The relationship between risk management and compliance

The relationship between risk management and compliance


 You can download a full copy of the slides from this webinar. 




Full transcript available below:

Hello, everyone, and welcome to today's webinar hosted by me, Joe Boyhan, of MCO and third-party risk expert and president of ONTALA Linda Tuck Chapman.

When you start to think about risk management or compliance, really compliance shouldn't be your primary focus. I worked with a colleague in the system in a hundred billion dollar bank. We did it on the back of a cocktail napkin. How much would it cost to run a program like this in a reasonable-sized bank? You're going to find, basically, that it's probably costing your company once you put all the pieces and all the work effort, 25 to $35 million a year.

If it's only to comply, you're really missing the boat on this. It really needs to manage risk, but even better than that it's going to help your business leader manage the business. You really want to be systematic about it. You really want to bear in mind there's an awful lot happening below the water line and so if you're in a second line of defense job, your job is really to help simplify this complexity and bring to the forefront threats that are real for the organization and ways to reasonably respond. It's very tempting to overbuild these programs. I do this time and time again. Getting that right balance between compliance risk management and business value takes a lot of time.

What we've found was after 2008 and with a much more regulatory focus, a lot of companies went out and built their programs, and about probably 18 months ago, an awful lot of them are revisiting what they've done. Now they've learned forward and they're looking at ways to fine tune, perhaps shrink the number of relationships involved and, also, to fine tune the rigor of due diligence and oversight because it's really hard to resource the work effort that's required. Joe, let's go onto the next slide. When you start to think about that first principle for compliance with regs and laws, this is not an easy thing to do. I know it's an eye test, but it's such a good eye test. I took this from the SEC website. I found it when I was writing the book. This is just an illustration of all the different laws that a financial services company needs to comply with.

When you start to think about third-party risk and then putting this lens on the relationships you have with your third parties, it really does help illustrate how important it is to right-size your program and make sure you have the right elements in it but, also, to be reasonable about it. The other thing you have to really bear in mind is that your firm is still accountable, so those of you who have had an encounter with the CFBD in particular you'll know that there is no hiding from this. In fact, some of my clients had exited businesses because they are too risky. I think about when I was a CPO talking to the board and we were having a conversation about post write off accounts and the sale of them.

The fact that really you can sell the accounts, but you can't actually sell the accountability. In that case, the bank had decided to discontinue the sale of those and to step up the collection side of things and then perhaps face greater write off, but it's a really good illustration of the fact that you really need to think about your business for the long term, the risks you're facing, and how to comply, and whether or not even some of the businesses you ran are worth it. I can think of an insurance company that exited several countries because they didn't feel they could meet on the compliance. If you're going to do a compliance assessment on your third-party management program, there's a [inaudible 00:24:04] framework that's available that helps you go through this, but my recommendation is to work with your compliance, your legal, and your third-party management people and through.

Go through a line-by-line assessment of everything in a regulation at the high level that you're supposed to be doing. That'll help you build a better roadmap for the future.


Download our whitepaper "Framework for a Third Party Risk Management Program".


This webinar was co-hosted with Linda Tuck Chapman of Ontala Performance Solutions.

Find out how MCO can help

Request a demo today to learn how MyComplianceOffice puts you in command of your compliance program, synchronizing your business needs with regulation. 

Request a Demo



Download our four page Portfolio of Solutions to learn about;

  • Personal Trade Monitoring
  • Gifts & Entertainment
  • Political Contributions
  • Third Party vendor risk management
  • Trade surveillance
  • And more

Brochure Download