Reference no: EM133491832
Question
You are the newly appointed senior risk officer at Business Direct (BD), a firm operating and regulated in a sector and jurisdiction of your choice. During your first week in your new post, there are reports in the media of a regulatory sanction concerning Advancex International (AI), one of BD's direct competitors, which offers similar products and services. The reported sanction relates to weaknesses in the systems and controls relating to a popular product. Details of this scandal came to light through a 'whistleblower' who expressed concerns that these matters were not being taken seriously by senior management. The executive board of BD have asked for reassurance that sufficient measures are in place to ensure that there is no possibility that BD will be the subject of similar action and resultant negative publicity. As you are not yet fully familiar with the current situation at BD, you invite several of your more experienced risk colleagues to a meeting to discuss this scandal and the issue of regulatory and reputational risk more generally. In advance of that meeting, you familiarise yourself with the output of recent compliance monitoring and other relevant management information (MI) produced internally for BD.
Following your review of this, you are concerned about what you find. Your initial reading of the current situation at BD can be summed up as follows.
• MI is not being submitted in a timely manner
• MI in relation to key issues is not being effectively collated
• Limited activity appears to be being undertaken to identify and assess risks in the firm
• Risks are dealt with only on a reactive basis
• Risk assessment activity is ad hoc, senior managers are not kept informed and/or the risk assessments do not influence the design and implementation of relevant policies and procedures in the firm
• Limited quality assurance activity is carried out to review the effectiveness of existing systems and controls
• There is limited senior management involvement in, and challenge to, compliance activities.
You can also see that there have been concerns about such issues for some time, but there is very little evidence of what action has been taken to address them to date or who, if anyone, has attempted to take charge of the issues.
Part 1
With reference to the information provided in the above scenario, explain:
• what immediate action you would now take and why
• those with whom you would initially liaise and why
• the basis upon which you would prioritise your next steps. You should provide a rationale for your approach to each of these points.
Part 2
Write a short report for the executive board of BD that:
a) provides an overview of the current position identified in the scenario and your response to Part 1 to bring the executive board up to date.
b) identifies what you believe to be the key areas of concern for BD and clearly explains the likely consequences for BD if these concerns are not addressed.
c) sets out your short and medium-term actions and longer-term strategy for mitigating the key identified risks.
You should include appropriate examples in your report to support the points made and to ensure that the board members understand the issues.