Speaker 1: So you're working in compliance now, fresh in there and you're trying to figure out how to navigate and how all the pieces fit together. Well today I'm going to talk to you about the five tools that we use in compliance risk management. The first tool is a Code of Conduct. A Code of Conduct sets out the principles and values by which an organization operates. It sets out the behavior standard that we expect from every employee within that organization. It's important to note that although a Code of Conduct is an important document, it is just that. The true culture of an organization is talking about the behaviors that we accept and don't accept and those that are demonstrated by leadership and filtered down all the way through to the bottom of an organization. A Code of Conduct will typically cover situations such as how to manage conflicts of interest, social media use, how to respect individuals within the organization, how we treat one another and our other stakeholders, diversity and inclusion, and various other subject matters. But ultimately, the culture of an organization can be properly documented in a Code of Conduct but must be demonstrated in the behaviors. Now let's talk about policies and procedures. A policy is a statement of how an organization intends to meet its commitments around a specific subject matter. Typically, a policy is required in terms of a law or regulation that an organization has to comply with. Let's look at an example. Anti-money laundering regulations require institutions to have an anti-money laundering policy in place. This policy will state the organization's commitment to fighting financial crime and counter-terrorist financing. The policy is a high-level documentation of its commitment and the requirements for its employees to meet around this issue. When we talk to procedures, this is how the specific commitment will be operationalized in an organization. So the specific processes and steps that need to be followed in different areas of the business to ensure that those commitments to comply with the law are actually being undertaken on the ground on a day-to-day basis. The third tool is compliance training and awareness. Compliance training is very important because this is how information and knowledge is disseminated throughout the organization to make sure that everybody has an understanding of the laws that apply to the organization and how they, within their specific roles, will make sure that they are complying and not breaching. Compliance training can be delivered face-to-face, online, or awareness initiatives that just spread information throughout the organization. It should typically take a risk-based approach, which means you look at the risk profile of the organization and determine which areas need to receive what kind of training. There is training that will be organization-wide, such as code of conduct, because that applies to all employees across the board. Compliance training is a very important tool in risk management as it informs and empowers people to make decisions that are aligned with the rules, laws, and policies of an organization. The fourth tool that I want to speak to you about is the Compliance Risk Management Plan, short the CRMP. This involves the identification of all the laws and regulations and business standards and codes that apply to an organization, and these are cataloged and categorized in a risk universe. Once those have been categorized, a risk assessment process takes place where we look at the impact of each of the requirements stipulated in each law, as well as the probability that that event could take place. We look at the adequacy and effectiveness of the control environment that applies and make sure that we are monitoring and testing on a regular basis, depending on the risk rating and risk profile of a specific area and requirement, and ensuring that the controls remain adequate and suitable. This is a process which compliance engages with business to ensure that everybody is aware of what impacts their specific areas and the controls that they need to put in place to mitigate risk. The fifth and final tool that I want to share with you is compliance reporting. Compliance reporting is very important because it makes sure that all stakeholders have line of sight into the compliance risk management process. The organization needs to understand what is going right, what is going wrong, and as owners of that risk, how they need to act in order to remediate any issues that have been identified. We report into EXCO, the board, and any other internal stakeholders and provide information to them, such as internal audit, who have an interest in the results of things such as compliance testing. Externally, we report to regulators. This ensures that the regulator also has line of sight into the compliance status of an organization and is able to highlight and address issues and concerns with the organization on a timely basis. It is imperative that reports are accurate and reliable to ensure that all stakeholders can rely on the information presented and not be caught unawares by any unexpected issues. I hope you found this short video on the tools we use in compliance risk management helpful. If you would like to go a little bit more in-depth and understand compliance risk management more in the context of the overall risk management framework of an organization, check out our Compliance Risk Management 101 course. The link will be in the description. I hope it was helpful and enjoy learning a lot more. Don't forget to subscribe because there's a lot more how-to and information videos coming up for you. Bye.