risk management and regulatory examination/compliance seminar€¦ · bnp paribas bnp paribas usa,...
TRANSCRIPT
Risk Management and Regulatory Examination/Compliance Seminar
October 27, 2015
Eric Young CCO-Americas and CCO-IHC
2
Information contained in this document does not imply that decisions have been made to take specific action. Any decisions / implementation actions will take place within the required social and legal processes.
I. Volcker Rule: Overview of the Compliance Program
3
Information contained in this document does not imply that decisions have been made to take specific action. Any decisions / implementation actions will take place within the required social and legal processes.
CONFIDENTIAL Internal use only CBSR Project
Overview of the 6 Pillars of Volcker Rule Compliance Program
Written policies and procedures reasonably designed to document, describe, monitor & limit: • Exempted or excluded trading activities including setting, monitoring and managing limits. • Exempted or excluded activities and investments with respect to a covered fund.
Policies and Procedures Policies and Procedures
System of internal controls to include, but not limited to: • monitor on-going compliance with Volcker requirements (e.g., monitoring of MMI limits,
new activities/investments, out of scope activity, etc.) • ensure escalation of breaches and implementation of remedial actions.
Internal Controls Internal Controls
• Appropriate management review of trading limits, strategies, hedging activities, investments, incentive compensation and other matters.
• Responsibility and accountability.
Management Framework
Management Framework
Independent audit of the effectiveness of the Compliance Program conducted at least annually.
Metrics & Recordkeeping
Metrics & Recordkeeping
The Volcker Compliance Program:
Independent Testing
Independent Testing
Training applicable front, middle, and back office personnel including all level of management. Training Training
• Quantitative metrics related to certain proprietary trading activities to be produced. • Records to be maintained at least 5 years to demonstrate compliance.
1 1
3 3
2 2
6 6
4 4
5 5
4
Information contained in this document does not imply that decisions have been made to take specific action. Any decisions / implementation actions will take place within the required social and legal processes.
CONFIDENTIAL Internal use only CBSR Project
The Volcker Compliance Program: Policies and Procedures (Group & Business line level)
Leverage Existing Policies and Enhance as Necessary: • New product/business review • Bank investments policy (BHCA) • Conflicts of interest • Employee compensation • Risk management procedures
Trading Desk Procedures
Designed specifically to address exemption/exclusion being relied upon (e.g., trade mandates, desk procedures, hedging procedures, etc.
Policies & Procedures Policies & Procedures
Internal Controls Internal Controls
Management Framework
Management Framework
Independent Testing
Independent Testing
Training Training
Metrics & Recordkeeping
Metrics & Recordkeeping
Global Enterprise-Wide Policies
General requirements of Volcker (e.g., definition, prohibited activities, exemptions/exclusions, global governance framework, etc.)
Description of global business line (e.g., BNP Paribas Corporate & Institutional Banking), description of Volcker activities, management framework, escalation procedures, etc.
Business Line Policies & Procedures
5
Information contained in this document does not imply that decisions have been made to take specific action. Any decisions / implementation actions will take place within the required social and legal processes.
CONFIDENTIAL Internal use only CBSR Project
Management Framework
The Volcker Rule controls are being embedded in the existing control framework. New Global Volcker Office created to manage the global Volcker Compliance Program. Volcker Office housed within the Compliance function with locations in Paris, New York, London and Hong Kong.
Business Line Volcker Committees (BNPP Internal Controls Committee) • Existing “Internal Controls Committee” expanded to include a Volcker review.
On-going Volcker-related issues are reviewed and escalated to the management through this forum.
Group Board of Directors
ISSUE ESCALATION PROCESS Policies and Procedures Policies and Procedures
Training Training
Metrics & Recordkeeping
Metrics & Recordkeeping
The Volcker Compliance Program:
Various Internal Control Functions (1st level and 2nd Level) • Review of trading desk mandates, monitoring of MMI limits, review of
relevant daily metrics, etc.
Group Executive Committee
Global Internal Control Committee (GICC) Internal Controls Internal Controls
Management Framework
Management Framework
Independent Testing
Independent Testing
Volcker Office:
Oversight of G
lobal Com
pliance P
rogram
6
Information contained in this document does not imply that decisions have been made to take specific action. Any decisions / implementation actions will take place within the required social and legal processes.
CONFIDENTIAL Internal use only CBSR Project
Internal Controls & Independent Testing
Important to clearly define with role of business line, Compliance, Internal Audit and other functions.
Global Sub-Attestation
Conflicts of interest
Compensation
Training
Controls to ensure that permitted activity continue to meet the specific requirements & restrictions related to the relevant exemption/exclusion (e.g. MMI limit monitoring, etc.)
Global and regional sub-certification by heads of business lines as well as functions
Controls to monitor that conflicts of interest between BNPP and its clients are appropriately monitored, prevented and resolved (leverage on existing controls)
Review of employee compensation including committees to rate employees against control metrics
Training of all applicable global and regional employees
Examples of Key 1st and 2nd Level Controls Policies and Procedures Policies and Procedures
Training Training
Metrics & Recordkeeping
Metrics & Recordkeeping
Management Framework
Management Framework
Internal Controls Internal Controls
The Volcker Compliance Program:
Independent Testing
Independent Testing
New group investments
New activities
Monitoring of out of scope activities
Monitoring of in-scope activities
Investment in or “control” (BHCA definition) of iother entities by BNPP
Review of new products/activities/business lines
Appropriate controls to ensure that excluded activities continue to meet requirements of the relevant exclusion and remain out of scope
Independent Testing: 3rd Level of C
ontrol
7
Information contained in this document does not imply that decisions have been made to take specific action. Any decisions / implementation actions will take place within the required social and legal processes.
CONFIDENTIAL Internal use only CBSR Project
Training & Metrics/Recordkeeping
� Create and retain records sufficient to demonstrate compliance and support the operations and effectiveness of the compliance program.
� Retain these records for no less than 5 years or such longer period as required
Funds activities &
investments
Training
• List of Volcker trading desks and corresponding exemptions/exclusions
• Documentation around production and review of metrics
• Documentation supporting the impact assessment performed • Volcker analysis conducted for new activities/businesses
• The list of employees that have been trained for the Volcker Rule (combination of live and electronic)
• Created “Train the Trainers” program and training program for independent testers
• An accurate list of funds sponsored or invested in indicating the exclusion or exemption being relied on
• For each fund sponsored or invested in, the documentation supporting the determination of the elected exclusion or exemption
Volc
ker R
ule
requ
irem
ents
Im
plem
enta
tion
with
in B
NPP
Controls & remediation
• Volcker Committee packages and minutes • Issues escalated/remediation plans, etc.
Policies and Procedures Policies and Procedures
Management Framework
Management Framework
Internal Controls Internal Controls
Independent Testing
Independent Testing
Metrics & Recordkeeping
Metrics & Recordkeeping
The Volcker Compliance Program
Training Training
Trading activities
Impact Assessment
8
Information contained in this document does not imply that decisions have been made to take specific action. Any decisions / implementation actions will take place within the required social and legal processes.
II. Intermediate Holding Company
9
Information contained in this document does not imply that decisions have been made to take specific action. Any decisions / implementation actions will take place within the required social and legal processes.
BNP Paribas’ U.S. Intermediate Holding Company (IHC)
The Federal Reserve’s Enhanced Prudential Standards require a foreign banking organization (FBO) with more than $50 billion in U.S. non-branch assets to consolidate its U.S. legal entities under an intermediate holding company (IHC) and to manage risk across its combined U.S. operations (CUSO)
BNP Paribas
BNP Paribas USA, Inc. (IHC)
BancWest
Bank of the West
First Hawaiian Bank
BNP Paribas North America
Sec. Corp.
PBI
Other IP Entities
Other U.S. Subsidiaries
BNP Paribas’ U.S. Branches, Agencies, and Representative
Office
Combined U.S. Operations (CUSO)
Group
U.S.
Enterprise-wide Compliance
activities roll-up, reporting, and
analytics
Day-to-day Compliance
activities
| IHC Program | 10
Governance structure: CUSO/IHC
Audit Committee Risk Committee
Board of Directors
CCO CFO
CEO
CIO
Treasurer
Chairman
CDO
Head of HR
Gen. Counsel General Auditor
Compensation Committee
Board Secretary
CU
SO/IH
C
Boa
rd
CU
SO/IH
C E
xecu
tive
Mgm
t. Te
am
Entit
y
BWE CIB/IS
IHC Governance Structure
CRO
CRO CRO CCO CCO
CU
SO/IH
C E
xecu
tive
Mgm
t. Te
am
| IHC Program | 11
IHC Risk Committee
� Oversees and is otherwise responsible for the risk management of BNPP’s operations.
� Approves and provides ongoing oversight of management’s
risk management framework, including:
1) identification and assessment of risk, including emerging risks; 2) implementation of appropriate control processes to manage
those risks; 3) review and approval of policies and processes to manage and
control risk, and for risk management governance; 4) oversight of compliance with relevant laws and regulations, and 5) maintenance of a clearly articulated risk appetite statement that
aligns with the risk appetite of BNPP. � Approves and periodically reviews capital planning
processes on capital adequacy, capital actions, capital policies, capital plan, and stress test activities.
� Risk areas subject to Committee oversight include:
• credit, market (including interest rate);
• liquidity • operational
(including technology, cyber, data security and business continuity risks);
• Compliance; • Legal, and • reputational risks.
Purpose and Role
| IHC Program | 12
IHC Risk Committee
� Executive Management • Sets objectives for the Chief Risk Officer and
reviews performance and compensation against those objectives.
� Enterprise Risk
• Annually reviews and approves enterprise risk management framework.
� Credit Risk
• Oversees significant credit policies; reviews and approves material revisions to such policies.
� Market Risk
• Oversees significant policies governing the management of market risk, and reviews and approves any material revisions to such policies.
� Liquidity Risk
• Annually approves acceptable level of liquidity risk tolerance that BNPP may assume in connection with its operating strategies.
Key Oversight Responsibilities
� Operational Risk • Reviews consolidated reports on operational
risk, which includes key risk indicators.
� Compliance Risk • Annually reviews and considers for approval any
compliance risk policies recommended to it by management and otherwise oversees the implementation of the compliance program.
� Regulatory Risk
• Reviews regulatory examination reports and any correspondence addressed to the Board of Directors, including areas of criticism for less-than-satisfactory ratings.
� Cyber Risk
• Oversees business continuity programs.
� Compensation* • Collaborates with compensation committee to
integrate risk management and associated controls with management goals and compensation structure.
* Impacted if employee is non-compliant
| IHC Program | 13
Appendix
| IHC Program | 14
IHC Operating Committee Weekly
Program Sponsors: Program Manager:
U.S. IHC Steering Committee Monthly
S: Sponsor PM: Project Manager PMO: Project Management Office (Facilitator)
Wor
kstr
eam
s
Finance
Risk Compliance Structuring CCAR
ALM-T
FinReg
IT S: PM: PMO:
HR S: PM: PMO:
Note: Subject Matter Experts to bring their expertise on an ad-hoc basis in the Workstreams
Data Governance S: PM: PMO:
Governance S: PM: PMO:
Audit S: PM: PMO:
Regulatory relations S: PM: PMO:
Central PMO • Program office: • Costs: • Business Impact & Alignment: • Communication: • Roadmap & Milestones:
Global IHC Steering Committee Quarterly
IHC Implementation Org Chart
15
Information contained in this document does not imply that decisions have been made to take specific action. Any decisions / implementation actions will take place within the required social and legal processes.
U.S. Regulatory Expectations Regarding Compliance Risk
Enterprise-wide Compliance
Management & Oversight
Governance
Compliance Activities
Compliance Personnel
1. Compliance Risk Management Programs and Oversight at Large Banking Organizations with Complex Risk Profiles
Required by Enhanced Prudential Standards to implement an enterprise-wide risk management framework, including over compliance risk
Expected by the Federal Reserve to establish integrated compliance programs for the CUSO/IHC, as outlined in SR 08-81
U.S. regulatory expectations for FBOs regarding Compliance risk Dimensions of regulatory expectations
16
Information contained in this document does not imply that decisions have been made to take specific action. Any decisions / implementation actions will take place within the required social and legal processes.
Scope of the CUSO/IHC Compliance Program
Scope of Compliance responsibility includes defined operational functions and independent risk oversight
1. The CUSO/IHC Compliance Function owns the CUSO/IHC Transactions with Affiliates Policy. The CUSO/IHC Finance unit is responsible for its implementation.
In Scope Compliance Activities
Applicable Regulations Compliance Regulations
(e.g., Regulation O, Regulation W, Bank Secrecy Act (BSA),
Regulation Z, Regulation B, U.S. federal and state insurance regulations,
broker-dealer regulation, French banking
regulations)
Out of Scope Regulations
Other Banking Regulations (e.g., regulations relating to
capital planning and adequacy, and liquidity
risk management)
Non-Banking Regulations (e.g., regulations relating to tax, employment, and the
environment)
Out of Scope Compliance
Activities
Transactions with Affiliates1
NOTE: Oversight from some independent risk function
required
Risk Inventory Risk Assessment
Risk Profile Setting and Monitoring
Annual Compliance
Planning
Compliance Policies and
Training
Surveillance, Testing &
Monitoring
Issue Management Reporting