innovative?

33. What innovations has the company made in business design over the past one year to stay ahead of competition?

34. Will business grow in net value as business grows or will financial debt increase?

35. Will we have the capacity to exit any agreements? What are the usual terms? What about regulatory breach issues?

36. Have there been companies who have closed their arrangements early?

37. What Business Continuity arrangements are there, physically and IT? When was this last tested?

38. What secure waste destruction procedures are used? Are there certificates readily available?

With any luck, these questions made you think a bit harder about the outsourcing opportunities readily available. If you just haven’t got the time to make contact and ask all those questions, simply go to the website to sort the wheat from the chaff.

Lee Werrell
Compliance Doctor
0207 097 1434

compliance consultants London

Functional Risk Management Awareness

compliance doctor compliance consultants london

The term Operational Risk Management (ORM) is not brand-new. It has been tossed about in businesses throughout North America for the last a number of years.

ORM and the oft associated term Enterprise Risk Management (ERM) have actually been used as corporate buzzwords, organisation culture idioms referenced in board meetings and articulated throughout presentations.

Current developments, such as the production of the Sarbanes-Oxley (SOX) Act in 2002 in action to growing financial scandals in the U.S., have brought Operational Risk Management, Enterprise Risk Management and related principles from the backrooms to the leading edge of business America.

The inevitable reality is that each and every single day organisations incur losses and experience functional disturbances due to failures by employees, incorrect application of processes and innovations as well as wilful disobedience to internal controls. These losses might appear in the kind of uncollectible receivables from disappointed customers, lost sales due to call centre failures or ineffective worker downtime when computer systems are unavailable, or a host of other potential issues. While a lot of businesses have actually established advertisement hoc methods of handling such losses in the past, legislation (such as SOX and the Basel Accord) has made standardized compliance procedures a lot more complex. Luckily, just as these brand-new guidelines have actually given rise to increased awareness of ORM/ERM, brand-new tools (including Risk Management software) have actually been established to aid compliance efforts.

The brand-new program of Sarbanes-Oxley, under the direction of the Public Company Accounting Oversight Board (PCAOB) which remains in turn accountable to the Security and Exchange Commission (SEC), has certainly benefited the business world by offering a structure from which to reduce business scams. However, the intricacy and associated technical, labour and administrative expenses postured to service is also considerable. The truths of both individually big and jointly mundane errors resulting in loss, in addition to the newly managed reporting of those losses, affect essentially all locations of every service each and every day. For that reason, it remains in each company’s benefit to simultaneously discover methods to cut losses while keeping regulatory compliance costs down. Hence the renewal of Operational Risk Management/Enterprise Risk Management and the new demand for Risk Management software application services.

Traditionally, few functional losses were determined in any accounting system, and hardly ever were the loss incidents tracked and analyzed in any way; the time and documents needed to do so was merely intimidating. Any Risk Management software application tools were typically exclusive and slightly more than electronic log books at finest since there was no basic legislation in location. New mindsets and innovations have enabled loss incidents to be seen as more predictable and able to be grouped into danger classifications. Correct analysis of these events can result in attribution to source which aids in mitigation. Even this beginning results in significantly reduced expenses while accomplishing substantial gains and tactical benefits from well crafted Operational Risk Management policies and Enterprise Risk Management procedures.

compiance doctor compliance risk management complaintsModifications in legislation, technology and attitudes related to ORM/ERM have actually produced not simply economic gains, they have led directly to re-invigorated organisation innovation and even developed improvements in the lifestyle. Security, quality and environmental related loss incidents have actually shown to be not just manageable and preventable, but sound management of these issues has actually provided greater advantage on those who succeeded while driving many who did not adapt out of service. While large scale corruption may have caused regulatory changes, these modifications have stimulated a re-visioning of Enterprise Risk Management. Advanced Risk Management software has enabled business to more directly alleviate losses. This has resulted in a cleaner, more effective and more competitive organisation environment.

In the post-SOX environment, the same social and political pressures on companies are present. Enhanced attitudes and tools have actually motivated the expansion of sound Operational Risk Management to the financial and strategic benefit of those effectively prepared for the journey. To discover how Paisley Consulting can help your company on that journey, whether through the arrangement of powerful Risk Management software application or expert assessment on Enterprise Risk Management, visit compliancedoctor.co.uk.

Recent developments, such as the development of the Sarbanes-Oxley (SOX) Act in 2002 in response to growing monetary scandals in the U.S., have brought Operational Risk Management, Enterprise Risk Management and associated concepts from the backrooms to the leading edge of corporate America.

The rebirth of Operational Risk Management/Enterprise Risk Management and the brand-new need for Risk Management software application services.

Even this beginning leads to significantly decreased costs while accomplishing huge gains and tactical benefits from well crafted Operational Risk Management policies and Enterprise Risk Management procedures.

Advanced Risk Management software has actually permitted organisation to more straight mitigate losses. To find out how Paisley Consulting can assist your business on that journey, whether through the arrangement of powerful Risk Management software or specialist assessment on Enterprise Risk Management, go to The Compliance Doctor – Lee Werrell Chartered FCSI – http://compliancedoctor.co.uk

compliance consultants london specialist remedial risk management fca handbook

Employing Effective Management Information for Conduct Risk

Underpinning better decision-making by employing Effective Management information for conduct risk

The philosophy of “conduct risk” has bubbled to the top of firms’ and regulators’ agendas in the last few years. In the UK, the FCA expects conduct risk management as being implanted into firms’ risk management frameworks, promoted by proper management information (MI).

Developing on existing regulatory and supervisory expectations and our practical experience of what works well in practice at firms, ten principles of strong conduct risk MI have been identified that our company believe provide a stable bedrock for conduct risk MI across all of financial services firms and sectors.

The 10 principles of strong conduct risk MI are;

  • Linked to strategy, culture and risk management framework
  • Outcomes-focused
  • Holistic and used to support analysis of trends
  • Forward-looking
  • Efficient and proportionate
  • Accurate and timely
  • Measured and reported on at an appropriate frequency
  • Comprehensible and traceable
  • Supports open communication and challenge
  • Acted upon and recorded

Associated to strategy, culture and risk management framework
Conduct risk MI is taken into account when the firm talks about its strategy and the firm establishes a process to evaluate the conduct risk MI it accumulates, if the strategy or business conditions should change (e.g. due to the economy, developments in policy and regulation, or technology).

Conduct risks are overseen with the same rigour, and given the same priority, as prudential risks.

A range of indicators are used to inform senior management on how adequately the firm’s culture has been embedded. Conduct risk MI is used as an aspect of performance appraisals and in taking into account staff remuneration and promotions, as an example, as an aspect of a balanced scorecard.
Firms continue to cultivate conduct risk appetite statements for key risks and report MI against conduct risk appetite limitations and triggers.

claims management authorisation fcaOutcomes-focused
As a component of the product governance procedure, firms articulate what a good outcome would certainly be for the target end client, including the inherent risks of the product or service, and distinguish the MI they need to keep track of this.

MI enables a consultation of whether good outcomes are achieved regularly, for example, through monitoring whether the product offers value for money, rather than just paying attention to whether poor outcomes are avoided.

Deep-dive inspections, mystery shopping, customer sales reviews, branch visits and other exercises are often used to strengthen an image of the service or product from the client’s standpoint.

Not all conduct risk metrics must be outcomes-focused, as firms need a package of metrics to develop an overall picture of conduct risk. Such as, it is still vital to receive MI on customer satisfaction, although, on its own, this does not always make evident a good customer outcome.

Holistic and in support of trend analysis
Enterprises use a suite of MI, formed on a consultation of what is needed, instead of what is readily accessible through existing systems and processes, to ensure a combination of indicators is measured and used to identify potential problems to be investigated further. Using existing risk or control indicators may only provide a skewed view of the situation. We always encourage firms to set an ideal scenario and employ back from the future thinking.

MI is analysed in different ways to identify trends:
– Over a time period (consistent on a period-to-period basis) e.g. to identify increases in complaints over time for a product;
– Across products e.g. to identify products with fairly low claims ratios or low investment returns;
– Across distribution channels e.g. examining breaches of conflicts of interest policies in different parts of the business; and
– Paying attention to one team or individual e.g. reviewing a variety of indicators from a trading desk to identify patterns.

Forward-looking
MI reports on possible and emerging conduct risks, besides crystallised risks, i.e.,, monitoring whether a product is sold to the target audience.

The company takes into account the emerging conduct risks and trends from the FCA, e.g. those highlighted in the Risk Outlook, as well as lessons gained from previous mis-selling scandals or other regulatory enforcement action, and talks about whether any modifications are needed to MI and whether present MI suggests there may be challenges that need more investigation. For instance, when the FCA’s Risk Outlook for 2014 highlighted that house price growth may give rise to conduct issues, firms that provide mortgages should have paid attention to, for instance, affordability and equity release loans.

The business is starting to use analytics resources to link data and enable identity of underlying conduct risks, such as, linking post codes with types of mortgages sold and house price growth in the area to understand the risk of customers falling into arrears or the risk of customers being sold an unsuitable product. Many firms will already have this data for credit risk purposes.

Efficient and proportionate
The business takes a risk-based approach to reporting MI to avoid a torrent of information; information that would not provide value to senior management is not included in MI.

There is a clear delineation of the purpose of conduct risk MI from other MI to eliminate duplication and overlap.

Accurate and timely
Decisions are made founded on the right information, obtained sufficiently quickly after the relevant business activity has taken place, to enable action.

The second and third lines of defence are participating in open conversations with the business on expectations relative to the quality and timeliness of data and what is possible.

Internal Audit reviews the process governing how MI is collected, analysed and reported, and managers review and sense-check information on a sample basis.

Measured and reported on at an appropriate frequency
To allow practical, as opposed to just reactive responses, conduct risk MI is provided to senior management as part of monthly, quarterly and annual reporting (as agreed with senior management), and on an ad hoc basis e.g. where risk appetite triggers are breached.

The firm’s resources, systems and processes allow sufficient adaptability in the frequency with which MI is measured and reported; if necessary, data can be aggregated quickly.

Comprehensible and traceable
Senior management is given clear and concise MI that accentuate the key messages and risks in an easily digestible format; it is possible to drill down into the information for more detail and to trace where the information was derived.

Conduct risk MI includes a mix of both quantitative and qualitative analysis, which is accompanied by remarks that explain what the MI means, why any conduct risk issues have developed and how critical they are, how MI was measured (including any limitations), and the proposed actions.

compiance doctor compliance risk management complaintsSupports open communication and challenge
Senior Managers examine and challenge ratings across the ‘Red Amber Green’ (RAG) rating spectrum, as opposed to just working on ‘red’ ratings, and drill down into the analysis to determine risk ratings.

Firms ensure robust thresholds to avoid just ‘green’ and ‘amber’ ratings being reported, giving an incorrect sense of comfort.
Anomalous or unexpected results are challenged and verified e.g. more than expected sales volumes in certain products, or continued successful market predictions from a certain trading desk.

Senior management openly reviews and seeks to understand weakness in how MI is collected and analysed.

Acted upon and recorded
Once potential, emerging and crystallised conduct risks are identified, the source are investigated and actions are tracked and studied to ensure they addressed the risks.

Conduct risk MI includes reporting on agreed remedial action and whether the action addressed the conduct risk proficiently.
An audit trail is maintained detailing how areas of concern detected within conduct risk MI have been acted upon and monitored.

If you have any queries, please call us on 0207 097 1434

Lee Werrell Chartered FCSI

Compliance Doctor

http://www.complianceconsultant.org

compliance consultants london specialist remedial risk management fca handbook

38 Leading Questions to ask 3rd Party Outsourcers

compliance consultants London

Working With a 3rd Party Outsourcer is a significant move, much like agreeing to manage an Appointed Representative.

This article will offer you numerous concerns to raise.

NB: You might actually need to sign a Non-Disclosure agreement before receiving any explanations to a few (nevertheless certainly not all) of these particular questions. If you discover a company vacillates to respond to these concerns, that should tell you something, should it not?

1. Is the firm a member of any trade bodies or organisations?

NB: Membership is optional – if companies are members, it might provide a degree of credibility, nevertheless, many excellent companies are not always members.

2. Does the firm have experience in or comply fully with FCA Handbook in all regards? Is it FCA authorised?

NB: Firms do not have to be FCA Authorised provided they are not carrying out any regulated activities. We can conduct an audit to assist you in these matters.

3. Was business effectively providing services with previous financial services clients?

4. For how long has the firm operated?

5. The number of companies they have services for/are servicing?

6. The number of companies there are in their group?

7. Can you get an organisational chart explaining the structure of the company (Ownership/Management/Staff?

8. The amount of companies that have used their firm on a continual basis i.e., rolled over contracts?

9. The frequency of board meetings discussing company earnings and revenue projections?

financial services compliance consultants,compliance consultancy services10. The number of legal claims from clients made against them/outstanding?

11. The number of company board meetings have been held in last 12 months?

12. What marketing is provided by the outsourcer? Samples?

13. What level of Training and CPD requirement is provided/required?

14. What level of ongoing Management Information (MI) is offered?

15. How is training and assistance supplied to new staff?

16. What is the makeup of the local management structure (more detail than 7)?

17. What are the Consumer profiles?

18. Working times (5 days a week, 7 days a week, etc.)?

19. Are shift-workers needed? If yes, what are the busiest times of each day (as an average)?

20. What warranties are provided if any, regarding service level adherence for complaints/escalation/quality of data?

21. Ask to talk with random financial services companies as referees and ask that they provide you some contact names and numbers?

22. When you have spoken with a firm get them to give a rating out of 5, where 5 is highest, 1 is most affordable about: a) Marketing support b) Level of continuous Support c) Level and quality of Training d) General satisfaction

23. Ask for staff turnover specifics from their HR.

24. Is the company planning any strategic acquisitions or expansion in the next 12 – 36 months

25. In their opinion, is the marketplace for the product or services most likely to grow soon?

26. What market share does the company have/ how strong are the competitors?

27. Is it easy for rivals to launch substitute companies? Are there entry barriers?

values compliance consultant london compliance framework annual monitoring plan28. What market awareness (branding) does the business have in their market?

29. Are they the leading player in the sector? How is this assessed?

30. What is their competitive advantage?

31. Is their competitive advantage exceptional or can it be swiftly copied?

32. Are they considered to be innovative?

33. What innovations has the firm made in business design over the past 12 months to keep ahead of competition?

34. Will business grow in net value as business grows or will debt increase?

35. Will we be able to leave any agreements? What are the usual terms? What about regulatory breach issues?

36. Have there been companies who have closed their agreements early?

37. What Business Continuity arrangements are there, physically and IT? When was this last tested?

38. What secure waste destruction methods are used? Are there certificates readily available?

Preferably, these questions made you think a bit harder about the outsourcing opportunities readily available. If you just haven’t got the time to make contact and ask all those questions, simply go to the website to sort the wheat from the chaff.

Lee Werrell
Compliance Doctor
0207 097 1434

compliance consultants london specialist remedial risk management fca handbook

Functional Threat Management Awareness

compliants fca handbook compliance doctor management

The term Operational Risk Management (ORM) is not brand-new. It has been tossed about in organisations across the world for  a number of years.

ORM and the oft associated term Enterprise Risk Management (ERM) have actually normally been used as corporate buzzwords, business culture idioms referenced in board meetings and articulated throughout presentations.

Current advancements, such as the production of the Sarbanes-Oxley (SOX) Act in 2002 in reaction to growing monetary scandals in the U.S., have actually brought Operational Risk Management, Enterprise Risk Management and associated ideas from the backrooms to the forefront of corporate America.

The inescapable reality is that every single day companies sustain losses and experience functional interruptions due to failures by employees, incorrect execution of procedures and technologies as well as wilful disobedience to internal controls. Fortunately, simply as these brand-new guidelines have given rise to increased awareness of ORM/ERM, brand-new tools (consisting of Risk Management software) have been established to help compliance efforts.

The truths of both collectively ordinary and separately large mistakes resulting in loss, as well as the recently controlled reporting of those losses, impact virtually all areas of every business each and every day. The rebirth of Operational Risk Management/Enterprise Risk Management and the brand-new need for Risk Management software solutions.

values compliance consultant london compliance framework annual monitoring planTypically, couple of functional losses were measured in any accounting system, and rarely were the loss events tracked and analyzed in any method; the time and documentation needed to do so was merely intimidating. Because there was no basic legislation in location, any Risk Management software tools were often proprietary and a little more than electronic log books at finest. New mindsets and innovations have actually permitted loss incidents to be seen as more foreseeable and able to be grouped into danger categories. Proper analysis of these incidents can result in attribution to root causes which aids in mitigation. Even this beginning causes dramatically minimized expenses while achieving big gains and tactical benefits from well crafted Operational Risk Management policies and Enterprise Risk Management treatments.

While big scale corruption may have brought about regulatory modifications, these modifications have stimulated a re-visioning of Enterprise Risk Management. Advanced Risk Management software has enabled organisation to more straight alleviate losses.

In the post-SOX environment, the very same social and political pressures on organizations are present. Enhanced attitudes and tools have motivated the expansion of sound Operational Risk Management to the strategic and economic benefit of those effectively gotten ready for the journey. To discover how Paisley Consulting can help your company on that journey, whether through the provision of powerful Risk Management software application or specialist assessment on Enterprise Risk Management, visit 

Management treatments.

Changes in legislation, innovation and mindsets associated with ORM/ERM have actually produced not just economic gains, they have led directly to re-invigorated organisation development and even developed enhancements in the quality of life. Safety, quality and environmental related loss events have actually shown to be not only manageable and avoidable, however sound management of these problems has given higher benefit on those who succeeded while driving lots of who did not adapt out of service. While large scale corruption might have produced regulative changes, these changes have actually stimulated a re-visioning of Enterprise Risk Management. Advanced Risk Management software has enabled company to more directly alleviate losses. This has actually led to a cleaner, more efficient and more competitive business environment.

In the post-SOX environment, the very same social and political pressures on companies exist. Improved tools and mindsets have motivated the proliferation of sound Operational Risk Management to the strategic and economic benefit of those appropriately prepared for the journey. To learn how Paisley Consulting can assist your business on that journey, whether through the arrangement of powerful Risk Management software or expert assessment on Enterprise Risk Management, go to compliancedoctor.co.uk.

 

Lee Werrell Chartered FCSI

Compliance Doctor

compliance consultants london specialist remedial risk management fca handbook

 

Functional Risk Management Awareness

compliants fca handbook compliance doctor management

ORM and the oft associated term Enterprise Risk Management (ERM) have generally been utilised as corporate buzzwords, organisation culture idioms referenced in board conferences and articulated throughout presentations.

Current developments, such as the production of the Sarbanes-Oxley (SOX) Act in 2002 in response to growing financial scandals in the U.S., have brought Operational Risk Management, Enterprise Risk Management and related concepts from the backrooms to the forefront of business.

The inescapable truth is that every single day companies incur losses and experience functional disturbances due to failures by employees, incorrect execution of procedures and technologies as well as wilful disobedience to internal controls. Fortunately, simply as these brand-new guidelines have actually given rise to increased awareness of ORM/ERM, brand-new tools (consisting of Risk Management software) have been developed to assist compliance efforts.

The realities of both separately big and collectively ordinary mistakes resulting in loss, as well as the newly controlled reporting of those losses, affect virtually all areas of every organisation each and every day. The rebirth of Operational Risk Management/Enterprise Risk Management and the new need for Risk Management software solutions.

making comoliance work compliance doctorTraditionally, couple of functional losses were measured in any accounting system, and hardly ever were the loss incidents tracked and examined in any method; the time and paperwork needed to do so was just intimidating. Any Risk Management software application tools were typically proprietary and slightly more than electronic log books at finest since there was no standard legislation in place. New technologies and mindsets have actually permitted loss events to be viewed as more able and foreseeable to be grouped into danger categories. Appropriate analysis of these incidents can result in attribution to root causes which help in mitigation. Even this beginning leads to significantly lowered expenses while accomplishing big gains and strategic advantages from well crafted Operational Risk Management policies and Enterprise Risk Management treatments.

Changes in legislation, innovation and mindsets associated with ORM/ERM have actually produced not just economic gains, they have led directly to re-invigorated organisation development and even developed enhancements in the quality of life. Safety, quality and environmental related loss events have actually shown to be not only manageable and avoidable, however sound management of these problems has given higher benefit on those who succeeded while driving lots of who did not adapt out of service. While large scale corruption might have produced regulative changes, these changes have actually stimulated a re-visioning of Enterprise Risk Management. Advanced Risk Management software has enabled company to more directly alleviate losses. This has actually led to a cleaner, more efficient and more competitive business environment.

In the post-SOX environment, the very same social and political pressures on companies exist. Improved tools and mindsets have motivated the proliferation of sound Operational Risk Management to the strategic and economic benefit of those appropriately prepared for the journey. To learn how Paisley Consulting can assist your business on that journey, whether through the arrangement of powerful Risk Management software or expert assessment on Enterprise Risk Management, go to compliancedoctor.co.uk.

Current advancements, such as the development of the Sarbanes-Oxley (SOX) Act in 2002 in action to growing monetary scandals in the U.S., have actually brought Operational Risk Management, Enterprise Risk Management and associated principles from the backrooms to the leading edge of corporate America.

The renewal of Operational Risk Management/Enterprise Risk Management and the new need for Risk Management software application options.

Even this start leads to considerably reduced expenses while achieving substantial gains and tactical advantages from well crafted Operational Risk Management policies and Enterprise Risk Management treatments.

Advanced Risk Management software has actually permitted business to more straight reduce losses. To find out how Paisley Consulting can help your business on that journey, whether through the provision of powerful Risk Management software or specialist assessment on Enterprise Risk Management, visit The Compliance Doctor – Lee Werrell Chartered FCSI – http://compliancedoctor.co.uk

compliance consultants london specialist remedial risk management fca handbook

Claims Management Companies To Put Their Hands In THEIR OWN Pocket in 2019

Claims management companies (CMCs), known in the financial services compliance business as “Ambulance Chasers” will have to look for more than ₤ 7m in 2019 to set up a compliant scheme to adequately satisfy the regulator the sector, the Financial Conduct Authority (FCA) has revealed.

The approximate price to be paid in 2019-20, if accurate, is 42% of the total initial cost of taking over responsibility for the sector, which under the Financial Guidance and Claims Act 2018 devolves the authority from the Claims Management Regulator on 1 April next year. In total, the authority will recover an estimated ₤ 16.8 m from the sector by 2021, the regulator proposes.

In a consultation paper published at the end of August 2018 the FCA confirms that it is paid for completely by the bodies it regulates; that thanks to the claims management industry’s uncertain future it will need money up-front. When taking up new obligations, the authority can at times defer recovery of the project costs until ‘a substantial body of fee payers’ is in place. The regulator also notes; ‘However, the claims management industry is undergoing considerable change and this uncertainty limits our ability to defer recovery of costs.’

compliance doctor compliance consultants londonThe shake up to the claims management conditions, notably 29 August 2019 deadline day for the submission of cases relating to payment protection insurance,’ might require CMCs to adapt their business models to continue providing claims management services for consumers, and some firms may depart the market entirely’, it notes. Therefore there is a risk that project costs might fall disproportionately heavily on those firms that successfully qualify for authorisation.

‘It would be unfair for firms which take advantage of the regulatory gateway, but which leave within the first year, to pass their share of the project costs to those firms which continue to be authorised by us,’ the consultation paper considers. ‘For this reason, we have decided to collect a substantial proportion of our project costs in the first year.’ This will likely equate to an amount of ₤ 7.1 m in 2019/20, around 42% of the total.

The proposals are set for a rough ride from the claims management industry. Although a vast majority of the firms are likely to exit the industry in 2019, how will the FCA demonstrate that they understand the industry well enough to regulate the remaining firms effectively? Unfortunately, just as a lock only keeps out an honest man, we could end up with disproportionate costs and

infrastructure changes to what amount to be successful, ethical and compliant firms.

claims management authorisation fcaWhenever the CMCs are set to apply for authorisation, there is plenty of help for them to engage with. Compliance Consultant are specialist FCA authorisation consultants and can assist all types of firms get the authorisation process right.

What Does FCA Authorised Mean?Based on the Financial Services and Markets Act (FSMA) 2000, financial activities are regulated by the Financial Conduct Authority (FCA). Any firm carrying out any regulated activity must be authorised by the FCA, unless they are exempt. On Approval They Are FCA Approved Persons.

FCA Authorisations are in some cases tricky and can appear very daunting to the newcomer.Compliance Consultant was created in 2000 to assist providers and individuals in their regulatory compliance requirements, here in the UK, EU and Middle East. We are also long-standing members of the Association of Professional Compliance Consultants (APCC).

Using our application experience developed from the FCA’s Authorisations Team feedback, Compliance Consultant Authorisation Services has succeeded in obtaining authorisation for a large number of clients of all sizes from a variety of fields.

Why Do They Need The Compliance Doctor?

In a speech By Sarah Rapson, Director, Authorisations on the 14th March 2018 at the APCC Conference she stated;”Sometimes firms fail to provide information we request, or they provide the wrong information, or over complicate their responses. This could be because they do not understand our concerns or the questions we ask or why we ask them. If in doubt, they should ask us.Similarly, firms can misunderstand what is required of them, especially where there is new regulation, such as PSD2 or MiFID2. Again, they should speak with us if they are uncertain as to our requirements.From time to time we deal with firms that will not engage with us or do so reluctantly; or they address our concerns in part but not fully. In such circumstances we may well conclude that a firm is not ready to be authorised and could not be supervised effectively. My message is simple; firms need to cooperate with us.Sometimes firms apply for authorisation prematurely, before they are ready to demonstrate that they meet the minimum conditions; at very least this will delay our consideration of their applications, especially if they also fail to provide the information that we require. Firms should apply when they are ready, not to secure their place in the queue.Those are just a few examples. But the common theme is that firms that understand what we are trying to achieve through having a rigorous approach to authorisations and why, are more likely to be successful in their applications.”

The FCA have published a formal policy statement in December, for the rules to become effective from 1 April 2019.

 

Lee Werrell Chartered FCSI

Compliance Doctor

compliance consultants london specialist remedial risk management fca handbook

What Is Operational Risk?

coso operational risk framework management

operational risk management frameworkWhat Is Operational Risk?

Proactive management of operational risk, in addition to allowing compliance with the requirements, leads to improved production conditions: streamlining of processes which results in increased productivity, improved quality leading to a better brand image. In particular, such an approach allows the development of quantitative tools which define measurable objectives for operational teams in terms of reduction of operational risks.

BREAKING DOWN Operational Risk

Operational risk can be summarised as human risk; it is the risk of business operations failing due to human error. It changes from industry to industry, and is an important consideration to make when looking at potential investment decisions. Industries with lower human interaction are likely to have lower operational risk.

Focus of Operational Risk

Operational risk focuses on how things are accomplished within an organisation and not necessarily what is produced or inherent within an industry. These risks are often associated with active decisions relating to how the organisation functions and what it prioritises. While the risks are not guaranteed to result in failure, lower production or higher overall costs, they are seen as higher or lower depending on various internal management decisions.

Examples of Operational Risk

One area that may involve operational risk is the maintenance of necessary systems and equipment. If two maintenance activities are required, but it is determined only one can be afforded at the time, making the choice to perform one over the other alters the operational risk depending on which system is left in disrepair. If a system fails, the negative impact is associated directly with the operational risk.

Other areas that qualify as operational risk tend to involve the human element within the organisation. If a sales-oriented business chooses to maintain a subpar sales staff, due to its lower salary costs or any other factor, this is considered an operational risk. The same can be said for failing to properly staff to avoid certain risks. In manufacturing, choosing not to have a qualified mechanic on staff, and having to rely on third parties for that work, can be classified as an operational risk. Not only does this impact a system’s operation, it also involves additional time delays as it relates to the third party.

Willing participating in fraudulent activity may also be seen as operational risk. In this case, the risk involves the possibility of repercussions if the activity is uncovered. Since the decision is active, it is considered a risk relating to how the business operates.

 

See also;

Strategic Risk

Strategic Risk Management

×
Current Activity
×
Another Happy Client
×
Another Happy Client
×