Kroll's review would assess whether the compliance and risk functions are fit for purpose and ensure that all regulatory and other requirements are met through adequate policies, processes and procedures within your firm.
Most functions within a firm are audited and monitored on a frequent basis by the compliance and risk functions. However, the review and assessment of these functions themselves is frequently overlooked, especially if the firm does not have an Internal Audit function or resources allocated to it.
Under the overarching organizational requirements of SYSC 4 and the more specific requirements of SYSC 6 and 7, firms are required to ensure that they have adequate compliance and risk functions as demanded by their nature and complexity and the regulated activities that they undertake. There is increasing focus in the marketplace and from investors on operational risk, the role of the control environment and the compliance function.
For a firm to have confidence in the ability of its compliance and risk functions, it may become necessary to request an independent party to review and comment upon the validity of its operations, and the effectiveness and coverage of the activities of the oversight functions. Those responsible for managing these functions are facing constantly shifting goalposts, and without an independent expert health check, it is possible to fail to meet requirements or to allow areas to fall behind the curve of expectations. The regulatory environment is turbulent and the requirements placed upon firms frequently shift.
Kroll's review would be tailored to provide the firm with an analysis of the appropriateness of the compliance and risk functions, taking into consideration the nature, complexity and size of the firm as well as assurance that the stated policies and processes are followed through an independent examination. We would assess key documents and interview key personnel in the functions plus senior management if required. The output can be either formal or informal.