Compliance monitoring programme
Ongoing monitoring – being one step ahead
More and more companies are hitting the headlines for compliance failures, and many of these failures involve third parties engaging in corrupt business practices on behalf of the companies. While many companies have adopted a due diligence programme to collect information to ensure their business partners meet integrity standards, few have started actively compliance monitoring their third parties.
An important due diligence tool for compliance officers to prevent compliance failures is on going due diligence. Constant monitoring will help ensure that business partners act with integrity at all times and will allow for a timely response as and when integrity issues arise.
Where does ongoing monitoring stand?
With ongoing due diligence you are a step ahead of new risks that may surface while conducting business with third parties, as third party–related risks are monitored and identified in real time throughout the entire life of a relationship. Due diligence monitoring focuses on a range of compliance challenges, litigation records, reputational media screening, significant corporate registry changes and business intelligence findings.
With ongoing monitoring, you receive real-time customised notifications when a red flag arises regarding the integrity of a third party. These red flags may come up via searches of:
- sanctions lists
- watchlists, blacklists, denied-parties lists and most-wanted lists
- politically-exposed-persons lists
- state-owned lists
- The Red Flag Group proprietary list built from media research and over 13 years of due diligence research, covering up to 30 risk areas
Such notifications highlight high and relevant risks, rather than bombard the client with less significant information in the form of a data dump, which could overwhelm compliance and business teams. Intelligent filters, analyses, advice and counsel are provided in real time in any market, in any country, and in any language.
Ongoing monitoring also reveals third parties’ involvement in legal disputes, facilitating a proactive approach for managing and foreseeing reputational failures. Compliance officers save time and effort by analysing the reputational profile of the subject company through continuous English and local-language online media and database monitoring, as well as through on-the-ground business intelligence.
Ongoing due diligence ensures that compliance officers are made aware of any changes in their business partners’ risk and compliance status, and extends the life of one-time due diligence reports. It saves time and effort, enhancing customised advice while relevant information is flagged.
The following are some examples of when ongoing monitoring is an efficient tool to keep ahead of compliance failures:
- A client is running a standard third party due diligence programme. An initial report is completed containing no negative news affecting the business partner’s integrity; however, allegations of corruption involving a director surface in the national press a few days after the report has been delivered. Using a standard due diligence renewal process this information would not have come up until two years later, meaning that the client would have been exposed to considerable risks in that two-year period. Ongoing monitoring, on the other hand, would allow the client to follow how the corruption allegations evolve and take immediate action when and where needed.
- A due diligence case details the corporate-registry records of a third party and finds no concern in terms of integrity; however, the third party’s ownership structure changes a few weeks after the delivery of the report. The new shareholding structure ultimately links the business partner to a sanctioned entity, which would not have been uncovered until a new due diligence report was conducted when the contract was up for renewal two years later. With ongoing monitoring, the client would be alerted straight away.
- Preliminary proceedings related to an intellectual property legal dispute involving a subject company are revealed through initial litigation checks. With a standard due diligence report, this is the only information that would have been obtained. Ongoing monitoring, however, would enable an update as soon as the court’s final decision was made publicly available.
In summary, opting for ongoing monitoring will support its users in:
- identifying compliance risks early to minimise potential impact
- improving cost efficiencies throughout the due diligence process
- reducing the workload of compliance teams
- strengthening compliance programmes
EFFECTIVE COMPLIANCE MONITORING
What is compliance monitoring?
Compliance monitoring involves the quality assurance testing of daily business activities and is done to ensure that the business remains in compliance with any applicable laws and standards.
All businesses have a legal requirement to establish and maintain effective systems and controls.
The importance of compliance monitoring is increasing due to the growing complexity of regulations, increased regulator activity and the potential damage to the business which can occur as a result of non-compliance.
The Financial Conduct Authority (FCA) requires all consumer credit firms to undertake regular monitoring of their business activities on a day to day basis with an Internal Audit as a second line of defense. The FCA also requires details of their compliance monitoring programmes as well as a compliance monitoring plan.
Creating a compliance monitoring plan
A compliance monitoring plan needs to detail the testing to be carried out, when it will be done, by whom (job function) and the records which will be kept.
The complexity and scale of a compliance monitoring plan will be determined by assessing the business’s compliance risks, so this needs to be done prior to creating the compliance monitoring plan.
In any compliance monitoring plan, the greatest focus should be on areas in the business which are exposed to the maximum risk. Ideally, the compliance monitoring plan should have sufficient resources to target all areas of the business, but as a minimum it should cover the majority of identified risks. When devising a plan, the business also needs to take into account risks identified in previous internal audit findings, regulatory correspondence, complaints and business performance.
Each business will have its own set of risks.
For consumer credit businesses the following risks may attract additional attention and so require adequate resources to be allocated to them:
- responsible lending,
- debt collection,
- forbearance options and arrears handling,
- vulnerable customers,
- complaints handling.
Compliance monitoring team
Compliance monitoring is usually implemented by a dedicated compliance monitoring team who work independently from the main business and are accountable to the board of directors.
When creating a compliance monitoring team, it is important to consider the qualifications, skill set and experience of individuals. If there are inadequate resources or the team is lacking in experience, it is unlikely that the compliance monitoring plan will be implemented successfully.
Implementing the plan
When the risks have been identified and the highest risks flagged up, the monitoring activity can be decided upon. Resources can then be allocated to provide the required level of assurance for any given risk. Typically, key risks will receive in-depth reviews, whilst low level risks may receive only minimal attention.
Changes in regulations, laws or industry standards need to be monitored systematically so that any updates or revisions can be integrated into the business operations. They can then be monitored by the Compliance Monitoring Plan.
Monitoring plans should also be flexible enough and have sufficient resource in order to respond to any emerging risks identified by management or to provide additional assurances for specific concerns.
It is equally important to match monitoring activities which require specialist knowledge with the team’s skill set in order to ensure that correct personnel are allocated to each review, or that additional training is provided where necessary.