Week 3 - Components and tools in a compliance framework

docx

School

University of New South Wales *

*We aren’t endorsed by this school

Course

8503

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

31

Uploaded by LieutenantFreedom12639

Report
Week 3: Overview of RegTech solutions We were introduced to the range of RegTech solutions last week. This week, we look into specific areas of the compliance framework, the tools required and key considerations for implementation. Anatoly Kirievsky (Adjunct Lecturer) Week 3 Speech (Transcript) In this week, we analyse a number of our regulatory technology tools that help to solve some of the elements of our compliance framework. These tools talk about dealing with regulatory changes. So, when we identify that a regulator is making a change, how do we track it? How do we analyse it? How do we ensure that the required changes that apply to us have been implemented? We talk about electronic communication surveillance; we talk about conflict- of-interest management. Let me take the conflict-of-interest management as an example. In the Royal Commission, Commissioner Hayne identified that in every single case of misconduct, as a result of the misconduct, either the institution that employed the person or the person themselves benefited financially. He had this underlying issue that financial services are provided to you as a potential client and theoretically, you would expect that there's a focus on you. However, in reality, as a result of the misconduct, the beneficiary was the institution or the person that is giving you those services. So why do we need RegTech? Well, RegTech solutions are required in order to capture what are these types of conflicts that exist. From a conflict's perspective, they can be structural conflicts, where the institution gets paid by selling certain products whilst the customer ends up paying for those, or you can have personal conflicts, where a person may have particular shares and
is trying to ensure that somebody else buys those shares in order to increase the price. We want to be able to assess how many of those conflicts that are in existence within our institution. We want to be able to check when a decision is being made, whether anyone who's involved in the decision-making process has an actual conflict. We want to be able to review our conflicts based on regular time frame, based on some of the identified risks. We want to make sure that when a new proposal comes through, that we can check that whoever is working on that proposal is not inappropriately conflict. This is just an example of a tool that we need to have in place in order for us to manage some conflicts of interest obligations, which is one of the core obligations that all financial services firms are subject to. Explain the role of regulatory change management in a compliance framework. Identify key staff-related risks. Explain processes and systems used to identify misconduct and report to regulators. What is regulatory change management process? Get an overview of the regulatory change management process. Purpose Regulatory obligations are constantly evolving, including through changes in legislation, regulation, interpretation, and enforcement outcomes. Companies need to be able to identify changes and feed them into the compliance framework to maintain their desired compliance stance. In this activity, we'll be looking at the components that make up the regulatory change management process.
Activity instructions Read through the following information on regulatory obligations and participate in the activities as directed. At the end of the activity, you will be given an opportunity to think about the material you have interacted with in relation to your assessment task. The regulatory change management process The regulatory change management process is comprised of the regulatory inventory, regulatory changes and announcements, and regulatory exams and enquiries, which are highlighted in orange in the image below. Regulatory inventory The starting point to understand a firm’s obligations is to establish a register, or inventory, that brings together all sources of obligations, such as laws (i.e., the Corporations Act), regulations (i.e., corporations Regulations), guides (i.e., ASIC’s Regulatory Guides), standards (i.e., APRA’s prudential standards), industry codes (i.e., the Banking Code of Practice), and listing rules. It is important to understand all obligations that apply in every jurisdiction where the firm operates. The obligations may relate to financial services, listing, AML, competition, privacy, telecommunication (marketing, recording), payroll, anti-discrimination, workplace health and safety and others.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
To view the process of managing regulatory obligations, use the arrow keys below to navigate between points on the timeline. Click on the point to view the step. Step 1: Identify all applicable obligations Step 2: Convert obligations to plain language requirements Step 3: Rate risk obligations: Core obligations with significant penalties are higher risk than more administrative obligations with only minor consequences Step 4: Map obligations to pre-defined risk types Step 5: Assess each of the risk themes for each of the business units for your firm Step 6: Conduct the risk assessment The number of individual obligations applicable to a bank is in the thousands. While it is possible to track obligations manually for a small company with a small number of obligations, it is not possible to manually track all for a larger organisation, hence a RegTech solution is required. Activity Consider some of the sources of obligation for Unisuper . Write these in the word cloud below. You will be able to see the sources that other students have also added.
Regulatory changes and announcements Regulations are not static, and crises often spur regulatory changes. Hence, we need a system to track regulatory developments. These developments can impact our obligations in two ways: 1. changes to the obligations (new laws or a change to a section of the law, or a change to the interpretation of the law, such as revised regulatory guides) 2. changes to the risk rating of the obligations; this may occur through non-law developments. For example, publications of regulatory priorities for the upcoming period may indicate which specific areas the regulator is targeting. An announcement of a large penalty (or a series of separate penalties) would indicate the risk, associated with a particular obligation or risk type, is increasing, impacting inherent risk rating. Therefore, we need a RegTech solution that will identify applicable regulatory changes and announcements and incorporate information into the CRA. To view the process, use the arrow keys below to navigate between points on the timeline. Click on the point to view the step. Step 1: Identify all changes and announcements Step 2: Present them to a staff member to identify those relevant to the company Step 3: Link those cases selected to the risk themes and business units impacted Step 4: Present changes to business unit stakeholders to identify the impact Step 5: Work out action items to comply with changes or changes in controls due to changing risk profile Step 6: Track the completion of action items Step 7: Allow for management reporting on implementation progress A good RegTech tool identifies changes, is compatible with the regulatory inventory you maintain, and allows for the workflow described above.
Regulatory exams and enquiries The next element of regulatory obligations is through the regulatory examination and enquiry management module. Regulators have broad powers to require information and assistance, and to conduct offsite and onsite examination/assessments of regulated firms. It is important to manage each request with the utmost attention and respond with the required information. It is as important to take lessons from such enquiries and examinations. Enquiries When a firm receives an enquiry, the first priority is to respond by providing the information requested. Then comes the value-add analysis: why is the regulator asking the question? What is the possible misconduct behind the request? By mapping enquiries to the business units and risk types, you can observe trends, potentially indicating an area of interest or focus. A RegTech solution records the enquiry, allows for stakeholders to be notified, tracks due date, links enquiry to the risk theme and business unit, and allows for management reporting of completion and trends. Regulatory exams Regulatory exams are a more formal and in-depth form of an enquiry. Examinations (such as assessments and reviews) usually comprise of an information request, meetings or interviews with staff members, additional information requests, draft findings, management review, a final report with conclusions, findings and required action items and management response. Similar to enquiries, it is important to respond to all the questions posed. It is then important to understand the findings, escalate them appropriately, and track responses. Findings must be linked to risk themes as well: they are the clearest indicators that the controls in place to mitigate the particular risk were insufficient, as findings indicate an element of non- compliance with the law or regulatory interpretations of the law or their expectations. The following is a quote from the APRA’s review of CBA: Overall, the CBA Board’s attention to long-outstanding issues was historically low and increased significantly only after APRA’s December 2015 Operational Risk prudential review. In that review, APRA stated that CBA’s operational risk management framework was ‘not effectively identifying, escalating, and addressing significant operational risks.’ In addition to this observation, the APRA review highlighted several specific and significant control gaps that had remained open at CBA for a lengthy period of time. APRA required CBA to report to its board and to APRA regarding these control gaps and any other gaps that had not previously been escalated to the board or senior leadership, or did not have a clear
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
owner. CBA was initially reluctant to accept the broader observation around its issue management capabilities, stating in its response: We recognise that more work needs to be done to further embed the operational risk management framework (ORMF), and we are committed to achieving this outcome. Specifically, we accept your concerns that we are yet to close off issues in areas related to data quality, stability of 3LoD approaches and rogue trading controls … While we accept that in respect of the above issues (among some others) the ORMF has not worked effectively we do not agree with the broader conclusion that the ORMF is not effectively identifying, escalating and addressing significant operational risks. Watch Wolters Kluver is one of the key provers of regulatory change management data feed. https://youtu.be/v6DE6YT3H0Y Transcript of video below Regulatory Change Management: Will the pace of regulatory change continue? Unfortunately, I think regulatory change is inevitable I'm seeing monumental changes of both the domestic and international level and I really see this as a response to the financial collapse of 2009 as agencies push for a more ethical and responsible regulatory landscape Regulatory Change Management: How Can Firms eliminate legacy manual processes for managing regulatory change? I think that there's three main things that firms need to do first is to centralize the process secondly by doing that you're going to get the right information to the right people at the right time and to facilitate this it's important to implement the right technology Regulatory Change Management: What are the three key questions the Regulators are asking? we've noticed that regulators are asking firms three simple questions that are very difficult to answer the: 1. Is do you know all the rules and regulations that impact your business across all of your jurisdictions 2. Are you sure you're complying with those rules and regulations? 3. Can you prove it Regulatory Change Management: How can we assess the impact of regulatory change? Or before anything else organizations must map the regulations to their business activities and compliance program.Oonce done it's much easier to assess the impact of regulatory change and this can be facilitated through the proper use of technology. Regulatory Change Management: How does Wolters Kluwer Financial Services help its clients with Operational and Compliance Risk?
I think that there's three main ways in which wolters kluwer financial services can help: 1. Firstly, through providing the right content 2. Secondly through providing the right technology and 3. Thirdly through the right expertise to implement the program you Regulatory Change Management How can we assess the impact of regulatory change? What are the three key questions the Regulators are asking? Regulatory Change Management Reflective task Using the financial institution, you have chosen for Assessment 2, consider all the sources of obligation that apply to that firm. Conflicts of interest obligations Explore the types of activities that give rise to conflicts of interest and tools to manage them. Purpose The Royal Commission indicated that at the heart of every instance of misconduct was a conflict of interest. As a result of the misconduct, either the firm or the staff member benefited, while customers suffered harm. In this activity we examine some of the circumstances where conflicts of interest arise and tools to manage them. Activity Instructions Read through the information on the conflicts of interest obligations and participate in the activities as directed.
Conflicts of interest obligations One of the core obligations applicable to all financial services firms is to "have in place adequate arrangements for the management of conflicts of interest." Conflicts of interest arise when an obligation you owe to a client or another party clash with obligations owed to another party or your own interests. For example, a client asks a mortgage broker for the best loan, but the mortgage broker gets remunerated differently depending on the type of the loan the client gets. Hence lies the conflict: between duties to the client, what is best for the client and what is best for the broker. Read Read this short paper from KPMG, highlighting conflicts with advisers and how they are being managed – the impact of disclosure. The impact of conflicts of interest on the behaviour of financial advisers: 2 - Research paper commissioned by Royal Commission - KPMG Australia.pdf Conflicts of interest can be structural; i.e., occur at a corporate level or can be individual, driven by a specific activity by the person. We will deal with individual conflicts of interest in the next activity. Corporate conflicts, if left unchecked, can lead to significant problems arising; for example, wrong products being prioritised for distribution or unwillingness to escalate concerns for profitable clients. The Royal Commission has concluded that: "Experience shows that conflicts between duty and interest can seldom be managed; self-interest will almost always trump duty. The evidence given to the Commission showed how those who were acting for a client too often resolved conflicts between duty to the client, and the interests of the entity, adviser or intermediary, in favour of the interests of the entity, adviser or intermediary and against the interests of the client. Those persons and entities obliged to pursue the best interests of clients or members too often sought to strike some compromise between the interests of clients or members and their own interests or the interests of a related third party (such as the person’s employer, or the entity’s owner). A ‘good enough’ outcome was pursued instead of the best interests of the relevant clients or members. (Notions of best interests and conflicts between duty and interest are further examined below in connection with mortgage brokers, financial advice and superannuation.)" Potential conflicts of interest Think of an example of a corporate conflict of interest that could arise in a financial institution. Your lecturer will provide comments below your post Some Examples that may be of use to Assessment 2: Culture
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
This is not an example, as other have provided but a reflection on the culture developed for avoiding conflict of interests at JP Morgan Private bank where a girlfriend works in Dallas Texas. It is interesting that the commissioned paper by Sunit Sah suggested this exact behaviour. We would meet for social drinks occasionally after work in the business district. Her discretion outside of work when face to face with competitors’ clients or previous colleges who she now oversaw their clients was remarkably interesting in comparison to others in similar situations who would socially continue with drinks. She had a 100% no participation in staying in the vicinity and we would leave like church mice, no drama, no discussion, no superiority. Although her character may be a strong suit, it was a clear the culture of her workplace was highly effective, and in a discreet way. She has been Executive Director of the private bank for a year, after working there from graduate & promoted at 33, she has a billion + dollars of high-net-worth clients trusting her continued discretion. Kadi Insurance Brokers In our field we deal with these characters on a daily basis. 70% of issues with Insurance Claims can be traced back to the Brokers, who have often recommended inappropriate policies with inadequate levels of cover. In most cases the inappropriate policies are sold due to higher commission structures. For example there are two major policies in the Motor Traders Industry. One sold by Allianz, the other by Vero. The Allianz policy has a specific exclusion for any loss associated with the sales, servicing, or tuning of Performance Motor Vehicles. Yet in most cases claimants have been sold the Allianz policy even though they specialise in Performance Motor Vehicles. The Insured is the one placed at a disadvantage due to financial preference forced by the Broker's actions. OTC Traded Products The trading of some Over the Counter (OTC) products by brokers that are counterparty to the trade is a conflict of interest. While some products are regulated to a central clearing house, others are basically unregulated in their market structure. This creates an exposure to exploitation from market manipulation with unfavourable (or favourable for some) movements in price. Without entering broker/agent/advisor semantics, paying a premium for a trade to the entity who has influence the outcome of your trade creates a conflict of interest. While OTC products have their place, I wonder how many people who trade them fully research the mechanics behind the screen? Matt N. Simply Fee structures If you look at any fee structure, whether a mortgage, investment product, deposit account or personal loan, if ever there is a better interest rate or lower fee available, the bank has an automatic COI. If they simply omit telling the client, deliberately or not, they make a profit (self-serving). If they were genuinely to act in the customers best interest, they would inform them and take a profit hit. Maggie Legacy products and profits
In order to increase profit margins, certain financial institutions refrained from moving customers from high fee-paying legacy products to low fee new products. Anonymous Individuals investing in businesses that they have a financial stake in and will receive financial gain without declaring it. Anonymous I was interacting with a financial advisor from a bank and that person try to convince me to use Forex as one channel of investment. During that conversation, she clearly outlines just the scenarios where the investment goes positive (e.g., keep AUD in the account and swap when USD going down etc). and when I ask the question what if it's NOT, then she did not answer the question. This is a clear conflict of interest between the advisor who might be incentivized by the sales and a comprehensive overview for the customer. I think the advisor should be advised based on how clear/ happy the customer is and should not be based on the sales. Tan Nguyen Home Lending One large area of consumer banking that still has an ongoing conflict of interest is mortgage broking, whilst significant improvements have been made since the Royal Commission, one of the largest conflicts would be trailing commissions. The size of these commissions the broker is entitled to could differ depending on the bank that the client chooses therefore leading a broker to potentially persuade (consciously or subconsciously) a customer given their inherent bias. Callum Hunt Board members protecting their positions rather than client interests We are seeing a lot of scrutiny by regulators on small or underperforming super funds to merge due to the various pressures associated with lack of scale and sector consolidation - the result of which is poor outcomes for members in retirement. Yet, we aren't seeing a significant amount of merger activity taking place. A possible conflict of interest is that of Boards and Executive teams rationalising to themselves that merger is not in members best interests, as a merger would result in themselves losing their Board/ executive positions. As an assessment of what constitutes members best interests can include both financial and non- financial outcomes (and some intangibles/hard to measure), a well-intentioned rationalisation influenced by self-interest would not be surprising. Patsy Mullen Managing corporate conflicts of interest From a conflict management perspective, we need to have an established framework: a register of conflicts individual conflicts risk-rated and linked to business units/products/services controls for management of conflicts identified
a program to regularly review conflicts in a risk-based manner (higher risk conflicts are subject to more frequent/more in-depth review). This conflict management framework needs to be incorporated into the overall compliance framework. For example, regulatory developments, which we discussed in the previous activity may point to the significance of conflict management. Breach and incident management, which we will examine in the following activity, would facilitate the assessment of control effectiveness. Structural conflicts of interest and assessment 2 What structural conflicts of interest may apply to your chosen firm for Assessment 2 and how would you manage that conflict? Staff conduct related activities Examine examples of misconduct by staff and tools to identify and control it. Purpose Conflicts of interest arise in a structural sense (see the previous activity) or in relation to personal conduct. In this section, we look at the main areas where personal conflicts arise: personal account dealing, outside business activities and gifts and entertainment. Activity Instructions Read through and engage with the following material before engaging in the forum activity. Staff conduct related activities When you work for a company, you owe contractual (or implied) duties to your employer, including to work in good faith, provide best efforts, dedicate appropriate time to your duties, and to not misuse the information you obtain through your employment. The following areas represent common areas where conflicts arise: Personal account trading (Slide 1 of 4)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
There are two main issues that arise in relation to personal account trading. One is that once people start to trade shares, they may concentrate a lot on what the market is doing and not enough time on their day job. Hence, firms tend to allow longer-term investment (such as a minimum holding period of 30 days for securities). The second issue is that people that work in financial services are often privy to information about other companies (such as bankers that facilitate mergers and acquisitions) or transactions (those working for brokers). As a result, firms need to identify who has access to what kind of information and therefore restrict trading in relevant securities. For these reasons, firms need to control (and restrict) trading activity by their staff. From the framework perspective, the following is required: a policy document to set out the requirements developed by the firm a workflow to capture trading requests a system to record restrictions imposed by the firm (including securities which are restricted from trading, minimum holding periods) directing those requests to the designated approvers capturing approver decision (approve, deny) capturing the trade information (if available). Personal account trading systems may be separate from the regulatory systems above, due to different functionality and data required. However, it is important that data from the personal account trading systems can be fed into the core compliance system for management reporting. Outside Business Activities (Slide 2 of 4) When staff undertake activities outside of their work, it can create a conflicts situation. The starting point is that outside activities may detract from the ability of a person to give a full effort to their main job. Further, certain types of activities may present a conflict-of-interest situation. Similarly, to personal account trading, you need: a system to capture all types of outside activities (as a request for approval to undertake activity) a workflow to direct the request to the designated approver(s) a register for approved activities. Activities need to be considered from a conflict-of-interest perspective. Activities are more likely to be approved where: no payment is received (sporting clubs, volunteering) activity is in an unrelated field to the main job
there is little time commitment there is little reputational risk (the activity does not present high risk or high exposure). Gifts and entertainment (Slide 3 of 4) Gifts and entertainment are other areas that give rise to potential conflicts of interest. Historically, business dealings have been associated with a level of hospitality. It can range from business discussions over a dinner, paid for by one of the parties to weekend trips to premier events (Olympics, US Open finals, Super Bowl), with airfares, hotels, lavish entertainment, alcohol and adult entertainment. Watch the video below from Thompson Reuters on inappropriate gifts and entertainment. Giving and Receiving Business Gifts | Compliance Guidelines: https://youtu.be/4GYmGNmknFg Gifts and entertainment (cont.) (Slide 4 of 4) You can determine if a gift or entertainment is appropriate if you have sufficient information about them. This means a system of record to capture who provides gift/entertainment, who receives it, what is the value, what is the history of giving and receiving, and what business activities happen in relation to this party and any pending decisions. For example, a celebratory dinner after completing a large transaction at an appropriate venue which is not excessive might be acceptable. The same dinner the day before a decision is due by the party on the receiving end of hospitality may not be appropriate. Transparency is often the key and has multiple angles, such as: being transparent about hospitality to the company whose staff member receives hospitality. This can be achieved by requesting approval from the appropriate person at the other firm that the proposed gift or entertainment does not violate their company policy to receive it. transparency to own management: does the executive management and the board have clear visibility on what hospitality is being provided and received? Click on the button below to read an example of inappropriate hospitality, creating a perception of corruption and leading to criminal and civil action is BHP’s approach to entertaining foreign government officials. BHP Billiton Olympics bribery probe: https://www.reuters.com/article/us-sec-bhpbilliton- olympics-idUSKBN0O51KD20150520
Further reading If you would like to read more about staff conflicts of interest, click on the button below to view the paper on Conflicts of Interest in The Financial Services Sector by Bennett and Bennett lawyers, September 02, 2015 <This file is under the list of reading materials for the subject> Discussion In the forum below, consider the following scenario: You are working for a listed company. You also volunteer for a local church investment committee which invests in the Australian stock market, including the company you work for. Now, imagine you find your company is losing a large customer contract. What do you do? Post your response in the forum via the button below. Once you have posted your response, respond to two other posts. Insider trading Insider trading by Patsy Mullen-Conolly - Tuesday, 12 January 2021, 9:13 PM Number of replies: 6 In this scenario, taking any sort of decision or action on the investment because of the loss of the major client would, I expect, be insider trading. Before this individual event, I would have raised with other members of the church investment committee that I worked for that listed company, and I think ideally, I would never be involved in investment decisions about that particular holding. Just remove the risk. Obviously I would not be able to share the information with anybody else in the investment committee, they should be basing their decisions only on publicly available information. Permalink Reply In reply to Patsy Mullen-Conolly Re: Insider trading by William Takayama - Tuesday, 19 January 2021, 6:32 PM
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
I agree with you, Patsy. I'd probably remove myself from the church investment committee as soon as I knew they were investing in a company I work for. Whether with my involvement or not, significant gains would attract suspicions, damaging mine and my company's reputation. Plus, the very likely lawsuits. Permalink Show parent Reply In reply to William Takayama Re: Insider trading by Shereef Metwally - Saturday, 23 January 2021, 2:15 PM Hi William and Patsy, Removing yourself altogether from the church investment committee is perhaps too drastic a step to be taking in this scenario (given this is something that perhaps has high intrinsic value to me). I agree with Patsy in my exclusion from any decision-making relating to my own company's particular stock and ensuring that the investment committee is completely aware of my employment at this particular company. However, with that said, if I feel that I will have difficulty holding back insider information from those I interact with at the church committee, I agree with you William in the complete removal of myself from the committee. Permalink Show parent Reply In reply to Shereef Metwally Re: Insider trading by William Takayama - Saturday, 23 January 2021, 3:32 PM Thank you for the input @Shereef! I imaged a scenario where it would be very difficult to prove to my company that I've been excluded from any investment decision from my company's stock in case of significant gains or loss avoidance. Even if they were , in fact, legit. I'd rather remove the risk altogether and remove myself from the church investment committee as soon as I'm aware of any potential conflict of interest. The other option would be to request the committee to not trade this specific stock before joining it. Permalink Show parent Reply In reply to William Takayama Re: Insider trading by Tan Nguyen - Monday, 25 January 2021, 2:45 PM I agree that it make sense to make it clear (to both the company that I work for volunteer in the investment committee and also to the committee that I work for the company) and have some form of agreement that I will not involve / nor others should seek advise from me regarding the company I work for. and also because I work volunteer, I assume there will be
no income and no "performance related" to the performance of the investment. That in a way make sure I have no personal interest against the church nor the company Permalink Show parent Reply In reply to Tan Nguyen Re: Insider trading by Maggie Beukes - Monday, 25 January 2021, 8:51 PM Good discussion points so far. This is a tough situation whichever way you look at it. It sounds to me as if it is legality v moral beliefs in this sense. You cannot share that information (insider trading), so the question will be what value do you attribute to being on the investment committee? You can either try and serve in a different capacity (e.g. treasury instead of investments), remain silent or completely remove yourself like William suggested. In the end the answer is clear, you cannot share the information. Question is, how do you mitigate this risk in future? Permalink Show parent Reply In reply to Shereef Metwally Re: Insider trading by Bradley Jones - Tuesday, 26 January 2021, 10:57 AM I would recuse myself from any discussion on the investment strategy related to the company I work for on the investment committee. I would ensure that this was minuted and acknowledged by other directors. I would also disclose to the company I work for that I had taken that action to protect any perception of conflict of interest. Outside Charity Work for a professional Outside Charity Work for a professional by Kadi Eykamp - Wednesday, 27 January 2021, 11:22 AM Number of replies: 2 My focus would be on providing a documented trace of the situation as insider trading is a criminal offense and the responsibility is on myself, as a professional under APRA, Basel, BEAR, and more. I would focus initially on my firm, as it is my employer, and provide full disclosure of the volunteer work intended at my church. My organization may have a system to capture all types of outside activities, like a form for request for approval to undertake these activities or
a a workflow to direct the request to the designated approver or a register for approved activities. Once the scope of my responsibilities has been fulfilled and disclosed formally to my firm, and it’s allowable from their view, I would go to my Church for disclosure. The Church/ Charity may have a constitution which provides for volunteers in conflicts of interest regarding the the scope of my involvement of the position. Formally recording my position to both and following their requirements helps discharge my responsibility and accountability and their responsibilities to regulating agencies if the situation escalated to an insider trading allegation. Permalink Reply In reply to Kadi Eykamp Re: Outside Charity Work for a professional by Patsy Mullen-Conolly - Thursday, 28 January 2021, 6:26 PM I found this couple of paragraphs from the CBUS fund governance policy very relevant Kadi... Directors must advise the Company Secretariat of all positions held and are expected to absent themselves from a Board or Committee discussion if they have a conflict or material personal interest in the matter being considered. The Board Chair will manage this process in accordance with the Conflicts of Interest Policy and Directors may have their access restricted to papers or other documentation. Appointment procedures require the disclosure of all relevant interests and duties prior to the Director taking up a role on the Board. Any conflict of interest or duty is considered as part of the fitness and propriety assessment. Directors are also required to continuously disclose conflicts as they arise throughout their tenure. Source is https://www.cbussuper.com.au/content/dam/cbus/files/governance/policies/Fund- Governance-Policy.pdf Permalink Show parent Reply In reply to Patsy Mullen-Conolly Re: Outside Charity Work for a professional by Kadi Eykamp - Friday, 29 January 2021, 10:29 AM
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Thanks Patsy Was the example situation not for a trader? I will keep this in mind for my director disclosure when its relevant at my church . My church? Ha Thanks for the link. K The breach assessment process (regulatory and internal) Understand the process to assess incidents, identify breaches and link them to the CRA. Purpose In this activity, we look at the breach assessment process. Breaches are an example of non- compliance with obligations. A comprehensive system to capture incidents and breaches allows firms to understand their risk exposure, control gaps, and actions required to address such gaps. Activity Instructions Spend some time reviewing the breach assessment process diagram below before reading the associated information. The breach assessment process The image below shows how the breach and incident process fits into the wider compliance framework.
Incident management Incident management is a very broad area and a core component of operational risk management. There are incidents taking place within any organisations. Most of them are not related to regulatory risk. The challenge is to identify those that are! The focus of an incident management system is on assessing its significance and urgency and remediating items based on those factors. Regulatory assessment is not as urgent but is very important in order to manage regulatory obligations. Breach reporting Financial services firms are subject to specific obligations to report breaches. This is the headline reason to have a comprehensive system to report breaches. Another reason is that incidents and breaches tell you a lot about your firm’s compliance and control environment. The frameworks you have in place are designed to mitigate regulatory risk, but breaches are a real example of whether your framework is working. Hence, you need to create connectivity between broader incident management processes within your organisation and the regulatory incident and breach assessment. Click on each tab in the activity below for more information on each step of the process you need to implement: Identify breaches with a potential regulatory impact Out of all the incidents, those with potential regulatory impact are identified (based on training, guidance or indicators previously established) usually performed by staff in the first line of defence.
Escalate to subject matter experts Escalate selected incidents to the subject matter experts for assessment (usually compliance, the second line of defence). Assess Compliance assesses the incident, link it to relevant regulatory obligations (hence need to have connectivity to the regulatory inventory) and to the risk themes that the incident touches on. Record Compliance forms a view if the incident presents a formal breach of an obligation; if so, a breach is recorded. Further assess Breaches need to be further assessed for significance/materiality. There are specific triggers where reporting to regulators is required; an assessment against these triggers is required. Capture the incidents The system needs to capture the incidents considered, analysis, conclusions, action items required to rectify and if reporting was triggered, what reporting was done to the regulator. Incorporate into the CRA Consequently, captured incidents and breaches need to be incorporated into the CRA based on risk types, business units and controls they relate to. Ultimately, a breach is an indication that a control either failed or was not in place. A similar process is followed for internal (policy breaches). The key difference is that the assessment of the breach is made against internal requirements and not external regulatory obligations. Breach and incident data need to be collated and analysed holistically, and regularly presented to the board and management. Such longitudinal analysis will allow for trends and systemic issues to be identified. For example, a small overcharge for a single customer may appear to be a minor breach on its own. However, where this is a repeated occurrence across different business units it may be indicative of a much larger problem.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Staff training Delivering regulatory-related training to staff. Purpose In this activity, we will look at staff training. Training serves an important function in firms. We expect staff to behave in a particular way and to follow certain rules. The rules can be quite technical in nature and the environment may be quite complex. It is reasonable to expect that to comply with the rules, staff will be given an opportunity to understand the requirements placed on them by way of policies and training. Activity Instructions Review the diagram and information below that guides you through the importance of staff training before engaging with the activity that asks you to design a simple staff training module as part of a discussion activity. Staff training Training acts as a preventative control; it is designed to give staff the information in order to do the right thing (it doesn’t stop those who chose to ignore training). It then serves an important function in determining the level of culpability when a breach occurs. For example, if you know the person has received annual training on the topic for five years, then the person would be less likely to successfully argue they were not aware of the applicable obligation and hence their misconduct was inadvertent. From a system perspective, training is not as simple as delivering a one-off presentation to a broad audience. The key considerations and requirements from are:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
The LMS The LMS needs to connect to the core HR system. This will facilitate a single sign on to the training module, and more importantly, allow training to be linked to a person’s HR profile. For example, training allocation may be triggered by a person joining the firm, by a person’s level (such as training provided to all people managers), business unit (specific business training), other activities (for example, if they have breached a policy or an obligation, training can be allocated based on the relevant topic) Credentialing Ideally, the system needs to record the credentials of the person completing training, the number of attempts, time taken, and the final result on any of the tests as part of the training. Reporting The system needs to facilitate management reporting (completion rate, success rate; by different characteristics) Training needs to link to the compliance framework. When we consider specific risk themes and assess control effectiveness, as mentioned above, training will be one of such controls. We then need to capture what training is in place, the completion rate and match this with incidents and breaches data. For example, if we look at the topic of personal account trading. We will have a policy in place and may provide regular training. We then match the risk with number of breaches of dealing rules identified. If breaches are persistent, it would be indicative of the fact that policy and training are not fully effective as controls. Discussion activity: Plan a Training Module Using the discussion forum link below, write a post (no more than 250 words) that outlines a staff training module for your place of work or a financial institution you have chosen for your assessment. Consider the following: 1. how will you communicate the training session to staff? 2. what systems will you use to present the training? 3. how will you measure staff ability after they have completed the training? 4. how will you report this training? Once you have posted your response, respond to two other posts. Feedback will be provided by your online lecturer and other classmates.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Please note, this is a non-assessed activity for you to test your understanding of staff training. Code of Conduct Code of Conduct by Bradley Jones - Tuesday, 26 January 2021, 11:02 AM Number of replies: 1 The workplace I have chosen has a code of conduct which covers many compliance areas including gifting, confidential information and insider trading. 100% of staff must complete the code of conduct training annually. 1. how will you communicate the training session to staff? the code of conduct training is conducted online as part of the LMS. 2. what systems will you use to present the training? the LMS includes the code of conduct module and other compliance based training. 3. how will you measure staff ability after they have completed the training? Staff must achieve a score of more than 90% to pass the training. 4. how will you report this training? The percentage of staff who have completed Code of Conduct training is calculated from the LMS and communicated to the board every board meeting. Achievement of 100% compliance is a factor towards annual bonus. In reply to Bradley Jones Re: Code of Conduct by Kadi Eykamp - Monday, 1 February 2021, 4:32 PM Fantastic. Just wondering why would 90% score be okay instead of having extra attempts required? Would it not leave a window open for both the regulators and the employee ? Trading and conflict of interest training The workplace chosen has both Investment Bank and Equity Trading platforms. The trading business units are the focus of the training discussed. The training is on conflicts of interest and insider trading. 100% of traders must complete annually if free from committing breeches, and upon management request if found to commit breeches of significance to the internal compliance. Alerts in internal compliance to trigger a trader with X number of internal breeches and alerts to trigger annual training requirement. Links to remuneration for suspension of bonus and promotions for non-completion. Links of internal breeches to training compliance & management. The modules in the LMS are aligned with timeliness to annual bonus and promotional pay rises to incentive employees to stay current with compliance knowledge. 100 % score is required, 3 attempts then blocked and meeting with team Manager required to unblock. Online testing linked to LMS and employee email, centralized system.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Links to HR for results, links to remuneration for both blocked employees and updated credentials reported at next senior management meeting. Board meeting report of material issues and results. Communication surveillance Surveillance activity over all recorded communications. Purpose We talk about policies and training as preventative controls: giving information to prevent misconduct from occurring. We also need to have in place detective controls, as breaches do occur. How can we identify such breaches post-factum? In this topic, we look at one key detective control: communication surveillance. Activity Instructions Read and watch the following material before participating in the collaborative padlet activity. Finally, read the associated reading. Communication surveillance
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Communication surveillance is a broad concept. It can cover different types of communications (emails, instant messaging (Skype, Teams, Zoom, Bloomberg Chat), and voice), different aims (internal policy breaches, general conduct violations (bullying, harassment, discrimination), or regulatory breaches), and can incorporate a range of technologies from standard vocabulary-based surveillance to natural language processing and machine learning. Why use communication surveillance? Our ultimate aim remains the same: we need to have effective mechanisms in place to mitigate regulatory risks. To that end, firms translate external obligations into policies and procedures, as well as codes of conduct. But then, how do we know our staff do the right thing? One option is to undertake manual reviews. For example, if we are concerns with a particular issue or a particular staff member, we can undertake a manual review: requesting documents, records, emails, and looking through them manually. This approach works for a specific issue. However, this approach cannot be scaled; you cannot possibly review every piece of documentation, every record, for every staff. Nor do you want to: it is not an efficient use of your time. Watch Watch the following video from Nice Actimize which gives an overview of the Nice Hollistic Surveillance tool: https://youtu.be/YXNogglfADc Given the vast amount of data, automated methods to identify certain types of misconduct have arisen. The most basic ones are to scan recorded communications based on a vocabulary. For example, you can have a vocabulary in the surveillance tool of inappropriate words (racist, sexist, offensive), whereby any conversation with such language will be flagged as an exception. You can broaden the vocabulary to pick up words that may be indicative of market abuse (smash, ramp, hammer the price). You can also pick up on
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
instances of sending confidential information externally, sending information to a personal email account, sending out customer lists, etc. The above approach works to identify a range of misconduct, but it does have its limitations. Certain words may be picked up as potentially offensive, when in fact they are used in an innocent context (for example, if one talks about the Lakers smashing the Heat in the NBA not quite market misconduct case there!). Padlet activity: what terms might be picked up by a surveillance tool? In the Padlet board below, add some common terms used in banking and finance that may be picked up by a communication surveillance tool. You can add your examples on the board by clicking on the plus (+) icon. Feedback to your responses may be added by your online lecturer. Read: The evolution of communication surveillance The next step in surveillance evolution is to use advanced technologies natural language processing and machine learning to identify patterns of behaviour, establish baselines and then identify where someone’s conduct deviates from such patterns. Utilising this technology, the human reviewer will have a much more select, but targeted number of cases to review. Click on the reading list button below to read a RegTech Watch newsletter published the Hong Kong Monetary Authority (Issue No.4, September 2020) that outlines some RegTech communication surveillance use cases. READ THE FILE 1 - Regtech Watch.pdf UNDER WEEK 3 READING MATERIALS Please avoid offensive, racist and sexist terms in your response. The Padlet board responses will be moderated by your online lecturer.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Assessment 2: Compliance framework proposal Assessment 2: Compliance framework proposal. Summary: TYPE WEIGHT DUE EXPECTED TIME WORD LIMIT Compliance framework proposal 40% Week 4, Tuesday, 3pm, 2 Feb 12-15hrs 1000 words Assessment instructions What you need To complete this assessment, you will need to choose one financial organisation to research. This can be your own workplace, or you can select from the list of financial institutions provided below to investigate. Westpac In order to complete the report, you will need to have completed and understood the topics covered in weeks 1 – 3 and to have researched the following key information about your chosen financial organisation: The structure of the enterprise risk management framework Scope of regulations applicable to the firm Key compliance processes utilised in the firm, such as: o Regulatory change management o Regulatory assessment management o Regulatory relations o Training o Policy management o Monitoring & surveillance
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
o Compliance review program o Incident management o Breach reporting o Audit management o Governance and management oversight Instructions Within the compliance framework proposal, you should: Design a compliance framework proposal for your organisation. Justify the use of RegTech solutions to cover key elements of the framework. Analyse the key challenges to successful implementation of the framework. Presentation style/format Your report should be written using correct spelling, grammar and punctuation. Language should be free of bias (including but not limited to race, gender, sexual orientation or disability). Harvard referencing is required. Harvard referencing guide. Quantitative information should be clearly described and appropriately communicated (e.g., figures and tables are appropriately labelled). How to submit Use the Turnitin submission point below to submit your response by the due date. The final submission should be a Word Document (.docx). Marking and feedback The submission will be marked using the rubric below. Individual feedback will be provided via the Turnitin tool prior to the census date. General feedback will be provided on the forum.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
MARKING CRITERIA UNSATISFACTORY (F) 0-49% PASS (P) 50-64% CREDIT (CR) 65%- 74% DISTINCTION (DN) 75%- 84% HIGH DISTINCTIO (HD) 85%- 100% Criterion 1 Appropriateness, comprehensiveness and relevance of the components of the framework 30% Poor analysis with missing/obvious gaps in evidence Surface analysis supported generally by patchy evidence Generally clear analysis supported by some effective evidence Sophisticated and detailed analysis supported by effective evidence Highly sophisticated and detailed analysis supported by highly effectiv evidence Criterion 2 Quality of analysis, ideas and evidence 30% Unable to clearly categorise key obligations into risk types. Unable to articulate the level of risk for each obligation Some understanding of key obligations and their level of risk. Some errors in the classification of risk types Good understanding of the level of risk and risk type for each key obligation Well defined key obligations and assessment of risk for each obligation. shows a good understanding of the subject matter Clearly define key obligation and assessmen of risk for each obligation shows a strong understanding of the subject matter Criterion 3 Appropriateness of RegTech tools selected in the compliance Limited identification of the key obligations or their risk types or level of risk. Risk assessment findings Some key obligations have been identified and matched to Key obligations have been identified and matched to Key obligations have been identified and matched to appropriate Compliance risk assessmen is clear and we presented, all key obligation
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
framework 30% are unclear and/or incorrect. appropriate risk types and levels of risk. Findings lack clarity. appropriate risk types and levels of risk. Findings are generally clear. risk types and levels of risk. Findings are clear and backup up by supporting evidence. are matched correctly to ris types and level of risk. Evidence back up findings. Criterion 4 Structure, written expression and referencing 10% Presents ideas unclearly with poor readability Frequent errors in written expression, spelling and grammar Presents complex ideas adequately with adequate readability Some errors in written expression, spelling and grammar. Generally presents complex ideas well with good readability Few errors in written expression, spelling and grammar Consistently and skilfully presents complex ideas with very good readability Negligible errors in written expression, spelling and grammar Consistently, skilfully and eloquently presents complex ideas with excellent readability No errors in written expression, spelling and grammar
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

217 MT prep.pdf
Pratice_Questions.pdf
6.3.3 Practice Questions.pdf
Week 2 - Overview of RegTech solutions Complete.docx
6.1.4 Practice Questions.pdf
Week 1 - Overview of regulatory compliance Complete.docx
ques1bfs.docx
Case 1 Netflix BIS 371.docx
ques1img.docx
Com 30107-XH042 CRIS AND COMMUNICATIONS 11.27)).docx
ques1merkel.docx
ques1bplustree.docx