PLAN AND ESTABLISH COMPLIANCE MANAGEMENT SYSTEM

BSBCOM603

MUHAMMAD ZEESHAN ASLAM

TS 463
Assessment Task 1

Research plan

Charity-care is based in Brisbane, and is limited public company under the 2001
Corporations Act by guarantee. It is registered as a charity in compliance with 1996
Collections Act. The organization’s single Centre opening just two years ago has expanded
steadily to its current size. This study performs research on and recommends a suitable
enforcement management framework for the company.

The following outlined tasks are needed to be carried out:

 Research internal and external compliance criteria

 Make analyses for qualitative and quantitative information to review compliance
management alternatives
 Draft a report for senior management authorities, identifying an effective
compliance system for the organization.

INTRODUCTION/ COMPLIANCE?

Compliance may be simply be interpreted as approval or assurance that the behavior is

executed in such a manner by the producer or supplier that it meets the requirements of
agreed practices, legislation, established rules and laws, specified norms or contractual
obligations. Compliance cannot be regarded as a specific division or operation but should be
coordinated with all of an organization’s policies, priorities, and activities. Good compliance
is required and therefore must be manifested in every aspect of the performance of the
company.

RESEARCH METHODS:

Some suggested research methods are as follows: 
 Evaluate the understanding, communication and training system of the board
committee, managerial staff of the importance and implementation of duties and
responsibilities;
 Assessment of identified risks and management strategies,
 Identification and management of areas with risk of non-compliance, such as gap
review 
 Analyse the effectiveness of the organisational compliance framework,
 Review reports on compliance systems, policy amendments and violations of
enforcement,
 Review results have indeed been generated from the training programmes.

A plan and budget for conducting the research:

Plan Description Timeframe Budget

Collecting  Collecting Immediate
implementation
information information on Internal
compliance,

 Collecting external
compliance requirements.

Data review  Qualitative and Within Three weeks

quantitative information of time
analysis,

 Assess the
measurements of
compliance management.

Reporting Identifying a viable Within Three weeks Followed within

compliance system for the of time framework of
organisation. expenses policy

Part 2 – Written report

1. Introduction

1.1 Introduction of Charity-Care

Charity- care is headquartered in Queensland, and is a registered liability company under

the 2001 Corporations Act by guarantee. It is registered as a charity in compliance with 1966
Collections Act. The organization’s single Centre opening just two years ago has expanded
steadily to its current size.

Charity- Care hires around 50 staff, which is facilitated by community volunteers in various
charity tasks. Charity- Care provides two primary community services at the front line:

 Community-Care - two 100sqm first-floor drop in office centers located in Spring Hill

in on Brisbane's Northside and Wooloongabba on Brisbane’s
Southside offering counselling facilities, short term ‘rent loans’ and $20
grocery gift food vouchers for the vulnerable. Each centre is equipped with a manage
r, receptionist, office clerk and four counsellors’ staff, a reception/ waiting room, two
counselling offices and a kitchenette for the general office area. Personal information
on people receiving therapy services is compiled and registered in a centralized
 database that is accessible from all computers in the centre. Volunteer staff runs the
contact centre and visits from local companies and households requesting donations.

 Computer- Care a small company on the CBD fringe specialising in the sale of re-
conditioned second- hand ex- government machines for educational purposes to
vulnerable families. A 1000 square metre warehouse and repair centre in Fairfield, a
suburb of Brisbane, supports the tiny 70 sqm store. The shop picks up 50 percent of
the machines and the warehouse delivers 50 percent. Repair computers are dropped
off and retrieved from warehouse. Customers pay maintenance charges to the
employees of the service centre. There is a software care programme manager who
oversees the shop with 15 staff, the warehouse (8 workers) and the support centre
(4 staff).

 Charity- Care headquarters is located in Fortitude valley. Business managers have

offices in this headquarters. There is a boardroom, reception/ waiting area and an
open office area where each bookkeeper has a workstation for the accounts payable,
accounts receivable, payroll clerk.

1.2 Purpose

Compliance is a systematic system that promotes ethical handling of operations and events
by organisations and their employees. With the highest degree of competence, and in
compliance with the standards of law and regulation. Therefore, by defining and evaluating
its qualitative and quantitative details, I will recommend the most effective choice and
compliance framework for this organization, in accordance with the internal and external
compliance requirements of charity-care.

2. Compliance requirements

2.1 Internal compliance requirements.

Because the company expanded quickly and there was little time for the management and
regulatory processes to catch up. Issues were found with the last audit so there was some
dissatisfaction among the stakeholders of the association about how the organization was
operated- especially with the process of cash handling and record keeping transactions. The
company is entirely focused on giving the clients best possible results. The company’s ethos
is all about having a nice time when supporting the group.

The management went on to argue that several initiatives are documented; however, there
are still some preparation and motivational concerns related to their proper
implementation. Those policies include:

Policies Purposes Requirements

Work health and Giving its employees,  date of incident
safety policy contractors and visitors, a safe  name of individual who submitted report
and secure work environment.
 time of incident/threat

The welfare of the workers  place of incident/threat

must always be a first priority
of Charity -Care. No job is so  incident/threat type
critical that there could be a
 incident report or hazard summary
danger to a person’s health
 the individuals concerned

 witnesses to testify

 sustained losses

 description of losses/injuries

 Steps taken to mitigate hazard or reduce

post incident threat.

Equal Equal employment Charity-Care recognises theduty as an

employment
opportunity ensures that employer to remove and ensure future
opportunity policy
fairness and equality must exclusion from its system of any source of
form the foundation of all direct and indirect discrimination on the
decisions surrounding jobs, grounds of any variables not relevant to
training, and promotion that including race, colour, national or ethnic
affect workers at the work. origin, nationality, sex, marital status,
pregnancy, age, status as a parent or carer,
political conviction, social origin or
impairment.

Expenses policy The intent of this policy is to  Shows and meals

ensure you are adequately
reimbursed for direct  Repayment of small expenses/ short-term
expenses related to work- cash advances.
related activities out of the
funds, and that Charity-Care is
eligible to claim taxable
expenses.

Financial handling Defining protocolsto be  There must be two valid signatures on all
policy followed while issuing cheques
cheques on account of
Charity-Care.  Qualified signatories are members of the
board or workers previously elected and
 approved by the board.

 Both of these have the right to sign

cheques.

 Signatories cannot sign for themselves a

cheque made payable.

Expense To define protocols to be Charity-Care will refund its employees

reimbursement followed in the repayment of
costsexpended on behalf of
Charity-Care.
(including volunteers) for any fair and
approved expenses they may incur on account
of Charity-Care or in the course of Charity-
Care business.

Credit card policy Ensuring that corporate

transactions are performed as
effectively as possible using
credit cards and debit cards
when required.

Prevent the abuse of

company’s credit cards.

Sexual Charity-Care acknowledges  Rude jokes/ personal remarks, negative

harassment policy remarks,inappropriate written messages
the significant problem of
(email/ SMS), or derogatory telephone calls
sexual harassment and is
committed to ensuringa  Smiling, patting, pinching, 
workforce free of sexual abuse rubbing or needless affection 

 Persistent requests for 
sexual favours or for outings 

 Showing offensive 
Signs, photos, or graffiti. 

Risk management Risk is intrinsic part of all  

policy
businesses. This approach is
not aimed at removing risk but
at balancing the risks inherent
in all charity- care operations
in order to optimise rewards
and reduce adversity.
 A strategic perspective 
 Looking forward thinking 
and successful management 
strategies 
 Balance between the risk 
reduction costs and the 
expected benefits
  Risk assessment in case important 
Risks to the project are discovered.

2.2 External compliance requirements.

Charity-Care is adhered to preserving the privacy and confidentiality of its clients and
supporters as set out in the privacy policy. The Charity-Care supports the Privacy
Amendment Act 2000 and the National Privacy standards, and is bound by them. It is
important to preserve the privacy and confidentiality of the people. Company supports in
maintaining integrity and offering respectful assistance. Charity-Care gathers and uses
confidential customer details, only with customer permission, to offer the best possible
assistance and:

 To determine whether clients meet special assistance eligibility requirements

 For internal monitoring

 The continued growth and expansion of assistance programs

 To assess the success of the aid programs

 To determine the essence of community needs

 To planning of future programs.

Consent on the use of personal and confidential information for research purposes is
also sought. However, this information is often de-identified prior to review, so it is not
possible to distinguish specific clients from any study or article. The Charity-Care also
vigorously works to ensure that all private information received, is secured from misuse,
unauthorized access, alteration or divulgation.Company has internal protocols for data
security and electronic data transfer and all donations and communications made on-line
via website are free.

2.3 Industry specific compliance requirements

Compliance is a major aspect of Australian corporate governance. Legislators are

proposing the introduction of detailed enforcement requirements into legislation. Courts
also suggested the cost of not providing a compliance plan can and should be
significant.Accordingly, it is understood that a compliance plan presents an incentive not
only to enhance the efficiency of an agency, but also reduce the costs of non-compliance
with legal and other obligations.
With regard to the policy on receivable accounts, its object is to specify the accounting
policies and procedures for documenting, receiving and disclosing Charity- Care owing
moneys. The purpose of all communications between Charity-Care employees and Charity-
care customers or clients is to treat all inquiries in a tactful and polite manner.
Under the law of corporation, charitable or non- profit entities are usually recognized as
public corporations and are limited by guarantee. Restricted by contract means the liability
of the owners of the corporation is restricted to the sum that the members agree to add to
the company’s properly until it is wound up. A company’s registry establishes a distinct
legal body from its members. The company can keep properties, and can prosecute and
appeal. Companies are licensed under the Corporations Act, 2001 which is ASIC –
administered commonwealth law. Australia generally accepts the registration of a
corporation.
.
Therefore, in terms of non-for-profit regulation, Charity- Care must at least:

 Have three supervisorsorat least one secretary.

 Have minimum one member.

 Have an Australian registered office address and principal place of business.

 Have its registered office open and publicly available.

 Be regulated internally by a constitution or by replaceable laws.

 Maintain a member’s list.

 Keep a record of all minutes and agreements of the directors' and members
‘meeting.

 Nominate a registered auditor for the company within one month of its registration.

 Hold the financial reports right.

 Plan, audited and file financial statements and reports at the end of each accounting
year.

 Send a copy of the annual statements and audits to its members, unless the member
has a contractual agreement with the organization not to accept them.

 Annual general meeting shall be held once a calendar year within five months of the
end of the financial year.
Compliance effects

2.4 Areas affected

From charity-care case study, the areas that were affected by compliance system are
listed below:
1) risk management policy 

2) Sexual harassment policy 

3) Credit card policy

4) Expense reimbursement

5) Financial handling policy

6) Expenses policy

7) Equal employment opportunity policy 

8) Work health and safety policy

9) Audit report

Many initiatives are recorded but there are still some preparation and motivational
problems relevant to their proper implementation. The enforcement programme
that has been developed will help strengthens those policies. There are concerns in
the audit report that should be included in the audit report; in fact the audit report
did not discuss such concerns.

The issues are addressed in the following areas, in a word:

1) Warehouse 
2) Retail store
3) Counselling centers
4) Head office

Much misconduct have been identified in these fields, some of the operations that those
fields have conducted are not following the standards iorganization.

2.5 Risks
Compliance risk is characterized as the risk of legal penalties, material financial loss, or loss
of credibility that the Bank may incur as a result of non-compliance with laws its own
legislation, code of conduct, and best/good practice standards.
Compliance risk is also often related to as honesty risk, because the credibility risk of a Bank
is closely related to adherence to ethical standards and fair dealing. There are financial
issues which are caused by wrongdoings. Compliance risk management is part of the
discipline of organizational, risk control and compliance (GRC). The three fields also intersect
with legislation such as the Sarbanes-Oxley Act in the areas of crisis management, internal
auditing, organizational risk assessment and enforcement. Compliance provisions include
damage fees, fines and voided contracts, which may lead to the loss of credibilityof the
organization and business opportunities,
Penalties
An infringement occurs if the regulation is not upheld, if:
1) an action has been taken that puts a person at risk of serious injury, illness or
death
2) steps have not beenprevent a dangerous situation
3) the non-compliance with the regulatory criteria
There are three types of offences for failure to perform a health and safety obligation under
the WHS Act or an electrical safety obligation under the ES Act, based on the extent of
severities or liability involved.
Class 1:
 The highest punishment for a category 1 crime under either the WHS Act or the ES
Act, These are the most serious infringements where a holder of duty who carelessly
places a person at risk of death or serious injury. District court will seek crimes
involving reckless behavior.
Corporation: up to $3 million
 Person as an individual carrying on a company or undertaking (PCBU) or as an officer:
fine up to $600 000 / prison for up to 5 years. Person e.g. worker: fine up to $300
000/ prison for up to 5 years.
Class 2:
 Non-compliance with a obligation on health and safety duty or electrical protection
that brings a person at risk of death, serious injury or disease. Magistrates Court
investigates such crimes.
 Corporation: estimated fine of up to $1.5 million
 Person as a PCBU or an officer: up to $300 000
 Person for example employee: up to $150 000.
Class 3:
  Failure to perform a duty related to health and safety duty or electrical protection.
These crimes are investigated in the Magistrates Court.
Organization: up to $500 000
 Person as a PCBU or an officer: up to $100 000
 Person for example worker: up to $50 000.

2.6 Risk minimisation

1) Evidence of daily meetings: minutes, agendas, notes, slideshows, etc.

2) Standard study scenario test runs: test plans, study results, etc.
3) Recent change management documentation(such as reports showing ongoing
changes) and analysis of the BCP plan (such as the version history of the BCP plan
and related documents)
4) receiving a license
5) To fundraising authority.
6) Running the door-to-door appeal or street gathering the streets

3. Compliance systems

The compliance framework is how a management programme that:

 Thinks about its obligation to comply

 Make sure workers understand these duties.

 Guarantees the integration of specifications into the company processes

 Operations are analysed to ensure duties are fulfilled and requirements are met

 Takes corrective steps and upgrades materials as appropriate.

The justification of its significance could be inferred as it assists in managing risk. A

regulatory programme helps mitigate risks arising from changes in product and service
offerings and implements new legislation to resolve industry changes. Otherwise, failure to
comply with consumer protection laws may lead to the lawsuits, monetary penalties, and
other formal compliance actions.

These are three interdependent elements an effective enforcement system :

 Ultimately, The Board’s
Directors are responsible for compliance officer
Board and
the creation and
1. management
implementation of a CMS that
oversight
maintains compliance with
federal consumer protection compliance committee
laws and regulations.

In general, A financial
institution will develop a Policies and practises
structured, written compliance
program.as well as being a
coordinated and structured
attempt to direct
theenforcement activities of Training
the agency, a written
Compliance
2. curriculum isan important
program
source document whichwill
serveas a training and
reference resource for all Surveillance
employees. A well- planned,
implemented and managed
compliance system can deter or
mitigate regulatory breaches,
generate cost efficiencies and is Responding to customer complaint
a sound measure.

Audit scope (including divisions,

branches, product categories and
A compliance audit is a
the relationships with third-party
systematic review of
reviewed)
compliance by an organisation
with consumer protection laws,
and compliance with policy and
procedures. The audit assists Deficiencies or adjustments
Compliance management in ensuring reported
3. audit continuing enforcement and
defining criteria for compliance
risk. It complements the
internal control programme Number of packages sampled by
run by the organisation. The commodity class group
board will decide the nature of
an audit, and the pace of Descriptions of, or
auditing. recommendations for, corrective
behaviour and corrective time
frames

4. Conclusion

In conclusion, this study examined the charity- care organization’s performance and the
internal and external Charity-Care compliance criteria were addressed in the study. The
study also addressed relevant industry compliance criteria. So this study discussed the
consequences of the organization’s compliance. The organization’s enforcement framework
has also been evaluated.

Part 3 – Written reflection

Type of research undertaken:

 Research internal and external compliance criteria

 Make analyses for qualitative and quantitative information to review compliance
management alternatives
 Draft a report for senior management authorities, identifying an effective
compliance system for the organization.

The development of research plan:

Plan Description Timeframe Budget

 Collecting
information on Internal
compliance,
Collecting Immediate
information  Collecting external implementation
compliance
requirements.

qualitative and
quantitative information
analysis, Within Three weeks
Data review
Assessing the of time
measurements of
compliance management.

Identifying a viable Followed within

Within Three weeks
Reporting compliance system for framework of
of time
the organization. expenses policy

The development of survey tool to collect data to select compliance

In establishing this policy, the following three principals were followed :

 Compliance systems must be appropriate and commensurate with the value of

their target performance.
  Therefore, compliance monitoring systems must be effective and proportionate to
the costs and workload of participants, without losing the desired performance.
 Ensuring enforcement expenses must be proportionate to enforcement benefits.
 Review reports on enforcement compliance processes, regulatory amendments
and infringements of legislation.
 Review findings have been generated from the training programs.

How the budget was allocated:

Community-Care

Community-Care is annually sponsored by a philanthropist entrepreneur who gives the

charity a portion of the annual income from his electrical retail business. This has been
about $800,000 p.a. in this last year. The call Centre generated from, local businesses and
households, about $300,000 per annum.

Computer-Care

Computer-Care offers over $1,700,000 a year: $1,400,000 from the retail sector and
$300,000 in maintenance fees. The profit margins are low but the total net income comes to
be $150,000 p.a. appreciably sponsored by the landlord of the fringe CBD shop offering it
rent-free access for the first 5 years.

The intent of this policy is to make surethat people are properly refunded for direct
expenses related to work-related activities out of the pocket, and that Charity-Care is
eligible to report and claim taxable expenses. The budget will also make sure that all
spending is on the operations of Charity-care and compiles with the financial and
Procurement legislation of the organization.

Analysis of qualitative and quantitative data:

Collection Analysis

Qualitative data  Surveys  Simple graphs for

 Observations viewing the data by
checking of
correlations
between two or
more elements.
  Cluster analysis,
useful for
definingrelationship
s between subject
groups of where no
clear hypothesis
exists.

 The data was

ordered and coded
into classes and
 Interviews themes. The best
 Focus groups way to find out
Quantitative data
 Postcards which ones are
 Observations appropriate for your
work is to address
this with academic
colleagues

TASK-2
1. COMPLICANCE MANAGEMENT SYSTEM

For the proposed compliance management system:

a) The management information system requirements

 A management information system (MIS)

 A management information system (MIS) is a set of systems and procedures that
gather information from a range of sources compile it and present it in a readable
format. Managers use an MIS to create reports that provide them with a
comprehensive overview of all the information they need to make decisions ranging
from daily minutiae to top-level strategy. Today’s management information systems
rely largely on technology to compile and present data, but the concept is older than
modern computing technologies.

Requirements: a management information system can be a costly investment. In

addition to purchasing an MIS software package and hiring extra IT personnel to
oversee and maintain the system, a company must train all employees to use the
system. Front-line employees often perform the first two steps in an MIS, data
collection and input, leaving them with less time to focus on productive activities;
this can increase overall salary expenses. Weigh the costs of an MIS against the
potential benefits before implementing this tool in the business.

 Payroll system

A payroll is a company’s list of its employees, but the term is commonly used to refer
to:
 The total amount of money that a company pays to employees
 A company’s records of its employees’ salaries and wages, bonuses, and
withheld taxes
 The company’s department that calculates and pays there
 Payroll in the sense of “money paid to employees” plays a major role in a
company for several reasons.
k
c
C
u
W
D
h
s
/
-
g
n
T
w
y
o
p
lm
a
iv
r
t
e
M
R
U
O
S
P
E
H
b) Identify all components of the compliance management system

Improving information management practices is a key focus for many organizations, across
both the public and private sectors.

This is being driven by a range of factors, including a need to improve the efficiency of
business processes, the demands of compliance regulations and the desire to deliver new
services.

‘Information management’ is an umbrella term that encompasses all the systems and
processes within an organization for the creation and use of corporate information.

In terms of technology, information management encompasses systems such as:









Web content management (CM)
Document management (DM)
Records management (RM)
Digital asset management (DAM)
Learning management systems (LM)
Learning content management systems (LCM)
Collaboration
Enterprise search

Information management is, however, much more than just technology. Equally
importantly, it is about the business processes and practices that underpin the creation and
use of information.
c) The specifications of the above components

 Internal – policy and procedures

 External – laws and requirements of associations

2. PERSONNEL

a) Personnel requirements for staffing,

 Working with existing staff

 Extensions to job descriptions

b) The following suitable personnel from those available,

 Warehouse Manager –Jack O’Toole

 Retail Manager – Mary Taylor
 Woollongabba Community center manager – Juith Moore
 Spring Hill Community Centre Manager – Helen Ng
 Bookkeeper – Jenny Aviel

c) Key responsibilities to each position,

 Warehouse Manager –Jack O’Toole: asset management and asset security

 Retail Manager – Mary Taylor: asset security, accounting information
 Woollongabba Community center manager – Juith Moore: duty of care, cash
handling
 Spring Hill Community Centre Manager – Helen Ng: asset management
 Bookkeeper – Jenny Aviel: reconciliations
 Payroll clerk – Tom Brown: authorizations
 Accounts Receivable Clerk – Maggie Saldais and John Tomlin: financial records
 Receptionist Spring Hill – Julie Jones: privacy
 Receptionist Woollongabba – Peggy White: privacy

3. TRAINING

a) The training requirements for implementing the proposed compliance management

system:
 -
f
k
I
P
R
U
u
h
s
w
O
g
d
v
c
e
r
t
in
la
p
m
o
C
 Company policy compliance
 Computerized financial accounting system

b) Training options for staff:

ROLE
Warehouse Manager –Jack O’Toole

Retail Manager – Mary Taylor

Payroll clerk – Tom Brown
Accounts Receivable Clerk – Maggie Saldais
and John Tomlin
Bookkeeper – Jenny Aviel

4. PROCESSES

a) A complaints management system

TRAINING OPTIONS
Company policy compliance

Emergency systems
Computerized payroll system
Computerized accounting system

Personal development and computerized

accounting system

Complaint handling solutions monitor developing trends through integrated tracking and
reporting. Leading manufacturers are taking a global approach to their complaint handling
process by implementing web-based systems that ensure compliance, reduces product
safety risk and streamlines the complaint handling process.

THE COMPLAINT-HANDLING PROCESS

b) Strategies for developing a compliance management culture

 Better communication:
 Effective standard of compliance is published.
 Training involves external providers.

 Senior management
Focus on the communication of the value of compliance and demonstration of
management commitment to compliance.

 Processes and procedures for identifying and managing compliance breaches

 Establish (Plan): context of the organization, leadership, support and

planning.
 Implement and operate (Do): operational planning and control, business
impact analysis, risk assessment, business continuity strategy, business
continuity procedures and exercising and testing.
 Monitor and Review (Check): monitoring, measurement, analysis and
evaluation, internal audit and management review
 Maintain and improve (Act): nonconformity and corrective action and
continual improvement.

c) Operational management

 Health, Safety and Wellbeing

 Anti-Discrimination and Freedom from Harassment
 Equity
 Fraud and Corruption Control
 Financial Management Practices
 Information Privacy
 Right to Information

d) Processes and procedures for meeting compliance reporting requirements

 Internal controls
 Policy and procedures
e) Processes and procedures for internal and external liaison processes

Support services: if this sounds too daunting, be reassured that there are providers out
there, like Compliance Experts, who can help you. When looking for a provider, one of the
most important considerations is experience in the compliance field. This way you know the
technical solution they offer is built on a foundation of practical know-how, and you can be
sure that this will be reflected in the features of the system.

f) Performance indicators to be measured by the system so that it can be objectively

evaluated

 Individual compliance
 Training numbers
 Number of complaints
 Number of breaches
 Ratio of payroll errors
Gross earning minus payroll deductions

5. ADMINISTRATION

a) The budget required to resource implementation

 Human resources for developing

 Implementing
 Reviewing and maintaining the proposed compliance management system

b) Timeline outlining target milestones

Time Milestones Action

IMPLMENTATION 01-11-2020 Around 4-6 months Implementation a
policy and procedure
TRAINING 15-11-2020 Around 2-3 months Provide a training
program to
employees.

REVIEW AND 30-11-2020 Around 1-2 months Review an action plan

MAINTENANCE goes through well and
avoids the risk.
Task 3: (Written Report) Establish, monitor and review plan
Assessment 3 Overview
You are required to establish the compliance management system within the organization
(Charity Care), and then report on your monitoring and review of the system.
Scenario
You are an external consultant hired to research, plan, implement and monitor a compliance
management system. You will need to follow your plan to train personnel in their specific
duties in relation to your implementation plan. You will then need to monitor your plan by
meeting with those personnel at a later date to gather information on performance in
accordance with your plan. Finally, the CEO has asked you provide an evaluation of the
implementation of your plan. To meet organizational requirements, you will need to
prepare a report for senior management.
EXECUTIVE SUMMARY
Charity-care operate in a dynamic environment influenced by community service emerging
technology, and market globalization. To remain profitable in such an environment, Charity
continuously assess and modify their product and service offerings and operations in the
context of a business strategy. At the same time, new legislation may be enacted to address
developments in the marketplace. All these forces combine to create inherent risk. To
address this risk, a financial institution must develop and maintain a sound compliance
management system that is integrated into the overall risk management strategy of the
institution. Ultimately, compliance should be part of the daily routine of management and
employees of a financial institution. This chapter discusses the elements of an effective
compliance management system -- board of directors and management oversight, the
compliance program, and the compliance audit.
ESTABLISHMENT OF SYSTEM
Leadership on compliance by the board of directors and senior management sets the tone in
an organization. The board and senior management should discuss compliance topics during
their meetings. They should include compliance matters in their communications to
institution personnel and the general public. Institution management and staff should have
a clear understanding that compliance is important to the board and senior management,
and that they are expected to incorporate compliance in their daily operations. Policy
statements on compliance topics provide a framework for the Charity-care’s procedures and
provide clear communication to management and employees of the board’s intentions
toward compliance. Regardless of size or institution complexity, the first step a board of
directors and senior management should take in providing for the administration of the
compliance program is the designation of a compliance officer. In developing the
organizational structure of the compliance program, a board and senior management must
grant a compliance officer sufficient authority and independence to:

 cross departmental lines;

 have access to all areas of the institution’s operations; and
 effect corrective action.
A compliance committee, as an alternative to or in addition to a full-time compliance officer,
could be formed consisting of the compliance officer, representatives from various
departments, and member(s) of senior management or the board. However, the ultimate
responsibility of overall compliance with all statutes and regulations resides with the board.
A qualified compliance officer will have knowledge and understanding of all consumer
protection laws and regulations that apply to the business operations of the financial
institution. The compliance officer should also have general knowledge of the overall
operations of the institution and interact with all of the departments and branches to keep
abreast of changes (e.g., new products and services or business practices, personnel
turnover) that may require action to manage perceived risk.
In larger or more complex charity-care the compliance officer may devote all of his or her
time to compliance activities. In smaller or less complex institutions, where staffing is
limited, a full-time compliance officer may not be necessary; instead, the compliance
responsibilities may be divided between various individuals by type of regulation, such as
financial, training.
A compliance officer's general responsibilities, regardless of the size or complexity of the
institution's operations, include:

 developing compliance policies and procedures;

 training management and employees in consumer protection laws and regulations;
 reviewing policies and procedures for compliance with applicable laws and
regulations and the institution's stated policies and procedures;
 assessing emerging issues or potential liabilities;
 coordinating responses to consumer complaints;
 reporting compliance activities and audit/review findings to the board; and ensuring
corrective actions.
When more than one individual is responsible for compliance responsibility and
accountability must be clearly defined.
MONITORING METHODOLOGY
This is a proactive approach by the institution to identify procedural or training weaknesses
in an effort to preclude regulatory violations. Institutions that include a compliance officer in
the planning, development, and implementation of business propositions increase the
likelihood of success of its compliance monitoring function. An effective monitoring system
includes regularly scheduled reviews of:

 disclosures and calculations for various product offerings;

 document filing and retention procedures;
 posted notices, marketing literature, and advertising;
 various state usury and consumer protection laws and regulations;
 third party service provider operations; and
  Internal compliance communication systems that provide updates and revisions of
the applicable laws and regulations to management and staff.
Changes to regulations or changes in an institution's business operations, products, or
services should trigger a review of established compliance procedures. Modifications that
are necessary should be made expeditiously to minimize compliance risk, and applicable
personnel in all affected operating units should be advised of the changes.
Monitoring also includes reviews at the transaction level during the normal, daily activities
of employees in every operating unit of the institution. This might include, for example,
verification of an annual percentage rate, or a second review of a loan application, before
the transaction is completed. Monitoring at this level helps establish management and staff
accountability and identifies potential problems in a timely manner.
Compliance officers should monitor employee performance to ensure that they are
following an institution's established internal compliance policies and procedures. The
frequency and volume of employee turnover at an institution should be factored into the
schedule for reviews. Such reviews are especially critical after problems have been noted
during past audits or examinations, regulations change, new products are introduced,
mergers occur, or when additional branch locations are opened.
RESULTS AND ANALYSIS
It is concerned mostly with an outcome of corporate processes ie a breach of the law. Law is
not typically concerned with the design of those management processes that lead to a
compliant or noncompliant outcome. However, in order to be able to evaluate corporate
compliance programs, regulators need to look at internal management processes and what
they should be doing (although outcomes are of course important too). In management
parlance, breaches of substantive legal standards are ‘lag’ indicators – the measure only
crystallises when the problem is too late to prevent. Most law traditionally focuses on lag
evaluations (albeit often with limited success because of corporation’s ability to hide the
evidence). By contrast appropriate ‘lead’ indicators can go further back into the process of
corporate management of compliance to help produce a more sophisticated understanding
of why breaches are occurring and how they can be prevented and corrected.
CONCLUSION
The methodologies for evaluating corporate compliance management are critically
under-developed at present. The three phases of corporate compliance management
set out in Figure One are a helpful way of thinking about what jobs evaluation and
measurement of compliance programs should do. Table One summarizes some of the
methodologies and measures that are available to do these jobs. Evaluation by
regulators of corporate compliance management is important because it promotes a
virtuous cycle of open self-regulation. The goal is that companies themselves will
evaluate their own design, implementation and outcomes of their compliance
management systems. It is only through this process of self-evaluation that companies
will develop the capacity to detect, prevent and correct their own breaches of ethical,
social and legal responsibilities. However, they will only be motivated to do so because
they know that regulators (and stakeholders) have powerful, sophisticated evaluative
capacities to hold them accountable for their attempts at compliance management (and,
of course, their breaches of legal responsibilities). In other words, external evaluation of
corporate compliance management is a critical democratic capacity. It is one of the few
things we can do to change the way large companies manage their own behavior for the
better.