Continuous Control Monitoring is the Value Proposition by SAS to support our customers in performing oversight on control failures across domains. Risk and Compliance Executives are challenged on the scope and coverage by Board and Regulators in order assess the effectiveness of the function and the programs deployed by them. In the recent times the expectation on the Risk and Compliance functions is not limited to policy, design, and gap assessment on control programs, but to exercise oversight on the business on the control deployment gaps and ongoing failures. The primary responsibility of remediation is still with business but the risk and compliance functions as second line of defense are supposed to exercise oversight and raise challenges time to time. Such oversight and challenges process should also be sustained so that they are subjected to audit. Give the elevated expectations rolling out a systemized monitoring environment makes robust to sustain and stay agile with changed in control environment. Standard use cases socialized by customers in the form of requirements are as follows.
| Compliance obligation register: Manage and maintain the regulator compliance obligation register and repeat audit observation issues of Regulatory Inspection or Internal Audit to analyze and deploy control monitoring strategies. |
| Upstream compliance monitoring: Design the newer control monitoring program regulation against existing products and newer program against the existing regulations before going live. |
| Offsite compliance monitoring/testing: Enable to perform only offsite review of compliance control exception and gather feedback from the branches on the non-compliant account. Continuous validate the issue close using digital data. |
| Risk based approach: Perform data driven risk based annual risk assessment planning using compliance exceptions experienced and reported. Align the monitoring efforts based on the results of risk scoring of business areas. |
Benefits of Continuous Control Monitoring are
- Regulatory expectations on risk-based assurance requirements can be fulfilled using control failure-oriented risk scoring.
- Read across Regulatory/Internal Audit findings across the process and branches to ensure thorough mitigation. Leverage to perform pre-closure validation of issues and remediation.
- Ongoing 100% scanning of compliance/control exceptions related to repeat Inspection/Audit findings and Policy controls with 'zero tolerance' appetite.
- More productive hours for business as the system provide fact-based insights on the control exceptions rather the static MIS exception reports (leading to back and form email communications)
- Minimize travel cost, review time and redundancies between control programs by operating on the remote digital platform and cross leveraging data, analytics, rules, and remediation reports.
