After regulators cited deficiencies in its overall compliance management program, an institution sought our assistance with upgrading its program, including developing a compliance testing function. They needed help in determining what regulations and processes to prioritize, developing a suite of testing materials, developing a testing methodology and testing schedule, and executing the program.
Address regulatory expectations and strengthen the overall compliance management system by building a comprehensive testing program that adds value while ensuring the scale remains appropriate for the size of the institution.
The Spinnaker team quickly and seamlessly integrated with the client team. First, we ensured we understood the institution’s products and processes to determine which compliance risks were applicable and documented a comprehensive inventory. We then analyzed applicable compliance risks and customized a risk assessment to assess where the institution’s highest risks were. Building on the risk assessment foundation, we worked with the institution to customize a risk-based testing program and schedule, while keeping in mind the complexity, size, and resources of the institution. A pragmatic approach that met regulatory expectations was the key to success. This included determining frequency of reviews, number of reviews, as well as hourly budgets for reviews, and subsequently documenting all of the information in policies and procedures.
After building the framework for the testing program, we developed customized testing procedures. This included procedures for third-party, complaints, policies, procedures, and specific regulatory transaction testing.
To assist in implementing and executing the program, a Spinnaker consultant continued to work alongside the client team to help train and assist with testing execution. This included completing test work, advising, training, and providing a second review, where needed. As issues were identified, we helped formulate corrective actions for identified issues, and draft appropriate reporting for the client’s senior management and board.
Given the sensitivity and urgency of the deliverables, the Spinnaker team’s expertise and previous real-world experience building and fortifying compliance testing programs to meet regulatory expectations was crucial to successfully achieving desired results.