December 4, 2015
NSCP Conference Recap: Lessons in Compliance Risk
At the 2015 National Society of Compliance Professionals (NSCP) conference in November, the conversations I had and heard were focused on how business risk can be reduced with the use of technology, and how to eliminate misunderstandings associated with compliance risk. The NSCP conference offers some of the most in-depth educational opportunities for compliance professionals in the financial services industry to improve their organizations ability to manage and anticipate risk.
The Importance of Creating a Culture of Compliance
A representative from the Securities Exchange Commission (SEC) mentioned the importance of creating a culture of compliance. He put it this way: "CCO's are focused on managing risk, but they're not technologists." Especially with threats in the market today involving cybersecurity, businesses need to consider leveraging solutions created by experts. The SEC and FINRA also discussed compliance culture, technology, and what businesses should be prepared for today.
The SEC's goal is to protect consumers from these increasing risks, not scare the industry with audits and fines. To ensure that they have the consumer and financial services provider's best interests in mind concurrently, they have established a 3 step approach:
- Transparency: the SEC initiatives include sweeps to review all in the industry. Before these tests, they tell you exactly what they need from you up front.
- Risk-based: areas of high risk are priority including cybersecurity, product evolution, and retirement.
- Data-driven: information is retrieved from your organization's data to identify any areas of risk.
Two Types of Compliance
To dig a little deeper, FINRA explained that the industry must understand the 2 different types of compliance risk:
- Implicit risks are related to how a business specifically maintains its compliance. In other words, implicit risks are inherent in the processes and systems a business puts in place to reach the goal of being compliant. Since businesses have relatively unique compliance processes and systems, their implicit risks are also unique to them. For implicit risk, FINRA is looking to answer the following questions: Are you monitoring compliance properly? Or what analysis did I do to make sure it met the firm's needs? What are the firm's needs? Did I follow a reasonable process to do that analysis?
- Explicit compliance risk relates to the physical statutes and rules of compliance including a firm's Written Supervisory Procedures. If a rule is broken, consequences will follow.
Compliance risk management goes beyond meeting SEC requirements; it must focus on ensuring the safety and security of consumers. However, without defined processes on how to do so, it is easy to get fail to achieve both these goals. The NSCP conference is one of the best ways for financial firms to learn best practices so they can properly document their procedures, and also find the best technology solutions in the market place to help them achieve crucial risk management goals.
Click here to talk to a technology expert today about improving your compliance risk management.
Dane Sprecher is a Product Manager for Vertafore's Producer Lifecycle Management products and services. Dane holds his MBA from the University of Michigan Stephen M. Ross School of Business and a BA in Marketing from Michigan State University. Dane is also a licensed insurance agent who sold life, health, property and casualty solutions for seven years prior to joining the Vertafore team. When Dane isn't chasing his daughters around, he is an avid bass fisherman and golfer.