Deloitte has supported an international company in a highly regulated industry, with the Assessment of their ‘second line’ Compliance Program. The recommendations connected with the Assessment were used as input for changes in the organizational structure, responsibilities and to develop a Roadmap to embed a risk-based compliance framework within the organization.
During the project, Deloitte developed the ‘Nine Compliance Components’ Framework. We assessed:
We reviewed documentation (policies, procedures, examples), interviewed employees of the Ethics & Compliance department, as well as stakeholders from other governance functions and business management of different regions and countries in order to obtain comprehensive insight. This was supported through surveys and comparison of outcomes with industry good practices.
The recommendations arising from the assessment were used to develop a Roadmap towards greater maturity of the Compliance Program and integration thereof within the organization in order to ensure the high-risk compliance risks are adequately covered by the right function and without leaving gaps or creating duplications. In addition, the organizational structure, including reporting lines, were updated to embed a more efficient and effective organization whereby management has timely insights into the issues that matter.
The Compliance Components Framework