![Page 1: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/1.jpg)
Regulatory Requirements & Compliance: Ensuring Effective Outcomes
Presented By: John E. Palmer, CPA Managing Director/Principal
![Page 2: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/2.jpg)
Agenda
• Compliance Management System
• Risk-Based Approach
• Compliance Training
• Monitoring and Internal Audit
• Communication
• Recommended Steps
![Page 3: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/3.jpg)
Compliance Management System
![Page 4: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/4.jpg)
CMS
Compliance Management System• Reflect the bank’s business, culture, vision• Identify and quantify compliance risks • Build compliance into business processes
and culture – who is responsible?• Supported by a risk – based compliance
program• Demonstrate strong communication and
accountability
![Page 5: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/5.jpg)
CMS
Interdependent Elements• Board and Management oversight• Compliance program• Compliance monitoring and audit
![Page 6: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/6.jpg)
Management Responsibilities
• Clear and unequivocal expectations• Clear policy statements• Authority and accountability• Adequate resources• Periodic compliance audits• Reports to the Board• Issue tracking and resolution
![Page 7: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/7.jpg)
Board Responsibilities
• Understand Requirements• Delegate Authority, but not Responsibility• Ensure Qualified Management• Provide Adequate Resources• Supervise Management
– Establish policies– Monitor implementation– Provide for independent reviews– Address supervisory reports
• Maintain Independence
![Page 8: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/8.jpg)
Risk-Based Approach
![Page 9: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/9.jpg)
Compliance Risk-Based Program
• Risk Matrix/Applicability• Risk Assessments• Risk Assessment Concepts/Methods• Success Factors
![Page 10: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/10.jpg)
Regulator Institution Type
Applicable Universe of Laws, Regulations, and
Guidance
Business Lines, Delivery Channels, Products/Services,
and Practices
Applicability MatrixREQUIREMENTS
Policies and Procedures
Internal Controls MonitoringTraining
Risk Assessment
Self -Assessment
Internal Audit
![Page 11: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/11.jpg)
Risk Assessments
• Compliance• BSA/OFAC/Customer Risk Rating• Information Security - GLBA• ACH (Cash Management/Electronic
Banking)• Red Flag Assessment
![Page 12: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/12.jpg)
Risk Assessment Terms and Concepts
• Inherent Risk vs. Residual Risk• Exposure – Extent of Possible Damage• Likelihood- Probability of an Event
Occurring• Risk Tolerance Measurements• Risk Controls• Risk Ranking and Heat Map
![Page 13: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/13.jpg)
Risk Tolerance Measurements
• Events that Establish Managements Tolerance for Risk.
• Examples:– Regulatory Violations and fines– Customer Complaint Letters– Regulatory Exam Criticism
![Page 14: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/14.jpg)
Risk Controls
• Risk controls relate to activities that are implemented to reduce the likelihood of an exposure event occurring. These activities include both preventive and detective controls:
• Preventive measure– Training/automated system
• Detective measure – Review after the fact. Can also mean audit
and monitoring activities
![Page 15: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/15.jpg)
Business Unit/Department: Consumer Lending - Underwriting
Strong
Manager: John Doe
Acceptable
Date: June, 2007Weak
Inherent Risk Level(Risk Without Controls)
Potential Likelihood of Potential Likelihood ofRisk Components Impact Occurrence Impact Occurrence
1=Low 1=Low 1=Low 1=Low# 5=High 5=High 5=High 5=High
1 Credit / Concentration 5 3 5 3 Acceptable Acceptable Weak Acceptable2 Interest Rate 5 3 5 3 Weak Weak Weak Weak3 Liquidity 5 3 4 2 Strong Acceptable Acceptable Weak4 Operations 4 3 2 2 Strong Strong Strong Acceptable5 Regulatory Compliance 4 4 3 3 Strong Acceptable Acceptable Acceptable6 Strategic 5 3 5 3 Strong Weak Weak Weak7 Price / Market 4 4 3 3 Acceptable Acceptable Acceptable Acceptable8 Reputation 5 4 5 4 Weak Weak Weak Weak9 Transaction
10 Information Technology 4 3 Strong Weak Weak Weak11 Reporting 4 4 3 3 Acceptable Acceptable Acceptable Acceptable
total 45 34 35 26items 10 10 9 9
36 0 0 010 0 0 0
Business Unit/Department 0.0 0.0 0.0 0.0Consumer- Underwriting 4.5 3.4 3.9 2.9 n/a n/a n/a n/a
0.0% 0.0% 0.0% 0.0%
Mitigating Controls (Strong - Acceptable - Weak)
Sr. Executive Management Oversight Policies and Procedures Risk Measurement,
Monitoring & ReportingInternal Control
Environment
Mitigating ControlsEffective oversight, comprehensive policies, accurate reporting and strong internalcontrols.
Ineffective oversight, inappropriate or missing policies, minimal reporting and/orinsufficient internal controls.
Average oversight, good policies, fair reporting and adequate internal controls.
weighted total# of items
average
Residual Risk Level(Risk With Controls)
![Page 16: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/16.jpg)
Success Factors
• Measurable outcomes from a risk – based compliance program should include: – Risks are identified, measured and subject to
a control structure– Supported by tailored policies procedures
and functional controls at the business level– The compliance monitoring schedule and
testing program has been set around the risk profile
– Results are reported effectively and tracked
![Page 17: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/17.jpg)
Compliance Training
![Page 18: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/18.jpg)
Compliance Training
• Board, Management, Staff• Job-specific, Role-based• Blended learning
– Online– Classroom
• Recordkeeping
![Page 19: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/19.jpg)
Compliance Monitoring and Auditing
![Page 20: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/20.jpg)
Compliance Monitoring
• Risk-based, proactive testing• Self-monitoring at the department level• Monitoring by the Compliance Department
– New products, services, delivery channels– New or amended regulations– New staff
• Tracking corrective actions
![Page 21: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/21.jpg)
Compliance Auditing
• Integrated Audits– Test compliance with high-risk laws and
regulations during operational audits
• Targeted Compliance Audits
• Compliance Function Audit– Evaluate the effectiveness of the compliance
function
![Page 22: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/22.jpg)
Communication
![Page 23: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/23.jpg)
Communication
• The biggest challenge in communication is to first think through the following basic concepts:– Audience– Purpose of the communication– How do you need the audience to respond– Level of detail needed for the purpose– Risk level of content– Importance of timing and frequency
![Page 24: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/24.jpg)
Types of Communication
• Risk Assessments • Program and Scope overviews• Monitoring/Audit reports• Board/Management reports• Open issue tracking reports• Program status and progress reports• Business unit monitoring results
![Page 25: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/25.jpg)
Recommended Steps
• Take a deep breath • Sit back and relax• Review where you are• Consider is your message heard• Does your program have the right risk
based balance• Write down 5 action steps to improve your
program
• results
![Page 26: Regulatory Requirements & Compliance: Ensuring Effective Outcomes](https://reader036.vdocument.in/reader036/viewer/2022081604/56816923550346895de055f8/html5/thumbnails/26.jpg)
Thank You
John E. Palmer, CPAManaging Director/Principal [email protected]
Office: (954) 489-2712Cell: (954) 806-1863