The Case for Continuous Compliance Assurance

Despite the ever-increasing regulation of financial services institutions (FSIs) and the growth of risk management techniques into ever-more quantitative and analytical methodologies, major corporate disasters still occur with alarming force and frequency. There are well known, much-publicised and analysed headline cases.  These are in fact the tip of the iceberg: many more smaller but still very significant and damaging losses occur across the industry and do not make front-page news.

Many business people say that a part of the reason for this is regulation itself. The explosion in the numbers of new and revised rules covering such as disciplines anti-money laundering, market-rigging and consumer-protection (e.g. ‘TCF’), to name a few examples, has happened so quickly that business heads, managers, compliance departments and internal auditors have simply been unable to cope with the new requirements as well as attend to their every-day duties and functions.
 

The Quadrant Approach to Continuous Compliance Assurance

The philosophy underlying Quadrant’s Compliance Assurance Solution is that effective, ongoing governance can only take place as and when the relevant policies, processes and systems are supported by management information geared specifically to that end, and where the detailed data supporting the management information can be readily evidenced in a manner that would enable managers to take swift corrective actions where appropriate. This philosophy is depicted in the diagram below:

It has three key components of which Assurance is one:

1. Policy: this answers the question “What do we have to do?” 
2. Processes and systems: these answer the question “How do we do it?” and therefore give life and effect to policy, i.e. they are designed to implement the policy.
3. Assurance: many corporations have perfectly good policies and processes in place and documented yet are still subject to disasters. What they typically didn’t have was an answer to the question “How do we know it really happens [in the way we’ve designed and decreed]?” .. And that’s Assurance! 

In Summary

The Quadrant approach to Compliance Assurance provides:

• Clarity around which standards or regulations (whether internally- or externally-imposed) apply, how they apply, and to which lines of business or functional areas. This means that scarce resources – including senior management, risk control, compliance and internal audit personnel – can focus on established priority areas
• Identification of the relevant data required to give comprehensive assurance that standards are being met, on an ongoing basis Enhanced performance monitoring via the establishment and tracking of key performance indicators
• The establishment of tolerances, via parameters, enabling management-by-exception
• Depiction of actual performance against KPIs in highly visual and intuitive dashboards providing right-time feedback for corrective action