Skip Navigation Links
Products and Services
Partner Community

Financial Services – Requirements Addressed

The Compliance 360 online solution reduces the overhead and risks of regulatory compliance and governance, enabling increased focus on the core business of providing quality services and creating shareholder value. With over 100,000 active users, Compliance 360 is one of the most widely used compliance, risk and governance solutions today.

Key industry requirements addressed by Compliance 360 include:

Compliance with Dodd-Frank and other Federal and State Regulations

Financial Service organizations face the new regulatory challenges of the Dodd-Frank Act in addition to existing federal regulations as well as unique regulations varying among the 50 states. In spite of this increasingly complex regulatory environment, many financial services organizations today continue to address regulatory compliance in a highly reactive mode. Without the right tools in place, executives are often unaware of compliance problems until they are faced with a negative event, such as a data breach, whistleblower allegation or a consent decree. The risks include penalties, fines, litigation and potential negative media coverage.

How can Compliance 360 Help?

With Compliance 360, you can organize all relevant statutes and regulations and link them to the corresponding policies, procedures, surveys and remediation plans to construct your evidence of compliance. With our certified content partners, we keep you abreast of newly proposed laws and regulations as well as newly enacted laws. The system helps you manage all facets of compliance and audit management within the framework of your overall corporate governance and risk management initiatives. The collaborative tools from Compliance 360 enable proactive demonstration of corporate governance, risk and compliance management initiatives by automating processes associated with assessing and monitoring risk, managing the risk response strategy, linking risk management data to compliance activities and providing a comprehensive view of all risk-related activities through an executive dashboard. Finance, audit and risk management professionals have the ability to organize and manage projects across the organization, document audit tasks and audit findings, track issues, manage remediation tasks, and record resulting actions.

CFPB Exams: Compliance Assessments

With the CFPB raising the bar for examination assessments related to regulatory compliance, financial services organizations, now more than ever, need the ability to proactively self-assess and demonstrate that their compliance management programs are effective.

How can Compliance 360 help?

Automation of compliance self-assessments in Compliance 360 is based on the assessment checklists outlined in the CFPB Supervision and Examination Manual. These include:

  • Home Mortgage Disclosure Act
  • Real Estate Settlement Procedures Act
  • Consumer Leasing Act
  • Electronic Fund Transfer Act
  • Truth in Savings Act
  • Privacy of Consumer Financial Information

With this system, online dashboards and reports show the overall state of compliance as well as details corresponding with each of the compliance categories. Compliance officers can monitor completed and open tasks, owners and due dates, and receive alerts regarding critical items that are overdue to quickly determine their impact on a company’s overall compliance status.

Click here to learn more and request the CFPB Risk and Compliance Assessment Solution Brochure.

CFPB Exams: Consumer Risk Assessments

With the CFPB raising the bar for examination assessments related to consumer risk, financial services organizations, now more than ever, need the ability to proactively self-assess and demonstrate that their risk management programs are working effectively.

How can Compliance 360 help?

Automation of consumer risk self-assessments in Compliance 360 is based on the risk assessment templates outlined in Part III of the CFPB Supervision and Examination Manual used during the examination process. These include:

Inherent Risks –

  • Nature and Structure of Products
  • Consumers to Whom Products are Marketed
  • Marketing Methods and Sales Organizations
  • Ongoing Customer Relationship Management
  • Compliance Management Challenges

Additional Risk Factors –

  • Marketing and Advertising
  • Consumer Complaints
  • Magnitude and Severity of Potential Harm
  • Supervisory History

Quality of Consumer Compliance Risk Controls and Mitigation –

  • Board of Directors and Management
  • Authority and Accountability for Compliance
  • Compliance Risk Management Program and Oversight
  • Product and System Development and Modification
  • Training
  • Complaint Management

Compliance 360 organizes the CFPB risk universe into risk frameworks. The configurable frameworks store the relevant information about processes, objectives, risks and controls and the relational structure between these as well as the supporting documentation. Additionally, risk frameworks contain the scoring methodology used in risk assessments and controls testing. Workflow processes are used to manage the creation or changes associated with any level in the Risk Framework hierarchy.

Click Here to learn more and request the CFPB Risk and Compliance Assessment Solution Brochure.

Demonstrating Compliance Program Effectiveness

Having the ability to proactively demonstrate the effectiveness of a compliance program is now critical for financial services firms. The focus of regulators is shifting from the existence of a compliance program to proof that demonstrates the effectiveness of the compliance program. Regulators are raising the stakes by asking the question – “Can you prove that your compliance program works?

One prominent example is the SEC Whistleblower Program launched in May of 2011. The program authorizes the SEC to pay rewards to individuals who voluntarily provide the SEC with original information about a violation of the federal securities laws that leads to a successful enforcement action that results in monetary sanctions totaling more than $1 million. The SEC has also established a framework for evaluating cooperation in determining whether and how to charge violations of the federal securities laws. This framework includes the potential for reduced sanctions for organizations that have established ‘effective compliance procedures’.

How can Compliance 360 help?

With Compliance 360, financial services organizations can clearly communicate all policies and procedures to significantly improve employee relations and reduce the likelihood of whistleblower allegations and establish the protections needed if a whistleblower event occurs.

Compliance 360 serves as the “compliance system of record” as it streamlines the compliance process across the enterprise. The system provides global visibility to compliance activities allowing organizations to address compliance initiatives through a single application, assisting in the organization’s overall communication and supporting a state of continual readiness for audits.

Throughout the entire legal and regulatory compliance lifecycle, the Virtual Evidence Room provides a central collection point where all compliance and risk management documents and activities are easily tracked and linked back to their relevant laws, regulations and standards. The unique Virtual Evidence Room creates a dynamic body of evidence of compliance and ensures a continual audit‐ready state for the organization.

Learn More about Demonstrating Compliance Effectiveness

Regulatory Audits (SEC, FDIC, CFPB, OTS, OCC, NCUA, FINRA)

Regulatory agencies are becoming more aggressive as they pursue inspections of financial services institutions. Federal agencies are hiring more inspectors and implementing tougher inspection criteria. It is imperative that financial services organizations be able to respond quickly and effectively to prove compliance with all applicable regulations and standards, thus reducing the risk of penalty and potential damage to the brand.

How can Compliance 360 help?

Using Compliance 360, you can organize all applicable regulations, assess your organization’s compliance with those standards and link all evidence of compliance to each regulation. You can also import the inspection standards into Compliance 360 allowing your organization to ensure that each of the aspects that will be covered during the inspection have been accounted for.

All of the data can be organized by line of business or individual entity and assessment results can be rolled up using the Compliance 360 integrated reporting tool to provide an organization- wide view of regulatory compliance. Finally, because Compliance 360 is delivered as an online solution, financial services organizations can optionally streamline audits and reviews by delivering data to regulatory agencies and allowing regulators to access a secure, restricted view of the information, right from their computers.

Internal Audits

With increasing demand for control and transparency, internal auditors now more than ever, need direct visibility into compliance and risk management activities. But, gaining an unobstructed view is impossible with an isolated system. Compliance 360 offers a contemporary internal audit system, designed from the beginning with tight links to compliance and risk management.

How can Compliance 360 help?

Compliance 360 allows organizations to establish a single repository of information related to audits and audit work papers. You can use Compliance 360 to track all of the tasks associated with audits, identify gaps, manage remediation efforts and link all of the data required to support audit findings. Learn More.

Learn more about managing internal audits with Compliance 360.

Fraud, Waste and Abuse / Whistleblower

In light of increasing regulatory scrutiny, the risk of fraud, waste and abuse allegations has increased significantly. The financial incentives for whistleblowers (qui tam witnesses) can create a very compelling motive and necessitates the establishment of preventative and response measures. Improving the management and overall outcomes of fraud, waste and abuse claims now harbors a significant financial advantage for most organizations.

How can Compliance 360 help?

With the Incident Management capabilities of Compliance 360, you can centrally manage the investigation of all types of fraud, waste and abuse claims. All information compiled for each investigation is centrally stored in Compliance 360. The investigative process is streamlined by dynamically routing the incident to the appropriate person based on the type of incident and the stage of the investigation. Additionally the Incident Management system provides a complete audit trail of actions and signoffs for accountability.

Sensitive investigation data is secured for each business unit, with secure, central access provided to corporate Regulatory Compliance individuals for identifying issues that may be broader in nature, impacting multiple business units. This capability helps you leverage the power of your entire organization while selectively promoting best practices among various business units as desired.

Cease and Desist & Corrective Action Plans

Corrective Action Plans and Cease and Desist requirements can be very complex, creating significant risk and cost burdens for organizations of any size. The format of corrective action plans can also vary widely from state to state creating challenges for organizations seeking to standardize their operations as much as possible.

How can Compliance 360 help?

Assigning, assessing and tracking the requirements of a corrective action plan manually is virtually impractical and simply adds to the risk of missed requirements. With Compliance 360, you can centrally manage corrective action plans. To manage the internal process of implementing the corrective action plan, you can assign tasks and easily track progress and identify issues with automated alerts. You can also sort reports by responsible parties and give each individual access to the relevant sections. Responses to regulatory inquiries can be provided immediately and confidently with thorough, accurate information tracked within Compliance 360 to reduce the risk of additional sanctions and speed the corrective action process to a rapid conclusion.

Identity Theft Red Flags

Identity Theft has become a substantial risk to the brand of many organizations and Regulators are increasing their focus on proactive protection of consumer and client data. On May 1, 2009, the Federal Trade Commission (FTC) began enforcing the Identity Theft Red Flags regulations that went into effect in November of 2008. Credit-issuing organizations must establish policies and procedures to ensure that client information is secure. They must also be able prove that these policies and procedures are communicated to, and practiced by, all employees and ultimately demonstrate that the policies and procedures are effective for preventing identity theft.

How can Compliance 360 help?

Using Compliance 360, you can store and disseminate Identity Theft Red Flag policies and procedures to your entire organization, track policy acknowledgements, assess compliance with those policies and procedures, validate that third party vendors are following the identity theft policies and procedures and identify potential issues and track remediation efforts for any gaps in compliance that have been identified. Compliance 360 provides a central repository for storing the evidence in support of your Red Flags program, and the system also allows you to automate the management of all activities related to assessing the effectiveness of your Red Flags program.

Vendor and 3rd-Party Compliance Management

The FDIC and other regulatory examiners are now very focused on compliance programs related to third-party service providers (TSPs). Today many financial services organizations are not adequately overseeing their third-party service providers (TSPs) and verifying their compliance with regulations such as those tied to identify theft red flags. Although your TSPs may only be held accountable indirectly, you are ultimately responsible for compliance gaps that may exist within your TSPs. Your compliance programs must now be in place and you must be able to demonstrate their effectiveness. Establishing and communicating policies is not enough. You must be able to show that the policies are effectively practiced by your TSPs.

How can Compliance 360 help?

Using Policy Management capabilities of Compliance 360, you can store, distribute and manage your vendor management policies and procedures. With Contracts Management and integrated workflow, you can automate collaboration, establish paths for approval routes and keep everyone on track for timely revisions, reviews and renewals. You can also automate the monitoring of contracts to ensure adherence and maintain an audit trail of all contract revisions. Through the Surveys capability, you can collect attestations of compliance to specific policies and regulations with your third-party contractors and vendors, just as you would with your employees. The system is also used to identify compliance gaps and conflicts of interest, as well as manage the remediation process. Finally, Compliance 360 allows you to perform detailed assessments of your vendor management program to ensure it is meeting both internal and regulatory goals and ensure that you have substantial evidence of a strong 3rd-party compliance program to support regulatory audits and inspections.

Learn More about Third Party Risk Management with Compliance 360.


All publicly traded organizations are required to comply with the Sarbanes-Oxley (SOX) Act in the U.S. and a growing number of privately held organizations are electing to comply with the “best practices” of Sarbanes-Oxley for a variety of reasons such as maintaining adequate bond ratings.

How can Compliance 360 help?

Complex and cumbersome spreadsheets do not provide the capabilities needed to manage the data for governance, risk and compliance initiatives. Compliance 360’s SOX solution is an integrated part of the single, comprehensive compliance platform. With this solution, you can manage internal controls for financial reporting while integrating all aspects of SOX compliance, such as controls monitoring and testing, documentation, risk evaluation and measurement and monitoring with your enterprise governance, risk and compliance strategy.

Learn More

To learn how leading financial services organizations are using Compliance 360 to minimize their compliance overhead and risks, and how you can be doing the same, contact us today.


grc community

Learn & NetworkSAI Global GRC

News, insights, opinions, events, and resources of value to compliance, legal, risk, ethics and audit professionals in financial services.

compliance management for financial services

On-Demand demonstration of Compliance 360Compliance 360 Regulatory
Compliance Management for Financial Services

Learn how Compliance 360 is used to manage regulatory compliance requirements in financial services.

regulatory change management in financial services

On-Demand demonstration of Compliance 360Compliance 360 Regulatory
Change Management for Financial Services

Learn how Compliance 360 is used to monitor and manage regulatory changes in financial services.

managing vendor compliance and third party risk

On-Demand demonstration of Compliance 360 Compliance 360 Vendor Compliance
and Third Party Risk

Learn how Compliance 360 is used to ensure vendor compliance and third party risk.

an integrated risk management solution

Gain a single view of risks, obligations & controlsRisk Management Solution

Create the compliance reports your Board demands with an integrated software solution.

enhancing the value of your compliance metrics

Getting the Most From Your Ethics Hotline DataIntegrate
hotline and case management

Learn how a hotline provides more than the basics - it gives insight into the leading indicators for your entire compliance and ethics programme.