A top-down approach highlights the behaviour of regulatory changes in the financial institution and helps the Compliance Officer to build a strong Governance. This principle is also known as “tone at the top” in ethical and responsible business behaviour. From the highest management level throughout the rest of the organisation, the correct behaviour is emphasised. This allows sensitising the weakest chains in the organisation.
How is top-down approach handled in Business projects?
Having the support and ownership by senior stakeholders in the management committee and/or the supervisory board in compliance related projects helps to improve the
Compliance Maturity.
Specification of the sub-levels and creation of building milestones in a project is vital.
In the top-down approach, a company must breakdown the different steps that are needed and create sub-levels that specify all the milestones to become compliant, or map all building stones with specifications.
Top-down engineering to ensure completeness of regulatory requirements
A new law or regulation will be evaluated and the requirements will be listed by content or features. During the top down ”engineering” of the requirements, departments/stakeholders, functional changes within systems, applicable documents, updates in
policies and procedures will be listed up. Timeframes, deadlines and dependencies are added to enhance the transparency.
This holistic view allows to perform an extensive gap-analysis. It also makes communication towards stakeholders easier if regulatory requirements are not met. The consistent application of policies and procedures throughout the organisation -regardless of the compliance aspects- will be stimulated from the beginning. Once all elements are clearly defined and understood, the requirements can be distributed for completion.
What are the differences between top-down and bottom-up Compliance culture?
Bottom-up Compliance is the approach whereby necessary changes are identified and requested mostly due to audit findings or issues. This reactive approach is more challenging in obtaining good results. However, in certain projects, the bottom-up principle is used by Compliance departments in test scenarios.
At the writing of this article, some financial institutions are still finalising their changes in the ex-post reporting under
MiFID2.
To test the rollout of the ex-post reports and the developed subset of changes, a dummy account is used for testing purposes. All transactions in different asset classes performed during 2018 on this dummy account are known in advance. The content or outcome of the ex-post report can be verified based on the testing scenarios. This allows to intervene before sending out the mandatory yearly reports.
If the rollout of the report matches the assumptions, then one could have the comfort of knowing that the production environment can be activated.
This brings our role as Compliance experts closer to the business and will stimulate collaboration with all internal colleagues. And isn’t this a welcome evolution in the Compliance world?