<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=552770&amp;fmt=gif">

Creating and Executing a Compliance Testing Program

Desired Capabilities

  • Compliance Program Build-Out
  • Annual Compliance Testing Plan & Execution
  • Suite of Compliance Testing Policies and Procedures
  • Regulation Applicability Inventory
  • Risk Assessment

The Situation

After regulators cited deficiencies in its overall compliance management program, an institution sought our assistance with upgrading its program, including developing a compliance testing function. They needed help in determining what regulations and processes to prioritize, developing a suite of testing materials, developing a testing methodology and testing schedule, and executing the program.

The Challenge

Address regulatory expectations and strengthen the overall compliance management system by building a comprehensive testing program that adds value while ensuring the scale remains appropriate for the size of the institution.

Meaningful Outcomes

  • Developed a compliance testing function to identify gaps and strengthen compliance controls across the institution.
  • Created a customized risk assessment and risk-based testing methodology, along with a full suite of testing materials including policies and procedures.
  • Provided testing support as needed to assist the institution in the successful implementation of the program.
  • Tested compliance controls and added value to the organization by identifying gaps and deficiencies and making recommendations to improve the overall health of the compliance management system.
  • Successfully alleviated regulatory concerns around testing and monitoring and received positive feedback on the overall improvements to the compliance management system.

Our Approach

The Spinnaker team quickly and seamlessly integrated with the client team. First, we ensured we understood the institution’s products and processes to determine which compliance risks were applicable and documented a comprehensive inventory. We then analyzed applicable compliance risks and customized a risk assessment to assess where the institution’s highest risks were. Building on the risk assessment foundation, we worked with the institution to customize a risk-based testing program and schedule, while keeping in mind the complexity, size, and resources of the institution. A pragmatic approach that met regulatory expectations was the key to success. This included determining frequency of reviews, number of reviews, as well as hourly budgets for reviews, and subsequently documenting all of the information in policies and procedures.

After building the framework for the testing program, we developed customized testing procedures. This included procedures for third-party, complaints, policies, procedures, and specific regulatory transaction testing.

To assist in implementing and executing the program, a Spinnaker consultant continued to work alongside the client team to help train and assist with testing execution. This included completing test work, advising, training, and providing a second review, where needed. As issues were identified, we helped formulate corrective actions for identified issues, and draft appropriate reporting for the client’s senior management and board.

Given the sensitivity and urgency of the deliverables, the Spinnaker team’s expertise and previous real-world experience building and fortifying compliance testing programs to meet regulatory expectations was crucial to successfully achieving desired results.