• No results found

COMPLIANCE MANAGEMENT SYSTEM

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "COMPLIANCE MANAGEMENT SYSTEM"

Copied!
37
0
0

Loading.... (view fulltext now)

Download now ( 37 Page )

Full text

(1)

2012 New York Directors College

COMPLIANCE

MANAGEMENT SYSTEM

Ensuring Your Bank Meets

Regulatory Standards

2012 FDIC

(2)

2012 New York

Overview of Compliance Exams

Examination Purpose:

– Assess the quality of an institution’s compliance

management system (CMS) for implementing federal consumer protection statutes and regulations;

– Review compliance with relevant laws and regulations; – Initiate appropriate and effective supervisory action

when elements of the CMS are deficient or significant violations of law are found.

– Protects consumers and banks from reputational, legal, and financial risks.

(3)

2012 New York Directors College

Overview of Compliance Exams

Examination approach:

– Risk-focused – direct resources to those operational areas that present the greatest consumer protection risk.

– Process-oriented – concentrate on internal control and monitoring of infrastructure used to ensure compliance.

2012 FDIC

(4)

2012 New York

Overview of Compliance Exams

 Examination approach recognizes that the Board of

Directors and management are ultimately responsible for an institution’s compliance with all federal consumer

protection and fair lending laws and regulations and the Community Reinvestment Act.

 Expectation that the Board and management have a system in place to effectively manage compliance risk, consistent with size of bank and product mix.

– Formality and complexity will vary.

(5)

2012 New York Directors College

Compliance Management System

 A CMS is how an institution:

– Assesses its consumer protection, fair lending, and CRA responsibilities;

– Ensures that employees understand these responsibilities;

– Ensures that requirements are incorporated into business processes;

– Reviews operations to ensure responsibilities are carried out and requirements are met;

– Takes prompt corrective action and updates materials, i.e. disclosures, training, etc. as necessary.

2012 FDIC

(6)

2012 New York

Compliance Management System

 Financial institutions are required to comply with federal consumer protection and fair lending laws and regulations and the CRA.

Ultimately responsible for compliance even if third party providers are used.

 Noncompliance may result in litigation, reputational risk, and formal enforcement actions including restitution,

monetary penalties, and Consent Orders.

(7)

2012 New York Directors College

Compliance Management System

Effective CMS is comprised of three

interdependent elements:

– Board and management oversight;

– Compliance program;

– Compliance audit.

2012 FDIC

(8)

2012 New York

Board and Management Oversight

Key Actions:

– Demonstrate clear and unequivocal expectations about

compliance within the institution and to third-party providers;

 Discuss compliance topics.

 Incorporate compliance matters in communications and meetings.

 Staff should have clear understanding that compliance is important.

– Adopt clear policy statements;

 Provides clear communication to management and employees of the Board’s intentions toward compliance.

 Framework for procedures throughout all operations.

(9)

2012 New York Directors College

Board and Management Oversight

– Appoint compliance officer with authority and accountability;

 Must have sufficient authority and independence.

– Alternative may be compliance committee (may include

representatives from various departments, members of senior management or Directors.)

 Must have knowledge and understanding of all consumer protection and fair lending laws and regulations and CRA.

 Must interact with all departments and branches to keep abreast of changes that may require action due to perceived risk (new products, personnel turnover, change in services, etc.)

2012 FDIC

(10)

2012 New York

Board and Management Oversight

– Allocate resources to compliance functions

commensurate with the level and complexity of

operations;

 Ongoing training

 Sufficient time

 Adequate resources.

– Conduct periodic compliance audits;

 Independent

 Complements internal systems

 Provides for follow-up for corrective action.

(11)

2012 New York Directors College

Board and Management Oversight

Best Practices:

– Compliance is everyone’s responsibility. – All policies include compliance component. – Appoint qualified compliance officer or choose

appropriate third-party.

– Ensure adequate training, including outside training. – Include compliance officer in planning, development,

and implementation of business propositions.

– Provide for recurrent reports by the compliance officer to the Board.

2012 FDIC

(12)

2012 New York

Board and Management Oversight

 Examiner review

:

– Board and committee minutes

 Extent of involvement;

 Training regarding compliance and fair lending;

 Rationale for new or modified policies;

 Consideration of new products or contracts;

 Review of audit and monitoring reports, including corrective action.

– Business strategy

– Allocation of resources to compliance – Response to consumer complaints

(13)

2012 New York Directors College

COMPLIANCE PROGRAM

Policies and Procedures

Monitoring

Training

Complaint Resolution

2012 FDIC

(14)

2012 New York

COMPLIANCE PROGRAM

Policies and Procedures

– Ensure consistent operating guidelines.

– Provide standards to review business

operations.

– Written, approved annually by Board.

– Include goals, objectives, and procedures

reflective of bank practice.

– Detail varies with complexity.

(15)

2012 New York Directors College

COMPLIANCE PROGRAM

Policies and Procedures Examiner Review

– Risk profile of institution

– All compliance related policies and procedures

 Proper goals and objectives

 Effective guidance

 Responsibility assigned

 Periodically reviewed and updated

– Discussions with compliance officer, senior managers, and other personnel

– Unwritten policies and procedures

2012 FDIC

(16)

2012 New York

COMPLIANCE PROGRAM

Monitoring:

– Proactive approach to identify procedural or

training weaknesses in an effort to preclude

violations.

– Regularly scheduled reviews ensures timely

identification of issue.

– “Spot” transaction level reviews on a regular

basis ensures accountability of staff.

(17)

2012 New York Directors College

COMPLIANCE PROGRAM

Monitoring – Examiner Review

– Procedures and/or schedule for various functional areas

 Encompass all applicable regulations?

 Include third party activity?

 Level of transactional review?

– Results of monitoring

 How are errors corrected?

 Appropriate follow-up?

– Discussions with compliance officer, manager, etc.

2012 FDIC

(18)

2012 New York

COMPLIANCE PROGRAM

Training:

– Applies to Board, management, and staff

– Staff – specific, comprehensive training in laws

and regulations, and internal policies and

procedures.

– Establish regular training schedule.

– Periodically assess knowledge and

comprehension.

– Frequently updated.

(19)

2012 New York Directors College

COMPLIANCE PROGRAM

Training – Examiner Review

– Product – electronic, power points, etc.

 Appropriate?

 How updated?

– Records – who attends? how evaluated?

– Schedule – frequency?

– Comprehension – Are personnel tested?

– Effectiveness – Are needs being met?

2012 FDIC

(20)

2012 New York

COMPLIANCE PROGRAM

Complaint Resolution:

– May be indicative of a weakness.

– Establish written procedures:

 Designate responsibility to knowledgeable individual;

 Maintain a list, including oral complaints;

 Report periodically to Board;

 Include procedures for monitoring complaints to or about third parties.

(21)

2012 New York Directors College

COMPLIANCE PROGRAM

Complaint Resolution – Examiner Review

– Policy or written procedures

 Compliance with regulatory requirements? Include appropriate time limits?

– Information on receipt and resolution

 FDIC automated tracking

 Sometimes State Banking Authority records

 Institution’s files

– How evaluated? Weakness identified?

2012 FDIC

(22)

2012 New York Directors College

COMPLIANCE PROGRAM

Best Practices:

– Include information needed to perform business transaction in policies or procedures.

– Use checklists that include second reviews (i.e. recalculating an APR, testing for adequate flood coverage).

– Schedule monitoring based on risk – may be daily, weekly or monthly, etc.

– Establish regular training based on job description.

– Take even one complaint seriously – what caused the issue? May need to look beyond the stated issue.

2012 FDIC

(23)

2012 New York Directors College

Compliance Audit

Independent review.

– Ensures ongoing compliance with consumer protection and fair lending laws and regulations and CRA.

– Ensures adherence to internal policies and procedures. – Complements monitoring system

.

Board should determine scope and frequency of

audit.

One size does not fit all –

Audit function may not

be necessary in very small non-complex

institutions.

2012 FDIC

(24)

2012 New York

Compliance Audit

In-house

– Must ensure independence.

External

– Ensure auditor is knowledgeable;

– Program is current;

– Scope is comprehensive;

– Contracted work is completed.

(25)

2012 New York Directors College

Compliance Audit

Findings reported directly to Board or to committee

of Board.

Written report:

– Scope of audit (dept., branches, product type, etc.); – Deficiencies identified;

– Isolated or systemic;

– Number of transactions sampled;

– Description of corrective action and time frame for follow-up.

2012 FDIC

(26)

2012 New York

Compliance Audit

Examiner Review

– Audit policy, external audit agreement

 Is auditor independent?

– Risk assessment

– Audit committee minutes

– Internal and external audit reports and follow-up

 Appropriate scope?

 Identify name and circumstance of exception

 Cause determined? Action taken?

 Sufficient follow-up?

– Audit schedule – appropriate?

(27)

2012 New York Directors College

Compliance Audit

Best Practices:

– Establish follow-up procedures to verify corrective action was effective.

– Ensure compliance officer receives copy of audit

reports; deficiencies may require change of procedures or additional training.

– Maintain matrix of issues to track correction, responsibilities, verification, etc

.

2012 FDIC

(28)

2012 New York

Case Studies #1

You have been reading about a change in a

regulation that will become effective in a

short time. The industry seems to think it’s

a fairly big deal. What do you need to do to

make sure that it is implemented correctly?

(29)

2012 New York Directors College

Case Study #1

– Understand the change and how it affects your bank. – Plan to implement. Ensure completed within applicable

time frames.

– Understand and monitor the implementation process. – Ensure testing is conducted, including bank systems

working in various scenarios.

– Ensure policies and procedures are updated. – Ensure training is provided on bank procedures. – Ensure monitoring procedures are developed and

implemented.

– Ensure audit treats as high risk area due to revised regulation.

2012 FDIC

(30)

2012 New York

Case Study #2

The marketing officer just provided you with

a presentation of a new product that would

be handled by a third party and really wants

the Board to approve it. What information

should you gather?

(31)

2012 New York Directors College

Case Study #2

–Risk Assessment

–Due Diligence

–If you decide to offer the product:

Contract structure and review

Oversight

– Reference: FIL-44-2008 (Guidance for

Managing Third-Party Risk)

2012 FDIC

(32)

2012 New York

Case Study #3

The bank’s long term internal auditor

decides to retire and there is no other

qualified individual within the institution to

handle the compliance audit function. What

should you consider in ensuring the audit

function is handled appropriately?

(33)

2012 New York Directors College

Case Study #3

Ensure independence.

Compliments the compliance program,

including the monitoring.

In-house or out-sourced?

Oversight of audit at Board level.

Board determines the scope and frequency.

2012 FDIC

(34)

2012 New York

Case Study #4

A new Board member joins the Board and is

curious about her role, including the

compliance risk she recently heard about at

a Directors College. What information would

you give her?

(35)

2012 New York Directors College

Case Study #4

Develop and administer a CMS that ensures

compliance with consumer protection and fair

lending laws and regulations.

Actions must set a positive climate for compliance.

Demonstrate clear & unequivocal expectations

about compliance, not only within the bank, but

also to third party providers.

Adopt clear policy statements.

Appoint a compliance officer with authority,

accountability, and independence.

2012 FDIC

(36)

2012 New York

Case Study #4

Allocate resources to compliance functions

commensurate with the level & complexity of the

bank’s operations.

Ensure appropriate monitoring is being completed.

Conduct periodic compliance audits.

Provide for recurrent reports by the compliance

officer to the Board.

Maintain knowledge through consistent training on

compliance.

(37)

2012 New York Directors College

Directors College 2012

Thank you for your attention.

Any questions or comments?

2012 FDIC

References

Download now ( PDF - 37 Page - 19.75 MB )

Related documents

B[a]P Contamination of Sediment in a Blackstone Valley Streambed

Muscle tissue serves this purpose well, since it has no role in storing or metabolizing B[a]P and is the part of a crayfish‟s body which is most likely to be eaten by

Fair Lending and HMDA Compliance

• The Consumer Financial Protection Bureau (CFPB) supervises and examines insured credit unions with assets of $10 billion or more for compliance with fair lending laws, and

The Polk County Board of County Commissioners. DEPUTY CHIEF - MEDICAL SERVICES (Fire Rescue) - Bartow, Florida -

Functions as a senior manager of the Fire Rescue Division, and coordinates and ensures compliance with the Federal, State of Florida, and Polk County regulations, rules, policies

Counselling Skills and Theory

The British Association for Counselling and Psychotherapy offers guidelines (2011) for counsellor practitioners who work within schools; these counsellors are now seeing

Responding to Non- Compliance with Laws and Regulations

225.35 If the professional accountant suspects that non-compliance with laws and regulations has occurred or may occur, the professional accountant shall discuss the matter with

BEFORE THE PENNSYLVANIA HOUSE CONSUMER AFFAIRS COMMITTEE

consolidated tax savings adjustment has been recognized by the Commission and the Pennsylvania Courts for decades as part of establishing just and reasonable rates under Section

Samsung Engineering Co., Ltd.

By operating the Compliance Program, Samsung Engineering ensures that its employees comply with all applicable laws and regulations when carrying out day-to-day business and that

Code of Conduct ACS-DOBFAR

The control system, as a whole, helps to ensure: compliance with laws; internal procedures; strategies and corporate policies; achievement of the set objectives; protection of