September 26, 2017
In one of our previous articles we ended with a plea for a more fundamental approach to look at the operational compliance processes in the 1st line of defense itself. Even big international financial institutions continue to be fined, so why is it so hard to get it right?
From our experience, top management is often aware of the importance of a compliant organization and the compliance team is doing their bit as well. However, compliance needs to be on the top of the mind of every staff member and needs to translate into daily actions.
Combining the knowledge of lean, 6-sigma and other operational optimization methods makes it possible to not only ‘do it right’ (read: comply with the policies) but also fast (read: improving customer experience) and cheap (read: operationally efficient).
A first line improvement program would consist of 3 steps
- Risk Assessment – operational compliance is something you need to measure. When internal audit or worse the regulator comes in and tells you that you’re NOT operationally compliant it is too late. Running a risk assessment regularly will give a good indication to the compliance function and senior management what the situation in the 1st LoD is. < reference to our RA tool that we used in the previous Trend Letter >
- Needs Assessment – if and when the risk assessment indicates that the actual situation in the 1st LoD is not in line with the defined risk appetite of the organization a (Training) Needs Assessment can be done. This is a process in which online questionnaires are used in combination with interviews of key staff to get a full and thorough overview of the needs in terms of knowledge, skills, awareness and tooling < insert URL of the TNA write-up available on the website >
- Define an improvement program – based on the outcome of the assessment a program is developed to assess any gaps in knowledge, skills and awareness. A program like this can address knowledge, skills and attitude gaps and will usually combine e-learning, workshops and training-on-the-job.
Subsequently, the whole cycle can be repeated on a regular basis to ensure the institution stays compliant.