Senior Management and Compliance

Compliance, Risk and Governance

This report presents to the board of WB a brief overview of the key findings from the review undertaken, elucidating the concerns recognized from the initial findings from an internal audit. The report, then offers a clear clarification as to why continuation of existing practices (and lack of correctional measures) will be risky and detrimental to WB. The report also includes an initial plan of action to address the weaknesses pointed out, both in the short-term and long-term and an explanation of the necessity of the proposed corrective actions, some of which are pre-emptive.

Brief Overview of Key Findings

One of the key issues identified within the internal audit was that a number of high-risk investment products, with a suggested minimum investment term of over 10 years, were sold to consumers aged in the 80s (high-risk category). What is more, such proposals were not communicated to the board of the company before finalizing the deals. Secondly, there is an indication of a poor sales and compliance culture. The investigation revealed a lack of due diligence in the internal audit, record-keeping of customer accounts. It was found that there had been minimal oversight of sales activities in relation to high-risk products, either by management within that area or by the Compliance and Assurance team. Apparently, WB lacks a well-founded compliance culture presently. An organization's culture dictates the climate that is set, and it encompasses the guiding principles, rules, and regulations that are followed by personnel and staff. If the culture within an organization is not set to address and ascribe to compliance issues, the organization is bound to end up in disarray (Kedia et al., 2016). The company ought to take into consideration issues regarding compliance as an important part of its strategy and work ethics; ignoring them can lead to poor business decisions, growing number of dissatisfied clients and under constant scrutiny of regulators (that harms reputation as well as speed of operations). WB should address issues regarding urgently, as it is likely to have a disparaging effect on most of the activities in the organization (KPMG, 2008).

In addition, the internal review of operations within the division revealed training weaknesses relating to both the sales team and the Compliance and Assurance team. Lack of employee training is detrimental to the company in the long-term. This is largely because personnel will continue being ignorant of some crucial requirements, leading to a lack of understanding of any breaches or violations in the conduction of service and sales agreements. Therefore, eventually, the company runs the risk of continued (even if involuntarily, out of ignorance) transgressions from personnel, which can lead to losses for the company in the end. Furthermore, it was found that there was no compliance or governance, risk and compliance manual in use within the division. Instead, the staff depended upon ad hoc guidance and information, and that there was a limited level of reporting and interaction between the branches and main Compliance and Assurance Team. This is a significant aspect for WB to take into consideration as it increases the likelihood of wrongdoing and misconduct. The lack of a compliance manual implies that the personnel as well as high-level staff do not have access to rules, regulations and policies that they should adhere to, and observe (KPMG, 2008).

Action Plan to Overcome Weaknesses

It is imperative for every organization to have effective governance, risk, and compliance practices entrenched into the work culture of an organization. They imply the manner in which management assesses and safeguards against pertinent risks, monitors, and assesses the efficacy of internal controls, and reacts to, and enhances operations centered on learned discernments and acumen. GRC is the incorporation of all governance risk assessment and alleviation, and compliance and control activities to function in combined effect and poise. A GRC approach can aid generate business value by decreasing expenditures, ascertaining operational inadequacies, justifying controls, and facilitating identification and management of risks (KPMG, 2008).

Compliance of Board of Directors and Senior Management

The board of directors of the company is responsible for overseeing the management of WB's compliance risk. The action plan promulgated by the board is the approval of the company's compliance policy encompassing an official document that establishes a permanent and efficacious compliance function. Compliance with appropriate and pertinent laws, rules, and standards ought to be perceived as a vital means to this end. The board is accountable for guaranteeing that an apt and fitting policy is in position to manage the company's compliance risk. The board should undertake oversight of the execution of the policy, as well as making certain that senior management determines compliance problems effectually and expeditiously by employing the compliance function. The board ought to at least an annual assessment of the magnitude to which it effectually manages its compliance risk (KPMG, 2008). The main task of board of WB is putting good governance into practice, and enabling the different departments and branches of the organization to undertake their work in compliance with regulations and strategic objectives. In particular, this extends down to encompass roles, responsibilities and reporting.

The senior management of the firm is accountable for the effective management of its compliance risk. The action plan to be undertaken is for the senior management to institute and convey a compliance policy, for making certain that it is adhered to, and for reporting to the board of directors on the management of WB's compliance risk. In the short-term, the senior management should establish a written compliance policy that encompasses the basic principles to be followed by both, management, and staff, and elucidates the key procedures to help recognize compliance risks and managed through all levels of the organization. In particular, intelligibility and transparency might be instituted by distinguishing between overall standards for all members of staff and rules that are applicable to solely particular groups of staff (KPMG, 2008).

Another responsibility of WB's senior management will be to make certain that the compliance policy being observed takes into account accountability for guaranteeing that pertinent remedial or disciplinary action in the event of any breaches in their compliance are perceived. With the help of the compliance function, senior management of WB should at least, annually ascertain and evaluate the key compliance risk issues facing WB and the strategies for mitigation thereto. Such strategies ought to address any associated shortcomings in the effective management of prevailing compliance risks, in addition to the need for any supplementary policies or processes to counter new compliance risks ascertained, owing to the yearly compliance risk assessment. Secondly, they ought to report any material compliance disasters to the board of directors in a timely manner (KPMG, 2008).

Compliance Manual and Program

Part of the action plan is for the company to establish and implement a compliance manual or program. In essence, the compliance manual delineate basic principles that have to be observed and adhered to by all the senior management and personnel. In addition to the establishment of the compliance manual, WB should ensure that they follow the program together with the laws, regulations, and rules associated to business operations. In particular, this ought to be undertaken with the main purpose of making sure that the company forms an even more ethical corporate culture that is equal and sincere, irrespective of whether it is personnel or executive, and irrespective of work titles or duties. In order for the compliance manual to be effective, it has to include eight distinctive elements (Wulf, 2011).

First, WB has to have high-level company employees or staff who undertake effective oversight and have the authority to directly report to the governing entity such as the Audit Committee.

Second, the program should include written policies and procedures. These are internal controls and standards of conduct that ought to be reasonably capable of diminishing and curtailing the probability of misconduct. In addition, the standards should be integrated into a written code of conduct that facilitates audit systems and other processes to have a practical likelihood of averting and identifying wrongdoing (Compliance 360, 2016).

The third element is training and education. The compliance program should encompass the aspect of informing personnel through education and training. This is not only to inform them of the prevailing regulations and policies but also the new and revised ones.

The fourth element of the compliance program encompasses lines of communication. WB must take effective steps, to communicate periodically and in a real-world way, its standards and processes, and other elements of the compliance and ethics programs throughout the organization, including senior management and the board of directors. In particular, WB should have a system of record encompassed in its compliance that facilitates it to not only manage but also convey information concerning change in regulations and create automated alerts to make certain that those involved and responsible for implementation are aware and informed of the latest updates (Compliance 360, 2016).

In addition, standards ought to be implemented through punitive guiding principles that are well publicized. The program should also encompass internal compliance monitoring. The compliance program and manual should include responses to recognized transgressions as well as corrective action plans, and lastly risk assessments that are undertaken in a periodic manner. In general, WB ought to recompense those actions that exhibit observance to an ethical culture and penalize/warn individuals who fail to comply with the company's ethical standards. In addition, the compliance manual and program for WB should encompass guiding principles and courses of action that necessitate the company to undertake suitable investigative actions in reaction to alleged or perceived transgression of compliance and ethics codes. What is more, the company ought to also take fitting measures to safeguard the privacy of investigations (Wulf, 2011).

Compliance Culture

The compliance culture of a company is a key driver that influences the behavior and conducts of those operating within it. In numerous cases, such as that of WB, it can be perceived that the cultural issue is at the core of the problem. What the board of WB ought to undertake is to instigate change and implement a compliance culture. To begin with, this action plan necessitates a vision, direction, as well as final product that is acceptable to all. This implies defining and outlining a culture that they wish for, what it ought to appear like, and how to achieve it. Implementation of a compliance culture necessitates communication. Having clear and well-defined statement provide guidelines and direction to the individuals within an organization. Therefore, instituting the compliance culture necessitates not only the managers but also other personnel to understand the plan for change, and the precise manner in which it will be achieved (Volkov, 2014). Another aspect that should be communicated is the available support and access to assistance to understand what to do, how to raise concern and any problems as well as the sources of guidance. In addition, it is important to communicate to the employees the sanctions applicable for failure of compliance and adherence to the expected procedures and processes (Volkov, 2014). A culture that obliquely approves and allows wrongdoing can allow for illegal behavior. Imbedded authorizing of wrongdoing is the unspecified message from the top that more insistence is applicable to job accomplishment than to the means, ethical or not, by which the undertaking was achieved (Kedia et al., 2016).

In addition, the leaders within the organization have to lead by example. According to Mcdermott (2014), the most ineffectual way to alter or instill company culture compliance is making a decision as what the new culture should be, generating a list of values and thereafter declaring it as culture. Rather what should take place is for the managers to undertake things in a different manner and thereafter enlisting other personnel to act and operate differently as well. If such new actions generate better outcomes, then they have a better chance of recognition, and thereby assimilation (Mcdermott, 2014). In the case for WB, it is imperative to outline the right way to undertake sales and the proper manner for record-keeping. It is also imperative for the board to reward merit. Commonly, a key aspect in following culture within the organization encompasses punishing the individuals that do not stick to the set regulations. However, what the board of WB has to include is, rewarding good conduct, such as for having proper sales and record- keeping. This is a great prospect for the board and executive managers to underpin actions that further the objectives and values of the company. In addition, it underpins the best practices for personnel. Not only is constructive reinforcement better in comparison to negative reinforcement for instantaneous motivation, but an environment of recurrent, optimistic and constructive affirmations is also a largely more satisfying and conducive setting for overall, sustained improvement. The employees of WB will, assuredly, welcome such change (Mcdermott, 2014).

Compliance Training

Considering the results of the overview, the necessity of compliance training amongst the Compliance and Assurance team seems imperative. This is to facilitate and make certain that there is a diligent compliance of the range of regulatory demands. What is more, WB should instigate incessant learning and education in updating understanding and acquaintance, increasing cognizance and enhancing efficacy of the compliance function. Compliance training should be a vital element of WB's compliance management system. What is more, with the regulations changing rapidly, it is imperative for the company to assimilate and integrate training into its outlook, endeavors and budgets (Temenos, 2015). To ensure the sustainability of a compliance program that is effective, every member of WB, ranging from the board of the company to the staff, have to be educated and knowledgeable with training in the pertinent laws, rules, and regulations that have an impact on the company. The training ought to be targeted to particular job functions, and in this case, WB should target the sales function.

With respect to the company, the members of the board ought to have a general education program to make certain every member has adequate and proper information to develop as well as implement a compliance management system that makes sure compliance with pertinent federal and state consumer protection laws, rules and regulations. On the other hand, the personnel should receive targeted training on sales (Temenos, 2015). Backing and support for training has to emanate from the highest level. Therefore, with regard to WB, the board and senior management have to comprehend, convey, and support the fact that the regulatory alterations and modifications are multifaceted and overwhelming (Temenos, 2015). Compliance in general is not solely the work of the board or executives but rather for the organization as a whole. Therefore, training and education for the personnel and workforces increases the capacity to tackle any perceived problems within the organization. Training and education of personnel through awareness programs can aid the company address its main problems. In addition, training should include integrity as well having transparent dialogue with the staff.

Compliance Management System (CMS)

The action plan recommended for WB is to establish and institute a compliance management system (CMS). An efficacious compliance management system encompasses three interdependent actionable components, which include oversight by the board and management, a compliance program and compliance audit. The key actions with respect to board and management oversight encompasses establishing clear and explicit expectations regarding compliance within the organization. In this regard, personnel ought to have an unambiguous understanding that compliance is significant. In addition, clear policy statements should be adopted and have a framework for processes across all the operations of the company. WB should also appoint a compliance officer to manage the Compliance and Assurance team in order to increase the level of authority and accountability. Together with the compliance and assurance team, the compliance officer has to interact with all departments and sections of the company to stay well-informed of changes that may necessitate action owing to perceived risk (FDIC, 2012).