Compliance and Continuous Improvement

Part C Compliance and Continuous Improvement

1. Which systems can you use to ensure consistent evaluation of operational non-compliance?

The lack of written and well structured policies and/or procedures that correlate to the audit

When reviewing existing audit programs we often see audits that ask questions pertaining to policies and procedures that are: not outlined in any policy or procedure documentation, documented once in an email or documented but not consistent with the audit question.

For associates to properly understand the expectation policies and procedures must be written, accessible and updated accordingly. Best Practice includes;

• Create an actual Operations Manual versus an Email binder or other form of maintaining documents.
• Include actual policies and procedures, not “best practices” in your manual and your audit.
• Implement version control of the manual to ensure associates are using the most recent and up to date policy at all times.
• Develop a process to educate and verify that all associates receive and understand new or updated policies.

2. How can these systems assist you to implement any modifications that may be required?

You have now identified the type of admin system you need, received quotes, reported to management who have approved and now you are ready to implement the system. There are a number of ways you can do this:

• Via a trial period in which a section of the organisation participates; any difficulties are identified and corrected at this stage before full implementation.
• By phasing in the new system a section at a time until the whole organisation is connected
• By changing to the new system while still using the old system for a set period; e.g. 3 months. This might be used if major difficulties in the new system would have a negative impact on the organisation and severely disrupt work. However, this option may be costly and prove unwieldy.
• By direct cutover, in which the new system begins operation on a set day

There are no hard and fast steps to an administration system implementation. One suggestion from an IT project manager is the following eight steps to success:

1. Prepare the infrastructure, including hardware, software, communications and facilities.
2. Coordinate with the key stakeholders. The organisation/s responsible for the supply and/or implementation of the system are notified and scheduled for the individual project tasks.
3. Implement training for initial users. Use feedback to modify training for all users.
4. Install the new system on the testing servers/desktops, etc.
5. Ensure all machines ‘talk’ to one another and storage/retrieval methods work effectively during the data conversion test.
6. Perform final verification against organisational and developer benchmarks.
7. Implement the new processes and procedures. Roll out the training and access for all users.
8. Monitor and report on the system. Make modifications as necessary and ensure organisational impact is minimised.

3. How will you ensure you stay up to date with changes in legislation and regulatory requirements to ensure compliance?

Nowadays, a serious breach in compliance matters cannot be left without being penalized and sometimes it gets published in the media, causing reputational and economic damage to companies and to individuals. It is the right time to start paying attention to the regulations and to use all the possible resources that a company allows to comply with the requirements of the law.

Here are some tips which will facilitate the process of knowing the legislation and implementing it internally:

1. Enrol in newsletters with updates from the legislator (Law firms, Regulatory bodies, etc.). This will enable you to know when there is a new regulation that concerns you and what are its requirements and deadlines;
2. Participate in seminars, conferences or web trainings that inform you on how the new regulation must be implemented. When this is not possible, reading summaries prepared by professionals could be also useful; as it is preparing a summary yourself. Don’t forget to highlight items like: concerned parties, requirements, deadlines and penalties.
3. Check your internal procedures and think of ways how to introduce the new requirements into the existing procedures. The content of the law can give useful guidance, especially on the parts that enumerate what is required.
4. Inform all the staff on the new legal requirements and refresh their knowledge. Compliance is not just a responsibility of the Management and of the Compliance Officer – It is the job of everyone who works in the financial sector to be alert. Everyone must be able to avoid executing and to report transactions that are suspicious of money laundering and/or financing terrorism.
5. Keep a database with the all the regulations that concern you. Register their dates of approval, their subjects and the status of their implementation within your company.
6. Keep an excel sheet with the status of KYC (Know Your Customer) files of all your clients and a register of breaches. Make sure to keep them up to date.
7. Inform the clients on the new legal requirements and make it clear for them that respecting the law is not optional and that it is in the common interest to comply with the laws. Establish a deadline for non-collaborative clients and estimate the risks of keeping them within your company without being compliant.
8. Document everything and keep records of work that is done, of work in progress and of work to be done with regards to compliance.
9. Appoint a Compliance Officer. If it is not possible, appoint a single person in charge of your company’s compliance operations and have her/him trained.
10. In cases of need engage professional advisers in the sector in short term or in permanent term. It might have a high cost in the short term but it will bring you long term profits and the comfort of a ‘healthy’ continuation of your business.

4. How can you ensure your staff at the relevant levels of responsibility will be consistently up to date with relevant information for changes as these occur?

Establishing effective policies and procedures does not begin and end with regulations. It takes the right amount of collaboration, the right types of distributive mediums, and the right methods to measure understanding. All of these things take an enormous amount of time and energy, but automating them with a software solution can increase efficiency, and ensure compliance with your policies and procedures. Here are 5 steps to ensure compliance, and what software features to look for to choose the best possible solution.

5 Steps: Automate

1. Meet with divisional leaders to ensure the policies and procedures are feasible.
   Look for a program that allows custom certifications for your employees. Being able to create a custom quiz gives you the power to control the content your employees remember most.
2. Determine the best format of policies for your audience.
   Software programs that allow multiple formats to be uploaded, such as Microsoft Office Word and PowerPoint, mp3 and mp4’s should be considered for optimal effectiveness.
3. Make Policies and Procedures easily accessible to your employees.
   Ensure the program you use allows flexibility with folders and organization. Finding a program with permission controls will help reduce clutter for your end users.
4. Set deadlines for each policy and procedure to be acknowledged.
   Finding a program that sends alerts to the right people should be a main priority. Notifications should include task-alerts, over-due notifications, and renewal notices to name a few.
5. Determine the best way to measure the understanding your employees have of policies and procedures.
   Automating this step can increase efficiency. Programs that send automatic alerts, allow a central area for discussions, and provide workflows can save time during the creation of policies, as well as during the audit process.

5. Which type of documentation can you use to assist you to manage compliance and continuous improvement? How should this be managed effectively?

Keep track of your improvements

This will show progress of your improvement initiatives. You can review, plan and identify what worked and what didn’t work.

Review and update your plan for continuous improvement today; keep it current to show what you want to achieve today, tomorrow and in the future.

You can use a plan that is best for your organisation or you may use our sample template. Make sure the template you choose covers the key areas included in our template.