Major events which have impacted the economic and financial sphere over the past years, such as the difficulties of risk assessment inherent in the subprime or transparency problems highlighted by the Kerviel and Madoff cases, demonstrated the usefulness of monitoring procedures within financial institutions as well as the risk involved in case of failure.
In fact, Internal Control has become one of the major concerns of the banking authorities and relevant counterparties: banks and investment firms, as well as investors, rating agencies, governments, etc…
Internal Control is a key issue and a topical subject at the center of a legislation that constantly carries new demands world-wide: in the United States (Sarbanes-Oxley Act) in Europe and in France (European Directives, Financial Security Act, revised CRBF 97-02…).
In particular, regulation 97-02, which defines the Internal Control requirements applicable to credit institutions and investment firms and its successive amendments are an opportunity for institutions to reconsider their overall Internal Control framework, to ensure not only that they meet new requirements, but also that they will meet their need for development and competitive positioning going forward.
The Permanent control and compliance departments must ensure:
- compliance with laws and regulations
- application of ethical principles specific to banking and investment services
- compliance with rules of good conduct
- prevention of conflicts of interest
- employees’ ethics
- fight against fraud and money laundering.
The regulation requires the implementation of a control framework which must be periodically reviewed and adapted to the evolutions of the company, its operations, its products together with its risk profile.
Key principles of the Internal Control framework
1. An adequate framework :
· the definition of a risk mapping adapted to the activity
· the choice of relevant indicators reflecting the risk profile of the institution
· a comprehensive and relevant risk coverage according to priority levels
· the coordination and dissemination of a culture of risk among employees.
2. The objectives of the Permanent Control and Compliance should be :
· to systematize the permanent first-level controls
· to adjust the second level interventions of Permanent Control
· to prepare Internal Control reports for the top Management, regulators…
3. The Permanent Control and Compliance framework is based on :
· the existence of an internal procedures manual to check the compliance of operations
· the traceability of controls
· the formulation of proposals aimed at enhancing business processes and regulatory security of the institution.
4. The preventive approach to compliance :
· the sharing of information, the establishment of a Compliance Committee and the training of staff
· the regulatory watch in collaboration with the concerned business lines and the Risk function
· the "positive" superposition of local and international regulations
· the issuance of notice on new products.
5. The monitoring of warning indicators :
· the centralization of shortcomings and deficiencies identified between Operational Risk and Compliance functions
· the monitoring of action plans.
Our beliefs :
- Beyond regulatory obligations, a robust Internal Control framework can act as a discriminating factor between institutions according to their degree of resistance to difficulties and to their speed of reaction and implementation of corrective actions when a failure occurs
- Optimize the organization of the institution by coordinating the Control, Risk and Compliance functions, and facilitate exchanges with business lines and support functions
- Adapt and "customize" the Internal Control framework of each institution fully taking into account its specificities to meet its own management needs
- Develop a culture of Internal Control and empower the business lines in the deployment of Permanent Control frameworks
- Position Permanent Control functions as a partner of business lines.
