Close This website uses modern features that are not supported by your browser. Click here for more information.
Please upgrade to a modern browser to view this website properly. Google Chrome Mozilla Firefox Opera Safari
Financial Services Intelligence Watch
Sub Menu
Search
Close
Enter at least 3 characters

Search

Hold down "Control", or "Command" on a Mac, to select more than one.
Login / Signup
Newsletters
Advanced Search

Search

Filter
Filter
Filter
Filter
A A A

Analysing and evaluating compliance risk

Publish date: 03 August 2018
Issue Number: 6
Diary: CompliNEWS Ethics
Category: General

Lee Rossini

There are many different types of risks facing a business.  In this article, I will focus on measuring compliance risk.  The question is how often does management seriously consider these risks including the probability of the risk occurring and the consequences for the business. When asked this question, many FSPs reply that they rely on their compliance officer or company to manage these risks. This is not a good enough answer as management must be actively involved in measuring compliance risk. As a starting point, managing compliance risk is closely linked to acting ethically and with integrity; by doing so, the risk of non-compliance is lowered. 

Compliance refers to conforming to or meeting the requirements of the relevant laws, regulations, codes and standards that apply to the financial services industry.  Compliance risk is defined by the Compliance Institute[1] as ‘the current and prospective risk of damage to the organisation’s business model or objectives, reputation and financial soundness arising from non-adherence with regulatory requirements and expectations of key stakeholders such as customers, employees and society as a whole'. If an FSP, key individual or representative acts in a manner which is non-compliant, they immediately open themselves up to compliance risks.  In addition to reputational and financial risk, the legislation also provides for stiff penalties and/or imprisonment as well as the loss of an FSP licence or debarment.    

The starting point for managing compliance risk is to look to the FAIS General Code of Conduct which clearly spells out the responsibilities of a FSP with regard to risk management.  The FSP should develop a risk management plan in this regard.  This entails the following four steps:

  • Identifying the specific risks facing the FSP;
  • analysing and evaluating the risks identified;
  • determining how the risks will be managed; and
  • monitoring and reviewing the risks.

Analysing or assessing compliance risk can be broken down into two elements, the likelihood or the probability of a particular problem or non-compliance occurring and the magnitude or impact, namely, what are the consequences of the non-compliance. All the requirements of the applicable legislation should be given different risk ratings (high, medium or low) based on these two elements. 

Here is an example:[2] which you can put in a table format:

Column A - List of risks, eg record-keeping: Loss of paper documents

Column B - Likelihood H/M/L

Column C - Impact H/M/L

Column D - Action(s) - Documents stored in filing cabinets which are locked

Column E - Further action(s) - Keeping scanned copies of documents and making daily/weekly backups of electronic data

Column F - Person(s) responsible

The likelihood or probably of non-compliance is greatly influenced by a number of different factors; these include the degree of commitment to meeting the compliance requirement, the business culture, the integrated systems and processes in the business, the skills and knowledge within the business and the extent of awareness of the requirements.  By focussing on the likelihood or impact of the compliance risks enables a business to direct resources to where they are needed most. As the compliance requirements often change at a rapid speed, this exercise needs to be repeated either on a regular basis or as and when there is a significant change to the legislation. This will ensure that the business avoids and manages compliance risk effectively.

Aside from avoiding the negative impacts discussed above, by implementing the compliance requirements and thereby managing compliance risk effectively, other benefits arise. Services are usually of a high quality, they are efficient and consistent across the client base and over time. Improved staff morale and a loyal client base is also a spin-off of demonstrable and good faith efforts made by the business to comply with the applicable requirements. This will result in increasing profits and business sustainability in the future. Analysing and managing compliance risk is not only the responsibility of the compliance function; it is essential element of the management function and is integral to creating an ethical culture within the business.

Reference:

Botha M, du Preez L, Geach W, Goodall B, Rossini L (2018) The South African Financial Planning Handbook, LexisNexis.


[1] See the Compliance Institute website
[2] See Risk Management Guide, Financial Services Board (accessed on 3 August 2018). 

Back to top
Working Smart

By Lee Rossini

Preparing a financial services business for sale is not something that happens overnight. Whether you're looking to exit next year or in ten years’ time, building a business that is attractive to buyers takes careful planning, operational discipline, and a clear understanding of what drives value. Here are key guidelines to ensure your business is sale-ready when the time comes to sell:

CPD

Subscribers are reminded that they can complete monthly CPD quizzes and claim CPD hours before the 31 May 2025 deadline. View the CPD FAQs for more on accessing the CPD quizzes.

We use cookies to give you a personalised experience that suits your online behaviour on our websites. Otherwise, you may click here to learn more, or learn how to block or disable cookies. Disabling cookies might cause you to experience difficulties on our website as some functionality relies on cookie information. You can change your mind at any time by visiting “Cookie Preferences”. Any personal data about you will be used as described in our Privacy Policy.