Compliance Survey Results - KPMG International...KPMG Compliance Survey / 33 Monitoring and testing...

/ 19KPMG Compliance Survey

Compliance Survey Results

/ 20 KPMG Compliance Survey

030201

COMPLIANCE SURVEY RESULTS

44%

56%

ManCos

Banks

12%

88%

Yes

No

20%

12%

8%

60%

< 5

6-10

11-15

12

Respondent Profile

4% 8%

4%

24%

32%

28%

< €50K

€50K- €250K

€250K- €500K

€500K- €1,000K

€1,000K - €5,000K

> €5,000K

04

Company type

Operating budget (including salaries)

Do you belong to a Group?

Compliance department head count

ManCos represent 56% of respondents. The remaining 44% of respondents are banks active in private banking and depositary banking businesses, with very few in retail banking.

88% of respondents belong to a group, of which 12% are parent companies.

60% of respondents have less than five resources in the compliance function and 20% have more than 15 resources.


06

0528%

72%

Yes

No

07

Is the compliance function sufficiently staffed?

Core activities of the compliance function

Predominant skills of the compliance function

72% of respondents consider that the compliance function is sufficiently staffed.

Client onboarding due diligence and AML monitoring

Controls monitoring

Compliance risk assessment

Monitoring rules

Regulatory watch

Compliance/technical expertise

Legal/regulatory knowledge

Monitoring/testing/audit skills (less important than the first two)

KPMG Compliance Survey/ 22

08

09The structure of the compliance team is mostly centralized (68%)

68%

20%

12%

Centralized

Capability split between Compliance and Business Units

Focused at divisional level

Activities in which the compliance function is mostly involved

Compliance team structure

Client onboarding

Transaction monitoring

Support to business functions (advice, training..)

Reporting to Management/BoD

Product sales


10

11

Strongly agree Agree Neutral Disagree Strongly disagree

N/A

Very positive Rather positive Neutral Quite negative

Negative

On-site inspections

Follow-up of on-site inspections

Recurring interaction 10% 10%

36%8%

24% 40% 24% 12%

16%12% 20% 48%

12% 44%

4%

/ 64% of respondents have positive interactions with the CSSF on an ongoing basis. The percentage lowers to 42% when it comes to on-site inspections, and to 28% for follow-up on on-site inspections.

/ The regulatory landscape is considered an operational burden by 80% of participants. 48% of respondents still consider the regulatory landscape a business opportunity.

Interaction with CSSF on the following topics:

The new regulatory landscape is:

Business opportunity

Operational burden

Re-establish public trust

Unnecessary

48%

16%

16% 20%

12% 28% 36% 16%

44% 8% 8%

64% 12%

28% 16% 8%

4%

4%

4%4%

4%

KPMG Compliance Survey

13 Top three priorities for the compliance function in the coming years

12 Top priorities for organizations in the coming years

Risk and compliance

Structures and processes

IT and digital transformation

Compliance monitoring tools

Structures and processes

Manpower/IT and digital transformation


Compliance Culture

14

15

Compliance Culture 12% 68% 12% 4%4%

Group CCO

CRO

Executive Committee /Board of directors/ Audit Committee

ECB/ESMA/EU

CSSF

CRF

12%

8% 32%

28%

36%

48%

12% 12% 60% 8% 8%

48%

56%

40% 16%

16%

48% 8%

40% 24% 20%

4%

4%

4%

4%

4%

/ The stakeholders that have an impact on respondents’ work are:

• CSSF for 96% of respondents• ExCo/BoD/Audit Committee for 84% of respondents• ECB/ESMA/EU for 76% of respondents• Group CCO for 52% of respondents

The organization has a compliance culture

The following stakeholders have an impact on your work:


N/A

Strong impact Rather strong impact Neutral Rather small impact

No impact at all N/A


Compliance is heard

Business line accountability

Board review

Board review - strategy based

Code of conduct -compliance culture

Compliance officers’ contribution to business

Compliance’s involvement in strategy

Board awareness of compliance risk

Compliance culture among employees

Compliance Charter/Statement

16%

16%

44%

24%

44%

16%

28%

36% 56% 8%

8%16%64%12%

28% 72%

36% 24%

60% 24%

52%

32% 40%

36% 16%

56% 16% 12%

64% 16% 4%

4%

4%

4%

4%4% 4%

/ 80% of respondents consider that their organization has a compliance culture, that the compliance voice is sufficiently heard and that the hierarchical positioning empowers the CCO

/ 100% of respondents have a clearly defined compliance charter/mission statement

/ 92% of boards are adequately informed of existing compliance risks and how the organization is mitigating them

/ 76% of compliance officers actively contribute to the business leadership team by attending and participating in enterprise-wide governance committees as well as interpreting and providing guidance on critical compliance-related KPIs

Compliance voice16


N/A



N/A

Policies and procedures

17 Compliance has veto right on the following matters

AML/KYC

Investor protection

Conflicts of Interest 44% 40%

44% 36% 12% 8%

8%8%

64% 32% 4%


Alignment with company mission and vision19For 88% of respondents, the compliance policies and procedures are aligned with the company’s mission and vision.

Compliance requirements20Compliance requirements are included in the code of conduct and accessible to all employees (88%), as well as in the organization’s policies and procedures (96%).

Procedures update2192% of participants have a process in place, and personnel responsible for regularly updating procedures.

Code of conduct2296% of respondents have a code of conduct that clearly communicates management’s expectations of the employees with respect to the organization’s compliance culture.

Compliance program18 72% of respondents have a compliance program document describing the overall program, relevant areas and applicable policies and procedures.


40%

16%

36%

8%

Lack of automation

Ad hoc implementation of automation

Fully automated

Consistent implementation but not sufficient

Technology and data analytics

23

24

Regarding the automation of data and analytics, only 8% of respondents are fully automated, while 40% have reported a lack of automation.

The main difficulties encountered when implementing data analytics tools are obtaining/sharing data from different departments, incomplete/inconsistent data, and integrating and automating data analytics.

Obtaining/sharing data

from different departments

Data security

Integrating and automating data analytics

Incomplete/Inconsistent

data

Making sense of data

for greater compliance

insights

Automation maturity

Difficulties in implementing data analytics tools


40%of respondents consider that the compliance program leverages technologies to support compliance initiatives

JUST

Technology support25

32%deem technology infrastructure to be proactively adapted in alignment with regulatory changes

ONLY

Technology infrastructure26


CRA: Compliance Risk Assessment

30

28%

68%

4%

Less than once a year

Mutliple times a year

Once a year

CRA is mainly reviewed once per year (68%) or multiple times a year (28%).

CRA review frequency

29

For only 36% of respondents, CRA is produced by the first line, which is responsible for KPIs and KRIs.

CRA production

36%

28

64% of respondents consider they use a robust CRA methodology.

CRA Methodology

64%

27

For 56% of respondents, standardized KRIs and KPIs are integrated into compliance monitoring and testing, and drive root cause analysis and trend reporting.

KRIs and KPIs

56%


Digitalization Using data & analytics to respond to

regulatory changes

BlockchainRobo-advisory

4th AML directive

MiFID II

FATCA/CRS

EMIR and GDPR

PSD II

The legal frameworks which impact respondents are:

Areas of opportunity

31

32


Monitoring and testing

Compliance recommendations

For 88% of respondents, compliance recommendations are taken into consideration and implemented.

88%

Monitoring and reportingFor 88% of respondents, compliance testing results are reported to management, action plans with due dates are required and progress and completion of committed actions are monitored.

88%

Reporting to managementFor 88% of respondents, compliance testing results are reported to senior management and Board of Directors.

88%

Periodic assessmentFor 75% of respondents, compliance programs are periodically assessed to confirm that they continue to be aligned with changes in the regulatory environment, and the expectations of both regulators and stakeholders.

75%

Regulatory watchOrganizations have a regulatory

watch process in place (96%).

96%

Testing program84% of respondents have

a testing program in place.

84%

Management supportFor 87% of respondents

Management is fully supportive of compliance recommendations

87%

Compliance Survey Results - KPMG International...KPMG Compliance Survey / 33 Monitoring and testing...

Documents

Transcript of Compliance Survey Results - KPMG International...KPMG Compliance Survey / 33 Monitoring and testing...