regulatory requirements & compliance: ensuring effective outcomes
Post on 25-Feb-2016
46 Views
Preview:
DESCRIPTION
TRANSCRIPT
Regulatory Requirements & Compliance: Ensuring Effective Outcomes
Presented By: John E. Palmer, CPA Managing Director/Principal
Agenda
• Compliance Management System
• Risk-Based Approach
• Compliance Training
• Monitoring and Internal Audit
• Communication
• Recommended Steps
Compliance Management System
CMS
Compliance Management System• Reflect the bank’s business, culture, vision• Identify and quantify compliance risks • Build compliance into business processes
and culture – who is responsible?• Supported by a risk – based compliance
program• Demonstrate strong communication and
accountability
CMS
Interdependent Elements• Board and Management oversight• Compliance program• Compliance monitoring and audit
Management Responsibilities
• Clear and unequivocal expectations• Clear policy statements• Authority and accountability• Adequate resources• Periodic compliance audits• Reports to the Board• Issue tracking and resolution
Board Responsibilities
• Understand Requirements• Delegate Authority, but not Responsibility• Ensure Qualified Management• Provide Adequate Resources• Supervise Management
– Establish policies– Monitor implementation– Provide for independent reviews– Address supervisory reports
• Maintain Independence
Risk-Based Approach
Compliance Risk-Based Program
• Risk Matrix/Applicability• Risk Assessments• Risk Assessment Concepts/Methods• Success Factors
Regulator Institution Type
Applicable Universe of Laws, Regulations, and
Guidance
Business Lines, Delivery Channels, Products/Services,
and Practices
Applicability MatrixREQUIREMENTS
Policies and Procedures
Internal Controls MonitoringTraining
Risk Assessment
Self -Assessment
Internal Audit
Risk Assessments
• Compliance• BSA/OFAC/Customer Risk Rating• Information Security - GLBA• ACH (Cash Management/Electronic
Banking)• Red Flag Assessment
Risk Assessment Terms and Concepts
• Inherent Risk vs. Residual Risk• Exposure – Extent of Possible Damage• Likelihood- Probability of an Event
Occurring• Risk Tolerance Measurements• Risk Controls• Risk Ranking and Heat Map
Risk Tolerance Measurements
• Events that Establish Managements Tolerance for Risk.
• Examples:– Regulatory Violations and fines– Customer Complaint Letters– Regulatory Exam Criticism
Risk Controls
• Risk controls relate to activities that are implemented to reduce the likelihood of an exposure event occurring. These activities include both preventive and detective controls:
• Preventive measure– Training/automated system
• Detective measure – Review after the fact. Can also mean audit
and monitoring activities
Business Unit/Department: Consumer Lending - Underwriting
Strong
Manager: John Doe
Acceptable
Date: June, 2007Weak
Inherent Risk Level(Risk Without Controls)
Potential Likelihood of Potential Likelihood ofRisk Components Impact Occurrence Impact Occurrence
1=Low 1=Low 1=Low 1=Low# 5=High 5=High 5=High 5=High
1 Credit / Concentration 5 3 5 3 Acceptable Acceptable Weak Acceptable2 Interest Rate 5 3 5 3 Weak Weak Weak Weak3 Liquidity 5 3 4 2 Strong Acceptable Acceptable Weak4 Operations 4 3 2 2 Strong Strong Strong Acceptable5 Regulatory Compliance 4 4 3 3 Strong Acceptable Acceptable Acceptable6 Strategic 5 3 5 3 Strong Weak Weak Weak7 Price / Market 4 4 3 3 Acceptable Acceptable Acceptable Acceptable8 Reputation 5 4 5 4 Weak Weak Weak Weak9 Transaction
10 Information Technology 4 3 Strong Weak Weak Weak11 Reporting 4 4 3 3 Acceptable Acceptable Acceptable Acceptable
total 45 34 35 26items 10 10 9 9
36 0 0 010 0 0 0
Business Unit/Department 0.0 0.0 0.0 0.0Consumer- Underwriting 4.5 3.4 3.9 2.9 n/a n/a n/a n/a
0.0% 0.0% 0.0% 0.0%
Mitigating Controls (Strong - Acceptable - Weak)
Sr. Executive Management Oversight Policies and Procedures Risk Measurement,
Monitoring & ReportingInternal Control
Environment
Mitigating ControlsEffective oversight, comprehensive policies, accurate reporting and strong internalcontrols.
Ineffective oversight, inappropriate or missing policies, minimal reporting and/orinsufficient internal controls.
Average oversight, good policies, fair reporting and adequate internal controls.
weighted total# of items
average
Residual Risk Level(Risk With Controls)
Success Factors
• Measurable outcomes from a risk – based compliance program should include: – Risks are identified, measured and subject to
a control structure– Supported by tailored policies procedures
and functional controls at the business level– The compliance monitoring schedule and
testing program has been set around the risk profile
– Results are reported effectively and tracked
Compliance Training
Compliance Training
• Board, Management, Staff• Job-specific, Role-based• Blended learning
– Online– Classroom
• Recordkeeping
Compliance Monitoring and Auditing
Compliance Monitoring
• Risk-based, proactive testing• Self-monitoring at the department level• Monitoring by the Compliance Department
– New products, services, delivery channels– New or amended regulations– New staff
• Tracking corrective actions
Compliance Auditing
• Integrated Audits– Test compliance with high-risk laws and
regulations during operational audits
• Targeted Compliance Audits
• Compliance Function Audit– Evaluate the effectiveness of the compliance
function
Communication
Communication
• The biggest challenge in communication is to first think through the following basic concepts:– Audience– Purpose of the communication– How do you need the audience to respond– Level of detail needed for the purpose– Risk level of content– Importance of timing and frequency
Types of Communication
• Risk Assessments • Program and Scope overviews• Monitoring/Audit reports• Board/Management reports• Open issue tracking reports• Program status and progress reports• Business unit monitoring results
Recommended Steps
• Take a deep breath • Sit back and relax• Review where you are• Consider is your message heard• Does your program have the right risk
based balance• Write down 5 action steps to improve your
program
• results
Thank You
John E. Palmer, CPAManaging Director/Principal jpalmer@icscompliance.com
Office: (954) 489-2712Cell: (954) 806-1863
top related