Rio Olympics and Compliance Framework

Read it, in the context of when the Rio Olympics were ON.

Rio Olympic journey has already begun and today on August 6, 2016, Ms Virginia of the USA thrashed the 1st Gold Medal of the Olympics giving the event the initial impetus. All in all the event will go through ups and downs and athletes have to show their gut to prove they are compliant, I mean, they prepared well.

So for folks in Compliance, Compliance review or Compliance Testing (CT) as everybody calls it, is a mechanism to find out that regulatory risks are mitigated well. For this, the team has to practice hard like an athlete.

RBI initially in April 2007 issued guidelines requiring Banks in India to have a CT framework in place. Later in March 2015, RBI further emphasized putting a robust CT mechanism basis for the Compliance Risk of Business units.

So the journey began. As compared to domestic banks, in CT, foreign banks have an advantage in setting the function well in advance due to international experience and leads.

CT plays a vital tool in the hands of the Compliance Department in measuring the performance of Compliance controls.

While carrying out CT the following contours play significant roles, which are classified below:

1. The setting of the CT team, with management buy-in and regulatory focus
2. Strong CT framework which outlines areas such as scope, issues rating scale, sampling framework, etc.
3. Preparing the Annual or quarter-wise plan covering business units/operations
4. While preparing the plan, value the significant changes in the regulations.
5. Seek inputs from the Compliance advisory team on the areas for testing focus.
6. Schedule a meeting with Business units/operations to discuss the scope of testing and freeze out the standard program
7. Call for samples, follow sampling methodology
8. Conduct test of controls
9. Share observations with business units/operations
10. Finalize the issue log
11. Formulate CT report
12. Share report with management as RBI requires.
13. Raise issue tracker for any open observations
14. Finally, track for closure.

May have missed a few steps such as higher business unit engagement, doing walkthroughs, and testing entity-level controls in addition to the process level.

To conclude, one can draw a similar analogy for Compliance, Operational Risk, and SOx Compliance, Audit with respect to review or testing mechanism is concerned, as all these units follow the same principles which are internationally recognized as COSO framework for controls testing. Still, I would say Compliance Testing is a specific area for covering regulatory risk arising out of business or operations a Bank does.

Abhishek R Sharma

(Views are personal)

Note – Initially published in the year 2016 during Rio Olympics.