www.pwcregulatory.com Working together PwC Bank Regulatory Compliance Services Guide

www.pwcregulatory.com Bank Regulatory Compliance Services Guide

Contents Section Page 1. Why? 2 2. How we can help 6 3. regulatory compliance representative engagements 12 4. Our team key contacts 23

Section 1 Why?

Why? is a leader in providing regulatory compliance services to the US and global banking industry. Our highly qualified and experienced professionals provide a full range of regulatory compliance risk management services. With the increasing complexity and broad impact of regulatory reform requirements such as the Dodd-Frank Act, we offer practical regulatory compliance advice and work with our clients to develop solutions that are tailored to each client's individual business needs. We have a proven approach and have been at the forefront of the industry in developing innovative and integrated approaches to managing and overseeing compliance risk. We also work closely with our global network to provide regulatory advisory services in a seamless manner across all geographic locations. Compliance risk management Program Governance and culture Core services Advise Assess Design Implement Test Core program components Project management Policies and procedures Risk assessment Monitoring, testing and reporting Compliance training Change management Organization structure Tools and technology Reporting & accountability Board of directors Senior management Regulatory agencies 3 Bank Regulatory Compliance Services Guide

Why? Our reputation as a trusted regulatory advisor to our clients was built on the following qualities: Highly experienced team of regulatory compliance specialists Over the years, has built a dedicated team of regulatory compliance specialists who combine their considerable industry experience, deep regulatory compliance technical knowledge, and significant experience with federal bank regulatory guidance, examination procedures, and regulatory expectations to produce practical, actionable compliance risk management solutions tailored for each client. Significant exposure to, and driver of, industry leading practices Deep knowledge of regulatory expectations has been at the forefront of the industry in developing innovative, integrated, and customized approaches to managing and overseeing compliance risk. Our team includes former regulatory agency officials and policymakers who were instrumental in drafting reform policies that face our industry today, including the Dodd-Frank Act and securities reform. With the experience of our team, we help our client focus and prioritize initiatives to meet regulatory expectations and leading practices,as well as to integrate compliance into core business processes. s regulatory compliance team is comprised of former bankers, federal bank regulators and regulatory agency officials, regulatory attorneys, policymakers, and economists who bring an important regulatory and industry dimension to all of our regulatory compliance services. We also maintain strong relationships with the US bank regulatory agencies and meet regularly with agency staff and examiners to discuss existing and emerging regulatory compliance risk issues. Proven track record Since 1987, s regulatory advisory team has provided successful, value-added services to many top US and global banking companies. We are privileged to have a tremendously loyal clientele that we have developed over the years through an intense focus on client service, innovative solutions, practical advice, responsiveness, and team work. 4 Bank Regulatory Compliance Services Guide

Why? Our commitment to client service means that brings the right skills and resources for your specific needs. Whether your needs relate to enterprise-wide compliance programs, Dodd-Frank Act assessment and implementation, or are more specific to certain compliance areas, such as mortgage servicing, fair lending, or AML, we bring the right people with the right skills and experience to address the need. Similarly, from a business perspective, we have specialists with deep industry experience in specific banking areas such as mortgage lending, credit cards, commercial banking, etc. Former Bank Regulators Regulatory Economists and Statisticians Mortgage Servicing Credit Card Safety and Soundness Retail Banking Mortgage Lending Compliance Technology Fair Lending Internal Audit Bank Regulatory Compliance Practice AML/ OFAC Trust Foreign Banking Commercial Banking General Counsel & Litigation Support New Products Process Consumer Privacy Vendor Management Deep Regulatory Relationships Industry Leading Practices 5 Bank Regulatory Compliance Services Guide

Section 2 How we can help

How we can help The following presents examples of the types of regulatory compliance advisory services we frequently perform: Improving the effectiveness, and reducing the costs, of compliance programs Compare Corporate Compliance, AML, Fair Lending, and other compliance programs and processes to regulatory requirements and expectations and industry practices and offer recommendations for improvement. Design enterprise-wide compliance risk management frameworks and develop written compliance program/policy documents consistent with management objectives and regulatory requirements Execute a proven, integrated approach to regulatory compliance program management with a focus on increasing the effectiveness of sustainable compliance programs and processes Rationalize existing compliance activities across multiple entities and businesses to create sustainable and lower-cost compliance programs Design and implementation of compliance processes Advise on the design and/or implementation of compliance program elements/processes such as: Governance and organizational structures Regulatory inventories and change management processes Compliance risk assessment processes Compliance policies and procedures Compliance training programs and processes Compliance and AML monitoring and testing programs Statistically-based fair lending monitoring systems Automated customer due diligence processes Board and executive management reporting processes Leverage technology solutions to enhance the integration and effectiveness, and reduce the cost, of compliance controls and processes Operationalize compliance through integration into business processes Regulatory compliance assessments Bank and Bank Holding Company regulatory compliance examination readiness assessments Enterprise-wide business process and services assessment to analyze impact of regulatory changes, such as the Dodd- Frank Act Post-acquisition compliance integration assessments AML and corporate compliance program and other compliance-related internal audits Compliance due diligence reviews in support of mergers or acquisitions Compliance risk and control assessments Customized, statistically-based fair lending testing Transaction testing in a variety of business processes, for adherence with applicable safety and soundness and consumer protection laws, regulations, and supervisory guidance 7 Bank Regulatory Compliance Services Guide

How we can help Compliance program assessment We use a consistent disciplined approach when executing compliance program diagnostic assessments. Our approach is designed to identify gaps and potential improvements in existing compliance programs relative to regulatory expectations and industry practices, and to identify opportunities to create more effective and sustainable compliance processes. Scope and launch Assess current state Observations and recommendations Design Implementation assistance Confirm engagement expectations, staffing, assumptions, timelines, milestones and deliverables Obtain initial understanding of key drivers of compliance organization (e.g., organizational structure, culture, goals, objectives, risk tolerance, regulatory standing) Identify compliance program elements to be evaluated Obtain, as applicable, compliance program and other documentation (e.g., policies and procedures, monitoring and testing results, reports of examination, Internal Audit reports, Board reports) Conduct compliance program documentation analysis Conduct key interviews Identify and document the compliance organizational and governance structure, processes, and compliance risk management activities for each program element assessed Compare existing compliance structures and compliance risk management activities against our understanding of peer industry practices and our regulatory experiences Based on our assessment, identify potential compliance program and/or process gaps or areas of possible enhancement Develop initial recommendations to address potential gaps or identified opportunities for enhancement Present and discuss observations and recommendations with client management Provide preliminary recommendations on prioritization of action steps Based on observations and recommendations and following detailed discussions with client management, prepare design of enhancements to compliance program and/or processes Present and finalize design recommendations with client management Develop detailed action steps to guide the development and implementation of program/process enhancements Agree on implementation methods, roles, and responsibilities Develop timeline for deliverables/outputs and milestones Assist with the creation of a steering committee or task force to oversee implementation efforts, as necessary 8 Bank Regulatory Compliance Services Guide

How we can help Dodd-Frank SMART PMO Assessing the impact and managing the implementation of financial reform, including the Dodd-Frank Act (DFA), is not a routine regulatory project given the volume and complexity of the rules, number of regulators, tight timelines for implementation and interdependencies. We offer a collaborative SMART PMO solution to tactically and strategically address implementation efforts utilizing a centralized oversight function. Organize Assess Manage Execute Define the overall strategy for addressing financial reform changes Develop a clear governance structure (i.e., Executive / Steering Committees, Program Lead / Workstreams) Assign accountability (i.e., Senior Management, Program, affiliates, business units) Define scope and assign workstream resources Identify milestones and target dates Develop standardized reporting processes Track proposed and final rulemaking Assign experts to assess and opine on the impact of rules Inform internal Program members on the latest developments, studies and reports Maintain relationships with external regulators and industry groups to seek guidance and exert influence Develop a communication strategy and information sharing platform Develop executable action plans, and monitor and report progress Report key progress, risks, issues, and internal/external communications to workstreams and committees Share periodic reports, meeting minutes, action plans and key decisions with Program members Retain key records for quality assurance purposes (i.e., internal audit, Fed examination) Execute upon action plans and escalate risks and issues to the Executive / Steering Committees, when deemed appropriate Continue to communicate with external regulators and industry groups, and update Program members Communicate key decisions with business unit leaders for operational roll-out Develop educational materials for wider roll-out of financial reform to business units, affiliates and regions Project Management Office (PMO) 9 Bank Regulatory Compliance Services Guide

How we can help Enterprise-wide AML program improvement plan Stage 1 Stage 2 Stage 3 Stage 4 AML Framework Components COMPLIANCE PROGRAM Board Policy Framework Enterprise-Wide Guidance and Standards RISK ASSESSMENT Risk Criteria (Customer, Business, Geographies, Products) Risk-Based Due Diligence CHANGE MANAGEMENT - AML PROCESS Account Opening Process KYC / CIP / EDD Rules Roles & Responsibilities Audit Program Development Training Programs - Business FIU Design & Implementation CHANGE MANAGEMENT - ACTIVITY MONITORING Unusual & Suspicious Activity Detection Analysis Escalation Reporting Key Project Activities PROGRAM DEVELOPMENT & DATA ASSESSMENT Write Enterprise Compliance Standards and Guidelines Hard File Review Electronic File & Data Field Review FILE DUE DILIGENCE AND REMEDIATION Assessment of High-Risk Areas (Legal Entity, Line, Product) Data Cleansing Risk Rate Customers Recalibrate Risk BUSINESS DEFINITION & TRANSACTION SURVEILLANCE KYC / EDD Procedures Workflow Analysis Procedure Development Bus. / Tech. Requirements TECHNOLOGY & PROCESS IMPROVEMENTS Vendor Selection Vendor Implementation Data Integration Account Activity Monitoring Workflow Processes Outputs Timeframe AML Compliance Program Enterprise-Wide Compliance Standards and Guidelines (Compliance Policies) Governance Model View of Remediation Scope Customer Risk Rating Criteria Risk Rated Customers Performance Metrics AML Risk Typologies & Criteria Risk-Based Due Diligence Scheme KYC / CIP / EDD Requirements Data Requirement Inventory Account File Remediation Going Backward Operating AML Procedures AML Task Force Management Risk-Based Account Opening and EDD Risk-Based Monitoring (ES) Detailed Roles & Responsibilities Audit Programs & Piloting Business Training Program FIU Implemented AML Software Selected Data Sources Identified Data Gap Analysis AML Software Implemented Technology Training Program 1 2 months 2 18 months 2 4 months 3 18 months Critical Path: 6 24 months 10 Bank Regulatory Compliance Services Guide

How we can help Automated fair lending compliance testing Our team of regulatory economists and statisticians can design and build automated fair lending monitoring systems to identify potential fair lending issues for an unlimited number of transactions within minutes thereby increasing the effectiveness of your compliance testing while, at the same time, significantly reducing the costs. 11 Bank Regulatory Compliance Services Guide

Section 3 regulatory compliance representative engagements

regulatory compliance representative engagements Large US retail banking company corporate compliance program diagnostic assessment Client issue solution Value provided The client entered into a regulatory order with its federal bank supervisory agency due to deficiencies identified in its risk management program and processes. The client had concerns that the supervisory agency would have similar concerns about its compliance program and requested an assessment prior to an upcoming regulatory examination. performed an assessment by analyzing the design of the Company s existing compliance risk management program. interviewed numerous key stakeholders in order to leverage as much of the existing compliance processes as possible. identified key compliance program elements including governance considerations; organizational structure, roles and responsibilities; policies and procedures; change management processes; training; testing and monitoring; and internal audit coverage of the function. For each program element, we summarized our understanding of regulatory requirements and industry practices. We then compared the company s compliance program and processes against these criteria and offered targeted recommendations to remediate significant gaps. then assisted the client with a significant re-design and implementation of an enhanced corporate compliance framework and program, leveraging as much of the existing program as possible to minimize disruption of current state activities. assisted the company in the implementation of an enhanced enterprise-wide compliance program and related processes that leveraged existing, scalable risk management activities that received positive feedback from the company s regulators. 13 Bank Regulatory Compliance Services Guide

regulatory compliance representative engagements Global consumer financial services company compliance risk assessment and regulatory inventory development Client issue solution Value provided Due to the existence of compliance performance issues and the need to manage compliance risk in various locations and jurisdictions, the company engaged to assist it with an initiative to develop an inventory of key laws and regulations in certain jurisdictions and to enhance its compliance risk assessment process. designed a global project team led by a US team with significant regulatory compliance and industry experience to drive methodological advice and consistency in risk assessment execution across a dozen countries. leveraged our global regulatory compliance network to establish teams in other countries/locations specialized in compliance program design and local regulatory requirements. worked initially to assist the company in developing a regulatory inventory process, which included defining the scope, approach and format for documenting applicable regulatory requirements. also assisted the company with assembling inventories in each location by working with the company's US and other locations' legal, compliance, and operations personnel. In some cases, this involved evaluating existing inventories developed by certain countries; while in other cases, the local compliance team and outside counsel, led the development of the inventory. Once the inventory was identified and approved by the Company, collaboratively analyzed the inherent risk associated with these key laws and regulations as defined by the Company, and assisted the local compliance teams with performing a diagnostic assessment of the design of certain compliance controls (e.g., policy, training), in place to mitigate the inherent risk associated with the requirements. The result was a residual risk rating for the requirement, the identification of gaps in the design of controls, and the development of high level action plan recommendations to address these control gaps. 's experienced regulatory compliance resources were able to assist the company with developing a consistent global regulatory inventory and enhanced compliance risk assessment methodology. This enabled our client to have greater transparency into the compliance performance and risks across all countries and locations and facilitated the identification and sharing of compliance control best practices throughout the company. 14 Bank Regulatory Compliance Services Guide

regulatory compliance representative engagements Global financial services firm compliance risk assessment and monitoring and testing program design Client issue solution Value provided In response to regulatory criticisms, was engaged to assist a large, complex US and global Financial Holding Company with extensive global operations with the design of an enterprise-wide compliance program and risk assessment process and to selectively test compliance with a number of different US and non-us requirements. The Company had more than 50 distinct lines of business located throughout the US and globally. Due to limited resources, testing had to be prioritized to manage exposures efficiently. developed a global compliance risk assessment process that was used to establish risk-based testing priorities for compliance topics consistently across businesses. We assisted in the design and implementation of a process to identify and risk rank approximately 1,000 regulatory compliance requirements covering key laws and regulations in the US and select foreign countries. These were incorporated into a database that could be sorted by topic, requirements, industry, country of operation, risk rankings, and other factors. also assisted in the design and conduct of testing programs on over 29 compliance topics in banking, fiduciary, brokerdealer, investment advisor, and other areas. This included a review of the company's global enterprise-wide corporate compliance program measured against US regulatory expectations and industry leading practices. s work helped the company to develop and implement a global compliance risk assessment process and monitoring and testing program that leveraged technology for efficiency and effectiveness. In addition, the company was able to effectively allocate limited resources in a rational and supportable manner and program improvements resulted in an increase in its overall Federal Reserve FHC compliance rating for the organization. 15 Bank Regulatory Compliance Services Guide

regulatory compliance representative engagements Large complex banking organization AML client risk rating development Client issue solution Value provided In response to regulatory findings, was engaged by the client to develop an AML client risk rating methodology. developed and assisted in the implementation of a sustainable Global Client Anti-Money Laundering and Combating the Financing of Terrorism ("AML/CFT") Risk Rating Methodology that was commensurate with the scope and complexity of the client's international businesses and could be applied consistently throughout the enterprise. developed a quantitative and qualitative methodology to calculate and identify the level of AML/CFT risk stemming from the client's global client base, taking into account the following components: Client Type, Geography, Products/Services, and Transactions. In order to help implement the methodology, developed and documented a detailed client risk form (CRF) to be used for assessing the potential activities of new clients, as well as for enhanced due diligence on existing higher risk clients. Formal business and technology requirements were formulated in order to provide support to the production and maintenance of the form. Training materials and instruction manuals were developed and delivered in training sessions to the relationship managers that would be using the CRF. also assisted with the implementation and quality assurance review of the CRFs for large numbers of existing clients of certain US-based businesses. s work helped the client to develop an AML client risk rating solution that met OCC and FRB examiner expectations and allowed them to better understand the risks associated with their client base. Additionally, through technology, we helped our client establish sustainable, scalable, and consistent processes. 16 Bank Regulatory Compliance Services Guide

regulatory compliance representative engagements Leading global financial services firm compliance technology risk and control selfassessment Client issue solution Value provided The client was undertaking an initiative to enhance its compliance management and RCA process throughout its various business sectors around the globe to reduce the touch-points to the business and improve oversight and control over the process. This engagement required a realignment of the technology and information involved across the 25 independent RCA processes currently in place. applied its proven methodology and approached the project in three phases: assessment of current state, design of future state, and implementation planning and support. Considering the existing compliance and RCA activities within the organization, we brought a team with deep regulatory compliance and technical experience to help the client define the opportunities for integration, develop a desired end-state process for RCA, define the functional specifications for a technology solution to be integrated by the client s technology resources, and develop and roll out communications and training to facilitate transition to the new integrated solution. s experienced regulatory compliance and technology resources were able to assist the company with the development of a consistent global compliance risk and control self assessment process and technology solution. The project also supported a Corporate process and cost reduction initiative through the realization of the benefits of a streamlined process and improved use of resources. 17 Bank Regulatory Compliance Services Guide

regulatory compliance representative engagements Large complex banking organization corporate compliance policy development Client issue solution Value provided was engaged to assist a newly-approved Financial Holding Company with the development of a detailed set of corporate compliance policies and procedures including policies relating to Regulation Y, Regulation W, Regulation K, and the National Banking Act. developed an approach to policy development that engaged Legal, Compliance, and business unit personnel. This was necessary as policy development requires collaboration to ensure practical implementation and appropriate accountability for execution. Our approach commenced with assessing the impact of the new or expanded regulatory requirements on the bank s corporate departments and organization. This required the development of a deep understanding of the bank s corporate structure, roles and responsibilities as between corporate units and business units, and determining where the new regulations would have the greatest impact. In doing so, we also identified gaps in the bank s current compliance processes and provided recommended enhancements to address the gaps. Based on this review and recommended enhancements, assisted the company with the development of a customized set of compliance policies at the corporate level. educated management on the new regulatory requirements and our work helped the company to integrate a customized set of expanded corporate compliance policies and procedures into its broader enterprise-wide compliance program that were consistent with regulatory requirements and expectations and industry practices. The enhanced policies received positive feedback from the Company s Federal Reserve examiners. 18 Bank Regulatory Compliance Services Guide

regulatory compliance representative engagements Top 10 mortgage lender fair and responsible lending self-assessment Client issue solution Value provided In light of increased legislative and regulatory scrutiny, our client sought to develop a comprehensive, integrated process to manage fair and responsible lending risk and to have a baseline assessment conducted of its current processes and practices. With client counsel and compliance personnel, designed a set of risk and control objectives relating to the client s lending practices and fair and responsible lending policies and procedures, which guided our baseline assessment. Based our assessment, we provided our client with a detailed list of fair and responsible lending risks, an assessment of the efficacy of the controls currently in place, and recommendations to add to, and improve, existing controls to reduce the risk of noncompliance with fair and responsible lending requirements and regulatory expectations. Other notable engagement deliverables included: An analysis of existing fair lending monitoring tools, policies, and procedures for effectiveness in detecting and correcting potential fair lending violations. Major benefits to the client included: - Recommendations for a comparative file review process that accorded better with regulatory guidance and expectations; - Recommendations to improve the statistical validity and fair lending compliance of its custom loan scoring systems; and - A major critique of its existing retail overage monitoring system. A customized, statistically-based system to test in minutes tens of thousands of mortgage loans for significant unexplained retail overage disparities across similarly situated groups of borrowers. By controlling many legitimate cost- and/or risk-based factors that may contribute to observed retail overage differences, this system saved the client substantial compliance review time and costs. s work helped the client develop a better fair and responsible risk management program, including enhancements to the client s monitoring and testing program. Our work also enhanced the client s identification of practices that posed significant fair and responsible lending risk to the client that the client could remediate. 19 Bank Regulatory Compliance Services Guide

regulatory compliance representative engagements Large complex banking organization fiduciary audit plan and program development Client issue solution Value provided The client did not have the internal capabilities to perform the required Annual Audit of all their significant fiduciary activities. The client needed assistance in developing a risk based approach so that they could develop an audit plan and program to meet their regulatory requirements. met with managers from the various business lines (i.e., Employee Benefits, Personal Trust, Wealth Management, Corporate Trust, etc.) to understand the activities performed and gain an understanding of the risks involved. used client specific information and knowledge of regulatory expectations to develop a risk weighting for its fiduciary activities. The risk drivers included product / services, characteristics / complexities, volume and fiduciary, operational and compliance risk elements. These risk criteria were compared to all fiduciary activities to determine a risk rating. Based upon the risk rating, worked with the client to develop a risk-based Audit Plan. Those items rated High-risk would be reviewed annually. Medium to Low rated items would be reviewed within 15-18 months. In addition to developing the risk methodology and identifying the risk rating, developed audit programs and procedures that Audit could use to complete their review. helped the client develop a risk-rating methodology that could be used to perform risk-based audits going forward and also used to perform audits in other areas of the bank. Additionally, provided guidance to the client s internal auditors who were performing the testing to facilitate their understanding of the objectives of the review. 20 Bank Regulatory Compliance Services Guide

regulatory compliance representative engagements Top 10 global financial institution credit card practices assessment Client issue solution Value provided Our client was scheduled for an upcoming federal bank regulatory examination focusing on certain credit card practices. was engaged to assist our client with an assessment of its readiness for the examination. conducted a targeted assessment of the company s credit card marketing, disclosure, fee charging, and servicing practices. The assessment involved the design and operating effectiveness of the company s compliance controls. conducted interviews with compliance, legal, sales, and operational personnel, conducted business process walkthroughs, and reviewed relevant documentation. also conducted transaction testing of the company s credit card application and initial disclosures, advertising, periodic statements, and over-limit and late fee charging practices. provided a number of recommendations for strengthening its compliance processes and controls as well as identifying potential regulatory violations and concerns relating to the company s disclosure, advertising, and fee charging practices. was able to identify and provide the company with recommendations to correct numerous potential regulatory violations and areas that could raise regulatory concerns. Additionally, we were able to provide the client with recommendations to enhance its overall credit card-related compliance program, processes, and controls. 21 Bank Regulatory Compliance Services Guide

regulatory compliance representative engagements Leading global financial institution flood insurance assessment Client issue solution Value provided A large US banking subsidiary of a global financial institution had significant regulatory issues and internal audit findings relating to flood insurance compliance. The client engaged to provide assistance in identifying the control deficiencies that were leading to the flood insurance issues. Our assistance included assessing the design of the bank s flood insurance compliance policies and procedures and other controls, and providing recommendations for improvements. We conducted interviews, performed process walkthroughs, and analyzed policies, procedures, and various other documents to gain an understanding of business processes (loan originations, loan servicing) for consumer and commercial loans secured by real estate and subject to flood insurance compliance requirements, as well as the design of internal controls in place to facilitate compliance with the requirements. Upon conclusion of our assessment, we provided management with a detailed risk and control matrix and summary memorandum that reported the key risks, a description of the design of controls, gaps in control design, and recommendations for improvements in the design of controls. We also assisted management with the development of a prioritized action plan to address the control deficiencies identified. The client s implementation of control enhancements recommended by have led to significant improvement in the bank s flood insurance compliance performance and the bank has received positive feedback from its federal bank supervisory agency examiners. 22 Bank Regulatory Compliance Services Guide

Section 4 Our team key contacts

Our team key contacts For further information, please contact: David Albright Principal 703 918 1364 david.albright@us.pwc.com Jeff Lavine Partner 703 918 1379 jeff.lavine@us.pwc.com Ric Pace Principal 703 918 1385 ric.pace@us.pwc.com David specializes in advising financial institutions on improving governance, risk management, and compliance practices. He has more than 20 years of experience in providing domestic banks, the US offices of foreign banks, and their nonbank financial services subsidiaries and affiliates with assistance on a wide range of risk, regulatory, and compliance matters. He has extensive experience in advising clients in the areas of credit risk management and credit administration, the allowance for loan and lease losses, enterprise risk management, and COSO-based risk and control assessment programs, compliance risk management, and internal audit. David also has been actively involved in advising and assisting the firm s audit engagement teams as a technical specialist in such areas as credit quality evaluation; allowance for loan and lease loss adequacy, policies, methodologies, and documentation; and internal control matters. Prior to joining the firm in June 1993, David was a national bank examiner with the Office of the Comptroller of the Currency (OCC), where he performed safety and soundness and compliance examinations in multinational, regional, and community banking companies. His responsibilities included assessing financial, operational, and regulatory compliance risks, formulating supervisory examination strategies, and negotiating corrective actions. Jeff is a co-leader of our banking compliance and anti money laundering practice areas. Jeff advises both regulatory agencies and US and international financial institutions on controls, compliance, and anti money laundering matters. In his 20 years with, he has led numerous internal control review engagements, conducted our largest and most sensitive global money laundering investigations, assisted financial institutions in improving current operations and compliance processes, and enabled firms to offer new products and services that require regulatory approval. Since the financial crisis, Jeff, an attorney and a certified public accountant, has advised two US financial services regulatory agencies in their efforts to improve supervisory processes and limit public loss from failed financial institutions. In recent years he has also led our efforts to assist banks to operationalize state and federal bank compliance requirements, and to integrate compliance into automated systems and processes. He also has managed compliance and control infrastructure building and improvement, created policies and procedures, and written regulatory applications for national and state banks, foreign branches and agencies, and their securities dealing and brokerage affiliates. Ric is a co-leader of the firm s Model Risk Management practice and is a PhD focusing on quantitative dimensions of both safety and soundness and consumer compliance issues. He provides strategic advice to our clients on the design of model risk management programs and assists our clients with model validations in the areas of credit scoring and automated underwriting, risk-based pricing, loan loss forecasting and reserving, economic capital, mortgage prepayment forecasting, asset valuation modeling, and SFAS 91 amortization. In addition to deep model risk management and control experience, Ric has extensive technical expertise in the fields of statistical modeling, SAS programming, large-scale data processing, and model auditing. Additionally, he has substantial mortgage banking and consumer lending experience, particularly in the areas of conventional, nonconforming, and subprime mortgages; auto loans; credit cards; student loans; and other consumer finance products. Richard Neiman Managing Director 646 471 3823 richard.neiman@us.pwc.com Richard advises and works with financial institutions, market utilities, and regulators around the world and serves as vice chairman of 's Global Financial Services Regulatory practice. He has extensive experience in the financial industry, having served in a range of executive, regulatory and legal roles during his career. His recent substantive focus has been on Dodd-Frank implementations, Basel III, and mortgage finance and consumer issues. He also leads the firm's foreign bank regulatory practice advising foreign banks on governance, compliance, and business issues related to their operations in the US. Prior to re-joining in June 2011, Richard served as New York State's 43 rd Superintendent of Banks (March 2007 to May 2011), where he was responsible for the supervision of all state-chartered depository institutions, including the majority of foreign bank branches and agencies in the US. He also oversaw the supervision of thousands of non-depository institutions operating in New York, including mortgage bankers and brokers, check cashers, money transmitters, and other providers of consumer financial services. While serving as superintendent, Richard was also appointed by US House Speaker Nancy Pelosi to serve on the five-member congressional oversight panel created to oversee and provide updates on the implementation of the Emergency Economic Stabilization Act, including the Troubled Asset Relief Program (TARP). 24 Bank Regulatory Compliance Services Guide

www.pwcregulatory.com 2011. All rights reserved. "" and " US" refer to PricewaterhouseCoopers LLP, a Delaware limited liability partnership, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity. This document is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.