Week 3 - Components and tools in a compliance framework

.docx

School

University of New South Wales *

*We aren’t endorsed by this school

Course

8503

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

31

Uploaded by LieutenantFreedom12639

Report
Week 3: Overview of RegTech solutions We were introduced to the range of RegTech solutions last week. This week, we look into specific areas of the compliance framework, the tools required and key considerations for implementation. Anatoly Kirievsky (Adjunct Lecturer) Week 3 Speech (Transcript) In this week, we analyse a number of our regulatory technology tools that help to solve some of the elements of our compliance framework. These tools talk about dealing with regulatory changes. So, when we identify that a regulator is making a change, how do we track it? How do we analyse it? How do we ensure that the required changes that apply to us have been implemented? We talk about electronic communication surveillance; we talk about conflict- of-interest management. Let me take the conflict-of-interest management as an example. In the Royal Commission, Commissioner Hayne identified that in every single case of misconduct, as a result of the misconduct, either the institution that employed the person or the person themselves benefited financially. He had this underlying issue that financial services are provided to you as a potential client and theoretically, you would expect that there's a focus on you. However, in reality, as a result of the misconduct, the beneficiary was the institution or the person that is giving you those services. So why do we need RegTech? Well, RegTech solutions are required in order to capture what are these types of conflicts that exist. From a conflict's perspective, they can be structural conflicts, where the institution gets paid by selling certain products whilst the customer ends up paying for those, or you can have personal conflicts, where a person may have particular shares and
is trying to ensure that somebody else buys those shares in order to increase the price. We want to be able to assess how many of those conflicts that are in existence within our institution. We want to be able to check when a decision is being made, whether anyone who's involved in the decision-making process has an actual conflict. We want to be able to review our conflicts based on regular time frame, based on some of the identified risks. We want to make sure that when a new proposal comes through, that we can check that whoever is working on that proposal is not inappropriately conflict. This is just an example of a tool that we need to have in place in order for us to manage some conflicts of interest obligations, which is one of the core obligations that all financial services firms are subject to. Explain the role of regulatory change management in a compliance framework. Identify key staff-related risks. Explain processes and systems used to identify misconduct and report to regulators. What is regulatory change management process? Get an overview of the regulatory change management process. Purpose Regulatory obligations are constantly evolving, including through changes in legislation, regulation, interpretation, and enforcement outcomes. Companies need to be able to identify changes and feed them into the compliance framework to maintain their desired compliance stance. In this activity, we'll be looking at the components that make up the regulatory change management process.
Activity instructions Read through the following information on regulatory obligations and participate in the activities as directed. At the end of the activity, you will be given an opportunity to think about the material you have interacted with in relation to your assessment task. The regulatory change management process The regulatory change management process is comprised of the regulatory inventory, regulatory changes and announcements, and regulatory exams and enquiries, which are highlighted in orange in the image below. Regulatory inventory The starting point to understand a firm’s obligations is to establish a register, or inventory, that brings together all sources of obligations, such as laws (i.e., the Corporations Act), regulations (i.e., corporations Regulations), guides (i.e., ASIC’s Regulatory Guides), standards (i.e., APRA’s prudential standards), industry codes (i.e., the Banking Code of Practice), and listing rules. It is important to understand all obligations that apply in every jurisdiction where the firm operates. The obligations may relate to financial services, listing, AML, competition, privacy, telecommunication (marketing, recording), payroll, anti-discrimination, workplace health and safety and others.
To view the process of managing regulatory obligations, use the arrow keys below to navigate between points on the timeline. Click on the point to view the step. Step 1: Identify all applicable obligations Step 2: Convert obligations to plain language requirements Step 3: Rate risk obligations: Core obligations with significant penalties are higher risk than more administrative obligations with only minor consequences Step 4: Map obligations to pre-defined risk types Step 5: Assess each of the risk themes for each of the business units for your firm Step 6: Conduct the risk assessment The number of individual obligations applicable to a bank is in the thousands. While it is possible to track obligations manually for a small company with a small number of obligations, it is not possible to manually track all for a larger organisation, hence a RegTech solution is required. Activity Consider some of the sources of obligation for Unisuper . Write these in the word cloud below. You will be able to see the sources that other students have also added.
Regulatory changes and announcements Regulations are not static, and crises often spur regulatory changes. Hence, we need a system to track regulatory developments. These developments can impact our obligations in two ways: 1. changes to the obligations (new laws or a change to a section of the law, or a change to the interpretation of the law, such as revised regulatory guides) 2. changes to the risk rating of the obligations; this may occur through non-law developments. For example, publications of regulatory priorities for the upcoming period may indicate which specific areas the regulator is targeting. An announcement of a large penalty (or a series of separate penalties) would indicate the risk, associated with a particular obligation or risk type, is increasing, impacting inherent risk rating. Therefore, we need a RegTech solution that will identify applicable regulatory changes and announcements and incorporate information into the CRA. To view the process, use the arrow keys below to navigate between points on the timeline. Click on the point to view the step. Step 1: Identify all changes and announcements Step 2: Present them to a staff member to identify those relevant to the company Step 3: Link those cases selected to the risk themes and business units impacted Step 4: Present changes to business unit stakeholders to identify the impact Step 5: Work out action items to comply with changes or changes in controls due to changing risk profile Step 6: Track the completion of action items Step 7: Allow for management reporting on implementation progress A good RegTech tool identifies changes, is compatible with the regulatory inventory you maintain, and allows for the workflow described above.
Regulatory exams and enquiries The next element of regulatory obligations is through the regulatory examination and enquiry management module. Regulators have broad powers to require information and assistance, and to conduct offsite and onsite examination/assessments of regulated firms. It is important to manage each request with the utmost attention and respond with the required information. It is as important to take lessons from such enquiries and examinations. Enquiries When a firm receives an enquiry, the first priority is to respond by providing the information requested. Then comes the value-add analysis: why is the regulator asking the question? What is the possible misconduct behind the request? By mapping enquiries to the business units and risk types, you can observe trends, potentially indicating an area of interest or focus. A RegTech solution records the enquiry, allows for stakeholders to be notified, tracks due date, links enquiry to the risk theme and business unit, and allows for management reporting of completion and trends. Regulatory exams Regulatory exams are a more formal and in-depth form of an enquiry. Examinations (such as assessments and reviews) usually comprise of an information request, meetings or interviews with staff members, additional information requests, draft findings, management review, a final report with conclusions, findings and required action items and management response. Similar to enquiries, it is important to respond to all the questions posed. It is then important to understand the findings, escalate them appropriately, and track responses. Findings must be linked to risk themes as well: they are the clearest indicators that the controls in place to mitigate the particular risk were insufficient, as findings indicate an element of non- compliance with the law or regulatory interpretations of the law or their expectations. The following is a quote from the APRA’s review of CBA: Overall, the CBA Board’s attention to long-outstanding issues was historically low and increased significantly only after APRA’s December 2015 Operational Risk prudential review. In that review, APRA stated that CBA’s operational risk management framework was ‘not effectively identifying, escalating, and addressing significant operational risks.’ In addition to this observation, the APRA review highlighted several specific and significant control gaps that had remained open at CBA for a lengthy period of time. APRA required CBA to report to its board and to APRA regarding these control gaps and any other gaps that had not previously been escalated to the board or senior leadership, or did not have a clear
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help