Following the onboarding of a new senior compliance analyst, the internal audit team discovers the individual had previously been sanctioned by a financial regulator for insider trading—a fact that was completely missed during the hiring process. This scenario represents a breakdown in which compliance program element?
Select an answer to reveal the explanation.
Short Explanation and Infographic
Check this out: before you let someone handle your company's crown jewels, you've got to check their background. If you hire a compliance analyst who has already been busted for insider trading, and you didn't even notice, you've got a major gap in your pre-employment vetting and due diligence. This isn't a failure of transaction monitoring (choice B) or auditing (choice D)—those are things you do after people are working for you. And it's not a corrective control failure (choice A) because corrective actions only happen after you find the mess. The ball was dropped right at the front gate during the vetting process.
Full explanation below image
Full Explanation
Due diligence is a critical preventive control that applies not only to third-party vendors and agents but also to the recruitment and onboarding of employees, particularly those in high-risk or sensitive roles. Vetting candidates through comprehensive background checks, verifying professional licenses, and searching regulatory disciplinary databases are fundamental steps in pre-employment due diligence. A failure to identify a candidate's history of regulatory sanctions during the hiring process represents a direct breakdown in this preventive vetting control. Option A is incorrect because corrective controls are implemented to remediate a violation after it occurs, not to prevent the initial hiring of unqualified or high-risk individuals. Option B is incorrect because transaction monitoring does not address employee background screening. Option D is incorrect because periodic auditing may discover the breakdown (as it did here), but the underlying failure itself occurred within the due diligence/vetting process, not the audit process.