Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT...
Transcript of Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT...
![Page 1: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/1.jpg)
Banking Compliance Survey 2016
Survey results
![Page 2: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/2.jpg)
![Page 3: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/3.jpg)
Activities 1
Governance 19
Resources 31
Hot topics 41
![Page 4: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/4.jpg)
![Page 5: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/5.jpg)
Activities
PwC | 1
![Page 6: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/6.jpg)
01Is the compliance
a stand-alone function or is it embedded with other functions
79%Stand alone role
Embedded
21%
2 | Banking Compliance Survey 2016 - Survey results
![Page 7: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/7.jpg)
100%
02Is there a plan to separate (if embedded) or to merge with others functions
NO0%YES
PwC | 3
![Page 8: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/8.jpg)
03What is the scope of the compliance function’s responsibilities
4 | Banking Compliance Survey 2016 - Survey results
![Page 9: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/9.jpg)
AML and CFT
Conduct of business rules
Embargo
Customer protection (transparency pricing, ...)
Tax Compliance (FATCA, CRS, Bank’s own taxation, withholding tax, … )
Internal Control
Anti-fraud measures
Complaints handling
Prudential supervision regulation
IT security
Legal (regulatory watch, …)
Business security
Operational risk (other than legal, fraud and IT risk)
Outsourcing
Anti-bribery
Data protection
Market integrity rules (Market abuse, best execution, …)
7%
14%
14%
29%
57%
64%
29%
71%
57%
50%
86%
50%
57%
79%
21%
50%
7%
93%
86%
86%
71%
29%
29%
21%
21%
14%
14%
14%
7%
7%
7%
79%
36%
93%
Advisory role and others
Significantly involved
![Page 10: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/10.jpg)
04Has the scope of Compliance responsibilities changed recently
6 | Banking Compliance Survey 2016 - Survey results
![Page 11: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/11.jpg)
INCR
EASE 86%
PwC | 7
![Page 12: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/12.jpg)
05On which activities is
the Group Compliance officer’s time spent (current)
What do you think the Group
Compliance Officer should spend time on
(optimal)Multiple choice question
8 | Banking Compliance Survey 2016 - Survey results
![Page 13: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/13.jpg)
Report to the Board/Senior Management
62% 38%
Provide advice & support to business
46% 46%
Adapt the entity to new regulations
46% 38%
Interface with regulators/lobbying
15% 38%
Monitor/take remedial or corrective measures
46% 31%
Promote adoption of compliance culture
31% 54%
CurrentGroup Compliance Officer Optimal
Report to the Board/Senior Management
62% 38%
Promote adoptionof compliance culture
31% 54%
PwC | 9
![Page 14: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/14.jpg)
06On which tasks is Compliance staff’s time spent (current)
What do you think the Compliance staff
should spend time on (optimal)
Multiple choice question
10 | Banking Compliance Survey 2016 - Survey results
![Page 15: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/15.jpg)
Internal and external reporting
31% 15%
Provide advice & support to business
85% 85%
Suspicious transaction monitoring
31% 31%
Promote adoption of compliance culture
0% 38%
Control monitoring 38% 77%
Project implementationProject implementation
Monitor/take remedial or corrective measures
8%
15%
8%
23%
CurrentCompliance Staff Optimal
PwC | 11
![Page 16: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/16.jpg)
07
What is the most frequent involvement of the
Compliance function with regulatory projects as opposed to the business lines role
Multiple choice question
57%29%
0%
43%Leader
Participant
Not involved
Expert
12 | Banking Compliance Survey 2016 - Survey results
![Page 17: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/17.jpg)
100%
21%
0%
Front Office
Internal Control
Risk department
Internal Audit
Compliance
08
Who is mainly in charge of the «first line of defence» for Compliance risks (e.g.: AML, embargo, fraud, customer protection, market integrity…) Multiple choice question
PwC | 13
![Page 18: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/18.jpg)
09
Who is mainly in charge of the ‘second line of
defence’ for Compliance risks (e.g.: AML, embargo, fraud, customer protection, market integrity…)
Multiple choice question
0%
7%29%
86%
Front Office
Internal ControlRisk department
Internal Audit
Compliance
14 | Banking Compliance Survey 2016 - Survey results
![Page 19: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/19.jpg)
64%
36%
YES
NO
Do you feel the boundaries of first and second lines of defence are in practice well established, defined in your organization
10
PwC | 15
![Page 20: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/20.jpg)
11Which roles does the Compliance function perform in ensuring the compliance
controls effectivenessMultiple choice question
16 | Banking Compliance Survey 2016 - Survey results
![Page 21: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/21.jpg)
93%
86%
79%
79%
79%
Designing controls
Assessing the suitability of controls
Implementing controls
Analyzing the controls performed by others
Testing controls
PwC | 17
![Page 22: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/22.jpg)
![Page 23: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/23.jpg)
Governance
PwC | 19
![Page 24: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/24.jpg)
01What is the direct
reporting line of the GCO (Group Compliance Officer)
46%
15%8%
31%
CEO
CRO
Legal
Others
20 | Banking Compliance Survey 2016 - Survey results
![Page 25: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/25.jpg)
29%57%14%
Decentralized
Matrix
Vertical
Decentralized : Group Compliance is in charge of coordinating,
sponsoring without formalized functional or hierarchical reporting
line with the local Compliance head
Matrix : Double reporting line (hierarchical between the local
Compliance head and the local business CEO and functional
between local Compliance head and GCO)
Vertical : Compliance staffs in geographies/business lines report
directly to the Group Compliance
02What is your Compliance Group organization model
PwC | 21
![Page 26: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/26.jpg)
03
How is Group Compliance involved in
compensation, performance measurement and objectives of Compliance Staff (HQ and local staff)
0%
25%
50%25%
50% 100%25%
12,5%
12,5%
0%
0%
0%
Descentralized Matrix Vertical
Highly
Moderate
Low
Not involved
22 | Banking Compliance Survey 2016 - Survey results
![Page 27: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/27.jpg)
0%75% 75%
25%
0%
12,5%
12,5%
0%
100%0%
0%
0%
Descentralized Matrix Vertical
Highly
Moderate
Low
Not involved
04
How is Compliance involved in compensation (bonus…) of Bank employees (other than Compliance staff)
PwC | 23
![Page 28: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/28.jpg)
05In which board
committees does Group Compliance Officer participate/report
64%71%
Audit Committee
Risk Committee
24 | Banking Compliance Survey 2016 - Survey results
![Page 29: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/29.jpg)
86%
indicate the GCO has regular meetings with independent board members or with the Audit Committee chairman
06
Has the Group Compliance officer access to or has regulator meeting with independent board members or with the Audit Committee chairman
PwC | 25
![Page 30: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/30.jpg)
07How would you assess
the Board of Directors receptiveness to Compliance matters
64% 36%indicate that the Board of Directors is highly receptive on compliance matters
HIGH
MEDIUM
26 | Banking Compliance Survey 2016 - Survey results
![Page 31: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/31.jpg)
82%
91%
27%
45%
9%
45%
Occurrences
Compliance is a means of strengthening the quality of the business
Compliance is everyone’s responsibility
Compliance is more about encouraging the right behaviors than policing
Compliance is a cost of doing business
Compliance is a necessary evil
Compliance is an investment - there should be a measurable payback
08How would you assess your organization’s perception of Compliance
PwC | 27
![Page 32: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/32.jpg)
09How is the compliance
function mainly involved with the main regulator(s) relationship
Multiple choice question
57%86%
50%As a proactive relationship manager
Provide feedback to queries
Seek clarifications from regulator
28 | Banking Compliance Survey 2016 - Survey results
![Page 33: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/33.jpg)
86%
14%
YES
NO
10
Have the perception and interactions with senior executives, business leaders, and regulator changed over the last 2 years
PwC | 29
![Page 34: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/34.jpg)
![Page 35: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/35.jpg)
Resources
PwC | 31
![Page 36: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/36.jpg)
INCR
EASE
01Has compliance staff
increased in 2014
93%YES
13%
32 | Banking Compliance Survey 2016 - Survey results
![Page 37: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/37.jpg)
93%YES
02Do you expect that compliance staff will increase in the next 2 years
INCR
EASE 14%
PwC | 33
![Page 38: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/38.jpg)
03How do you consider
the level of available resources assigned to the Compliance
29%
21%50%
Suitable
Sufficient
Insufficient
34 | Banking Compliance Survey 2016 - Survey results
![Page 39: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/39.jpg)
64%
7%
29%Moderate
Low
High
04How would you assess the “qualitative” adequacy of compliance resources
PwC | 35
![Page 40: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/40.jpg)
05Which competencies /
skills could be improved
64%
64% 14%
21%Regulatory
Use of technology Tax/Legal
Communication
36 | Banking Compliance Survey 2016 - Survey results
![Page 41: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/41.jpg)
36%
64%
YES
NO
06Do you offshore / near shore Compliance activities
PwC | 37
![Page 42: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/42.jpg)
Do you consider that additional tools should be deployed07
38 | Banking Compliance Survey 2016 - Survey results
![Page 43: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/43.jpg)
79%
21%
YES
NO
PwC | 39
![Page 44: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/44.jpg)
![Page 45: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/45.jpg)
Hot topics
PwC | 41
![Page 46: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/46.jpg)
01
42 | Banking Compliance Survey 2016 - Survey results
What are the main compliance risks in your organization
![Page 47: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/47.jpg)
Consumer protection 60%
KYC 70%
AML & CFT 60%
Future changes in regulation 40%
Inconsistent implementation of regulation across business lines and geographies
20%
Conflicts of interest
Customer litigation
Banking secrecy & data privacy
Internal organizational issues
20%
10%
10%
10%
Current main compliance
risks
KYC 70%
Consumer protection 60%
AML & CFT 60%
Future changes in regulation 40%
PwC | 43
![Page 48: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/48.jpg)
02
44 | Banking Compliance Survey 2016 - Survey results
What do you think will be the key compliance risks in the future
(next 2 years)
![Page 49: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/49.jpg)
Consumer protection
60%KYC
80%
AML & CFT 60%
Future changes in regulation
30%
Inconsistent implementation of regulation across business lines and geographies
20%
Conflicts of interest
Customer litigation
Banking secrecy & data privacy
Internal organizational issues
20%
10%
10%
0%
Compliance risks
in 2 years
Consumer protection 80%
60%KYC
AML & CFT 60%
30%Banking secrecy & data privacy
PwC | 45
![Page 50: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/50.jpg)
![Page 51: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/51.jpg)
© 2016 PricewaterhouseCoopers Assurance. Tous droits réservés. Crédit photos : PwC
![Page 52: Banking Compliance Survey 2016 - PwC · Complaints handling Prudential supervision regulation IT security Legal (regulatory watch, …) Business security Operational risk (other than](https://reader036.fdocuments.net/reader036/viewer/2022081617/605220a29f067e78057a259d/html5/thumbnails/52.jpg)
www.pwc.fr