Board Oversight Plan of Risk Management, Internal Audit, and COPS Programs



Similar documents
Internal Audit Plan. Date Prepared: June 27, Date Revised: December 7, nd Date Revised: December 15, 2011

Wells Fargo - Board Of Corporate Marketing

How To Manage Risk At Atb Financial

Morgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers

Version: 2 Date: July 12, 2011

DTCC RISK COMMITTEE CHARTER

Federal Home Loan Bank Membership Version 1.0 March 2013

FIRST REPUBLIC BANK DIRECTORS ENTERPRISE RISK MANAGEMENT COMMITTEE CHARTER

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))

Date: August 10, 2011

Any business relationship between a bank and another entity, by contract or otherwise

II. Compliance Examinations - Compliance Management System. Compliance Management System. Introduction. Board of Directors and Management Oversight

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

Are You Ready for the New Foreclosure Processing Regulations?

Board of Directors and Senior Management 2. Audit Management 4. Internal IT Audit Staff 5. Operating Management 5. External Auditors 5.

The ADT Corporation. Audit Committee Charter. December 2014

GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES

COMPLIANCE GUIDELINE April 2009

NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE

Sample risk committee charter

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization

COMPLIANCE MANAGEMENT SYSTEM

Version: 5 Date: October 6, 2011

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

CORPORATE GOVERNANCE GUIDELINES

TO CREDIT UNIONS DATE: June 10, 1998

Sajan, Inc. and Its Subsidiaries. Audit Committee Charter. As of August 1, 2014

GUIDANCE FOR MANAGING THIRD-PARTY RISK

The Role of Internal Audit in Risk Governance

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

Time Warner Cable Inc. Audit Committee Charter. Effective February 14, 2013

6/8/2016 OVERVIEW. Page 1 of 9

UNITED STATES OF AMERICA BEFORE THE BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, DC.

Compliance Risk Management Survey A Point of View

AUDIT COMMITTEE CHARTER

SUMMARY MINUTES OF THE INFORMATION SYSTEMS ADVISORY COMMITTEE MEETING Friday, September 12, 2014

Operational Risk Management Program Version 1.0 October 2013

CORPORATE GOVERNANCE GUIDELINES

WELLTOWER INC AUDIT COMMITTEE CHARTER

AMPLIFY SNACK BRANDS, INC. AUDIT COMMITTEE CHARTER. Adopted June 25, 2015

Part A OVERVIEW Introduction Applicability Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...

TECHNOLOGY SOLUTIONS FOR THE INTERNAL AUDITOR

COUPONS.COM INCORPORATED CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

SYNACOR, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER. As adopted by the Board of Directors on November 16, 2011

Fortifying the Three Lines of Defense to Combat Compliance Risk

Charter. Regulatory and Compliance Committee

WEATHERFORD INTERNATIONAL plc AUDIT COMMITTEE CHARTER Approved: September 25, 2015

HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS ORGANIZATION AND MEMBERSHIP REQUIREMENTS

Goldman Sachs Residential Mortgage Servicing Vendor Management Policy Addendum U.S.-Based Program

Subject: Safety and Soundness Standards for Information

AMERICAN AIRLINES GROUP INC. AUDIT COMMITTEE CHARTER

Audit Committee Charter

GENERAL MILLS, INC. AUDIT COMMITTEE CHARTER

How To Set Up A Committee To Check On Cit

FERRARI N.V. AUDIT COMMITTEE CHARTER (Effective as of January 3, 2016)

MINNESOTA MUTUAL COMPANIES, INC. Guidelines of the Audit Committee of the Board of Directors

Improving Financial Performance, Governance and Compliance

PMO Director. PMO Director

OCC 98-3 OCC BULLETIN

Safety Management Program

Board Risk & Compliance Committee Charter

Managing specialty finance compliance requirements with a compliance management system

The Procter & Gamble Company Board of Directors Audit Committee Charter

PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2

Broker-Dealer and Investment Adviser Compliance Programs

Exponent, Inc. Charter of the Audit Committee of the Board of Directors (as amended through December 10, 2015)

UNITED STATES OF AMERICA BEFORE THE BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, D.C.

CHARTER OF THE FINANCE AND RISK MANAGEMENT COMMITTEE OF THE BOARD OF DIRECTORS OF SPECTRA ENERGY CORP (April 2013)

IMPLEMENTATION NOTE. Data Maintenance at IRB Institutions. Category: Capital. I. Introduction. No: A-1 Date: January 2006

FORTRESS TRANSPORTATION AND INFRASTRUCTURE INVESTORS LLC CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS MAY 11, 2015

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER

Industry Sound Practices for Financial and Accounting Controls at Financial Institutions

INTEGRATED SILICON SOLUTION, INC. CORPORATE GOVERNANCE PRINCIPLES. Effective January 9, 2015

POLICY MANUAL. Responsibility: Approved by: Last Approval Date:

Mission/Purpose: Committee Responsibilities:

Basel II, Pillar 3 Disclosure for Sun Life Financial Trust Inc.

INVITAE CORPORATION CORPORATE GOVERNANCE GUIDELINES

DTE ENERGY COMPANY AUDIT COMMITTEE CHARTER

MISSION VALUES. The guide has been printed by:

Audit Committee Charter Altria Group, Inc. In the furtherance of this purpose, the Committee shall have the following authority and responsibilities:

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.

Module 6 Essentials of Enterprise Architecture Tools

Risk Management of Outsourced Technology Services. November 28, 2000

CHARTER FOR THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS PERVASIVE SOFTWARE INC.

Guideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016

UNIVERSAL AMERICAN CORP. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

Antifraud program and controls assessment grid*

Version: 2.0 Date: December 9, 2011

Putting the Management Back in Vendor Management February 20, 2014

CVS HEALTH CORPORATION A Delaware corporation (the Company ) Audit Committee Charter Amended as of September 24, 2014

JAZZ PHARMACEUTICALS PLC CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

Managing Sub-Servicing Partnerships

Managing Risk at Bank of America Corporation. Overview

Internal Controls and Risk Management Report

FFIEC Cybersecurity Assessment Tool

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

IT Transformation for Health Care

AUDIT COMMITTEE CHARTER IRADIMED CORPORATION

Revised May Corporate Governance Guideline

Transcription:

Board Oversight Plan of Risk Management, Internal Audit, and COPS Programs Date Prepared: June 27, 2011 Page 1

The Order states: Within ninety (90) days of this Order, the Board shall submit to the Regional Director an acceptable written plan to strengthen the Board s oversight of the Association s risk management, internal audit, and compliance programs concerning the residential mortgage loan servicing, Loss Mitigation, and foreclosure activities conducted by the Association. Response In order to ensure effective oversight of risk management, compliance and internal audit at EverBank, the Board of Directors (the Board) at oversees the establishment and maintenance of an environment that facilitates independent oversight and review of EverBank s residential mortgage servicing, mortgage modification, mortgage foreclosure, and related mortgage loss mitigation activities (collectively, Mortgage Servicing Activities). In furtherance of that oversight responsibility, EverBank has implemented the following changes in its Risk Management, Compliance Oversight and Process Support (COPS), and Internal Audit Departments: 1. Establishment of a centralized compliance oversight function through the merger of the Compliance and Quality Control Departments. Response: EverBank initiated an enterprise-wide effort to expand and enhance its compliance and regulatory oversight functions in April 2010. At the core of this initiative was the creation of the centralized Compliance Oversight and Process Support ( COPS ) Department, which merged EverBank s Compliance and Quality Control ( QC ) Departments into a centralized department reporting to EverBank s General Counsel. In October 2010 EverBank appointed a dedicated Director of Regulatory Compliance responsible for the management of Compliance. Compliance engaged the firms of Buckley Sandler, LLC and Treliant Risk Advisors, LLC in April 2010 to consult with EverBank on the construct of compliance functionality. In addition, Compliance oversight of mortgage production and Residential Mortgage Loan Servicing, Loss Mitigation and Foreclosure activities was expanded to include other key areas of the bank. 2. Establishment of reporting structures to ensure that Risk Management, COPS, and Internal Audit have appropriate authority and independence to conduct their required reviews and oversight. Response: EverBank has established an organizational structure that supports the independence of Risk Management, Internal Audit and Compliance programs and provides requisite authority for execution of departmental responsibilities. The Risk Management function is headed by EverBank s Chief Risk Officer and holds the title Vice Chairman. The Chief Risk Officer reports indirectly to the Chairman of the Board. Risk Management operations are segregated from business unit functions thereby facilitating independent oversight of risks. Page 2

Internal Audit reports directly to the Board of Directors Audit Committee and reports to the Chief Risk Officer for administrative functions. Compliance management reports directly to EverBank s General Counsel and routinely submit reports to the Regulatory Compliance Committee. Compliance is completely segregated from business units and as such maintains the necessary independence to execute its role without interference. 3. Development of policies and enhancements to the compliance program to formalize roles and responsibilities within the compliance function and provide a framework for monitoring and testing compliance with legal and supervisory requirements. Response: EverBank Executive Management previously identified that a formal Compliance Management System needed to be adopted by the organization. In response, EverBank engaged various outside firms to assess the organizations compliance management practices. As a result of the engagements and identification of the need for a formalized Compliance Management System, EverBank s Compliance Management Program Policy (the Policy ) was presented and approved by EverBank s Board of Directors on October 25, 2011. This document specifies the practices, roles and responsibilities for the COPS Department in management of compliance oversight and reporting to EverBank s Management, Committees and Board of Directors. 4. Development of detailed testing procedures to address specific legal and supervisory requirements related to Mortgage Servicing Activities. Response: While testing procedures have been enhanced to include regulatory components, a formal project is underway to conduct a full review of testing protocols. The plan associated with the initiative is scheduled for delivery in January, 2012 and will be provided to the Consent Order Office for monitoring. Reporting against progress will be incorporated into EverBank s CTR. 5. Enhancement of Internal Audit s oversight of mortgage servicing by increasing the frequency of audits, strengthening the standards by which audits are conducted, and adding staff, technology resources, and training. Response: EverBank s 2012/2013 Internal Audit Plan, as well as periodic updates to the Oversight Committee, addresses the added emphasis toward audit of Mortgage Servicing activities. To support increased frequency of audits, the Plan presents a proposal to increase the staff complement of the Financial/Operations (Fin/Ops) Team, which has the lead responsibility for these Mortgage Servicing audits and those of other areas with responsibilities identified in the corrective action plan for the Consent Order. 6. Internal Audit s evaluation of the frequency and depth of audit plans in all Mortgage Servicing Activities, with adjustments to its audit schedule and scope made accordingly if external or internal events indicate such a need. Response: Internal Audit s 2012/2013 was developed with an increased focus on Residential Mortgage Loan Servicing, Loss Mitigation and Foreclosure activities. In communication with the Audit Committee, Internal Audit continues to convey the fluidity of annual plans, as well as the necessity of scheduling agility to address events of a sudden or urgent nature. The status of this effort is 100% complete and evidenced in the Internal Audit Plan. Page 3

7. Internal Audit s ongoing analyses of key performance indicators and other trending data between scheduled audits, with an initiative to perform such data analyses relating to Default Servicing. Response: Internal Audit s Investigations/Support team has begun a continuous auditing initiative, and is working on its pilot project, a review of Foreclosure s Key Performance Indicators (KPIs). The status of this effort is ongoing. Tracking of progress for this initiative will be integrated into the Consent Order Office CTR. 8. Internal Audit s evaluation, and ultimately selection, of audit software tools for data mining and analysis, anticipated to be in place by year-end 2011. Response: An initiative is underway to evaluate continuous auditing software for usage by EverBank s Internal Audit Department. The timeline for completing an evaluation and software selection is second quarter 2012. In the interim, a pilot project is underway to evaluate and trend Foreclosure KPI data to determine how EverBank might employ such software. Tracking of progress for this initiative will be integrated into the Consent Order Office CTR. 9. Hiring of additional subject matter expertise, from an audit perspective, for Default, Foreclosure, and Loss Mitigation, with additional staffing additions expected in 2011. Response: The search for qualified staff with requisite subject matter expertise is ongoing. Resources were added in October 2011 with loss recovery / mitigation experience and the department is actively recruiting for others. Funding has been established in the 2012 budget for supplementing staff resources as needed through the engagement of consultants/smes as necessary. This effort is ongoing. 10. Implementation of a Board-level Risk Committee providing strategic oversight to EverBank s risk management. Response: EverBank created a board level Risk Committee on July 26, 2011. 11. Formalization of a Chief Risk Officer position that reports to the Risk Committee. Response: EverBank created a Chief Risk Officer position on July 26, 2011. The Chief Risk Officer reports indirectly to the Chairman of the Board. 12. Formalization and addition of resources to an Enterprise Risk Management (ERM) Team that will provide framework and governance enterprise-wide. Response: Formalization of an Enterprise Risk Management program within EverBank began includes the designation of a Chief Risk Officer and board level Risk Committee which has been implemented. In addition, resourcing a senior executive level leader for operational management of the ERM program has been completed. Staffing of the ERM initiative has been facilitated by the addition of five additional resources with supplemental staffing gained through outsourcing of certain functions to a third party vendor. As ERM functions evolve, staffing will be reviewed on an ongoing basis to assure resource adequacy. 13. Adoption of standards and categorizations related to risks, controls and associated training for all officers. Response: EverBank has adopted a Risk Taxonomy and has presented same in officer training sessions conducted throughout EverBank. In addition to the Risk Taxonomy, the training sessions covered how risk management is viewed within EverBank, usage of Page 4

common language, and how to mitigate risks within business units. Training was conducted in March, April and June of 2011. 14. Enhancement of the annual risk assessment process and a quarterly update of any changes made to a high or critical risk or control reported to the ERM office. Response: Annual Risk Assessments were in existence for several years under FDICIA programs within EverBank. The program has been enhanced through the implementation of a formal review facilitated by the ERM Team. An additional enhancement is migration of the risk assessment to the platform which will enable reporting and mapping against EverBank s Risk Taxonomy. The migration to the platform is scheduled for first quarter 2012 and is 80% complete. Tracking of progress for this initiative will be integrated into the Consent Order Office CTR. 15. Development of a process for all significant general ledger accounts to be tested and reported on a quarterly basis to the ERM office. Response: The review of significant GLs has been enhanced through the addition of dedicated ERM staff with an accounting background. The review process has been formalized and is 100% complete. 16. Centralization of reporting for the Consent Order Compliance Tracking Report. Response: In response to the Consent Order, EverBank created a Consent Order Office to oversee activities committed to in EverBank s Consent Order response, to monitor progress against plan, and report on these activities to EverBank s Board Oversight Committee, Senior Management, and Regulators. 17. Increased staffing of both COPS and Legal Departments to accommodate increased reviews and workloads. Response: The Legal Department has hired several attorneys and support staff within the last year to help support EverBank s growth company-wide. Currently, EverBank has two attorneys dedicated Servicing, loss mitigation and foreclosure activities, one of which also supports company-wide, risk management issues. It has other attorneys that provide corporate governance and reporting support to the Oversight Committee and Board of Directors. The COPS department has created an organization structure that significantly increases staffing to support EverBank and specifically Residential Mortgage Loan Servicing, Loss Mitigation, and Foreclosure activities. In the Servicing unit, COPS has increased staff to include two managers and eleven staff members to provide compliance oversight. Open positions exist in the Servicing structure and are anticipated to be filled in the first quarter 2012. Tracking of progress in completing the staffing structure will be integrated into the Consent Order Office CTR. 18. Enhancement of governance by the ERM Team of all categories of risks to meet requirements as defined by our current and future regulatory agencies, and will continue to enhance the process for independent testing and monitoring of enterprise wide risks and controls. Response: Development of the ERM structure has been implemented within EverBank and is reviewed on an ongoing basis in response to changing industry and market requirements. While risk assessments were in existence, a significant effort is underway to review and Page 5

evaluate risks across the company and to identify/affirm mitigating controls. This effort is scheduled for completion in first quarter 2012 and is 90% complete. 19. Development of a roadmap to lay out the framework, structure and major milestones of how EverBank will continue to improve and sustain the governance of risks and controls. Response: EverBank s ERM team has developed an ERM Roadmap which identifies and prioritizes risk management initiatives which will be undertaken over the next several years. The ERM Roadmap was included in the updated Risk Management Plan. 20. Implementation of a new risk tracking and reporting system, to provide enhanced tracking, monitoring and reporting from the aggregate to the individual control levels, to ensure decisions makers have the relevant information to make appropriate decisions. Response: EverBank s ERM Team is in the process of rolling out a Governance, Risk and Compliance (GRC) application titled to the bank. is a robust and respected risk management application which is highly rated by Gartner s Magic Quadrant review of similar software. The application has several modules and the Vendor Management function is in production. The controls module is staged and awaiting population. The content to be used in populating the application is being developed and is 90% complete. The system will be populated and in production in the first quarter 2012. To strengthen Board oversight of Risk Management, Internal Audit, and COPS programs related to mortgage servicing, the Board will ensure that teams and departments are conducting independent testing, and monitoring enterprise-wide risks and controls in an effective and timely manner across Mortgage Servicing Activities including those that are newly developed or have been recently enhanced. The Board will oversee functions, reporting structures, policies, procedures, and enhancements, specifically related to Mortgage Servicing Activities, to ensure adequacy. The Board will utilize enhanced reporting that incorporates information from Mortgage Servicing Activities to ensure its understanding of EverBank s activities and the exposure these activities pose to EverBank and. To specifically strengthen EverBank s risk management process, the ERM Team will implement governance to cover all areas of risk as defined by regulatory examination standards for large banks. Deficiencies in, or non-compliance with, laws, rules, regulations or policies relating to Mortgage Servicing Activities (collectively, Deficiencies) identified by Risk Management, COPS, or Internal Audit, are communicated promptly to the appropriate business unit, executive management or Board Committee, including the Regulatory Compliance Committee and the Operational Risk Committee. All deficiency findings are reported to the Board s Audit Committee, with material deficiencies, to the extent applicable, reported to the full Board. EverBank has established reporting structures to ensure that Risk Management, COPS, and Internal Audit have appropriate authority and independence to conduct their required reviews and oversight. Page 6

The Director of COPS reports directly to EverBank s General Counsel, and chairs and regularly submits written reports to the Regulatory Compliance Committee. COPS operates wholly independent of EverBank s business operations. The Director of Internal Audit issues directly to the Board s Audit Committee certain audit reports documenting any Deficiencies and corrective actions necessary to remediate any such Deficiencies. EverBank s Chief Risk Officer exercises direct control of Risk Management, holds the title of Vice Chairman of the Board, and reports indirectly to the Chairman of the Board. Risk Management s operations are segregated from EverBank s business operations, thereby facilitating independent oversight of risks to EverBank and help identify and mitigate Deficiencies. Risk Management, COPS and Internal Audit have the authority to conduct appropriate oversight and reviews of business processes and identify potential Deficiencies, direct corrective actions relating to Deficiencies, and ensure remediation in connection therewith. The Board is kept abreast of Deficiencies and remediation related to these Deficiencies through regular Board reporting. Any enhancements, developments, and/or material changes to EverBank s processes, procedures, and polices are provided to the Board through regular Board reporting to ensure the Board remains aware and involved in the oversight of EverBank s activities, whether existing, enhanced, or newly developed, related to Mortgage Servicing Activities. The Board of is committed to full compliance with the Consent Order. Additional details on Risk Management, Internal Audit, and COPS Departments can be found within EverBank s plans, programs, policies, procedures and processes on the enclosed CD. Page 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information