6 Practical Ways to Prepare for Your Next Compliance Exam
Regulatory exams are becoming more complex while preparation time is shrinking. So what's the best way to prepare thoroughly? Here are six practical tips.
31 July 2015
It's the perfect storm: regulatory exams are becoming more complex while preparation time is shrinking. So what's the best way to prepare thoroughly yet efficiently? Here are six practical tips that can help you be exam-ready in short order.
- Identify the examiners' primary areas of concern: Data governance and internal controls continue to be the center of attention and share the spotlight with a new concern: cyber threat and information technology vulnerabilities of firms and third party vendors. Be prepared for an intensive review that emphasizes both risk control and post-disaster business continuity planning. Also under scrutiny is the adequacy of controls to combat threats from electronic transaction processing fraud and sophisticated methods of money laundering.
- Conduct a pre-exam risk assessment: Before the exam, it's a smart idea to conduct an internal risk assessment either independently or with the help of a third-party consultant. It demonstrates a pro-active approach to risk management that helps:
- Identify major risks
- Evaluate risk controls and their effectiveness
- Identify gaps in risk coverage
- Demonstrate proof of compliance
If you uncover any issues, report them to the Compliance Officer for handling.
- Review your response to previous exams: If corrective actions were necessary after a previous exam, find out whether changes were made and documented. And if they weren’t acted upon, find out why. Handle any still-open items by noting the progress made to date and the expected completion date. Don't forget about customer complaints. Verify that they were addressed and resulting changes in controls were documented.
- Designate a key point person to manage the pre-exam and exam process: Select one point person to act as the exam manager — this person will ensure examiners receive the information they need in a timely fashion, and serve as a liaison between examiners and department managers.Who's a good candidate for the job? Someone who knows your firm's risk control policies, procedures and practices well and articulates them accurately. They should be highly organized and detail-oriented since there are a lot of very specific and confidential documents to manage. On a personal level, the exam manager should be confident as well as service-oriented. Dealing with regulators can be daunting, so someone who is unflappable under pressure is ideal. They also need to be responsive to the requests and deliver information quickly… and pleasantly!
- Complete all necessary compliance training: Comprehensive, up-to-date compliance training is one of the criteria examiners use to determine if a strong compliance management program is in place and a "culture of compliance" exists. Review training records and eliminate any gaps in your education program before the exam.
- Brief key personnel: Brief department and functional managers so they're prepared to give examiners accurate and consistent responses. Your firm's Board of Directors should also be briefed. Given the board's responsibility for compliance oversight, each member should have a full report of the pre-exam assessment findings and be ready to answer questions from examiners.
The need for comprehensive exam preparation in a short time frame is the “new normal.” By structuring exam prep as a repeatable, multi-step process, it becomes far less challenging and more likely to lead to a successful outcome. And isn't that what every firm wants?
Learn how Intralinks VIA® helps governance, risk and compliance professionals to stay in control of the regulatory compliance process from day one.
Mark Kalen is worldwide director of product strategy and marketing for financial services at Intralinks. Mark received his MBA from Boston University and has worked over 15 years in financial services as executive and consultant specializing serving in a variety of roles including Sr. Director Risk and Compliance, VP Operations, and VP Product. His experience includes tenure at JP Morgan, Deloitte & Touche, State Street Bank, Wolters Kluwer, and Fidelity Investments.