Your vendor’s keeper–managing compliance risks in the extended enterprise

Low-angle view of hospital sign

Extended enterprise risk, or third-party risk, is a significant concern at most large organizations. One compliance executive recently said that according to his organization’s regular internal surveys, third parties pose at least double the risk of any other risks they measure. Yet this is a variety of risk over which organizations tend to have less control. What practices can help manage it?

That conversation was part of the recent Cross-Industry Compliance Leadership Summit that Deloitte hosted at Deloitte University. At the event, which gathered risk and compliance leaders from industries like health care, entertainment, financial services, consumer products, and retail, I moderated a discussion about the challenge of managing third-party risk. Because companies in different industries use and relate to vendors in different ways, there were a variety of stories. But a few common leading practices stood out.

Continue reading “Your vendor’s keeper–managing compliance risks in the extended enterprise”

Compliance risk management starts at the top, but depends on the front line

Low-angle view of hospital sign

Compliance would be easy—well, easier—if the Chief Compliance Officer controlled all of the business processes that create compliance risks for the organization.

In the real world, the decisions and actions that add up to compliance happen all over the organization. Business leaders make decisions while balancing multiple concerns and competing objectives. It isn’t a surprise to any seasoned CCO that compliance isn’t always the top priority. As a result, it’s up to the CCO to understand the business and to exert influence over those decisions that drive critical compliance risks. And if that isn’t hard enough, CCOs also need effective processes to identify and measure those risks on an ongoing, real-time basis.

Continue reading “Compliance risk management starts at the top, but depends on the front line”

Key takeaways: 2015 National Compliance Outreach Program for Broker-Dealers

2015 National Compliance Outreach Program for Broker-Dealers

Posted by Marjorie Forestal, Mike Jamroz and Vishal Kumar on August 31, 2015.

On July 14, 2015, the Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA) hosted the National Compliance Outreach Program in Washington, D.C., to help compliance, audit, and risk officers of broker-dealers better understand how they can improve their firms’ compliance with laws and regulations. Speakers and panelists included SEC and FINRA leaders and compliance executives from leading firms. Below are some of the key takeaways:

Accountability of firm senior executives and compliance officers
Panelists emphasized that C-level executives and the board should commit to their firm’s compliance frameworks, including creation of procedures for dealing with conflicts of interest and proper escalation to senior management to help deter potential actions for violations of policy, laws, or regulations. The panelists noted that while the SEC does not intend to target compliance professionals, there will be an increased focus on the duties of compliance professionals and Chief Compliance Officers (CCOs).

Continue reading “Key takeaways: 2015 National Compliance Outreach Program for Broker-Dealers”