by Guest Writer, Glenna Smith of Smith Consulting
- List all products and services your business provides and note the risks for each.
- List all regulator requirements in each location you do business.
- Map your internal controls to each piece of legislation.
- Determine if you have any gaps or overlap in controls for compliance.
- Determine if you have any controls in place that are unnecessary or overly burdensome.
- Revise your policies and procedures to reflect your review.
Finally, implement a system for compliance managers to monitor risks. The compliance manager should be more like the traffic helicopter being able to monitor conditions from a birds-eye perspective, looking for the dangerous motorist. They should not be the traffic copy stopping every other car from moving forward for a minor infraction. Often a monitoring system can be done through system automation, or if unavailable, periodic reporting from the various business areas.
Going forward, compliance managers should always participate in meetings in which new business products and services are being developed. Further, when even more regulation and compliance obligations impact the business, before simply adding to their policies and procedures, the compliance manager should ensure any new controls are effective and not overly burdensome to the business.