COMPLIANCE MANAGEMENT SYSTEM

Similar documents
II. Compliance Examinations - Compliance Management System. Compliance Management System. Introduction. Board of Directors and Management Oversight

Compliance Management Systems (CMS) Division of Depositor and Consumer Protection

COMPLIANCE MANAGEMENT SYSTEM

BOARD OF DIRECTORS RESPONSIBILITIES FOR COMPLIANCE MANAGEMENT SYSTEMS

Compliance Management Systems A Blueprint for Success

CFPB Consumer Laws and Regulations

Board of Directors and Management Oversight

GUIDANCE FOR MANAGING THIRD-PARTY RISK

Regulatory Examination Process

Report of Examination Page 1 Template; Sample Report of Examination ( Bank of Anytown )

Mortgage Banker Examination Overview

VII 4.1. VII. Unfair and Deceptive Practices Third Party Risk. Third Party Risk. Introduction. Background

Any business relationship between a bank and another entity, by contract or otherwise

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C.

Board Responsibility. A bank can outsource a task, but it cannot outsource the responsibility.

Third-Party Risk Management: Busting Myths and Telling Truths

Vendor Management Compliance Top 10 Things Regulators Expect

Community Bank Risk-Focused Consumer Compliance Supervision Program

Statement of Guidance: Outsourcing All Regulated Entities

VII 5.1. VII. Abusive Practices Third Party Procedures. Third Party Risk. Introduction. Background

Risk Profile and Scope Memorandum Template; Sample Risk Profile and Scope Memorandum

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. In the Matter of CONSENT ORDER, ORDER FOR RESTITUTION, AND ORDER TO PAY CIVIL MONEY PENALTY

IX 2.1. IX. Retail Sales Insurance. Retail Insurance Sales. Introduction. Regulatory and Policy Requirements. Examination Procedures

Vendor Management Compliance Top 10 Things Regulators Expect

FinTech Webinar Series: Vendor Management Principles

OCC 98-3 OCC BULLETIN

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

AUDIT COMMITTEE BEST PRACTICES CHECKLIST

BANK EXAMINERS MANUAL FOR AML/CFT RBS EXAMINATION

The CFPB and Medical Collections: Unknown Territory in the Face of Sweeping Regulatory Change

Vendor Risk Management in the New Regulatory Environment. kpmg.com

PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2

How To Manage Risk At Atb Financial

Supervisory Highlights

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C.

Risk Management of Outsourced Technology Services. November 28, 2000

The ADT Corporation. Audit Committee Charter. December 2014

Large Bank Supervision

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C.

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))

Information Technology

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

The FDIC s Response to Bank Secrecy Act and Anti-Money Laundering Concerns Identified at FDIC-Supervised Institutions

Third Party Relationships

Checklist for Customer Protection Management

GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES

Vendor Management Best Practices

John Keel, CPA State Auditor. An Audit Report on Inspections of Compounding Pharmacies at the Board of Pharmacy. August 2015 Report No.

Managing General Agents (MGAs) Guideline

Time to Revamp the Compliance Management System

IDENTITY THEFT RED FLAGS, ADDRESS DISCREPANCIES, AND CHANGE OF ADDRESS REGULATIONS Examination Procedures

CCE Consumer Compliance Examination. Compliance Management System. Comptroller s Handbook. August 1996 CCE-CMS

Insurance Inspection Manual

GUIDELINES ON OUTSOURCING

Bank Secrecy Act Anti-Money Laundering Examination Manual

Compliance Department No. COMP Title: EFFECTIVE SYSTEM FOR ROUTINE MONITORING, AUDITING, AND IDENTIFICATION OF COMPLIANCE RISKS (ELEMENT 6)

Atlanta Region Regulatory Conference Call August 20, 2015 DON T FORGET ABOUT DEPOSIT REGULATIONS

Advisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management

Are You Ready for the New Foreclosure Processing Regulations?

GUIDELINES ON COMPLIANCE FUNCTION FOR FUND MANAGEMENT COMPANIES

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.

GENERAL INFORMATION AND INSTRUCTIONS

Board of Directors and Senior Management 2. Audit Management 4. Internal IT Audit Staff 5. Operating Management 5. External Auditors 5.

Compliance at Hartwick College: An executive summary of a Special Report to the President of the College

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. ) CONSENT ORDER. ) FDIC b

June 2008 Report No An Audit Report on The Texas Education Agency s Oversight of Alternative Teacher Certification Programs

EURIBOR - CODE OF OBLIGATIONS OF PANEL BANKS

Putting the Management Back in Vendor Management February 20, 2014

NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES REPORT ON MARKET CONDUCT EXAMINATION OF THE HSBC INSURANCE AGENCY (USA) INC. AND

DOE O 226.1A, IMPLEMENTATION OF DEPARTMENT OF ENERGY OVERSIGHT POLICY CONTRACTOR ASSURANCE SYSTEMS CRITERIA ATTACHMENT 1, APPENDIX A

Supporting Effective Compliance Programs

2012-CFPB-0002 Document 1 Filed 10/01/2012 Page 1 of 35 FEDERAL DEPOSIT INSURANCE CORPORATION CONSUMER FINANCIAL PROTECTION BUREAU WASHINGTON, D.C.

11- INFORMATION TECHNOLOGY RMP SNAPSHOT WORKPROGRAM

FAQs about ALTA Best Practices for Real Estate Settlement Attorneys and Title Companies

Charter of the Compliance and Operational Risk Management Office (CORMO)

What Lead Generators Need to Know About the Consumer Financial Protection Bureau (CFPB)

Chicago Region Regulatory Conference Call July 29, 2014 DON T FORGET ABOUT DEPOSIT REGULATIONS

Tabcorp Holdings Limited

Vendor Management: Who the CFPB is Watching and Who They Are Expecting You to be Watching

BERMUDA MONETARY AUTHORITY

SPOTLIGHT ON. Advisors Recordkeeping Obligations

OFFICE OF FINANCIAL REGULATION COLLECTION AGENCY REGISTRATIONS MORTGAGE-RELATED AND CONSUMER COLLECTION AGENCY COMPLAINTS PRIOR AUDIT FOLLOW-UP

RISK MANAGEMENT AND COMPLIANCE

September 2010 Report No

Minimizing Legal and Compliance Risk for Credit Furnishers

Company Name Vendor Management Policy and Procedure. Table of Contents

SUPERVISION GUIDELINE

UNIVERSITY COMPLIANCE PLAN

Morgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers

Federal Bureau of Investigation s Integrity and Compliance Program

The very dangerous intersection of UDAAP and vendor mismanagement. By Martin J. Bishop

Vendor Risk Management (VRM), How Much Is Enough?

CFPB Examination Procedures

Compliance Risk Management Survey A Point of View

Checklist for Operational Risk Management

FINANCIAL ASSESSMENT CRITERIA (The Assessment Criteria should be read in conjunction with OSFI s Supervisory Framework)

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

9/13/ /20 Vision for Vendor Management & Oversight. Disclaimer. Bank Service Company Act - FIL-49-99

Federal Reserve System. Framework for Risk-Focused Supervision of Large Complex Institutions

Transcription:

COMPLIANCE MANAGEMENT SYSTEM Ensuring Your Bank Meets Regulatory Standards

Overview of Compliance Exams Examination Purpose: Assess the quality of an institution s compliance management system (CMS) for implementing federal consumer protection statutes and regulations; Review compliance with relevant laws and regulations; Initiate appropriate and effective supervisory action when elements of the CMS are deficient or significant violations of law are found. Protects consumers and banks from reputational, legal, and financial risks.

Overview of Compliance Exams Examination approach: Risk-focused direct resources to those operational areas that present the greatest consumer protection risk. Process-oriented concentrate on internal control and monitoring of infrastructure used to ensure compliance.

Overview of Compliance Exams Examination approach recognizes that the Board of Directors and management are ultimately responsible for an institution s compliance with all federal consumer protection and fair lending laws and regulations and the Community Reinvestment Act. Expectation that the Board and management have a system in place to effectively manage compliance risk, consistent with size of bank and product mix. Formality and complexity will vary.

Compliance Management System A CMS is how an institution: Assesses its consumer protection, fair lending, and CRA responsibilities; Ensures that employees understand these responsibilities; Ensures that requirements are incorporated into business processes; Reviews operations to ensure responsibilities are carried out and requirements are met; Takes prompt corrective action and updates materials, i.e. disclosures, training, etc. as necessary.

Compliance Management System Financial institutions are required to comply with federal consumer protection and fair lending laws and regulations and the CRA. Ultimately responsible for compliance even if third party providers are used. Noncompliance may result in litigation, reputational risk, and formal enforcement actions including restitution, monetary penalties, and Consent Orders.

Compliance Management System Effective CMS is comprised of three interdependent elements: Board and management oversight; Compliance program; Compliance audit.

Board and Management Oversight Key Actions: Demonstrate clear and unequivocal expectations about compliance within the institution and to third-party providers; Discuss compliance topics. Incorporate compliance matters in communications and meetings. Staff should have clear understanding that compliance is important. Adopt clear policy statements; Provides clear communication to management and employees of the Board s intentions toward compliance. Framework for procedures throughout all operations.

Board and Management Oversight Appoint compliance officer with authority and accountability; Must have sufficient authority and independence. Alternative may be compliance committee (may include representatives from various departments, members of senior management or Directors.) Must have knowledge and understanding of all consumer protection and fair lending laws and regulations and CRA. Must interact with all departments and branches to keep abreast of changes that may require action due to perceived risk (new products, personnel turnover, change in services, etc.)

Board and Management Oversight Allocate resources to compliance functions commensurate with the level and complexity of operations; Ongoing training Sufficient time Adequate resources. Conduct periodic compliance audits; Independent Complements internal systems Provides for follow-up for corrective action.

Board and Management Oversight Best Practices: Compliance is everyone s responsibility. All policies include compliance component. Appoint qualified compliance officer or choose appropriate third-party. Ensure adequate training, including outside training. Include compliance officer in planning, development, and implementation of business propositions. Provide for recurrent reports by the compliance officer to the Board.

Board and Management Oversight Examiner review: Board and committee minutes Extent of involvement; Training regarding compliance and fair lending; Rationale for new or modified policies; Consideration of new products or contracts; Review of audit and monitoring reports, including corrective action. Business strategy Allocation of resources to compliance Response to consumer complaints

COMPLIANCE PROGRAM Policies and Procedures Monitoring Training Complaint Resolution

COMPLIANCE PROGRAM Policies and Procedures Ensure consistent operating guidelines. Provide standards to review business operations. Written, approved annually by Board. Include goals, objectives, and procedures reflective of bank practice. Detail varies with complexity.

COMPLIANCE PROGRAM Policies and Procedures Examiner Review Risk profile of institution All compliance related policies and procedures Proper goals and objectives Effective guidance Responsibility assigned Periodically reviewed and updated Discussions with compliance officer, senior managers, and other personnel Unwritten policies and procedures

COMPLIANCE PROGRAM Monitoring: Proactive approach to identify procedural or training weaknesses in an effort to preclude violations. Regularly scheduled reviews ensures timely identification of issue. Spot transaction level reviews on a regular basis ensures accountability of staff.

COMPLIANCE PROGRAM Monitoring Examiner Review Procedures and/or schedule for various functional areas Encompass all applicable regulations? Include third party activity? Level of transactional review? Results of monitoring How are errors corrected? Appropriate follow-up? Discussions with compliance officer, manager, etc.

COMPLIANCE PROGRAM Training: Applies to Board, management, and staff Staff specific, comprehensive training in laws and regulations, and internal policies and procedures. Establish regular training schedule. Periodically assess knowledge and comprehension. Frequently updated.

COMPLIANCE PROGRAM Training Examiner Review Product electronic, power points, etc. Appropriate? How updated? Records who attends? how evaluated? Schedule frequency? Comprehension Are personnel tested? Effectiveness Are needs being met?

COMPLIANCE PROGRAM Complaint Resolution: May be indicative of a weakness. Establish written procedures: Designate responsibility to knowledgeable individual; Maintain a list, including oral complaints; Report periodically to Board; Include procedures for monitoring complaints to or about third parties.

COMPLIANCE PROGRAM Complaint Resolution Examiner Review Policy or written procedures Compliance with regulatory requirements? Include appropriate time limits? Information on receipt and resolution FDIC automated tracking Sometimes State Banking Authority records Institution s files How evaluated? Weakness identified?

COMPLIANCE PROGRAM Best Practices: Include information needed to perform business transaction in policies or procedures. Use checklists that include second reviews (i.e. recalculating an APR, testing for adequate flood coverage). Schedule monitoring based on risk may be daily, weekly or monthly, etc. Establish regular training based on job description. Take even one complaint seriously what caused the issue? May need to look beyond the stated issue.

Compliance Audit Independent review. Ensures ongoing compliance with consumer protection and fair lending laws and regulations and CRA. Ensures adherence to internal policies and procedures. Complements monitoring system. Board should determine scope and frequency of audit. One size does not fit all Audit function may not be necessary in very small non-complex institutions.

Compliance Audit In-house Must ensure independence. External Ensure auditor is knowledgeable; Program is current; Scope is comprehensive; Contracted work is completed.

Compliance Audit Findings reported directly to Board or to committee of Board. Written report: Scope of audit (dept., branches, product type, etc.); Deficiencies identified; Isolated or systemic; Number of transactions sampled; Description of corrective action and time frame for follow-up.

Compliance Audit Examiner Review Audit policy, external audit agreement Is auditor independent? Risk assessment Audit committee minutes Internal and external audit reports and follow-up Appropriate scope? Identify name and circumstance of exception Cause determined? Action taken? Sufficient follow-up? Audit schedule appropriate?

Compliance Audit Best Practices: Establish follow-up procedures to verify corrective action was effective. Ensure compliance officer receives copy of audit reports; deficiencies may require change of procedures or additional training. Maintain matrix of issues to track correction, responsibilities, verification, etc.

Case Studies #1 You have been reading about a change in a regulation that will become effective in a short time. The industry seems to think it s a fairly big deal. What do you need to do to make sure that it is implemented correctly?

Case Study #1 Understand the change and how it affects your bank. Plan to implement. Ensure completed within applicable time frames. Understand and monitor the implementation process. Ensure testing is conducted, including bank systems working in various scenarios. Ensure policies and procedures are updated. Ensure training is provided on bank procedures. Ensure monitoring procedures are developed and implemented. Ensure audit treats as high risk area due to revised regulation.

Case Study #2 The marketing officer just provided you with a presentation of a new product that would be handled by a third party and really wants the Board to approve it. What information should you gather?

Case Study #2 Risk Assessment Due Diligence If you decide to offer the product: Contract structure and review Oversight Reference: FIL-44-2008 (Guidance for Managing Third-Party Risk)

Case Study #3 The bank s long term internal auditor decides to retire and there is no other qualified individual within the institution to handle the compliance audit function. What should you consider in ensuring the audit function is handled appropriately?

Case Study #3 Ensure independence. Compliments the compliance program, including the monitoring. In-house or out-sourced? Oversight of audit at Board level. Board determines the scope and frequency.

Case Study #4 A new Board member joins the Board and is curious about her role, including the compliance risk she recently heard about at a. What information would you give her?

Case Study #4 Develop and administer a CMS that ensures compliance with consumer protection and fair lending laws and regulations. Actions must set a positive climate for compliance. Demonstrate clear & unequivocal expectations about compliance, not only within the bank, but also to third party providers. Adopt clear policy statements. Appoint a compliance officer with authority, accountability, and independence.

Case Study #4 Allocate resources to compliance functions commensurate with the level & complexity of the bank s operations. Ensure appropriate monitoring is being completed. Conduct periodic compliance audits. Provide for recurrent reports by the compliance officer to the Board. Maintain knowledge through consistent training on compliance.

2012 Thank you for your attention. Any questions or comments?

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information