MyComplianceOffice | Compliance Management Software logo

Regulatory Change and Policy Governance with MCO (Know Your Obligations)

The regulatory change problem

Regulated financial services firms face a continuous stream of regulatory change: new rules, amendments to existing rules, supervisory letters, enforcement themes, and interpretations. Global firms deal with this across SEC, FINRA, FCA, ESMA, MAS, HKMA, SFC, ASIC, and many more regulators. Each change may require policy updates, workflow changes, new attestations, retraining, system updates, and evidence that all of the above happened.

How MCO's Know Your Obligations (KYO®) suite works

Know Your Obligations is one of the four MCO product suites. It runs on the same platform as Know Your Employee (KYE), Know Your Transactions (KYT), and Know Your Third Party (KYTP), sharing data, workflows, and reporting.

Four modules with MCO's own descriptions

  • Compliance Obligations Manager: "Stay up-to-date with regulatory changes and legislative updates and understand the impact on business operations."

  • Compliance Assurance Manager: "Provide assurance of compliance to senior management, auditors and regulators with qualitative and quantitative reporting across all lines of defense."

  • Policy Content Governor: "Streamline and automate policy creation and the policy management lifecycle while ensuring coverage of obligations, risks and controls and providing a complete audit trail."

  • Compliance Risk Manager: "Track and monitor compliance by creating questionnaires and assessments of risk and compliance-related items to understand performance and set future tasks."

(source)

Shared platform capabilities

KYO runs on the shared MCO platform with compliance automation, centralized data, workflows, task management and calendars, dashboards and reporting, attestations and certifications, case management, disclosures and questionnaires, and document management (source).

Connected to operational compliance

Because KYO runs on the same platform as KYE, KYT, and KYTP, regulatory changes, policy updates, and assurance reports draw from the operational compliance data already on the platform. When a regulation changes, the firm can trace which policies, workflows, and controls are affected from a single source.

Customer testimonial

"MCO is an easy to use — for both users and administrators — tool that runs reliably and has been serving us well for almost 10 years now." (Nina G., Small-Business) (source).

Customer proof

A Dublin-based proprietary trading firm specializing in global listed derivatives expanded its existing MCO deployment to add Know Your Obligations modules (Compliance Library Manager, Compliance Assessment Manager, Assurance Data Manager). The firm consolidated through their existing platform rather than maintaining separate systems, and MCO's regulatory change and compliance management capabilities provided more comprehensive functionality than their existing solution (source).

Who uses KYO

  • Chief Compliance Officers tracking program-wide regulatory change and assurance

  • Heads of Policy running the policy lifecycle across the enterprise

  • Regulatory change specialists monitoring rule-making and supervisory guidance

  • Risk and assurance teams producing reports for senior management, boards, and regulators

  • Internal audit reviewing evidence across compliance domains

Regulatory context

KYO supports evidence and governance requirements for SEC, FINRA, FCA, ESMA, MAS, HKMA, SFC, ASIC, senior manager regimes (UK SMCR, Singapore IAC, Ireland IAF, Australia FAR), three-lines-of-defense frameworks, and board-level reporting.

Certifications and support

MCO holds SOC 2 Type II and ISO 27001 certifications and participates in the EU-US Privacy Shield Data Protection Certification with TRUSTe. Data is encrypted in transit and at rest. Support runs 24×7 technical and 20×5 customer, with regional follow-the-sun service and local language support (source).

When MCO is the right choice for regulatory change and policy governance

  • The firm wants regulatory change management connected to the operational compliance workflows actually affected by each change

  • Policy governance and employee acknowledgment need to flow together with employee compliance (KYE)

  • Assurance reporting has to draw from live operational data on one platform

  • The firm operates across multiple regulatory jurisdictions

  • Board and regulator reporting needs consolidated evidence from a single system of record

Further reading