If the first stage of a pragmatic Know Your Obligations strategy is deconstructing and understanding compliance obligations to define where you need to keep your focus, the next step is mapping policies, procedures and controls to performance indicators to be able to accurately assure compliance.
Essentially, at this stage, we need to answer the question: What do we actually need to monitor?
Regulations, frameworks, policies and controls define the day-to-day of the Chief Compliance Officer (CCO) and their teams. It’s fair to say that it is an important yet often troublesome undertaking to make sense of what can often be described as monitoring spaghetti. At the same time, the teams also need to ensure they are keeping senior execs and the Front Office engaged and compliant.
So how can the CCO set regulatory priorities, identify policy and procedure gaps and understand compliance obligations?
Risk management is a continuous process rather than a linear one. A pragmatic Know Your Obligations (KYO) strategy starts with building an ongoing monitoring approach by deconstructing regulatory obligations and then measuring the performance of related procedures and controls to assure compliance. The final step is to evidence that compliance.
This is a critical part of the process because, as far regulators are concerned, without that supporting documentation, it’s like it didn’t happen.
