Carlo V. di Florio, director of the Office of Compliance Inspections and Examinations at the U.S. Securities and Exchange Commission (SEC) led with some tough words on executive and board responsibility for high standards of compliance and ethics at a one day conference at the SEC Headquarters in Washington, D.C. this week:
??Strong risk management controls, including a solid compliance program, are a key responsibility of everyone in a regulated entity, but the right culture and tone at the top are especially the responsibility of senior management and the board. A (Chief Compliance Officer) who does not have the full support and engagement of senior management and the board is not going to be effective, and there is nothing that we (the SEC) want more than to help CCOs (Chief Compliance Officers) to be effective. (The SEC) will focus most intently on firms where we sense that senior management and the board are not setting the appropriate tone and are failing to support key risk and control functions with adequate resources, independence, standing and authority.
Whether we are talking about compliance and ethics or other key risk and control functions, such as risk management, financial control, or internal audit, it is important to clarify fundamental roles and responsibilities across the organization. An effective risk governance framework includes three critical lines of defense, which are in turn supported by senior management and the board.
The business is the first line of defense responsible for taking, managing and supervising risk effectively and in accordance with laws, regulations and the risk appetite set by the board and senior management of the whole organization.
Key support functions, such as compliance and ethics or risk management, are the second line of defense. They need to have adequate resources, independence, standing and authority to implement effective programs and objectively monitor and escalate risk issues.
Internal Audit is the third line of defense and is responsible for providing independent verification and assurance that controls are in place and operating effectively.
Senior management supports each of these levels by reinforcing the tone at the top, driving a culture of compliance and ethics and ensuring effective implementation of risk management in key business processes, including strategic planning, capital allocation, performance management and compensation incentives. The board of directors is ultimately responsible for setting the tone and the top and ensuring an effective culture of risk management across the organization.
The financial crisis revealed among many other things the need for better oversight of risk at the board and senior management levels, and the need for stronger independence, standing and authority among a firm?s internal risk management, control and compliance functions. As a result, in our examinations we are seeking to engage senior management and the board on critical business, risk and regulatory issues. By doing so we hope achieve two benefits: (i) to reinforce the importance of a robust compliance, ethics and risk management program; and (ii) to assess the culture and tone and the top of the organization.?
Read the remainder of the speech
Source: U.S. Securities and Exchange Commission
east river east river harry shum jr workaholics workaholics new iphone 5 release mary j blige
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.