School is back in session, fall has begun, and we are approaching the start of Q4. Organizations of all sizes are finishing their financial plans for 2016 and likely conducting end of year internal fall housekeeping on projects and initiatives. This is a great time to dust off the approach to managing compliance with a program management discipline. In this two part blog series, I’ll focus on best practices in structuring your compliance programs, and how to address ensuring executive support and maturing the culture of compliance.
Structures for Compliance Programs
Each area of compliance has different expectations for what activities must be performed on an ongoing basis. While regulatory expectations are growing, there are common elements that can be leveraged with repeatable processes. Non-regulated organizations may leverage compliance programs simply for brand or good corporate governance. However, with the scale of regulatory oversight, and broadened areas of compliance for banking organization; risk and compliance teams can feel overwhelmed with both the complexity and workload to manage compliance. Whether you are managing compliance for privacy, remote deposit capture, consumer protection, there are synergies in having standardized methodologies for risk assessments, management reporting, and compliance documentation. Leveraging common approaches also enables stronger communication to executives and lines of business that see the same formats in how risk and compliance are communicated within the organization.
Focus on a risk assessment, and ensure you utilize resources from multiple levels within the organization. In many cases, the people closest to the day to day operations can spot issues or gaps, but may not be the best resource to quantify the implications to management. A cross functional viewpoint in conducting a risk assessment can be effective in ensuring that there are not “blinders on” in looking at the risks.
Effective compliance programs need to be tailored to each organization based on risk appetite but also embedded in current organizational structures. While a “compliance in a box” sounds like a great idea, managing risk requires empowered and informed leaders to apply risk and compliance strategies to how they operate or conduct their business. Effective compliance program structures balance the impact to the organization with the likelihood of the risks.
Linnea Solem Chief Privacy Officer, Vice President Risk and Compliance for Deluxe Corporation and a former Chair of the Shared Assessments Program. Linnea is a management professional with 20+ years financial services experience in areas eCommerce, technology, business development, marketing, information practices and risk management. She is a Certified Information Privacy Professional and led Deluxe’s compliance initiatives for Y2K, GLB, Check 21, and Red Flags Legislation. You can connect with Linnea on LinkedIn.
Reposted with permission from Deluxe Blogs