monday | september 18, 2017 8:30 9:45 a.m. documents... · leaders advisory council for the mayor...

Monday | September 18, 2017 8:30 – 9:45 a.m.

Opening General Session: Regulatory Panel Session

Moderator Kevin Ryan, CIA, CFSA

Chief Risk Review Officer & General Auditor Key Bank

Panelist

Lara Lylozian, CPA Assistant Chief Accountant

Federal Reserve Board Rae-Ann Miller Associate Director, Risk Management Policy Division of Risk Management Supervision, FDIC Molly Scherf

Deputy Comptroller for Large Banks Office of the Comptroller of the Currency Peggy Twohig

Assistant Director for Supervision Policy Consumer Financial Protection Bureau Kevin Ryan, General Auditor at Key Bank, facilitates a panel of senior leaders from the CFPB, FDIC, Federal

Reserve, and OCC as they share the stage to discuss the current regulatory landscape, expectations of internal

audit, and other emerging issues that will impact the industry.

In this session, participants will:

• Gain insights on key issues from a regulatory perspective. • Explore the emerging areas of focus for regulatory oversight.

• Discuss the expectations of the role internal audit plays within its organization. Kevin Ryan is responsible for managing all risk review (internal audit and credit risk review) activities at

KeyCorp and is a member of the organization’s executive council and executive leadership team. He began his

career in 1982 at Chase Manhattan Corp. as part of the management associate program in finance. After two

years, he took a position with KeyCorp’s internal audit group. He worked extensively on audits pertaining to

non-banking subsidiaries (lease, mortgage, and insurance) and undertook progressively responsible roles

through departments and management to arrive in his current position. Ryan is a former board member of

The IIA’s International Internal Auditing Standards Board and currently serves as vice chair of The IIA’s

Financial Services Advisory Board (FSAB).

Lara Lylozian joined the Federal Reserve in 2015 as a professional accounting fellow from

PricewaterhouseCoopers. She has 15 years of professional experience leading a variety of financial accounting

and reporting projects in the financial services sector, including three years in London.

Rae-Ann Miller manages sections responsible for safety and soundness policy development, accounting, and securities disclosure. She began her career with the FDIC in 1989, receiving a series of promotions and transfers to her current role. Miller’s roles included safety and soundness examiner, trust specialist, special assistant to the chief operating officer, manager of the Risk Management and Applications Branch, assistant director of the Applications and Supervision Branch with responsibility for the Washington Office’s oversight of problem banks, enforcement actions, applications, large banks, and anti -fraud and anti-money laundering. She also held the role of associate director of regional operations at the Division of Insurance and Research, managing the FDIC’s regional and local banking and economic analysis and publication processes.

Molly Scherf oversees the lead expert, shared national credit, data analytics, and supervisory systems teams.

She has 27 years of bank supervision experience, and previously served as the OCC’s large bank lead expert for

governance and ERM. In this role, Scherf led the OCC working group that developed the Heightened Standards

for Governance and Risk Management. As a commissioned National Bank Examiner, she reviewed all aspects

of bank risk management and specialized in IT and retail credit.

Peggy Twohig serves in the office that develops supervision strategy across bank and nonbank markets and

ensures that policy decisions are consistent across markets, charters, and regions. She was previously the director of the Office of Consumer Protection at the Department of the Treasury. Before that, Twohig was the associate director of the Division of Financial Practices at the Federal Trade Commission.

Monday | September 18, 2017 10:00 – 11:00 a.m.

General Session 1: Effective Communication with Stakeholders: Perspectives From the C-Suite

Moderator

Mark Carawan, Ph.D., CA

Chief Compliance Officer

Citigroup

Panelists

Barbara Desoer

Chief Executive Officer of Citibank N.A.

Citibank

Mary McNiff

Chief Audit Executive

Citigroup

James S. Turley

Chairman and Chief Executive Officer (Ret.)

EY


View key stakeholder’s perspective on the value a high functioning internal audit organization. Gain insight on information key stakeholders seek from internal audit.

How key stakeholders view internal audit’s level of independence and objectivity.

Mark Carawan joined the organization in 2011 and is responsible for internal audit’s delivery of audit

assurance on governance, risk management, and control across Citigroup globally to the Board and Executive

Management. Prior to joining Citi, he served as chief internal auditor for Barclays Group, where he led a major

transformation of internal audit. Previously, Carawan was managing partner responsible for enterprise wide

assurance to wholesale financial services institutions at Deloitte (UK), engaged in various assignments

involving risk management and internal control transformation as a result of regulatory requirements. Prior to

joining Deloitte, he was managing partner for Andersen’s g lobal privatisation and emerging markets practice

with responsibility for overseeing business activities in more than 50 non-OECD countries, while also being the

lead partner on a number of financial sector restructuring and individual bank rehabilitation assignments

around the world. Carawan began his professional career within the London Office of Andersen’s accountancy

practice before moving into consultancy after qualification as a Chartered Accountant. He currently serves as

president of the Chartered Institute of Internal Auditors (IIA-UK and Ireland).

Barbara Desoer joined Citibank, N.A. as COO in 2013 and ascended to her current role in 2014. In addition to

her CEO responsibilities, she leads Citigroup’s comprehensive capital analysis and review process and

Citigroup’s anti-money laundering function. Desoer also served as the co-head of Citigroup’s global women’s

initiative, Citi Women. Prior to joining Citi, she spent 35 years at Bank of America, most recently as president

of Bank of America Home Loans. During her tenure she served as global technology and operations executive;

president of consumer products; director of marketing; banking group president; and California retail and

small business banking executive and district manager. Desoer is a member of the Board of Directors of DaVita

HealthCare Partners Inc., served in various non-profit board positions over the years, and is currently a

member of the Board of Visitors of the University of California, Berkeley.

Mary McNiff appointed to her role earlier this year, is responsible for the internal audit department, which

includes the delivery of audit assurance on governance, risk management, and the control environment across

Citigroup. Previously, she was the chief administrative officer for Latin America and Mexico at Citigroup,

responsible for key strategic projects including governance and control; business, process, and system

transformations; and productivity. A significant component of this role also focused on addressing significant

regulatory matters as well as transformation in the region. McNiff originally joined Citigroup in 2012 to take up

the global transformation role in internal audit. She also served as chief auditor, global consumer bank and

interim chief auditor, institutional client group prior to moving into the business as CAO for Latin America and

Mexico. Prior to joining Citi, McNiff was the managing director for change at Lloyds Banking Group (UK),

responsible for leading a key part of the largest data migration in Europe involving the transformation of 63

million customer records from three systems down to one. She also spearheaded a 2 billion group-wide

process simplification program across the bank. Before Lloyds, McNiff was a key member of the internal audit

leadership team at both Barclays and JPMorgan at locations around the world.

James Turley joined EY in 1977, holding progressively responsible positions before being named chairman to

lead the firm from 2001 until his retirement in 2013. Turley now spends considerable timing serving on

corporate boards representing diverse sectors of the global economy. He serves on the National Board of

Directors of the Boy Scouts of America and finished a term as a member of the Board of Trustees for his alm

mater, Rice University, in 2015. He was on the board of Catalyst from 2001–13, serving as its chair from 2009–

13, and until his retirement, was a member of the Business Roundtable and IBLAC (International Business

Leaders Advisory Council for the Mayor of Shanghai), and was co-chair of Russia's Foreign Investment Advisory

Council. He also chaired the Governing Board of the U.S. Center for Audit Quality from 2007–11. His current

roles are with Citigroup, Emerson Electric Company, Northrop Grumman, Intrexon Corporation, and Kohler

Company.

Monday | September 18, 2017 11:15 a.m. – 12:15 p.m.

CS 1-1: Agile Auditing: Sprinting to Change: Reimagining Internal Audit in a Digital World

Scot Goodman, CISA, CRISC

Senior Vice President, Deputy Chief Auditor

Capital One

Jim Tietjen, CIA, CBA, CFSA

Executive Vice President, Chief Auditor

Capital One

Recognizing early on that internal audit must adapt to the financial services industry’s digital transformation to

remain relevant, Capital One’s Corporate Audit Services (CAS) function established an imperative to boldly re-

imagine the future of its profession. To design its vision, CAS engaged traditional banking peers, nontraditional

peers, and a leading design thinking firm. As a result, CAS’ human-centric agile audit approach elevates quality

and efficiency naturally by holistically transforming delivery through the lens of people, process, and

technology.


• Understand the macro global and industry forces that require internal audit leaders to holistically

reimagine the future of their profession.

• Learn how agile audit delivery practices can elevate practitioners’ business acumen, promote

collaboration, create capacity, and bridge traditional co-location challenges.

• Discuss the need to super-charge existing data science strategies and capabilities made possible by a

world-class analytics platform and 100% internal auditor data analytics proficiency.

• Explore a vision of the internal auditors’ behaviors and competencies required for success long term.

Scot Goodman joined the firm’s internal audit department in 2003. As part of audit's professional practices

function, he was instrumental in redefining audit's business model including the department's audit

methodology, talent management initiatives, operational standards, and technology solutions function.

Goodman provides leadership and audit services for the technology and digital functions across the

enterprise. He is also the accountable audit executive for the retail and direct bank, commercial bank, and U.S.

and international card lines of business.

Jim Tietjen has nearly 30 years of banking experience and a successful record of integrating the discipline and

practice of audit and risk management into the corporate leadership agenda and the organizational culture. In

his current role, he is responsible for establishing and developing Capital Ones audit and security strategies

and ensuring that the company maintains a sound control and compliance environment throughout its

banking operations and other business lines. Prior to joining Capital One, Tietjen served as principal at

Deloitte and Touche in Charlotte, N.C. He currently serves as a board member of the Heart of America Corp.

CS 1-2: Maximizing the Role of Internal Audit: Managing Cosourcing/Outsourcing Relationships at Smaller

Financial Institutions

Faizal Chaudhury CPA, CGMA

Vice President of Internal Audit

Sallie Mae Bank

Monica DeBellis, CIA, CPA

Managing Director

Protiviti

Vernon Stafford Jr.


First Horizon National Corporation

Dan VanSciver, CPA, CGMA


SallieMae Bank

Internal audit departments at smaller financial institutions face unique challenges in today’s business climate.

While answering to the same stakeholders as their larger counterparts, they usually don’t have access to the

same level of resources those organizations do. As a result, creative partnerships involving cosourcing and

outsourcing are often used to enhance and maximize the role of internal audit.


• Learn methods to enhance internal audit’s partnership with cosourced partners.

• Explore leading/dealing with internal audit outsourcing. • Share best practices related to maximizing the role of internal audit.

• Participate in a robust Q&A session with the panel.

Faizal Chaudhury has over 20 years of dedicated experience as an audit professional. Prior to joining Sallie

Mae, he held audit leadership positions at TD Bank and Bank of America. Chaudhury’s other experiences

include working as an external auditor for EY and Crowe Horwath. He is also a frequent speaker at various

national and local professional association conferences related to auditing.

Monica DeBellis has close to 20 years of experience providing internal audit services to small, mid-sized, and

large financial institutions through co-sourced relationships. Prior to working at Protiviti, she was a manager at

Arthur Andersen where she focused on helping organizations identify and control ris ks within their operational

functions.

Vernon Stafford is responsible for corporate internal audit and credit assurance. Prior to joining First Horizon

in 2013, Stafford served a distinguished 33-year career as a national bank examiner for the Office of the

Comptroller of the Currency (OCC), having served as an assistant deputy comptroller (ADC) in OCC’s Midsize

Bank Supervision since mid-2011. As ADC, Stafford supervised a staff of midsize bank examiners -in-charge

(EIC) and a portfolio of midsize banking companies ranging in assets of $13 billion to $90 billi on. After serving

in various positions as a field bank examiner and regional analyst, he served as director for OCC’s Core Policy

Development division (now Operational Risk & Core Policy) for about five years, with responsibility for

developing and implementing supervisory policy for national banks. In 2001, Stafford was appointed director

for large bank supervision, a division responsible for the supervision of the largest banking companies in the

national banking system. In 2006, he was appointed EIC of supervision for First Tennessee Bank, N.A.,

responsible for the day-to-day supervisory activities of the banking company, where he served until 2011.

Dan Van Sciver has responsibility for the audit function at the nation’s leading planning, saving, and pay ing for

college organization, with approximately $20 billion in assets. He previously worked as the assistant general

auditor at PNC Financial Services and in finance at SEI Investments, having started his career at KPMG. Van

Sciver currently serves as chair of the Internal Audit Governance Working Group at the Consumer Bankers

Association in Washington, D.C.

CS 1-3: Seven Habits of Highly Effective Internal Audit Functions

Gary Goodall

Consultant

EY

Brian Portman

Partner

EY

Stefanie D'Elia

Global Head of Audit Practices

Goldman Sachs

During the past several years in performing dozens of external assessments (incorporating regulatory and industry expectations) of internal functions of all sizes, a list of sorts of best practices and common pitfalls has

emerged. The presenters will review these positive and negative habits of internal audit today while

interweaving the transformational story of their client to explore views on what the next five years will bring for internal audit. In this session, participants will:

• Understand lessons learned from industry peers. • Develop knowledge on regulatory expectation for internal audit.

• Consider and apply leading practice examples.

Gary Goodall has 30 years of financial services internal audit experience and his primary area of focus is

banking and capital markets internal audit. Since rejoining EY in 2005, he has worked with many large internal

audit organizations, including leading or advising on over 60 external quality assessment reviews gaining

working knowledge of the various practices adopted by banking organizations of all sizes and across multiple

geographies. Prior to EY, Goodall was with RBS in the UK, where he operated as deputy head of audit, retail

banking, and head of professional services and before then, during his initial time with EY, he co-authored EY's

first global internal audit methodology.

Brian Portman has nearly 17 years of management experience and 10 years of experience in the financial

services industry serving clients in the areas of internal audit, compliance, and risk management. He currently

leads several internal audit co-source and outsourcing arrangements and has hands-on experience in the

development and implementation of risk assessment and audit execution processes and frameworks. Prior to

joining EY, Portman worked as a bank examiner with the Office of the Comptroller of the Currency, where he

conducted examinations of national banks to ensure compliance with federal banking regulations.

Stefanie D'Elia Bio Being Finalized

Monday | September 18, 2017 1:35 – 2:35 p.m.

CS 2-1 Strategies for Effective Examination Management

Steven Jameson, CIA, CFSA, CCSA, CRMA, CPA, CBA, CFE, CGMA Executive Vice President, Chief Internal Audit & Risk Officer Community Trust Bancorp, Inc. The session will cover successful regulatory examination management practices such as planning for the examination, data gathering, coordination practices, monitoring the status of the examination, current trends in examinations and examples of both good and bad examination experiences.


Learn tips on successful techniques to facilitate smooth regulatory examinations.

Hear about emerging examination trends to consider for the next examination.

Share real-life examples of both good and bad examination experiences.

Steve Jameson is responsible for the internal audit, ERM, loan review, and compliance functions, and has over

30 years of experience as an internal audit professional in the financial services industry including three years

in public accounting. His experience includes serving as liaison to COSO’s Internal Control–Integrated

Framework 2012 update, COSO’s Enterprise Risk Management Advisory Council 2004, IFAC’s International

Auditing Practices Committee, and the FFIEC for updating its policy on outsourcing of internal audit. Jameson

has served on the Board of Environmental, Health & Safety Auditor Certifications, as well as one year with the

World Bank’s internal audit department. He has served in numerous volunteer leadership roles with The IIA

including the Financial Services Advisory Board, CBOK Steering Committee, Professional Issues Committee,

Committee of Research & Education Advisors, Internal Audit Foundation Board of Trustees, and over four

years as the AVP of the Professional Practices Group. Jameson has been involved in starting two internal audit

functions, consolidating decentralized internal audit groups, merging audit functions acquired during

acquisitions, and reorganizing existing audit functions. He has coordinated outsourced internal audit

engagements, external audit services, and regulatory examinations for each of the financial institutions where

he was employed.

CS 2-2: Blockchain Is Coming: What CAEs Need to Know About the Impact on Financial Services

A. Michael Smith, CISA, CISSP, CPA

Partner

PwC

Blockchain has major potential to affect financial services organizations of all kinds. But what are the main

"audit problems" with blockchain and the ramifications this technology will have on assurance in general and

audit in particular? This session will explore strategies for applying audit in the blockchain space.


Review blockchain technology and its potential effect on the financial services industry.

Understand the challenges for audit presented by blockchain.

Discuss how assurance is affected by blockchain.

Identify what internal auditors must do to deal with the challenges

A. Michael Smith has over 25 years of experience in IT auditing, cybersecurity, privacy, and regulatory

requirements in the IT space. He is responsible for PwC's IT internal auditing services practice in the U.S. for

financial services companies and has led projects in all financial services sectors. His primary area of focus is

designing strategies for deploying technology audit in large financial services organizations. Prior to joining

PwC, Smith was the global director of technology audit for the Bank of New York Mellon.

CS 2-3: Building Performance Excellence

Robert Mainardi, CFSA, CRMA

President

Mainardi & Company

Because personnel in the audit department are crafting and delivering recommendations to others across an

enterprise, it is imperative that audit team members perform at the top of their game all the time to retain

perspective and respect. This session will introduce a proven framework of developing their audit teams

through a targeted feedback approach, approach which includes learning maps, communication keys,

improvement opportunities, and feedback techniques.


Learn how to build productivity through feedback. Identify how to link performance to core competencies.

Discuss recognizing opportunities for improvement.

Review how to effectively deliver feedback.

Robert Mainardi started his own consulting company after 21 years of working in the internal audit profession

in the financial services industry. His company develops and facilitates custom internal audit training as well as

evaluates, creates, and implements formal audit methodologies including continuous auditing programs.

Previously, Mainardi was the vice president of internal audit for the Penn Mutual Life Insurance Co. and also

served in audit leadership roles for The Vanguard Group, Aetna, and Prudential Insurance. He is the author of

Harnessing the Power of Continuous Auditing. Mainardi is an active member of The IIA, having served as a

distinguished faculty member for more than 20 years as well as a popular speaker at The IIA’s All Star

conference and other events. Mainardi has merited the Six Sigma Green Belt certification, earned the

Qualification in Control Self-Assessment, and is certified to perform Quality Assessment Reviews.

Monday | September 18, 2017 2:50 – 3:50 p.m.

CS 3-1: Automation: Optimizing Coverage and Approach

Yeny Hastings

VP, Audit Supervisor

Bank of America

Steven Pollick, CISA

SVP, Audit Director

Bank of America

Sameep Sanghrajka

VP, Senior Audit Manager

Bank of America

Explore innovative approaches to applying automation in your audit work including: establishing your environment, interactive tools, streamlining work, and boosting your automation proficiency. Learn best

practices for when to automate, testing data quality, maximizing analytics , and broadening coverage over time.


Identify how to move from ad-hoc manual audit testing to a more streamlined, automated approach. Identify the most valuable features and benefits of interactive tools for automation.

Explore the competencies of an automation auditor from business knowledge, to technical ability, to

communication skills. Recognize the shift from spending time transforming data to devoting more time identifying trends and

honing judgment.

Yeny Hastings supports both audit and credit review activities in the Corporate Audit division she joined in

2014. She specializes in end-to-end consumer processes including mortgage, vehicle lending operations and

compliance by developing independent, automated tests for point-in-time audits, continuous surveillance

tests, and data analysis solutions. Hastings joined the bank in 2009 in mortgage origination and held various

reporting positions supporting different areas of consumer mortgage and loss mitigation before moving to

Corporate Audit.

Steve Pollick is responsible for driving audit strategy and execution of enterprise data management.

Additionally, he oversees business continuity and vendor management for global technology and operations.

Pollick has nearly 15 years of internal audit experience at Bank of America covering retail and preferred

banking, consumer operations, card credit and collections and consumer automation. He has also lead and

directed audit testing of key regulatory matters. Pollick holds a Six Sigma Black Belt certification and regularly

presents on consumer banking and automation topics to audit and risk professionals.

Sameep Sanghrajka manages the Anticipatory Risk Coverage (ARC) audit team which is responsible for

identifying and driving out audit coverage of emerging risks across the enterprise. Sanghrajka has 10 years of

internal audit experience at Bank of America executing and leading strategic, operational, and critical

regulatory reviews across various business within the retail and preferred bank, global wealth and investment

management and global markets.

CS 3-2: Insurance Spotlight: Adding Value in the Midst of Regulatory Change

Moderator Tracy Sokol, CIA, CRMA, CPCU, CLU Vice President, Internal Audit State Farm Insurance Panelists Stacey Schabel, CPA Vice President, Head of Internal Audit, Jackson North American Audit Director, Prudential plc

Michael Cowell, CIA

Executive Vice President, Chief Auditor of Internal Audit TIAA

R. Karl Erhardt, CPA Executive Vice President and Chief Auditor MetLife, Inc. “Value” is a key focus for leaders across the internal audit community. Audit teams are striving to assess and

modify their activities and outputs to ensure they are providing valuable outputs for their stakeholders and

adding value to their organizations. The uncertainty and velocity of change in the regulatory space makes this

even more challenging. But internal audit has the opportunity to add significant value by supporting this

change and serving as a key input into strategic decision making.


Examine ways to ensure audit activities add value to their organization in an environment of constant,

and sometimes uncertain, regulatory change.

• Discuss ensuring a strong connection between the audit plan and the company’s s trategy and

objectives through participation in key governance forums and steering committees .

• Understand the importance of regular communication and interaction with compliance and other

“second-line” teams.

• Identify a project assurance framework to assess the likelihood of project success throughout its

lifecycle.

Tracy Sokol has had responsibility for State Farm’s internal audit department for the past seven years, which provides assurance services to its automobile insurance division, credit union, and pension lan. She has more

than 25 years of experience with State Farm and within the insurance and financial services industry. Sokol began her career with the company in 1992, and has held several leadership positions in financial operations

and compliance, where her areas of emphasis included financial and statistical reporting, strategic planning, and incentive compensation. Prior to joining State Farm, Sokol worked at PriceWaterhouse and Growmark.

Stacey Schabel is responsible for the North American Group-wide Internal Audit team, which examines and

evaluates the key activities and processes supporting the North American operations of Prudential plc, which

includes Jackson National Life Insurance Company. She assists the Board, Audit and Risk Committee members

and executive management in protecting the assets, reputation and sustainability of the organization through

assessment and reporting of the overall effectiveness of risk management, control and governance processes.

Schabel is a member of the IIA’s Global Financial Services Guidance Committee as well as a CPA and FINRA

Series 6 registrant.

Michael Cowell has led TIAA’s internal audit division since 2008, providing strategic direction to the audit

leadership team covering all legal entities and businesses of TIAA. He oversees the internal audit division,

which includes 165 professionals representing the internal audit and internal investigation functions,

performing objective and independent audit, advisory, and investigative services.

Karl Erhardt manages a worldwide team of more than 300 audit professionals who are responsible for

providing objective evaluations and advice on MetLife’s system of internal controls. He also has an

independent relationship with the Audit Committee of MetLife’s Board of Directors. Erhardt has more than 25

years of experience in accounting and operations for insurance, asset management, structured finance, capital

markets and derivatives. Before joining MetLife, he was vice president of internal audit for Ambac Financial

Group.

CS 3-3: Auditing Sales Practices: Proactive, Data Driven Assessments

Kandace Heck, CPA Executive Vice President, Chief Audit Executive

U.S. Bank

Christopher Paulison, CPA Partner

Grant Thornton Many financial services firms have re-assessed their enterprise sales practices. This is often being done either

as a result of a formal regulatory request, an interest to proactively verify internal compliance of those

practices, or during an internal audit. This session will focus on numerous techniques for enterprise sales

practice reviews.


Develop an understanding of drivers and approaches for auditing sales practices .

Learn the elements of an effective control environment for sales practices.

Understand an effective framework for auditing sales practices .

Uncover related regulatory requirements and expectations.

Kandace Heck joined U.S. Bank in 2017 as CAE and has 30 years of experience in accounting and auditing in

the banking and financial services industry. Just prior to joining U.S. Bank, she served as general auditor for Northern Trust Corporation. Previously, Heck spent 18 years with Goldman Sachs in the U.S., Europe, and Australia, in various controllership roles supporting corporate and business line areas, as well as in internal

audit. She began her career with Deloitte & Touche, working both in the U.S. and U.K.

Christopher Paulison has over 25 years of experience and serves as the leader for Grant Thornton’s financial

services center of excellence for internal audit. He is active in the financial institutions marketplace, providing

client services to banks of varying sizes and complexity, and has led large-scale global process transformations,

benchmarking/cost productivity/organizational design projects in the areas of business operations, internal

audit, regulatory compliance, and risk management; as well as supervision of simultaneous work across five

continents. Prior to Grant Thornton, Paulison served as partner for a Big 4 firm where he led the firm’s internal

audit/risk practice for the midwest region in financial services. He also served as the CAE for a Fortune 20

company. Paulison has worked with clients including HSBC, ABN AMRO, Ally, Bank of America, Bank of China,

BB&T, Citi, Deutsche Bank, Fidelity, Goldman Sachs, JP Morgan Chase, Morgan Stanley, PNC, RBS, US Bank, and

Wells Fargo.

Monday | September 18, 2017 4:05 – 5:20 p.m. General Session 2: Recent Supervisory Developments & Hot Topics Christopher Allen

Partner Arnold & Porter Kaye Scholer LLP

Michael Mancusi Partner Arnold & Porter Kaye Scholer LLP Effective auditing requires anticipating potential issues. For auditors of financial services firms, this means

staying on top of areas of supervisory focus. In this session, we will discuss some recent regulatory and

enforcement developments and discuss what they may mean for you and the firms you audit.


Explore compliance and enforcement challenges created by operational missteps, misaligned incentives, or complacency.

Discuss evolving guidance and expectations regarding data protection and cybersecurity, including the NY Department of Financial Services’ new Rule 500.

Examine the migration toward prescriptive BSA/AML requirements and the tension between state and

federal regulators, including consideration of the NYDFS’ Rule 504. Learn about recent supervisory pronouncements on governance expectations, including the Federal

Reserve’s guidance on the duties and responsibilities of boards of directors.

Christopher Allen represents clients in a broad range of regulatory compliance and investigative matters before federal and state government agencies. His practice focuses on advising bank and nonbank financial industry participants on their compliance obligations under federal and state law, as well as advising institutions and their directors and officers in enforcement-related matters before the federal banking

agencies. Allen’s practice encompasses a variety of substantive areas, such as BSA/AML compliance, fair-

lending investigations, and consumer-protection matters, among others, as well as internal investigations arising out of enforcement or other compliance-related matters.

Michael Mancusi represents foreign and domestic banks, credit unions, and other financial services clients in a wide range of state and federal regulatory, compliance, and enforcement matters. He has substantial experience representing clients in government and corporate internal investigations, including entities subject to anti-money laundering requirements. Mancusi counsels clients facing complex regulatory, examination, and enforcement issues and represents clients before key state and federal bank regulatory agencies, including the Federal Reserve, the Office of the Comptroller of the Currency, the Financial Crimes Enforcement Network, the Office of Foreign Assets Control, and the New York Department of Financial Services. For more than 17 years, Mancusi has partnered with clients, including branches and agencies of foreign banks operating in the United States in all aspects of their dealings with U.S. regulators. Recognized by Chambers USA as "a key

player in the enforcement arena," Mancusi served in the Enforcement Division of the Office of the Comptroller of the Currency, where he handled its banking law enforcement actions. He is currently vice chair of the ABA's

Banking Law Committee, and served on the Executive Council of the Federal Bar Association's Banking Committee. In addition, he teaches a training program through the Institute for International Bankers on the U.S. anti-money laundering and sanctions program issues that are most relevant to international banks.

Tuesday | September 19, 2017 8:30 – 9:45 a.m. General Session 3: The Cyber Underground Keith Mularski

Supervisory Special Agent, Cyber Initiative and Resource Fusion Center, Cyber Division

Federal Bureau of Investigation

This session will take you behind the curtain of the Cyber Underground and reveal the activities of cyber criminal enterprises and cyber espionage threat actors.


How Cyber Organized Crime groups operate.

How Nation State Actors use open source research and precision targeting to target networks.

How your online activities and social media makes you vulnerable to cyber attacks.

What the FBI is doing to target these groups.

Keith Mularski received his appointment to the position of special agent with the FBI in 1998, first being assigned to the FBI's Washington field office where he investigated national security matters for seven years.

During this time he worked on several high-profile investigations. In 2005, Mularski transferred to the FBI's cyber division and is now detailed to the National Cyber-Forensics and Training Alliance (NCFTA), which is a joint partnership between law enforcement, academia, and industry seeking to maximize overlapping public/private resource synergies creating a dynamic cyber-nerve-center for tactical and proactive responses

to cyber crimes. With NCFTA, Mularski continues to work with private industry subject matter experts on joint

cyber crime initiatives, such as the digital phishnet and slam spam projects. Mularski's emphasis has been in the development of proactive initiative targeting of organized international cyber crime groups. Most recently,

he worked undercover penetrating cyber underground groups which resulted in the dismantlement of the Darkmarket criminal carding forum. Prior to joining the FBI, Mularski worked in private industry.

Tuesday | September 19, 2017 10:00 – 11:00a.m.

CS 4-1: Essentials of an Effective Cybersecurity Audit Strategy Brenton Farwell, CISA SVP, Audit Director Bank of America

Pete Viglucci, CISA, CRISC, CICA

SCP, Audit Director Bank of America

Now more than ever, it is crucial for companies to have an integrated audit approach to manage cybersecurity risks. A cybersecurity audit strategy must be designed to address various demands: it must provide a comprehensive assessment of the environment, be flexible to address the ever-changing environment, and consistently drive a vigilant approach toward cybersecurity. In this session, participants will:

Explore emerging trends in cyber crimes and their impact on the audit strategy and approach in

financial services. Strengthen understanding of cybersecurity concepts used to achieve integrated audit efforts

organizationwide. Assess cybersecurity risks and controls related to using third-party vendors.

Identify an organization’s cyber health from an attacker’s perspective. Learn ways to be proactive with the ever-changing environment.

Brenton Farwell currently heads the information and cybersecurity program for corporate audit for Bank of

America. Previously he held roles in information security and access management for the bank. Other work

experience includes varying leadership roles in IT and IS including deputy security officer at a national health

care servicer, and regulatory compliance in the health care financial sectors.

Pete Viglucci is responsible for global audit coverage of applications supporting all lines of business in bank. In

addition he has audit responsibility for Latin America, Canada, Sarbanes -Oxley, and Basel technology. Viglucci

has over 20 years of experience in IT in the financial services industry. He has been responsible for Sarbanes-

Oxley IT documentation and testing projects, including controls optimization, the delivery of Quality Assurance

Review services, COBIT process maturity assessments, IT internal audit, IT risk management, business

continuity management services, and payment card industry data security standards (PCI DSS) projects.

Viglucci has extensive experience in the fundamental technical elements of intranet/internet infrastructures

and business process re-engineering. In addition to his information systems and information security auditing

experience, he is an experienced software engineer having started his career building algorithmic electronic

trading solutions.

CS 4-2: Regulatory Outlook for the Insurance Industry

Moderator Barb Bergmeier, CIA, CFSA, CRMA, CPA, CISA, CRISC, CLU Financial Services Operations - Advisory Senior Manager EY Panelists Adam Hamm

Managing Director Protiviti

Thomas Hampton

Senior Insurance Regulatory Advisor Dentons

Jeffrey Johnston

Managing Director, Financial Regulatory Affairs

National Association of Insurance Commissioners (NAIC)

This panel of regulators and practitioners will share their unique perspectives on issues and regulations impacting the insurance industry, including projects completed and in progress by the NAIC, industry-specific

challenges brought on by low interest rates, customer experience demands, innovation and modernization, and calls to action for boards of directors and senior management of insurance companies.


Identify how to move from ad-hoc manual audit testing to a more streamlined, automated approach.

Identify the most valuable features and benefits of interactive tools for automation.

Explore the competencies of an automation auditor, from business knowledge, to technical ability, to communication skills.

Recognize the shift from spending time transforming data to devoting more time identifying trends and

honing judgment.

Barb Bergmeier provides advisory services to internal audit, risk management, and compliance functions of global and domestic financial services institutions. She specializes in advisory areas including internal audit risk

assessments and audit plan development, development of internal audit robotic and data analytic programs,

control optimization (including integrated control testing), remediation of regulatory matters , and design of regulatory assurance programs. Bergmeier has more than 30 years of audit, accounting, regulatory,

compliance, and risk management experience in the financial services industry and served in the role of a chief audit executive for more than 20 years. Adam Hamm focuses on serving financial services clients concerning risk, compliance, and cybersecurity

matters. He has deep knowledge of financial services regulation with hands -on experience in all insurance

supervision and policy related matters. Hamm served as president of the National Association of Insurance

Commissioners (NAIC), chairman of the NAIC’s Cybersecurity Task Force, principal on the United States

Financial Stability Oversight Council and North Dakota’s elected insurance commissioner.

Tom Hampton advises insurance companies and financial services companies on general regulatory matters,

insurance product filings, as well as financial examination and market conduct issues. He also provides information and advice on insurance regulatory concerns to non-insurance company clients that market

financial products. Hampton has advised clients on regulatory approvals required in insurance agency, insurance company, captive insurance, and risk retention group licensing issues. Previously he held the

position of commissioner for the D.C. Department of Insurance, Securities and Banking, responsible for providing oversight and direction of the agency that regulates all financial services industries in the District of Columbia. Hampton also managed the captives and risk retention group division and assisted in the development of the regulatory procedures for these entities in the District of Columbia. He was also responsible for establishing the special-purpose-vehicle captive insurance statute in the District of Columbia. Hampton participated in several leadership positions at the NAIC and NASAA committees and working groups dealing with financial regulatory issues, life insurance, as well as suitability and supervision of broker-dealer firms and their representatives.

Jeff Johnston oversees all aspects of the NAIC’s financial and life actuarial regulatory s ervices, including the Capital Markets & Investment Analysis Office in New York City. He provides technical assistance to the NAIC’s leadership and staff engaged with federal and international groups with an interest in the state-based system of financial solvency oversight. For 17 years, Johnston held various senior positions with the NAIC, including CFO, and served as a team leader and member on the Financial Regulation Standards and Accreditation Program and participated in accreditation reviews of 15 state insurance departments. From 2008 to 2012, Johnston served as the president of the insurance regulatory consulting firm of Rector & Associates, Inc., providing consulting services to insurance companies, insurance regulators, law firms, accounting firms , and

others on a wide variety of insurance regulatory issues. Early in his career, he worked in various financial positions with the Kansas Insurance Department and GE Capital’s Employers Reinsurance Corporation.

CS 4-3: Effective Adoption of Internal Audit Analytics in Financial Services Institutions

Michael Schor, CIA, CPA, CISA

Partner, Risk & Financial Advisory Deloitte & Touche LLP

This session will provide an overview of the automation landscape and how emerging technologies can be

leveraged by internal audit departments to improve their effectiveness and efficiencies. The discussion will

include demonstrations of Robotic Process Automation (RPA) and Cognitive Intelligence (CI) in action, and will

include specific ways that internal auditors can use these tools throughout the internal audit lifecycle. Finally,

we will share leading practices for setting strategy and making the use of these technologies sustainable for

the long term.


Gain an understanding of the current automation landscape, including advanced analytics, Robotic Process Automation, and Cognitive Intelligence

View the “art of the possible” as it relates to the use of automation Understand leading practices when standing up or enhancing an IA Automation function, including key

considerations for a Target Operating Model

Learn practical applications of these emerging technologies throughout the entire internal audit lifecycle

Michael Schor focuses on providing a variety of risk-based services to the financial services industry. He has over 16 years of experience managing all aspects of the internal audit lifecycle, including planning, executing, and reporting of complex business process and IT audit engagements. In addition to his responsibilities delivering internal audit services to the financial services industry, Schor leads Deloitte’s efforts around

automation including data analytics, robotic process automation and cognitive intelligence in the internal audit marketplace.

Tuesday | September 19, 2017 11:15 a.m. – 12:15 p.m. CS 5-1: QAIP in the Small Audit Department Bradley Carroll, CIA, QIAL, CFSA, CRMA, CPA, CFF Director of Internal Audit State Bank Financial Corporation IIA research indicates that five of the top 10 issues cited in External Quality Assurance reviews relate to

Standard 1300: Quality Assurance and Improvement Program, and its subparts . Many audit functions struggle

with the QAIP process, but small audit departments have the deck stacked against them. But there are proven

tactics and strategies to help small functions earn the coveted "generally comply" comment in regard to their

QAIP.


Analyze the results of an EQA.

Look at research conducted on the QAIP process.

Look at one program developed to conform to Standard 1300: Quality Assurance and Improvement

Program for a small audit department.

See a scorecard model developed to present QAIP results to the audit committee.

Bradley Carroll began his career in internal audit with Central Bank LA after graduating from college. Upon the

sale of Central Bank, he moved to an internal auditor position for Carter's Childrenswear and Wachovia Bank.

He then pursued public accounting for the next 14 years, starting and then selling a CPA practice. Carroll

transitioned back into internal audit when he was hired as the CAE of a two-year old $3 billion community

bank using outsourced services for internal audit with the challenge of deve loping and staffing the bank’s own

internal audit function.

CS 5-2: Auditing Information Security from Both Physical and Electronic Perspective

Kaveh Rikhtegar, CPA, CA, CIA, CISA Director, Internal Audit

Canadian Commercial Corporation In today’s business world, IT security (ITS) is a significant risk faced by all corporations. Every day corporations

have their data compromised through various attack methods. As a result, we are significantly dependent on

effectiveness of our process and controls to ensure confidentiality, integrity, and availability of information in

performing our activities. This creates new and significant vulnerabilities and risk which are both financial and

reputational.


Clarify stakeholder’s expectation around information security.

Identify methods to select best practice guidelines in auditing information security.

Learn practical ways to audit information security from physical and electronic perspectives.

Discuss typical observations around auditing information security.

Examine how to effectively report the result of the information security audit.

Kaveh Rikhtegar has worked as a director of internal audit/controls in both the public and private sectors for

more than 20 years with organizations including Deloitte, Canada Post Corporation, Office of the Auditor General of Canada, and Canadian Commercial Corporation. He is an in-demand presenter at industry conferences around the world.

CS 5-3: Risk Culture (How to Audit): Panel Presentation

Moderator Julie Scammahorn, CIA, CRMA

Chief Auditor, North America Citibank

Panelists Rehana Anait

Managing Director, Financial Services PwC Deb Anderson, CIA

Executive Audit Director and EVP

Wells Fargo

Patrick Simonnet Global Head of Audit – Market Behavior & Conduct Credit Suisse

This panel session will discuss how risk culture can be audited in practice and, in doing so, the challen ges that auditors

might encounter.

Julie Scammahorn is responsible for the ongoing assessment of businesses’ risk and control environment

through evaluation of financial, operational, and administrative controls; governance; and risk management

practices as well as adherence to laws, regulations, and Citigroup and Citibank, N.A. policies. She also is the

regional chief auditor for North America, overseeing the program assurance provided over Citi’s businesses

across the region. Prior to joining Citi in 2014, Scammahorn was the general auditor and senior vice president

of American Express Company, and also served as general auditor at Bank of America Corporation (legacy

Countrywide Financial Corporation). Scammahorn started her career in banking with NationsBank (Bank of

America) and was the senior vice president and audit director responsible for the global audits of Banc of

America Securities. She is a member of The IIA’s Financial Services Advisory Board.

Rehana Anait has more than 15 years of experience working with regulators and international financial services institutions. She began her career at the UK regulator, The Financial Services Authority where she assisted with development of the supervisory risk assessment framework. Anait then spent time supervising

banking and capital markets institutions for compliance with regulatory requirements. In 2005 she joined the PwC London banking and capital markets regulatory practice where she led the delivery of large regulatory

compliance and conduct risk design and implementation projects. She also spent 5 years in PwC’s financial services internal audit practice managing and delivering outsourcing and co-sourcing contracts to mid-tier and

large banks. She became an expert in the delivery of internal audit quality assurance reviews and global audit

methodology transformation projects. During this time, Anait supported PwC London’s focus on conduct and culture and now leads the conduct and culture team in PwC’s New York office.

Deb Anderson has over 25 years of experience in audit and risk, and currently leads audit activities related to

conduct and sales practice risks. As part of that coverage, she focuses on key metrics and reporting related to

complaints and allegations as well as the control environment around conduct oversight, complaints , and

allegations management. Anderson has been with Wells Fargo for 15 years, working in various audit

leadership roles focusing on consumer lending, operations, and compliance risk. She also has led special

purpose teams in response to emerging issues. Prior to Wells Fargo, she Anderson worked with GMAC- RFC,

Cargill’s Access Financial, and Norwest Mortgage in audit and risk analyst roles.

Patrick Simonnet joined Credit Suisse in 2014 as the head of audit, market behavior and conduct, before ascending to the role of director. In this role, he assumes global responsibility for the audit coverage of market conduct risk, including the related legal, compliance and regulatory programs , and activities. Previously, Simonnet served as an executive director with JP Morgan Chase’s regulatory change program. He has enjoyed a long career within banking and financial services , having held a number of senior controls and business roles with the Banque de France and the French Futures and Options Exchange (MATIF). Simonnet spent 14 years

with Goldman Sachs in Europe and the U.S., in various roles including COO, international senior project manager for the operations, technology, and finance division, creating and leading Goldman Sachs’ audit programs for divisions including investment and merchant banking, research, sales and trading, before residing in the U.S.

Tuesday | September 19, 2017 1:35 p.m. – 2:35 p.m. General Session 4: Lessons Learned From Recent Federal Reserve Internal Audit Exams at Large Firms In recent years, The Federal Reserve conducted several horizontal reviews of internal audit at large firms. Join

representatives from the Federal Reserve as they cover the lessons learned from a range of practices observed across

firms during these reviews. Gain insight on leading practices and challenges for internal audit from a regulatory

perspective.

In this session, participants will: Understand scope of recent supervisory activities undertaken by the Federal Reserve

Identify lessons learned from internal audit examinations at large firms Describe range of practices observed on internal audit functions at large firms

Moderator Kevin C. Chiu, CPA

Accounting Policy Analyst Division of Banking Supervision and Regulation

Board of Governors of the Federal Reserve System Washington, D.C.

Panelists

Ralph Adkins Lead Risk Management Specialist

Federal Reserve Bank of Chicago

Sheila McKinney, CFSA, CPA, CTA, CISA, CRISC Supervising Examiner, Operational Risk Division

Federal Reserve Bank of New York David Palmer Senior Supervisory Financial Analysist Federal Reserve Board Kevin Chiu is responsible for monitoring and formulating positions on accounting and auditing proposals, standards, and other developments impacting the banking industry. He serves as the Federal Reserve’s representative on the Accounting Experts Group’s Audit Subgroup of the Basel Committee, which focuses on international audit standard-setting proposals and audit quality issues. Prior to joining the Federal Reserve

Board in 2011, Chiu worked at EY in the assurance practice.

Ralph Adkins is a Lead Risk Management specialist on the Data, Operational, and Technology Risk team at the Federal Reserve Bank of Chicago. He began his career with the Federal Reserve Bank of Dallas in 1990, and transferred to Chicago in 2009. In his current role, Adkins focuses primarily on internal audit and operational risk management at large financial institutions. Sheila McKinney is responsible for examining the operational risk and internal controls within the Banking Supervision group at significantly important banking institutions. Previously, she was a vice president at

Alliance Bernstein with responsibility for the finance, risk, corporate functions, and Sarbanes-Oxley audit teams. McKinney also served as vice president and director at Bank of New York with responsibility for

financial reporting for the tri-party administration business of the mutual funds, and served as the CFO for the BNY Hamilton Funds. She also served as a senior audit manager in the accounting and business advisory

services group at PricewaterhouseCoopers, and as vice president and senior audit manager at Banker’s Trust and Deutsche Bank in the Asset Management Division.

David Palmer focuses on several primary topic areas, including banks' capital planning practices, banks' model

risk management practices, banks' and supervisors' stress testing activities, validation of supervisory stress testing models, and banks' internal audit practices. He engages in both policy-related projects as well as on-site examinations. Palmer was a key contributor to the Federal Reserve's supervisory guidance on capital

planning for large firms (SR Letters 15-18 and 15-19), as well as to the Federal Reserve's final rules to implement Dodd-Frank stress testing requirements, and the Federal Reserve's Capital Plan Rule. He was also a

primary author of the Federal Reserve's supervisory guidance on model risk management (SR 11-7), issued jointly with the Office of the Comptroller of the Currency, and continues to lead the implementation of that

guidance within the Federal Reserve. In addition, Palmer serves in a leadership position in the Federal Reserve for evaluating firms' capital planning processes for CCAR and Pillar 2.

Tuesday | September 19, 2017 2:50 p.m. – 4:05 p.m. General Session 5: Managing Difficult Discussions

Diane A. Ross

Founder, Elephant Conversations Ltd. Author of The Elephant in the Office: Super-Simple

Strategies for Difficult Conversations at Work We all need to have difficult conversations on occasion – giving constructive feedback, delivering bad news, or saying no. Mastering the art of difficult conversations is critical for leaders who want to enhance communication with their teams by promptly and confidently saying what needs to be said, increase productivity, and reduce the stress associated with delivering difficult news.


Learn the crucial question you MUST ask yourself before every difficult discussion. Discover preparation strategies that are simple to master, easy to implement, and enable success.

Explore tools to help reduce defensiveness, excuses, denial, arguments, and more. Identify tips to reduce even the strongest pushback during a difficult discussion.

Hear insider secrets to keep yourself calm and your reactions in check.

Diane A. Ross is a fearless conversation mentor who teaches people around the world how to tackle difficult conversations with confidence, poise, and power. A former litigation lawyer turned author and professional speaker; Diane brings a fun and accessible approach to tackling the conversations we’re most afraid to have. She is a Certified Executive Coach and trained in Advanced Negotiation and Mediation at Harvard Law.

monday | september 18, 2017 8:30 9:45 a.m. documents... · leaders advisory council for the mayor...

Documents