A career in governance, risk and compliance

Why choose a career in governance, risk and compliance?

Ensure Effective Risk Management

Compliance as a discipline was traditionally thought of as ensuring adherence to the many rules and regulations organisations face. But compliance is now about so much more: culture, ethics, advice – modern compliance really is at the heart of the business.

Compliance professionals not only navigate a complex regulatory environment but also add a key commercial perspective. They enable the right business to be conducted in the right way and help firms achieve success by using systems and controls to ensure effective risk management.

IT Governance, Risk & Compliance extends the GRC concept to include cyber security, data privacy and technology, integrating IT risk management into an organisation’s strategy.

What is compliance?

What does compliance mean?

The term compliance describes the ability to act according to an order, set of rules or request.

In the context of financial services businesses compliance operates at two levels.

  • Level 1 - compliance with the external rules that are imposed upon an organisation as a whole
  • Level 2 - compliance with internal systems of control that are imposed to achieve compliance with the externally imposed rules.

What duty, objective and responsibility does a Compliance Officer fulfill?

  • Duty - The Compliance Officer has a duty to his employer to work with management and staff to identify and manage regulatory risk.
  • Objective - the overriding objectives of a compliance officer should be to ensure that an organization has systems of internal control that adequately measure and manage the risks that it faces.
  • Responsibility- The general responsibility of the Compliance Officer is to provide an in-house compliance service that effectively supports business areas in their duty to comply with relevant laws and regulations and internal procedures.

What are the five key functions of a compliance department?

  1. To identify the risks that an organisation faces and advise on them (identification)
  2. To design and implement controls to protect an organisation from those risks (prevention)
  3. To monitor and report on the effectiveness of those controls in the management of an organisations exposure to risks (monitoring and detection)
  4. To resolve compliance difficulties as they occur (resolution)
  5. To advise the business on rules and controls (advisory)

What is corporate governance?

Corporate governance is a highly inclusive concept that covers a number of different aspects about the way in which an organisation is managed, directed and governed.

It can be described as a set of relationships between a company’s management, board, shareholders, and other stakeholders, which provides the structure through which the objectives of the company are set. Furthermore it provides the means of attaining and monitoring performance against those objectives.

What does the term 'regulation' mean?

The term ‘regulation’ generally refers to a set of binding rules issued by a private or public body with the necessary authority to supervise compliance with them and apply sanctions in response to violation of them.

What are five generally accepted key core objectives of financial services regulation?

Although there is no unified theory of financial services the key objectives of regulation is as follows.

  1. The protection of investors/consumers
  2. Ensuring that the markets are fair, efficient and transparent
  3. The reduction of systemic risk
  4. The reduction of financial crime
  5. The maintenance of consumer confidence in the financial system

What are three key attributes of effective regulation?

Effective regulation is regulation that:

  1. Contributes to the fulfillment of one or more of the core objectives of financial services regulation.
  2. Maintains an open market that can be participated in by the widest range of appropriate participants with no unnecessary barriers to entry and exit and
  3. Provides an equal regulatory burden on all participants that meet minimum criteria.

What is primary and secondary legislation?

Primary legislation refers to the Law, Act or Ordinance passed by the legislative of a particular jurisdiction.

The legislature in many jurisdictions has the power to delegate or subordinate law making powers to other agencies that may then make delegated or subordinate legislation often referred to as “secondary” legislation. In the context of financial services, secondary legislation is generally legislation that has been drafted by a regulatory body empowered to do so pursuant to the primary law by which it is established.

What are regulatory codes or rules?

Codes generally set out the broad principles by which a regulated business is expected to conduct its business.

Rules are generally very detailed and relate to every regulated activity and function.

What are regulatory guidance notes?

Guidance can either be in the form of a statement of best practice or a statement of minimum best practice.

Occasionally a regulatory authority will feel compelled to issue detailed guidance to regulated businesses on how it expects them to actually discharge their legal and regulatory obligations. Anti money laundering and terrorist financing is one area where most regulators around the World have issued guidance.

What functions does a regulator usually fulfil?

In broad terms regulators fulfill the following seven functions:

  1. They lay down rules or principles that determine who can conduct financial services business
  2. They authorise financial services businesses
  3. They lay down the rules by which regulated financial services businesses must conduct their business (both prudential and conduct of business rules)
  4. They supervise compliance with the rules either through desk based supervision or onsite inspections or a mixture of the two
  5. They conduct investigations into suspected breaches of the rules sometimes in conjunction with other law enforcement bodies
  6. They enforce the rules
  7. They co-operate and exchange information with other regulators

What steps does a regulator utilize in it's supervisory process?

Many regulators adopt a risk-based approach to supervision and follow a process of supervision that can be divided into the following four steps:

  • Step 1. Defining the objectives 
  • Step 2. Obtaining information from regulated businesses 
  • Step 3. Assessing the risk that regulated businesses face and pose 
  • Step 4. Taking action in response to the risk assessment

What two key methods does the regulator utilize in supervising regulated businesses?

There are essentially two methods by which compliance with regulatory rules is monitored – onsite supervision and offsite desk based supervision.

  1. On site supervision entails visits by the staff of a regulator to the offices of a regulated entity, with the objective of satisfying etc
  2. Offsite desk based supervision requires regulated financial services businesses to provide relevant information by means of ‘supervisory returns’ normally prescribed within legislation and or license conditions.

What are the two commonly accepted objectives of prudential regulation?

  1. To maintain a low probability of insolvency and any consequential loss to an organisation’s ultimate customers; and
  2. To ensure the resolution of the position of any organisation whose viability is impaired, while protecting the interests of their customers to the maximum possible extent.

What are conduct of business rules?

Conduct of business rules govern the manner in which a business conducts itself in its relationships with consumers. Conduct of business rules impose minimum standards of acceptable conduct upon regulated businesses.

What aspects of the activity of a financial services business would be subject to the conduct of business rules?

  1. Advertising
  2. Customer communications
  3. Customer agreements
  4. Conflicts of interest
  5. Customer understanding and suitability
  6. Customer dealings
  7. Customer due diligence
  8. Client assets and money
  9. Breaches, errors and/or near misses.

What is regulatory enforcement?

Enforcement is a necessary product of the process of authorisation and supervision, in the sense that a regulator must enforce compliance with rules. Enforcement is as much about investigating, gathering and sharing information as it is about imposing penalties.

What five processes does regulatory enforcement normally entail?

Enforcement generally entails the following:

  1. Inspection
  2. Investigation powers
  3. Surveillance powers
  4. The imposition of corrective or remedial action
  5. The imposition of penalties

What are common enforcement powers of a regulation?

  1. Power to inspect and request information
  2. Power to seek orders to compel a business to comply
  3. Power to remove directors and auditors;
  4. Power to appoint an administrator
  5. Power to impose administrative sanctions and / or to seek orders from courts or tribunals;
  6. Power to initiate or to refer matters for criminal prosecution;
  7. Power to suspend operations or trading

What six basic factors should you consider when looking at risks in your organisation?

  1. The nature of the operation
  2. The diversity of its operations
  3. The complexity of its business
  4. The scale of its business
  5. The volume of transactions
  6. The size of the transactions

View salary details and job market trends in governance, risk and compliance, compiled by our partner Broadgate.

Broadgate Salary & Rate Guide 2023 EU UK Download