IndexTone at the topGovernance and accountabilitySecond lineRisk assessment, continuous monitoring, testing and reportingOngoing training, guidance and developmentRobust regulatory and active oversight regimeWorks CitedWhat makes a good culture of compliance can still be deconstructed into multiple components it is immediately recognisable. It is strong and functional but in no way hinders the development of new profitable businesses and can adapt to market, technological or regulatory changes. A good compliance culture is represented at all levels of the organization ensuring a consistent and integrated approach to compliance across the business. The essence of how staff, managers and executives interact and work is towards a common goal and a value system based on mutual respect, integrity and ethical behavior focused on the long-term health of the company, not just about short-term gains. Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an Original Essay In the wake of the financial crisis, compliance culture and ethics are commonly touted by both regulators and governments as key to promoting both trust and confidence within the financial system and regulatory bodies responsible for their supervision. Likewise without the credible threat of regulatory enforcement, it is questionable whether a good compliance culture would be possible. So what are the key ingredients? The regulatory framework for organizations serious about embedding a good compliance culture within their business is based on the following: Tone at the top: business strategy in collaboration with legal, risk and compliance aspects Tolerance statements aligned with measures and policy triggers, including rapid remediation and proactive management of compliance risk Governance and accountability with oversight, discipline and rapid investigation processes linked to performance management Risk assessment, continuous monitoring, testing and reporting (internal and external) Training ongoing guidance and development aimed at all levels of the organisation. Robust regulation and an active oversight regime. The Tone at the Top The tone at the top establishes the guiding values ​​and ethical behavior of an organization. An executive commitment to investing in and empowering those responsible for compliance, risk and legal resources creates the appropriate oversight and encourages staff to do the right thing. Legal, risk and compliance staff must be seen as important and critical partners in the business and not simply as support functions. Their opinions are sought and followed regarding new businesses, operations, business models and planning, pricing and product development. Legal, compliance and risk staff have visible reporting lines to the Board, where non-compliance violations are taken seriously and are addressed with swift investigative and disciplinary action and accountability. It therefore follows that executives, who should include the Chief Compliance Officer, Chief Risk Officer and Executive Counsel, are appropriately qualified and credible leaders and can take action. A business strategy committed to compliance, risk and legal requirements must therefore be more than a statement. of simple good intentions and must be continually reinforced. Judy O'HanrahanIt is where the executive takes decisive leadership and ownership of a business strategy that is strongly aligned with regulatory and legal requirements. Consumer protection, provision of asafe and fair environment for staff, implementation of active deterrents against unethical or illegal activities and protection of institutional assets from data theft, financial crime, fraud or business disruption, promotion of ethical behavior that fosters respect, integrity, consistency and concern for the organisation's core values. This should be the experience of every employee, from the newcomer to those looking to leave. It should be clear to both new and veteran employees that those who represent the approved core values ​​and compliance principles are promoted or hired into leadership roles and/or appropriately compensated. Creating and maintaining the right tone at the top, aligned with a business strategy coupled with legal, risk and compliance offerings, can and will increase customer and employee loyalty, ultimately leading to the creation of a good reputation. A good compliance framework is not only designed to address events as they arise, but also prevent them by taking steps to address potential problems. In organizations that have zero tolerance for actions or lack of actions that could lead to compliance violations, management takes rapid, specific, measurable, realistic, and time-bound actions to address exposures. Limits and alert levels should be integrated into processes and procedures with clear and respected escalation policies. Breach notification and reporting should be well defined and transparent within an agreed structure featuring a hierarchy up to the Board. Policies are widely understood and followed by staff who can attest to each by aligning their procedures with them and taking an active role in reviewing them through a governance structure. Governance and accountability In order to promote a good compliance culture, good governance is established through a robust and credible three lines of defense model. All managers and staff take responsibility for a consistent approach to compliance supported by forward-thinking incentive structures, where recognition of staff doing the right thing for consumers, for the company and for each other is recognised, rewarded and actively promoted. Each business unit has integrated risk and compliance partners who understand their business processes and are senior and independent enough to influence or change behaviors and reward positive outcomes. Primarily responsible for developing controls along with procedures and policies to prevent, detect and respond to compliance deficiencies, they may also test their effectiveness. Middle management has the power to turn compliance values ​​into practice and encourage employees to come forward with legal, compliance and ethical issues without fear of retaliation, building trust and increasing levels of employee engagement. Judy O'Hanrahan Senior leaders hold themselves and others accountable to the ideals of agreed upon standards of what constitutes a good compliance culture. Bad behavior such as circumvention of policies or procedures must have negative consequences. It is clear to everyone that positive behavior is rewarded and new hires are evaluated according to agreed principles and values. Finally, internal issues or matters must be adjudicated with fairness, transparency and integrity, and whistleblowers are protected when they make a disclosure. The Second Line Legal, risk and compliance departments are asking questions about conduct, ethics and culture and not just providing assurance on matterstechnical-regulatory and legal. Their oversight of the effectiveness and integrity of the compliance value system must be established in every aspect of the business. Integrating compliance into business unit processes and procedures must extend not only to laws, regulations and business principles, but also to best practices and proactive risk management. Their message must be consistent with that of the company and must be approved by the manager. They are seen as critical partners in protecting the organization's reputation, involved in operational and strategic decisions, testing and compliance monitoring. Chief Compliance Officers play a strategic role in the organization, cultivate the right relationships with stakeholders, are trusted advisors to the company, have access to counsel, lead and influence the culture, and are seen as authentic leaders and role models . Audits measure the company's compliance strategy and the success of implementing a good compliance culture based on agreed tolerance statements. An annual compliance charter, plan, policies, monitoring and reporting should be tested for effectiveness and accuracy and process-related testing. Employee culture surveys conducted internally or externally by third parties are useful for measuring the cultural pulse of the organization. In essence, a good compliance culture is supported by good behavior that must be linked to objectives and by an incentive system that rewards respect and dignity at the company level. work, integrity and trust. Risk Assessment, Continuous Monitoring, Testing and Reporting A compliance risk assessment helps an organization understand its risk exposure, prioritize risks, assign appropriate ownership and resources, and mitigate risks, starting with those that have the highest potential for violation of laws and regulations. The application of a risk methodology based on impact and probability identifies the intrinsic risk combined with controls, highlights the residual risk. This needs to be authorized and agreed with trading partners along with an appropriate response that is monitored and reported up the hierarchy, presented in a dashboard against defined tolerances. Audit and compliance plans should be complementary, and monitoring reviews conducted by risk, compliance and audit serve as an early warning system for potential compliance issues by taking samples of business units' activities, products or outputs. Ongoing training, orientation and development Individuals will need further reinforcement on ethics and compliance programs through training or innovative workshops so that staff can connect to values ​​through information sharing and story telling by Judy O 'Hanrahan. Newcomers, high-risk staff, management and operational staff should receive specific training tailored to their needs. Encouraging staff to enroll in professional compliance courses run by external parties and to become industry leaders by participating in external committees or federations helps to further strengthen a positive compliance culture supported by external validation. A robust regulatory regime and active oversight A tough oversight approach from an active regulator supports organizations seeking to create a positive compliance culture and provides assurance to consumers that they will be protected. Victims of Bernie Madoff, for example, would wonder how regulatory agencies like the SEC and FINRA, charged with monitoring financial institutions, failed in their, 12(2), 87-104.