Deloitte recently published 'Enterprise compliance: The Risk Intelligent approach' which reviews "what is needed for organizational units, and geographies, enabled by people, processes, and technology. The goal? An integrated model of compliance across the organization that helps ensure ethics are being followed at every level."

In this excellent book Deloitte include the tough questions board members are asking about these issues in, for example:

• Industry: Which organizational structures have we considered for our compliance management approach? Why did we choose the one we have in place today?
• Industry: How are new players in our industry innovating to address their compliance risks?
• Emerging issues: What's changing – and what's our game plan for changing with it?
• Education: Where in each job description is the individual's responsibility on compliance clearly spelled out?
• Transparency: Where have we fallen short in compliance reporting, and how are we addressing the problem?
• Risk assessment: How does our compliance risk assessment feed into enterprise risk management (ERM) assessments? Growth and M&A risk assessments? Internal audits? External audits? Do we define ERM somewhere?

This general approach obviously applies to the corporate treasury department as well.

Q&A
Last month TREASURY & RISK discussed treasury's role in enterprise compliance, with two of the firm's thought leaders: Robert Biskup, director of forensic and dispute services, and Melissa Cameron, a Deloitte principal who specializes in treasury. Both of them see the treasury function as a key, and often neglected, player in corporate compliance efforts. Indeed their conclusion is that "many treasury teams are too lean to implement critical controls."

In answering questions put to them by TREASURY & RISK, Biskup and Cameron made several importants points, including:

• "having a compliance-oriented mindset in the leadership of the treasury organization is especially critical"
• "We often see a very high reliance on dual control—for example, in initiating and transmitting a wire transfer—which means that if two people decide to collude, they'll break through just about every treasury control the company has"
• "We tend to see much less reliance on segregation of duties between a front office and a back office in treasury"
• the first steps that the average company should take to start improving compliance processes in treasury:
  • "start doing quarterly reviews of system entitlements in all the company's treasury and banking platforms. That doesn't require new technology, just added vigilance. Organizations may want to create detective controls, as well. For example, if a systems administrator adds new users into treasury systems, an automated report might be sent to the treasurer, controller, or CFO. This would enable the manager to determine, "Did Joe Blogs really join the organization, or is Joe Blogs a fictitious person that was created by a systems administrator to get around dual controls?"
  • Companies should also pay special attention to whether they transact with their counterparties through any basis other than standard settlement instructions. If they choose to transact on a basis that allows routing to be developed and executed on any trade, then they have a higher risk profile than companies that use standard settlement instructions with their financial counterparties. Businesses that are doing that need to have additional reviews, and they need to set up templates for those kinds of wiring instructions."

 

Read more in the full article - recommended - here.