International regulations (Basel III, Solvency II, MiFID, IFRS, the EU Parent-Subsidiary Directive, …), national legislation, specifications of the executive power or industry associations (Corporate Governance Index, MaRisk, CSSF, …), statutory requirements form a multidimensional framework of requirements and objectives, standards of conduct for businesses of all sizes and service offerings.
A risk-based approach respects operational and strategic priorities in the implementation of rules. This way the compliance risk can be controlled ethically and economically. Accordingly, likelihood and impact of rule violations analysed, evaluated and assessed. An embedded in the application catalogue of risks permits a documentation of the results.
Both external standards and – derived – internal specifications can be linked to the catalogue, so that the current risk situation and the interdependencies can be reported at any time. The impact of externally or internally initiated modifications to the rules can be analysed systematically and automatically resulting in a quick and consistent change management. This approach saves time and costs minimising the compliance risk.