Register now or log in to join your professional community.
Internal audit and compliance are both important control functions in any bank.
While IA concentrates on assessing parts of the organization after the fact and looks at a process or department holistically, and in some cases may advise as is the more recent direction; compliance is involved before that. the role is to ensure that all regulatory requirements are made aware within the bank and implemented, also acts as the interface/ communicator with regulators.
the3 tier compliance resposiblity can be viewed as being (1) first and foremost, everybody's business as everyone is responsible to ensure the respective department understands and applies requirements, (2) compliance department, to monitor and report and support as needed, (3) internal audit to assess and test, after the fact.
Also, many times you would find that compliance either directly or via a committee provides updates to the audit committee as well as to the board of directors or via the audit committee.
it is a multifacetted relationship which can seem to have various overlaps, but mostly is not ..
There are3 lines within financial risk management.1st line, which is the Bank's operations.2nd line which is a specialist risk and compliance function and the3rd line which is audit. it's called the three lines of defence model and is used in all Banks across the world. In this repsect, compliance are a second line oversight, advisory and challenge for any first line risks and risk control measures. They're involved in risk management everyday whereas audit will perform more thematic, sample based reviews to ensure that risk management controls are as effective as they are supposed to be.
As Gary explained the three lines of defense, where Compliance placed at second line to conduct business risk assurance using Risk based approach and provide their review report to the business and senior management.
While Internal controls / audit also review Compliance and AML functions effectiveness.
The department of Compliance, Internal Audit and Operational risks are mandatory by regulators to analyse, asses, mitigate and report the financial and non financial banking risk.
Internal audit is an appraisal activity, conducted by the entity , for the benefit of the entity.it is internal in terms of scope and objective.you make controls in place, monitor them and take corrective action.it is not legal or regulatory requirement.
Whereas, compliance, it is very important, comes from top like regulator instructions. some steps of doing business or practice are done in a specifc way i.e. fixed way, u can not deviate, so you test whether those practice are folowed or not.