Compliance Survey Results - KPMG International...KPMG Compliance Survey / 33 Monitoring and testing...
Transcript of Compliance Survey Results - KPMG International...KPMG Compliance Survey / 33 Monitoring and testing...
/ 19KPMG Compliance Survey
Compliance Survey Results
/ 20 KPMG Compliance Survey
030201
COMPLIANCE SURVEY RESULTS
44%
56%
ManCos
Banks
12%
88%
Yes
No
20%
12%
8%
60%
< 5
6-10
11-15
12
Respondent Profile
4% 8%
4%
24%
32%
28%
< €50K
€50K- €250K
€250K- €500K
€500K- €1,000K
€1,000K - €5,000K
> €5,000K
04
Company type
Operating budget (including salaries)
Do you belong to a Group?
Compliance department head count
ManCos represent 56% of respondents. The remaining 44% of respondents are banks active in private banking and depositary banking businesses, with very few in retail banking.
88% of respondents belong to a group, of which 12% are parent companies.
60% of respondents have less than five resources in the compliance function and 20% have more than 15 resources.
/ 21KPMG Compliance Survey
06
0528%
72%
Yes
No
07
Is the compliance function sufficiently staffed?
Core activities of the compliance function
Predominant skills of the compliance function
72% of respondents consider that the compliance function is sufficiently staffed.
Client onboarding due diligence and AML monitoring
Controls monitoring
Compliance risk assessment
Monitoring rules
Regulatory watch
Compliance/technical expertise
Legal/regulatory knowledge
Monitoring/testing/audit skills (less important than the first two)
KPMG Compliance Survey/ 22
08
09The structure of the compliance team is mostly centralized (68%)
68%
20%
12%
Centralized
Capability split between Compliance and Business Units
Focused at divisional level
Activities in which the compliance function is mostly involved
Compliance team structure
Client onboarding
Transaction monitoring
Support to business functions (advice, training..)
Reporting to Management/BoD
Product sales
/ 23KPMG Compliance Survey
10
11
Strongly agree Agree Neutral Disagree Strongly disagree
N/A
Very positive Rather positive Neutral Quite negative
Negative
On-site inspections
Follow-up of on-site inspections
Recurring interaction 10% 10%
36%8%
24% 40% 24% 12%
16%12% 20% 48%
12% 44%
4%
/ 64% of respondents have positive interactions with the CSSF on an ongoing basis. The percentage lowers to 42% when it comes to on-site inspections, and to 28% for follow-up on on-site inspections.
/ The regulatory landscape is considered an operational burden by 80% of participants. 48% of respondents still consider the regulatory landscape a business opportunity.
Interaction with CSSF on the following topics:
The new regulatory landscape is:
Business opportunity
Operational burden
Re-establish public trust
Unnecessary
48%
16%
16% 20%
12% 28% 36% 16%
44% 8% 8%
64% 12%
28% 16% 8%
4%
4%
4%4%
4%
KPMG Compliance Survey
13 Top three priorities for the compliance function in the coming years
12 Top priorities for organizations in the coming years
Risk and compliance
Structures and processes
IT and digital transformation
Compliance monitoring tools
Structures and processes
Manpower/IT and digital transformation
/ 25KPMG Compliance Survey
Compliance Culture
14
15
Compliance Culture 12% 68% 12% 4%4%
Group CCO
CRO
Executive Committee /Board of directors/ Audit Committee
ECB/ESMA/EU
CSSF
CRF
12%
8% 32%
28%
36%
48%
12% 12% 60% 8% 8%
48%
56%
40% 16%
16%
48% 8%
40% 24% 20%
4%
4%
4%
4%
4%
/ The stakeholders that have an impact on respondents’ work are:
• CSSF for 96% of respondents• ExCo/BoD/Audit Committee for 84% of respondents• ECB/ESMA/EU for 76% of respondents• Group CCO for 52% of respondents
The organization has a compliance culture
The following stakeholders have an impact on your work:
Strongly agree Agree Neutral Disagree Strongly disagree
N/A
Strong impact Rather strong impact Neutral Rather small impact
No impact at all N/A
/ 26 KPMG Compliance Survey
Compliance is heard
Business line accountability
Board review
Board review - strategy based
Code of conduct -compliance culture
Compliance officers’ contribution to business
Compliance’s involvement in strategy
Board awareness of compliance risk
Compliance culture among employees
Compliance Charter/Statement
16%
16%
44%
24%
44%
16%
28%
36% 56% 8%
8%16%64%12%
28% 72%
36% 24%
60% 24%
52%
32% 40%
36% 16%
56% 16% 12%
64% 16% 4%
4%
4%
4%
4%4% 4%
/ 80% of respondents consider that their organization has a compliance culture, that the compliance voice is sufficiently heard and that the hierarchical positioning empowers the CCO
/ 100% of respondents have a clearly defined compliance charter/mission statement
/ 92% of boards are adequately informed of existing compliance risks and how the organization is mitigating them
/ 76% of compliance officers actively contribute to the business leadership team by attending and participating in enterprise-wide governance committees as well as interpreting and providing guidance on critical compliance-related KPIs
Compliance voice16
Strongly agree Agree Neutral Disagree Strongly disagree
N/A
/ 27KPMG Compliance Survey
Strongly agree Agree Neutral Disagree Strongly disagree
N/A
Policies and procedures
17 Compliance has veto right on the following matters
AML/KYC
Investor protection
Conflicts of Interest 44% 40%
44% 36% 12% 8%
8%8%
64% 32% 4%
KPMG Compliance Survey
Alignment with company mission and vision19For 88% of respondents, the compliance policies and procedures are aligned with the company’s mission and vision.
Compliance requirements20Compliance requirements are included in the code of conduct and accessible to all employees (88%), as well as in the organization’s policies and procedures (96%).
Procedures update2192% of participants have a process in place, and personnel responsible for regularly updating procedures.
Code of conduct2296% of respondents have a code of conduct that clearly communicates management’s expectations of the employees with respect to the organization’s compliance culture.
Compliance program18 72% of respondents have a compliance program document describing the overall program, relevant areas and applicable policies and procedures.
/ 29KPMG Compliance Survey
40%
16%
36%
8%
Lack of automation
Ad hoc implementation of automation
Fully automated
Consistent implementation but not sufficient
Technology and data analytics
23
24
Regarding the automation of data and analytics, only 8% of respondents are fully automated, while 40% have reported a lack of automation.
The main difficulties encountered when implementing data analytics tools are obtaining/sharing data from different departments, incomplete/inconsistent data, and integrating and automating data analytics.
Obtaining/sharing data
from different departments
Data security
Integrating and automating data analytics
Incomplete/Inconsistent
data
Making sense of data
for greater compliance
insights
Automation maturity
Difficulties in implementing data analytics tools
KPMG Compliance Survey
40%of respondents consider that the compliance program leverages technologies to support compliance initiatives
JUST
Technology support25
32%deem technology infrastructure to be proactively adapted in alignment with regulatory changes
ONLY
Technology infrastructure26
/ 31KPMG Compliance Survey
CRA: Compliance Risk Assessment
30
28%
68%
4%
Less than once a year
Mutliple times a year
Once a year
CRA is mainly reviewed once per year (68%) or multiple times a year (28%).
CRA review frequency
29
For only 36% of respondents, CRA is produced by the first line, which is responsible for KPIs and KRIs.
CRA production
36%
28
64% of respondents consider they use a robust CRA methodology.
CRA Methodology
64%
27
For 56% of respondents, standardized KRIs and KPIs are integrated into compliance monitoring and testing, and drive root cause analysis and trend reporting.
KRIs and KPIs
56%
/ 32 KPMG Compliance Survey
Digitalization Using data & analytics to respond to
regulatory changes
BlockchainRobo-advisory
4th AML directive
MiFID II
FATCA/CRS
EMIR and GDPR
PSD II
The legal frameworks which impact respondents are:
Areas of opportunity
31
32
/ 33KPMG Compliance Survey
Monitoring and testing
Compliance recommendations
For 88% of respondents, compliance recommendations are taken into consideration and implemented.
88%
Monitoring and reportingFor 88% of respondents, compliance testing results are reported to management, action plans with due dates are required and progress and completion of committed actions are monitored.
88%
Reporting to managementFor 88% of respondents, compliance testing results are reported to senior management and Board of Directors.
88%
Periodic assessmentFor 75% of respondents, compliance programs are periodically assessed to confirm that they continue to be aligned with changes in the regulatory environment, and the expectations of both regulators and stakeholders.
75%
Regulatory watchOrganizations have a regulatory
watch process in place (96%).
96%
Testing program84% of respondents have
a testing program in place.
84%
Management supportFor 87% of respondents
Management is fully supportive of compliance recommendations
87%