Governance, risk & compliance

Reliable compliance and regulation practice is absolutely vital. Our compliance consultants have the breadth of in-depth knowledge of corporate governance and risk management to make sure no procedure is overlooked. 

We are leading compliance experts on complex regulatory issues such as Solvency II, Key Information Documents (KIDs) for PRIIPs and Data Protection / General Data Protection Regulation (GDPR), providing clarity to our clients and the wider industry via regular communications such as articles and press commentary. Our expert compliance professionals can support you in meeting your regulatory and risk management challenges in a cost-effective and compliant manner.

We also provide general compliance support. Whether it’s developing and updating your compliance manual, designing your compliance plan and audit programme, reviewing financial promotions, handling complaints, or providing answers to any other rules-based compliance questions, we have the technical know-how to solve your problems.

Information sheet: OAC Governance, Risk and Compliance Services (PDF)

Business governance

Governance is the totality of values, beliefs, systems and controls used by a business to ensure it conducts its affairs to the high standard expected by all stakeholders. Successfully managing conduct risk within a financial service business has been set as a high priority by the regulators and, of course, every business wishes its customers to be wholly satisfied with the service and benefits they receive.

Our governance, risk and compliance consultants can help you achieve success in this critical area by deploying their technical expertise and experience, gained from working in a wide range of firms, to bring independent oversight skills, added value learning and technical know-how to the programme established by in-house resources.

Examples of how we can help include:

  • Solvency II – We are leading experts in this field, both in actuarial activity but also in the development of the ORSA, and in how to satisfy governance requirements. We can guide you through the ongoing challenges you face with embedding down the regime within your operations.

  • Senior Insurance Managers Regime (SIMR) / Senior Managers and Certification Regime (SM&CR) – Compliance with these approved person’s regimes is complex as there are different rules applying to different types of firm. We can assist you with an assessment of any part of your implementation and our cloud-based solution ("TRAC10") has been developed to ensure compliance.

  • Board Governance – To satisfy the standards set by the SIMR / SM&CR, boards will need to structure themselves to deliver the prescribed responsibilities and the conduct standards defined in the PRA and FCA rules. An important aspect in this is an assessment process to establish “has the board defined its objectives adequately and is it effective in delivering them”. Our knowledge of best practice, and seeing many boards in operation, enables us to help you with such assessments.

  • Risk Management Solutions – Effective risk management is seen by the regulators as the central core to good governance and successful deployment of the ORSA as a business management and capital planning tool. We provide a suite of risk management software tools to help your organisation embed effective risk management throughout your business e.g. TRAC10 for SIMR and The Risk Database.

Jackie Wright

For more information
Jackie Wright
Senior Regulatory Compliance Consultant

Regulatory compliance

OAC is adept at undertaking a combination of services for clients, from one-off projects, audits, outsourced services to general consultancy. 

Clients are also kept up to date about new regulatory changes and initiatives through regular newsletters and articles containing our commentary, guidance and clarity on how those changes affect their businesses.

Jackie Wright

For more information
Jackie Wright
Senior Regulatory Compliance Consultant

Internal audit

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation's operations.

OAC's internal audit service is designed to meet the above criteria by performing audits to evaluate whether the five components of management control are present and operating effectively, and if not, provide recommendations for improvement. Those five components are the control environment, risk assessment, risk-focused control activities, information and communication, and monitoring activities. So, in a nutshell, it's evaluating internal control.

Our bespoke service can help by providing:

  • Consultation with management and Audit and Risk Committees to identify priority areas for examination - so that each audit is tailored to your specific requirements.
  • Independent assurance that your organisation's risk management, governance and internal control processes are operating effectively - and if not, providing recommendations for improvement.
  • Assessing your organisation’s management of risk.
  • Evaluating controls and advising managers at all levels.
  • Assisting management in the improvement of internal controls.
  • Evaluating risks - identifying key activities and relevant risk factors and assessing their significance.
  • Analysing operations and confirming information.
  • Full compliance reviews - ensuring that the organisation is adhering to relevant rules, regulations, laws, codes of practice, guidelines and principles as they apply individually and collectively to all parts of the organisation.
  • Attendance at firms' Audit and Risk Committee meetings.
  • Examination of contemporary risks, such as fraud.
Jackie Wright

For more information
Jackie Wright
Senior Regulatory Compliance Consultant

Related material

Information sheet:

Articles: