Effective Compliance Monitoring
What is compliance monitoring?
Compliance monitoring involves the quality assurance testing of daily business activities and is done to ensure that the business remains in compliance with any applicable laws and standards.
All businesses have a legal requirement to establish and maintain effective systems and controls.
The importance of compliance monitoring is increasing due to the growing complexity of regulations, increased regulator activity and the potential damage to the business which can occur as a result of non-compliance.
The Financial Conduct Authority (FCA) requires all consumer credit firms to undertake regular monitoring of their business activities on a day to day basis with an Internal Audit as a second line of defense. The FCA also requires details of their compliance monitoring programmes as well as a compliance monitoring plan.
Creating a compliance monitoring plan
A compliance monitoring plan needs to detail the testing to be carried out, when it will be done, by whom (job function) and the records which will be kept.
The complexity and scale of a compliance monitoring plan will be determined by assessing the business’s compliance risks, so this needs to be done prior to creating the compliance monitoring plan.
In any compliance monitoring plan, the greatest focus should be on areas in the business which are exposed to the maximum risk. Ideally, the compliance monitoring plan should have sufficient resources to target all areas of the business, but as a minimum it should cover the majority of identified risks. When devising a plan, the business also needs to take into account risks identified in previous internal audit findings, regulatory correspondence, complaints and business performance.
Each business will have its own set of risks.
For consumer credit businesses the following risks may attract additional attention and so require adequate resources to be allocated to them:
- responsible lending,
- debt collection,
- forbearance options and arrears handling,
- vulnerable customers,
- complaints handling.
Compliance monitoring team
Compliance monitoring is usually implemented by a dedicated compliance monitoring team who work independently from the main business and are accountable to the board of directors.
When creating a compliance monitoring team, it is important to consider the qualifications, skill set and experience of individuals. If there are inadequate resources or the team is lacking in experience, it is unlikely that the compliance monitoring plan will be implemented successfully.
Implementing the compliance monitoring plan
When the risks have been identified and the highest risks flagged up, the monitoring activity can be decided upon. Resources can then be allocated to provide the required level of assurance for any given risk. Typically, key risks will receive in-depth reviews, whilst low level risks may receive only minimal attention.
Changes in regulations, laws or industry standards need to be monitored systematically so that any updates or revisions can be integrated into the business operations. They can then be monitored by the Compliance Monitoring Plan.
Monitoring plans should also be flexible enough and have sufficient resource in order to respond to any emerging risks identified by management or to provide additional assurances for specific concerns.
It is equally important to match monitoring activities which require specialist knowledge with the team’s skill set in order to ensure that correct personnel are allocated to each review, or that additional training is provided where necessary.