Compliance is the foundation on which the organization’s control system is built. This is an essential part of management. But adjusting compliance control to the internal rules of the organization is very difficult.
Essence
At any enterprise there are a lot of types of control of human, technical, administrative resources built into business processes in order to comply with standards and requirements. When creating an enterprise, statutory documents are formed, the principles of company management are formulated. But as business processes become more complex, it becomes harder to comply with the rules.
The growth of technological processes, the expansion of personnel, and product diversification require a complex management system. You can achieve good financial indicators, but after checking the organization by the regulatory body and setting a fine, you can get a number of troubles. Reputational risks lead to a loss of market share, a decrease in sales volumes, etc. At the same time, legal risks may arise. The borrower may require early repayment of the debt in the event of a deterioration in the financial performance of the company.
That is, the rules are needed to comply with them. You also need a person who is responsible for introducing a technology that allows a business to grow and comply with established standards with the advent of a new rule or requirement and until its transformation. In Western practice, these functions are performed by a compliance manager.
Requirements cycle
Each new order or decree goes through a series of stages:
- appearance (discussion of the project);
- approval (signing of the document);
- entry into force of the requirement;
- transformation (change of parameters);
- cancellation of the order due to the appearance of a new one or because of uselessness.
Forming new processes by analogy with the old ones is the responsibility of the manager responsible for compliance. What does it mean? The manager should have a large set of knowledge and skills, participate in the creation of a documentary base, and oversee staff training issues. He can also justify the budget if there is a need for additional financing for the implementation of the new order.
Compliance management consists not only in establishing internal relations, but also external ones. The manager must maintain relations with other departments, controlling structures (auditors, security service, etc.). With a well-established work of the manager and all of the listed services, it is possible to obtain synergistic effect for the benefit of the common cause of a financial organization.
How to fit a compliance system into an organization
Creating a product, the company expects to receive profit and other benefits in the form of a competitive advantage. But at the same time, you cannot direct all business processes to generating income. Otherwise, the control system will be lame. Compliance is called to correct a situation. What does it mean? Simultaneously with the release of the product, you need to prepare the software necessary for the analysis of sales in accordance with internal requirements.
When developing a compliance control center, you need to remember the golden rule: the price of control should be less than the loss from its absence. That is, introducing a new product, you must:
- Determine in advance all the factors that impede its implementation under the agreed conditions.
- Calculate the losses that may occur in the event of the sale of the product, provided that there is no control system.Compliance risk is the consequences of the application of sanctions by regulatory authorities (fines, penalties, forfeits, etc.), financial loss, loss of reputation of the organization.
- Determine their minimum and maximum boundaries.
- If the maximum value of losses is considered satisfactory for the enterprise, then it does not make sense to implement a complete control system.
Bank Compliance
The term compliance in English means compliance with requirements (standards). There is no clear interpretation in Russian law. In the professional field, the term "compliance" has long been used. What does it mean? The term is used to express the function of ensuring compliance with regulatory acts, constituent documents, excluding the involvement of the bank and its employees in unlawful activities (money laundering, terrorist financing), timely provision of information to the Bank of Russia.
Compliance is a set of specific functions, the implementation of which allows you to manage all types of risks. They can be conditionally divided into two groups: mandatory and optional. The first include legislative requirements. For their non-compliance, the bank may lose its reputation and earn penalties. The second includes management orders, as well as functions whose implementation is associated with the expectations of partners. For example, operational employees, risk managers, and IT department employees are engaged in the study of client activities and their identification. But the performance of these functions is dictated by common sense, and not by the requirements of regulatory acts.
Laws
The implementation of the compliance system is regulated by two documents: Regulation No. 242 “On the organization of risk management in credit organizations” and Regulation No. 06-29 “On the internal control of a professional participant in the securities market”.
Responsibility of the Parties
Based on the essence of the term itself, the security service should deal with compliance at any lending institution. But international standards allow a multi-level model, that is, the distribution of compliance functions between different departments of the bank. On the other hand, according to the recommendations of the Basel Committee on banking supervision Responsibility for the implementation of the system as a whole should be borne by one specific person - an employee of high status, who is a member of the governing body of a credit institution.
Areas of activity - compliance center
Sberbank, like any other lending institution, is developing a comprehensive control system for a specific purpose:
- countering fraud, corruption, money laundering;
- compliance with regulatory documents and international standards;
- compliance with corporate standards;
- control of professional participant of the securities market;
- resistance to manipulation on the securities market;
- handling customer complaints;
- compliance with information security.
Compliance Sberbank
All employees are involved in the implementation of the compliance function at the largest credit institution, within the framework of their duties. The implementation of functions in all areas requires the presence of automated processes. In Western countries, 10% of all bank employees are involved in compliance. Sberbank actively interacts with CIO offices and successfully implements automated systems.
For example, IT-platforms based on Oracle, which allows you to systematize the processes of financial monitoring, optimize the organizational structure.
In 2014, the Foreign Account Tax Compliance Act (FATCA) came into force, according to which all banks of the world required to disclose to the U.S. tax office information about the accounts of U.S. taxpayers and related legal entities. Sberbank spent several million dollars on the introduction of this product. In the future, it is planned to adapt the system to the Russian market.
Enterprise Compliance
It is often impossible to implement a business project without permits or agreeing on business conditions with government agencies. For the organization of internal control it is necessary to implement compliance. What does it mean? Today, compliance is perceived as a system for monitoring the reliability of counterparties and employees. But such an approach does not allow assessing the risks of applying measures of state organizations for violation of requirements. Therefore, it is necessary to establish a control system that ensures compliance with standards, and a pre-audit audit.
Information on scheduled inspections government agencies posted on the website of the Prosecutor General. The reasons for unscheduled inspections are: appeals to state authorities with information about violations of the rules, unfulfilled orders, violations of consumer rights. It is advisable to arrange compliance with contractors and employees who can file a complaint by resolving conflicts. It is also necessary to meet the requirements of state bodies on time.
If any provisions of regulatory acts remain unclear, then in order to prevent the risks of prosecution, you should contact the regulatory authorities for written explanations. Such measures usually exclude guilty violations and liability.
When developing a compliance control system, companies should remember the following circumstance: business entities are allowed everything that is not prohibited by law.
That is, if the requirements of officials go beyond the possibilities provided to them, the company may draw up a refusal to comply with illegal instructions. An organization may also appeal to a higher authority and to a court any requirements, actions and decisions of state authorities if they affect its rights.