Compliance Continuity Plan: A 2023 Must-Have For FinTechs

October 18, 2022
-
-
2
MIN

After the chaos that ensued because of Covid-19, many organizations got to work on drafting or revising their business continuity (“BCP”) and disaster recovery (“DRP”) plans.
Generally speaking, most BCPs and DRPs primarily address technological systems, and processes tied to the continued operation of the business; however, what they do not, or rarely directly, address are the continuous operations of business critical non-technology-based systems, such as the Compliance Management System (“CMS”). 

Compliance professionals and business leaders must also be asking themselves what happens if your compliance resource is suddenly disrupted?

Do you have the talent in-house to maintain the processes internally, or have you identified a compliance vendor to cover the workload until a permanent solution is achieved? Organizations that do not have a plan in place will likely be forced to make tough choices when their compliance oversight mechanism is disrupted.

In this article, we will discuss the concept of Compliance Continuity and the importance of having a tested plan in place before disaster strikes.

What is Compliance Continuity?

In short, compliance continuity is the continuous operation of the CMS. The Federal Deposit Insurance Corporation, (“FDIC”), has a guide on Compliance Management Systems that we would encourage all of our readers to download. In summary, the CMS is how your organization: (1) learns about its compliance responsibilities; (2) facilitates that all team members understand these responsibilities; (3) facilitates that requirements are incorporated into business process; (4) reviews operations to make sure responsibilities are being carried out and requirements are met; and (5) acts as the primary mechanism that ensures corrective action is taken and updates to program elements and compliance risk controls are completed on a continuous basis. Continuous, in this case, means without interruption.  

Now, in practical terms, the CMS includes policy and procedure oversight controls, training and development controls, anti-money laundering and fraud program controls,  reputational risk controls, the Complaint Management Program, and the monitoring, and testing program. This, however, is not an exhaustive list; depending on your organizational structure key programs such as your Third-Party Risk Management Program,  also known as the Vendor Management Program, may also reside within the realm of compliance.  

Why Would I Need it?

Beyond the fact that your organization is subject to a variety of federal and state laws and regulations, and is expected to maintain the compliance function at all times, contractually your Strategic Partners also expect you to maintain continuous oversight in this area as well. A significant component of due diligence for Strategic Partners like Bank Sponsors or other Financial Infrastructure Providers is the review of the compliance program, the AML/BSA Officer, and all other compliance staff responsible for maintaining the compliance program. If these elements are not in place, the deal will not go through. 

As a FinTech operating under the Banking-as-a-Service model, your team will remain under pressure from their bank partner to deliver compliance reporting and insights on a daily, weekly, monthly, and quarterly basis. Any breakdown in or lack of, compliance resources to deal with these reporting requirements will cause a significant backlog of required reporting in a relatively short time period. 

In a world where organizations are constantly faced with the need to streamline operations and reduce headcount, it is not uncommon to have only a single employee responsible for oversight and management of the business’s CMS and general compliance function. This creates a single point of failure.

Business leaders must think about what happens if their compliance leader goes on vacation, maternity leave, or leaves the organization altogether. How will the compliance reporting schedule be maintained without interruption resulting in a pile-up of overdue tasks?

Compliance continuity planning helps ensure that your organization can continue to meet its legal and regulatory obligations in the event of a disruption.

Who Can Be Responsible For Compliance Continuity?

In any organization, there are a number of different people who may be responsible for compliance continuity. The most important thing is to make sure that someone is assigned this responsibility and that they are aware of the importance of compliance continuity.

The person responsible for compliance continuity should be someone who is familiar with the organization's compliance requirements and who has the ability to keep track of changes. They should also be able to coordinate with other departments within the organization to make sure that everyone is on the same page.

One of the best ways to ensure compliance continuity is to have a dedicated team or individual responsible for it.

How Do You Ensure Compliance Continuity?

In short, you need a plan. Specifically, a compliance continuity plan (“CCP”). The CCP includes procedures and protocols for maintaining the compliance schedule, in the event of an interruption in coverage. 

Minimally, the plan should identify:

(1) who is responsible for ensuring the plan is kept up to date;

(2) key compliance functions and systems;

(3) the monitoring and testing schedule (including) any remediation work in-flight or expected);

(4) key counterparts and their contact information; and

(5) the primary and secondary owners of the compliance functions listed in point (2).

The benefits of having a compliance continuity plan include peace-of-mind knowing that your organization has procedures in place to maintain compliance during a disruption, as well as reduced risk of fines or other penalties for prolonged non-compliance.

Conclusion

Organizations that want to avoid the breakdown of their compliance functions, and the costly consequences associated with this,  must have a compliance continuity plan. This means having a plan in place for how to maintain compliance with all relevant laws and regulations, with a compliance continuity plan ensuring that an organization can continue to operate smoothly, despite unexpected changes or disruptions.  

Contact AskDegree today if you need assistance with crafting your compliance continuity plan.  

RELATED POST
The Evolution of the Fintech Compliance Officer Role in 2024
Demystifying the Rise of Compliance Risks in Artificial Intelligence
August 22, 2023
Fintech Compliance: A New Focus for Venture Capitalists in the US
August 22, 2023