-
·
Compliance vs. Compliance Risk – What’s the Difference?
1. Introduction 1.1 Purpose of This Guide Compliance and compliance risk are two terms that often appear together in organizational and regulatory discussions, yet they signify distinct—though complementary—concepts. This guide aims to: 1.2 Why the Distinction Matters Misinterpreting or conflating compliance with compliance risk can lead to: Thus, recognizing how compliance shapes day-to-day adherence while compliance risk addresses…
-
·
(UK) Navigating UK Regulatory Compliance: Key Challenges for Internal Auditors Post-Brexit
When the United Kingdom officially left the European Union, it triggered one of the most significant regulatory overhauls in recent British history. While many rules were initially “copied over” to maintain continuity, the UK is now free to amend, replace, or diverge from EU regulations on data privacy, financial services, trade, consumer protection, and more.…
-
·
(UK) Preparing for UK SOX: Internal Audit’s Role in the 2024 UK Corporate Governance Code Changes
The year 2024 marked a watershed moment for UK corporate governance. Spurred by high-profile corporate collapses and calls for stricter accountability, the UK Corporate Governance Code is slated for a series of changes that closely mirror the United States’ Sarbanes-Oxley Act (often abbreviated as “SOX”). While the UK has long maintained a principles-based approach to…
-
·
Internal Audit’s Role in Corporate Governance and Board Relations
Strengthening governance is at the heart of internal audit’s mission. Beyond detecting control gaps and compliance issues, today’s internal audit leaders are expected to counsel the board and audit committee on a range of emerging risks, strategic matters, and organizational ethics. By building a more collaborative, transparent relationship with directors, Chief Audit Executives (CAEs) and…
-
·
Internal Audit in Financial Services: A Comprehensive Guide to AML, KYC, and Compliance Audits
Financial services is one of the most heavily regulated industries in the world. Banks, insurers, asset managers, and other financial institutions must navigate a complex matrix of global and local regulations to protect consumers, preserve market stability, and prevent illicit activities like money laundering and terrorism financing. In this environment, internal audit functions play a…
-
·
OCC Risk Categories: Comprehensive Primer on the OCC’s Risk Categories/Risk Stripes
Enterprise risk management (ERM) has evolved from a collection of disparate risk‐control activities into an integrated, strategic discipline that underpins the resilience of today’s financial institutions. The Office of the Comptroller of the Currency (OCC) has played a pivotal role in shaping risk management practices in U.S. banking, providing robust regulatory guidance and defining a…
-
·
How Internal Audit Can Drive Continuous Regulatory Readiness: A Proactive Approach to MRAs/MRIAs and Beyond
This article aims to shift the conversation from reactive to proactive: rather than responding to MRAs/MRIAs after they’ve arisen, how can internal audit teams embed continuous readiness into their processes? It covers cultural elements, training, communication strategies, and the use of technology to anticipate changes in the regulatory landscape. This resource is tailored for a…
-
·
Building a Robust Governance, Risk, and Compliance (GRC) Framework: Balancing Regulatory Demands in Financial and Non-Financial Sectors
This piece is designed for a professional internal audit audience, delving into how to create, implement, and sustain an effective GRC framework capable of withstanding regulatory scrutiny in both financial and non-financial industries. Although IA is typically not part of the development and/or implementation of a GRC framework given that they are part of the…
-
·
The Lifecycle of Regulatory Issues (MRAs/MRIAs) & Internal Audit: From Identification to Remediation
In today’s dynamic environment, businesses—whether operating in strictly financial sectors or spanning broader industries—face a host of regulatory requirements. Regulatory bodies consistently scrutinize organizations for compliance with legal, operational, and ethical standards. In the banking world, for example, the Office of the Comptroller of the Currency (OCC) and the Federal Reserve often issue Matters Requiring…
-
·
A Primer on Regulatory Thresholds: An Exploration of Financial and Non-Financial Across the United States, European Union, Japan, China, and Beyond
In our interconnected and often complex world, regulations shape the contours of corporate conduct, economic stability, environmental stewardship, consumer protection, and technological innovation. Many of these regulations rely upon thresholds—quantitative or qualitative lines that determine when certain rules apply and when they do not. Understanding these thresholds is essential for anyone seeking to navigate the…
