Applying ISO 37301 Compliance management system (CMS) to the Financial Adviser sector - Assurance & Advisory | Deloitte Australia has been saved
Limited functionality available
Australian Financial Services licensees are very familiar with their regulatory obligations and they are well-versed in using the regulatory guidance continually published by ASIC. But even with this knowledge and understanding, sometimes for many various and important reasons, the ASIC Regulatory Guides do not have the specific guidance that an organisation needs, especially when it comes to the complex world of compliance systems in the financial advice sector.
A new international standard for compliance management systems (CMS) was published on April 13, 2021. Known as ISO 37301, the standard replaces ISO 19600.
If your organisation is already aligned with ISO 19600, then you will have a head-start as ISO 37301 leverages a significant portion of its contents from ISO 19600. The new standard can be applied to compliance functions of all sizes and all industries and at both national and international levels.
ISO 37301 states that “[a]n effective, organization-wide compliance management system enables an organization to demonstrate its commitment to comply with relevant laws, regulatory requirements, industry codes and organizational standards, as well as standards of good governance, generally accepted best practices, ethics and community expectations” (ISO 37301:2021).
An organisation providing financial advice will benefit from using the guidance in ISO 37301 to complement their use of the existing ASIC regulatory guidance. There are four key benefits of ISO 37301:
How can Deloitte help?
Deloitte has over 30 years’ experience supporting organisations to assess their CMS against prior standards, advising required changes and assisting with implementation. Deloitte provides end-to-end advice for the finance, risk, internal controls compliance, and treasury functions of your organisation. We deliver value by working with our clients to define and embed good conduct, as well as to restore and galvanise trust through remediation programs.
We are also active committee members working with the Governance Risk and Compliance Institute (GRCI) who represent the International Federation of Compliance Associations (IFCA) in contributing to the draft development of ISO 37301.
Keep watching this space as we will be providing regular updates on the development of ISO 37301. If you require further information or other support with improving your CMS or preparing for ISO 37301, please contact us.
As part of the GRC team in Audit & Assurance, Heather’s focus is on Compliance operating models - design, implementation and embedding - including the development of RegTech solutions to achieve more with less. Over the last 20 plus years, Heather’s work at the C-suite level in financial services has included reviewing, designing, implementing and testing compliance operating models and advising boards and management on how to develop a positive compliance culture as well as negotiating and interacting with regulators, politicians and industry bodies across Europe, the Americas, Middle East, Africa and Australasia. If organisations plan to build resilience and increase profitability post the requirements flowing from the Royal Commission, they must take a different approach. Bolting-on people, processes and systems in the second line is not an answer but rather empowering the first line and utilising existing and new systems and new technologies (including Regtech) will have impact and sustainable outcomes. Without a cross-organisational approach and a positive compliance culture, change will be ineffective.