- Does the firm proactively seek to identify risks and compliance events? This must be done hand in hand with the business silos of your firm. Analysis, testing and surveillance are keys to a successful compliance program.
- Whether policy or control breaches tolerated? Your WSP’s or P&P’s should describe the actions that will be taken in the event of a breach.
- Are supervisors effective role models of the firm’s culture? This is NOT a ”do as I say – not as I do” situation, supervisors must display the proper attitudes and be examples of correct and compliant corporate actions.
- Are the individual areas of the firm (branch offices, trading desk, investment banking) conforming to the culture that the main office and C-suite officers are establishing?
- And most importantly, are control functions valued within the organization?
So, it is paramount that a firm’s management articulate and demonstrate a high standard of ethical behavior. Management must “own” the culture, because once non-compliant actions and unethical activities are tolerated, the cancer spreads faster than you can imagine. Compliance flows down from the top.