Wednesday, January 30, 2013

Having a Living and Breathing Risk Register

The new compliance management systems such as ClientCareMonitor build an automated Risk Registers that remain “live” within your firm.

A risk register is not something that as a COLP you refer to once a quarter or annually – it should updated to reflect the current situation within your firm

Using the example of Data Protection. Data Protection is likely to be category in your Risk Register identified as a low risk. If you however a member of staff admits that they left a client’s file on the train – this would be something that you act on immediately and your Risk Register should then be updated to reflect the increased risk. Your systems should record the circumstances, the outcome of the investigation, whether there is a material or non material breach how the risk will be mitigated in future – e.g. prohibiting file removal. Only once you have conducted further reviews and recorded them on your systems will the risk them be lowered in your Risk Register. 

No comments:

Post a Comment