Maximising the benefits from your compliance monitoring programme

11 April, 2022

By Andrew Franco and Owen Woolgar

If working well, compliance monitoring should provide a level of comfort on the effectiveness of your controls and demonstrate to the Board valuable insights on how your compliance risks are being managed.

Given the spotlight on compliance monitoring, not just from the JFSC but also from group and parent companies, clients and potential clients, it’s important that you’re confident about the effectiveness of your programme. If you are not comfortable, it will be difficult to convince regulators and other key stakeholders.

So, how can your business make sure you maximise the comfort, value and insight that your compliance monitoring programme can deliver whilst demonstrating regulatory compliance?

The JFSC requires registered persons to implement a compliance monitoring programme, with the involvement of senior management in the process, that is tailored to your organisation’s regulatory requirements and controls. Once implemented, testing and monitoring assessments must be carried out regularly, ensuring the timely completion of any resulting remedial actions required. This isn’t a tick box exercise. And responsibility for running it properly, rests squarely with senior managers and board members. Currently, the problem is that a lot of the compliance monitoring being carried out isn’t meeting the required standards. Common issues identified in the JFSC’s 2020 thematic review demonstrate this succinctly and, based on our experience, are relevant across both islands.

However, the compliance monitoring programme should not just be about satisfying regulators. A well-designed compliance monitoring programme can provide you, as a senior professional or board member, with assurance as to the adequacy and effectiveness of your operations, systems and controls for monitoring compliance risk.

In our view, what does an effective compliance monitoring programme look like?

Risk-based

Compliance monitoring testing should be designed around and focused on your organisation’s most serious threats, and aligned to your risk appetite and business risk assessment. Programmes should evolve in line with changes in risk assessment, and in response to testing results, with the most significant identified risks or weaknesses subject to enhanced testing.

Appropriately designed

The Board must understand the risks and related controls of the business. This is crucial to demonstrate responsibility for managing the business through review of timely and effective reporting, challenge and oversight of remediation of compliance monitoring activities. It is important therefore that both the design and operating effectiveness of controls are tested through compliance monitoring. Inherent characteristics of both the risk and related control (preventative, detective, data-driven, manual, etc) should all be key considerations when designing the compliance testing strategy.

Actionable

The Board should receive information that is sufficiently timely, relevant and intelligible for it to act appropriately. To deliver the insights, management information should provide real-time insights on the compliance monitoring programme, it’s results and the tracking of any remedial activities against set deadlines.

Evidenced

Procedures, methodologies and the rationale for adopting them should be clearly documented, and regularly reviewed. Evidence as to the design and operation of the compliance monitoring programme, should be available for the Board to allow them to exercise appropriate oversight and challenge to the programme, and decisions related to this should be minuted and tracked.

Independent

Testing should be conducted by independent compliance experts or second line of defence functions. The compliance testing function should have the appropriate delegated authority to execute its testing, including the appropriate access to information and people. The compliance testing should be conducted as independently from the business functions it is testing as operationally possible.

By implementing these best practice initiatives to your compliance monitoring programme, you can maximise the benefits to your organisation.

Unlocking the Benefits

Compliance monitoring is a high priority focus area with the JFSC right now, as they seek to prepare for the next round of MoneyVal reviews. These MoneyVal reviews are expected to focus on the effectiveness of AML/CFT regimes. In our view the best way to demonstrate effectiveness is to test the design and operation of the controls that are in place and determine whether they address the identified risks.

An effective compliance monitoring programme can help to demonstrate this. However, if designed and implemented effectively, it can also deliver a number of other benefits to your organisation.

A well designed Compliance Monitoring Programme, will allow you to ensure resources and focus are targeted towards the greatest risks. This is really important now, at a time when budgets are stretched and risk and compliance professionals are in short supply.

A well designed and effective compliance testing programme can also demonstrate a strong compliance culture in your organisation, championing risk management, and enhancing reputation amongst employees, and clients.

Questions for you

Drawing on evaluations of the compliance monitoring carried out by our clients and the independent assessments we’ve conducted on their behalf, we believe four key questions need to be addressed:

Are you confident about the adequacy and design of your compliance monitoring programme?
Are you sure you can provide sufficient documentary evidence to demonstrate that your programme is fit for purpose and operating effectively?
Is meeting your compliance monitoring programme tying up too many resources or distracting from other priorities?
Are the outputs and reporting from your compliance monitoring programme providing sufficient insight and comfort of the findings identified and your systems and controls?

Pressure to address weaknesses

Having answered these questions, you may well decide that your compliance monitoring needs improvement or that third-party support would be helpful. It’s clear that the scrutiny and requirement to demonstrate AML/CFT compliance is going to intensify and addressing any weaknesses in your compliance monitoring programme should therefore be a priority.

If you would like to know more about how to maximise the benefits from your compliance monitoring and meet its obligations, please feel free to get in touch.

Contact us

Andrew Franco

Senior Manager, Advisory, PwC Channel Islands

Tel: +44 7797 777716

Hide

Industries Services Insights Careers About us Events Blogs Meet the leadership team Our offices

© 2017 - 2024 PwC. All rights reserved. PwC refers to the Channel Islands member firm and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.