E-mail not displaying properly? Click here to view it in your web browser.
Newsletter of the ABA Business Law Section Committee on
  Corporate Compliance
Join the Committee Online

Letter from the Co-Chair:
The Compliance Conundrum

Featured Article
  Justify Your Worth:
Add Value to Your Customer's Business Objectives

May Survey:
Survey Results Emphasize
"Culture of Compliance"


Editorial Board:

Mary Helen Gillespie
    VP, Compliance Manager,
    Resource Management & Planning
    TD Bank

  Letter from the Co-Chair: The Compliance Conundrum
Committee Chair, Agnes Bundy Scanlan
Agnes Bundy Scanlan, Committee Co-Chair

Compliance risk management is everyone's responsibility within an institution. Further, the institution's senior management has responsibility for setting the tone and reinforcing the culture of compliance established by the board, and implementing the measures to promote the culture.

Yet the compliance staff need to be appropriately independent of the business lines for which they have compliance responsibilities. A particular challenge for many organizations is attaining an appropriate level of independence with respect to compliance staff operating within the business lines.

Compliance independence should not, however, preclude compliance staff from working closely with the management and staff of the various business lines. To the contrary, compliance functions are generally more effective when strong working relationships between compliance and business line staff exist. This supports our efforts to become 'trusted advisors.'"

As senior leaders, we must continue to enhance and expand our monitoring, testing and awareness programs through such actions as self monitoring, regulatory issues management, and regulatory change management.

The primary responsibility for complying with applicable rules and standards rests with the individuals within the organization as they conduct their day-to-day business and support activities. The board, senior management, and the corporate compliance function are responsible for working together to establish and implement a comprehensive and effective compliance risk management program and oversight framework that is reasonably designed to prevent and detect compliance breaches and issues.

The Board of Directors' responsibilities are further defined to:

  • Set an appropriate culture of compliance; and promote a culture that encourages ethical conduct and compliance.
  • Have an appropriate understanding of the types of compliance risk.
  • Ensure that senior management is fully capable, qualified and properly motivated to mange compliance risk.
  • Ensure the views about the importance of compliance are understood and communicated by senior management across, and at all levels of, the organization through ongoing training and other means.

We will discuss these and other issues in much more detail at our annual meeting next month in Toronto. I look forward to seeing many of you there, especially at two events taking place August 5th at the Westin Conference Center. The Privacy and Anti-Money Laundering: An Oxymoron? discussion takes place from 8 to 10 a.m. at the Queen Quay Rooms l & ll. This session will provide great information, timely discussion, and practical approaches. And, we have ensured that you have time after the session to make your way to the Corporate Compliance Committee Meeting from 10:30 to 11:30 a.m. at the Yonge Room.

All best wishes, Agnes

Agnes Bundy Scanlan, Esq., is co-chair of the Corporate Compliance Committee of the Business Law Section and co-vice chair of the Consumer Financial Services Committee of the Business Law Section of the American Bar Association. She is the Chief Compliance Officer of TD Bank, NA and Global Chief Privacy Officer of TDBG, based in Boston.

back to top ↑

  Featured Article
Carrie B. Cote, Esq.
Carrie B. Cote, Esq.
Justify Your Worth: Add Value to Your Customer's Business Objectives
Carrie B. Cote, Esq.
As compliance professionals, we must justify the cost of compliance. It is often not the act of complying that has our clients concerned, but rather the cost of complying. How often have you heard the words "Assume the risk" from one of your clients? In many instances, despite our best efforts to educate, inform and advise our clients, a risky business decision is made in the interest of saving dollars. In this economy, no matter what our business is, we are all looking for ways to conserve our resources. Not only are we looking for ways to save, but we have to contend with the increasing cost of virtually everything. Even the cost of compliance is increasing every year. In a recent survey conducted by Thomson Reuters entitled, "Cost of Compliance Survey for 2011," 71 percent of the 371 companies surveyed said they foresaw an increase in the cost of compliance for the coming year. But as we all know, scrimping on compliance is not in our client's best interest. As such, we must do our best to substantiate our services and add value to our client's business plans.


back to top ↑

  May Survey: Survey Results Emphasize "Culture of Compliance"

Thank you to the committee members who participated in our recent survey; your feedback is integral to providing information to the committee leadership. Surveys provide an important opportunity to listen to, and understand your needs.

Eighty percent of respondents going to the Annual Meeting in Toronto next month plan to attend the Privacy and Anti-Money Laundering: An Oxymoron? program. We look forward to seeing you there.

Of the topics that you identified as helping you make a more positive impact in your organization, the Top Three are:

  1. Developing Business Controls: Building a culture of compliance
  2. Key Risk Indicators (KRI): How to define measure and share with senior management
  3. Compliance Program Structure: Major Processes and Core Activities

This will take focused effort from all of us.

Committee Co-chair Agnes Bundy Scanlan says the elements of a strong compliance risk management program from the perspective of the OCC include:

  • Establishment of risk appetite
  • Holistic philosophy for compliance
  • A seat at the table
  • Identify, measure, monitor and control risk
  • Ensure the right infrastructure
  • Management Information Systems (MIS)
  • Tone at the top
  • Accountability
  • Training

Agnes also reminds all committee members working in financial institutions that the Federal Reserve Bank ("FRB") is emphasizing its SR 08-8; Compliance Risk Management Programs and Oversight at Large Banking Organizations with Complex Compliance Profiles. ( http://www.federalreserve.gov/boarddocs/srletters/2008/SR0808.htm)

"Firmwide compliance risk management refers to the processes established to manage compliance risk across an entire organization, both within and across business lines, support units, legal entities, and jurisdiction of operations. This approach is well demonstrated in areas such as privacy, affiliate transactions, conflicts of interest and fair lending," Agnes said.

Oversight is provided by the board and various executive and management committees. With that said, the FRB guidance directs our attention to the fact that the compliance function has day-to-day responsibility for overseeing and supporting the program; and plays a key role in controlling compliance risk. That responsibility falls upon each and every one of us.

"Our organizations are expected to have more robust processes for identifying, assessing, controlling, measuring, monitoring, and reporting compliance risk, and for providing compliance training throughout the organization in order to appropriately control the heightened level and complexity of compliance risk," Agnes said.

To review the graphic results of the survey, click here.

Thank you again for your interest and participation.

If you would like to be published and are passionate about any of the above topics, please contact us, we want to hear from you.

back to top ↑


The Corporate Compliance Committee is actively recruiting passionate and committed individuals to serve as Directors to seven Business Law Administrative Committees.

Under your leadership, our Corporate Compliance team and the other directors of the Business Law Administration Committees will work together to serve our members effectively by aiding in the execution of business plans and the exchange of vital information.

The role of a Director includes:

  • Attending all in-person meetings and participating in all conference calls of the assigned Administrative Committee.
  • Staying informed and reporting back to the Substantive Committee leadership regarding the activities and plans of the assigned Administrative Committee.
  • Representing the views and interests of the Substantive Committee as to matters being considered or undertaken by the assigned Administrative Committee.
  • Coordinating activities and programs between the Substantive Committee and the assigned Administrative Committee.
  • Assisting the assigned Administrative Committee in achieving Section objectives.

Corporate Compliance will be appointing seven Directors; one each to the following Business Law Administrative Committees:

  • Content
  • Diversity
  • Meetings
  • Membership
  • Pro Bono
  • Publications
  • Technology

For more information, please contact Corporate Compliance Co-chair Agnes Bundy Scanlan at agnes.bundyscanlan @tdbanknorth.com.

back to top ↑