Wipfli LLP - CPAs and Consultants
Affiliates Contact Us Careers Events About Wipfli
 
subscribe
Rate Content

 
View all Financial Institutions articles

You’ve Tested Your Compliance Program... Now What?
October 01, 2006

The last in a three-part series on developing a comprehensive compliance program.

Every sound compliance program is built on two fundamental responsibilities: performing risk analyses and conducting testing (parts one and two of this series). These responsibilities require ongoing persistence and diligence. After all, it’s not about solving a single problem or instituting a short-term fix. Rather, it’s about addressing a constant need.

To this end, an institution must view compliance as a business process to be managed over the long term. Once analysis and testing have been conducted, an organization must continuously reassess and renew the cycle of compliance efforts.

What to do about test results

In a well-run compliance program, business lines throughout an institution participate in the process of remedying compliance problems. Working with service line leaders and management staff, an institution can begin to develop effective solutions in response to test results.

Such solutions may include a variety of actions, such as changes to the institution’s training program, changes to processes, and even changes to baseline documents. Any element that a testing report identifies as being an issue should be addressed.

Equally important to the solutions themselves is verifying that new implementations or procedure changes are actually effective. This requires retesting. An institution can cycle back and retest as often as necessary, making adjustments to its testing frequency and compliance calendar as necessary.

Likewise, an organization should not only conduct a risk analysis annually, it should also revisit its risk analysis processes whenever major changes to the financial institution occur.  A major change could include additions or subtractions to management, new products, as well as new product delivery or support systems.

Being proactive

There are two critical functions that can go a long way toward improving an organization’s compliance commitment and thus its overall effectiveness. Training is the first.

Employee training is particularly vital to compliance success. Employees must be familiar with written policies, procedures, and controls, and they must be fully trained on regulatory requirements. Since all of the above is subject to change (new regulations can equal new procedures; new risks equal new controls), continued training is an indispensable part of compliance.

The second proactive step is the significant need to keep up to speed with regulatory changes–no small undertaking. Compliance is an increasingly complex area. Management must strive to understand requirements and anticipate likely changes in regulatory policy.

Several resources exist that can aid an institution in its efforts to monitor legislation. These include key trade associations and publications, seminars, vendors and other compliance professionals, e-mail notification services, and regulators themselves.

In the end, whether or not a compliance program is truly effective is entirely dependent on the institution. Having proactive measures in place will give your organization a significant advantage in ensuring its success.