The Banking Code Compliance Committee (BCCC), Australia has conducted an inquiry between July and October 2019 into Code subscribing banks’ (banks) transition to the new 2019 Banking Code of Practice (the Code) to confirm whether banks have taken appropriate steps to ensure compliance with the Code. The objective of the inquiry was to have a holistic review of the banks’ transition to the Code.
BCCC has come up with a set of recommendation based on their observation of code adherence across the subscribing banks. The diagram below illustrates some of the key considerations that need to be made while incorporating the code of practices into the existing operations.
BCCC Recommendation #1
A good point to start this is to
- identify the compliance gaps between existing practices prior to Code approval and the obligations set out in the Code, and
- develop and implement appropriate policies, processes, procedures and system changes to ensure compliance with the Code from 1 July 2019.
What is important is to use a consistent taxonomy to differentiate a variety of these obligations. While identifying the obligations it is important to differentiate what can be automated, which are there to meet the legal compliance, which are there to support product design & distributions and which are behavioural and subjective in nature. Some common obligations may need to support more than one set of compliance or policy adherence objectives.
The number of obligations that need to be monitored for each control may vary based on a number of factors including product distribution model, geography, channel, process etc.
BCCC Recommendation #2
Mapping obligations into your existing compliance framework and business process
The code is equally applicable to all the entities, brands and subsidiaries. Irrespective of whether the products are offered under white-label agreements, e.g. credit or loan products, it requires uniform compliance. So the obligations need to be mapped to relevant metadata, geography, business processes and risk criteria.
— products and services
— business units
— services channels
— back-office and processing teams
— control environments (to ensure it can adequately report to BCCC).
— risk criteria
Every obligation needs to be assessed for individual and contextual risk and a risk definition needs to be attached to it.
Risk-based supervision increases the effectiveness of code compliance while increasing efficiency through improved resource allocation and processes. It assists in prioritization of resources to the areas of greatest conduct risk. Risks are not eliminated, but supervisors are able to address them in the most efficient and effective way of pursuing their objectives. This allows Banks to address the risks in a systematic manner giving priority to what matters most.
If you want to learn more about the obligation identification, mapping strategy, send us an email (firstname.lastname@example.org) for more information.