Compliance Made Me Do It -...
Transcript of Compliance Made Me Do It -...
![Page 1: Compliance Made Me Do It - media.techtarget.commedia.techtarget.com/searchFinancialSecurity/downloads/Love_My... · Matthew Todd, Ph.D. Financial Engines, Inc. These materials have](https://reader033.fdocuments.net/reader033/viewer/2022061000/60afc6e42c264b18ad3ce7d9/html5/thumbnails/1.jpg)
Compliance Made Me Do It
Or How I Learned to Stop Worryingand Love My Compliance Department
Matthew Todd, Ph.D.Financial Engines, Inc.
These materials have been prepared for information purposes only. They are not intended to be nor do they constitute legal, compliance, or information security advice. The views indicated herein do not necessarily represent the views or the policies or procedures of Financial Engines.
![Page 2: Compliance Made Me Do It - media.techtarget.commedia.techtarget.com/searchFinancialSecurity/downloads/Love_My... · Matthew Todd, Ph.D. Financial Engines, Inc. These materials have](https://reader033.fdocuments.net/reader033/viewer/2022061000/60afc6e42c264b18ad3ce7d9/html5/thumbnails/2.jpg)
Why is this guy here?
![Page 3: Compliance Made Me Do It - media.techtarget.commedia.techtarget.com/searchFinancialSecurity/downloads/Love_My... · Matthew Todd, Ph.D. Financial Engines, Inc. These materials have](https://reader033.fdocuments.net/reader033/viewer/2022061000/60afc6e42c264b18ad3ce7d9/html5/thumbnails/3.jpg)
Let’s start a new company
FabFinanceCoInc will:
• Offer financial services to individuals
• Extend services of existing financial entities
• Make use of third-party vendors
• Make everyone happy
![Page 4: Compliance Made Me Do It - media.techtarget.commedia.techtarget.com/searchFinancialSecurity/downloads/Love_My... · Matthew Todd, Ph.D. Financial Engines, Inc. These materials have](https://reader033.fdocuments.net/reader033/viewer/2022061000/60afc6e42c264b18ad3ce7d9/html5/thumbnails/4.jpg)
Then what happens?
FabFinanceCoInc, meet the auditors
• Financial partners
• Customers
• Regulators
• Business
• Litigants
•How do you prepare?
![Page 5: Compliance Made Me Do It - media.techtarget.commedia.techtarget.com/searchFinancialSecurity/downloads/Love_My... · Matthew Todd, Ph.D. Financial Engines, Inc. These materials have](https://reader033.fdocuments.net/reader033/viewer/2022061000/60afc6e42c264b18ad3ce7d9/html5/thumbnails/5.jpg)
Start at the beginning… and the end
• Start with basic principles of due care
• Think of the end goal
• Have a simple message that everyone “gets”
TRUST
![Page 6: Compliance Made Me Do It - media.techtarget.commedia.techtarget.com/searchFinancialSecurity/downloads/Love_My... · Matthew Todd, Ph.D. Financial Engines, Inc. These materials have](https://reader033.fdocuments.net/reader033/viewer/2022061000/60afc6e42c264b18ad3ce7d9/html5/thumbnails/6.jpg)
A culture of compliance
FabFinanceCoInc employees “get it.” Now what?
• Compliance is a basis for a “web of trust.”
• Need to comply (with laws and regs, with commitments to customers and partners) is engendered.
• Employees then help to establish policies and procedures.
![Page 7: Compliance Made Me Do It - media.techtarget.commedia.techtarget.com/searchFinancialSecurity/downloads/Love_My... · Matthew Todd, Ph.D. Financial Engines, Inc. These materials have](https://reader033.fdocuments.net/reader033/viewer/2022061000/60afc6e42c264b18ad3ce7d9/html5/thumbnails/7.jpg)
FFCI’s Risk Management Program• Business units should
have skin in the game• If you’re not at the table, you
don’t have a voice
• Reports up to the Board
• Critical elements:• Ownership
• Training
• Documentation
• Process management
• Record keeping
• Monitoring
• Iterate!
![Page 8: Compliance Made Me Do It - media.techtarget.commedia.techtarget.com/searchFinancialSecurity/downloads/Love_My... · Matthew Todd, Ph.D. Financial Engines, Inc. These materials have](https://reader033.fdocuments.net/reader033/viewer/2022061000/60afc6e42c264b18ad3ce7d9/html5/thumbnails/8.jpg)
A toolset for FFCI
• Once basic principles are set, employees want tools
• Easy
• Essential
• Compliant
• Be ready to support them
![Page 9: Compliance Made Me Do It - media.techtarget.commedia.techtarget.com/searchFinancialSecurity/downloads/Love_My... · Matthew Todd, Ph.D. Financial Engines, Inc. These materials have](https://reader033.fdocuments.net/reader033/viewer/2022061000/60afc6e42c264b18ad3ce7d9/html5/thumbnails/9.jpg)
Make friends
• You can’t do it all• Establish requirements and
controls up front
• Build relationships – build trust
• Outside experts can help• Bring wealth of experience
• Speak to “best practice”
• Help identify real risk vs. “check the box”
• You must be an active participant
![Page 10: Compliance Made Me Do It - media.techtarget.commedia.techtarget.com/searchFinancialSecurity/downloads/Love_My... · Matthew Todd, Ph.D. Financial Engines, Inc. These materials have](https://reader033.fdocuments.net/reader033/viewer/2022061000/60afc6e42c264b18ad3ce7d9/html5/thumbnails/10.jpg)
Audit season sets in at FFCI• Be prepared to
respond to external requests• Have experienced staff
ready
• One size does not fit all
• Demonstrate minimum standards• Belt-and-suspenders is
always a good idea• Don’t be afraid of saying
“no” or “N/A”
![Page 11: Compliance Made Me Do It - media.techtarget.commedia.techtarget.com/searchFinancialSecurity/downloads/Love_My... · Matthew Todd, Ph.D. Financial Engines, Inc. These materials have](https://reader033.fdocuments.net/reader033/viewer/2022061000/60afc6e42c264b18ad3ce7d9/html5/thumbnails/11.jpg)
Speak softly and carry a big stick
• Establish firm agreements with all parties• Partners• Customers• Vendors
• Ensure a right to audit or review practices
• Carry a copy of regswith you at all times
![Page 12: Compliance Made Me Do It - media.techtarget.commedia.techtarget.com/searchFinancialSecurity/downloads/Love_My... · Matthew Todd, Ph.D. Financial Engines, Inc. These materials have](https://reader033.fdocuments.net/reader033/viewer/2022061000/60afc6e42c264b18ad3ce7d9/html5/thumbnails/12.jpg)
Schrödinger's Rule of Compliance
Your program is not working unless it is demonstrated to be working
TEST
![Page 13: Compliance Made Me Do It - media.techtarget.commedia.techtarget.com/searchFinancialSecurity/downloads/Love_My... · Matthew Todd, Ph.D. Financial Engines, Inc. These materials have](https://reader033.fdocuments.net/reader033/viewer/2022061000/60afc6e42c264b18ad3ce7d9/html5/thumbnails/13.jpg)
The Take Home Slide
Hallmarks of a sound program:• Identification of applicable laws and regs• Written policies and procedures• Training and acknowledgement• Access control/Separation of duties• Risk management program• Business continuity plans• Testing and iteration• Appropriate monitors and record keeping
practices• Internal and external audit• And that’s it! (not really)
![Page 14: Compliance Made Me Do It - media.techtarget.commedia.techtarget.com/searchFinancialSecurity/downloads/Love_My... · Matthew Todd, Ph.D. Financial Engines, Inc. These materials have](https://reader033.fdocuments.net/reader033/viewer/2022061000/60afc6e42c264b18ad3ce7d9/html5/thumbnails/14.jpg)
The Second Take Home Slide
Useful Things to Have and Do:• Effective tools for the company• Trained and certified staff• An eye to standards and federal regs• Effective partnerships• Tabletop exercises and drills
![Page 15: Compliance Made Me Do It - media.techtarget.commedia.techtarget.com/searchFinancialSecurity/downloads/Love_My... · Matthew Todd, Ph.D. Financial Engines, Inc. These materials have](https://reader033.fdocuments.net/reader033/viewer/2022061000/60afc6e42c264b18ad3ce7d9/html5/thumbnails/15.jpg)
For more information
Matthew Todd, Ph.D.Chief Security OfficerVP Risk and Technical OperationsFinancial Engines, Inc.
ph: 650.565.4932em: [email protected]