Compliance Management Systems A Blueprint for Success



Similar documents
Compliance Management Systems (CMS) Division of Depositor and Consumer Protection

II. Compliance Examinations - Compliance Management System. Compliance Management System. Introduction. Board of Directors and Management Oversight

COMPLIANCE MANAGEMENT SYSTEM

COMPLIANCE MANAGEMENT SYSTEM

BOARD OF DIRECTORS RESPONSIBILITIES FOR COMPLIANCE MANAGEMENT SYSTEMS

Vendor Management Compliance Top 10 Things Regulators Expect

Any business relationship between a bank and another entity, by contract or otherwise

UMDNJ COMPLIANCE PLAN

Vendor Management Compliance Top 10 Things Regulators Expect

Navigating Vendor Management Issues in Today s Regulatory Environment

Board of Directors and Management Oversight

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.

9/13/ /20 Vision for Vendor Management & Oversight. Disclaimer. Bank Service Company Act - FIL-49-99

GUIDANCE FOR MANAGING THIRD-PARTY RISK

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C.

Vendor Risk Management in the New Regulatory Environment. kpmg.com

Time to Revamp the Compliance Management System

Vendor Management: Who the CFPB is Watching and Who They Are Expecting You to be Watching

Data Privacy and Gramm- Leach-Bliley Act Section 501(b)

IX 2.1. IX. Retail Sales Insurance. Retail Insurance Sales. Introduction. Regulatory and Policy Requirements. Examination Procedures

Are You Ready for the New Foreclosure Processing Regulations?

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C.

HIPAA. HIPAA and Group Health Plans

White Paper on Financial Institution Vendor Management

How To Manage Risk At Atb Financial

HIPAA Privacy Rule Policies

Susan Costonis, C.R.C.M. Compliance Training & Consulting for Financial Institutions

New CFPB mortgage servicing rules present significant challenges for mortgage servicers

Outsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP

Fortifying the Three Lines of Defense to Combat Compliance Risk

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

Navigating OFAC demands a map. Access valuable information and key details to stay informed.

INSTITUTIONAL COMPLIANCE PLAN

Unfair, Deceptive or Abusive Acts or Practices Act (UDAAP)..It May Not Be What You Think

VIRGINIA ASSOCIATION OF COMMUNITY BANKS

RETIREMENT PLAN FIDUCIARY GUIDE

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))

Compliance and Operational Services for Online Lenders

Anti-Money Laundering Policy Manual Table of Contents [Sample Client] Table of Contents

Compliance Policy AGL Energy Limited

Board Responsibility. A bank can outsource a task, but it cannot outsource the responsibility.

Community Bank Risk-Focused Consumer Compliance Supervision Program

Regulatory Compliance - What You Need to Know. John Zasada Principal CliftonLarsonAllen John.zasada@claconnect.com

OUTSOURCING DUE DILIGENCE FORM

Table of Contents Chapter 1 Introduction Goals & Objectives Required Review Applicability...

CFPB COMPLIANCE: Interaction Between Compliance Assessments and Systems Issues

VII 4.1. VII. Unfair and Deceptive Practices Third Party Risk. Third Party Risk. Introduction. Background

Meeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel

Bank Secrecy Act Anti-Money Laundering Examination Manual

How To Be A Successful University

FIRST CITIZENS BANCSHARES, INC. FIRST-CITIZENS BANK & TRUST COMPANY CHARTER OF THE JOINT AUDIT COMMITTEE

Vendor Management Best Practices

Montgomery County, Unique Aspects of the Medicaid Control System

OECD GUIDELINES FOR PENSION FUND GOVERNANCE

GUIDELINES ON COMPLIANCE FUNCTION FOR FUND MANAGEMENT COMPANIES

A Guide to Corporate Governance for QFC Authorised Firms

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE

Process Safety Management Program

COUNTY OF ORANGE DEPARTMENT OF HEALTH. Corporate Compliance Plan

Construction Management Standards of Practice

New supervisory guidance on model Overview, analysis, and next steps

Question: 1 Which of the following should be the FIRST step in developing an information security plan?

Credit Union Liability with Third-Party Processors

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Core Monitoring Guide

Fraud-Related Compliance

Vendor Compliance Management Series: Performing an Effective Risk Assessment

AUDIT COMMITTEE BEST PRACTICES CHECKLIST

Broker-Dealer and Investment Adviser Compliance Programs

BANK EXAMINERS MANUAL FOR AML/CFT RBS EXAMINATION

OSFI Updates Guidance on Regulatory Compliance Management. By Carol Lyons and Jared Grossman

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

PERSONNEL RECORDS. Unit: Subject: Sarbanes-Oxley Act Review - Human Resources and Payroll Title: Risk and Control Identification Year end: OBJECTIVE

Supporting Effective Compliance Programs

Transcription:

Compliance Management Systems A Blueprint for Success Date or subtitle May 13, 2015 1 Tim Tedrick, CRCM, CRP Partner 815.626.1277 ttedrick@wipfli.com 2 Page 1

Regulatory FDIC https://www.fdic.gov/regulations/compliance/manual/p df/ii-3.1.pdf OCC http://www.occ.gov/publications/publications-bytype/comptrollers-handbook/cms.pdf CFPB http://files.consumerfinance.gov/f/201210_cfpb_super vision-and-examination-manual-v2.pdf 3 Regulatory FRB http://www.federalreserve.gov/bankinforeg/caletters/a ttachment CA_13-19 Riskfocused_Supervision_Program_Document.pdf 4 Page 2

Implementing a Compliance Management System Management must first decide how to structure the compliance management system. Committee Officer Team Split responsibility (Loan Compliance Officer and Deposit Compliance Officer) Develop a policy to fit the structure your institution decided on. 5 Five areas of focus Board and Management Oversight (governance) Compliance Program (Policies and Procedures) Training (continuous, based on job impact) Monitoring, Testing, and Auditing (testing for weakness) Complaint Management (listen to customers) 6 Page 3

Board and management oversight Set clear expectations/set policy statements Appoint a compliance leader with accountability Concurring Engagement Partner and Partner-in-Charge Partner authority Allocate resources Evaluate audit results Care Partner Percentage of Completion Engagement Manager Partner-in-Charge Manufacturing Practice Partner Interest Rate Swaps Senior Manager IT Controls Director of Business Valuation Services Business Valuation Practice Senior Manger Continuous Improvement 7 Compliance Program Documented! Such a document provides guidance to staff and establishes Board expectations Designed to prevent violations and protect customers Must be up to date Must be available to employees 8 Page 4

What should the Compliance Program include? Designation of a Compliance Officer or presence of a functioning Compliance Committee Has knowledge of Laws and impact to the institution Coordinates compliance efforts across the organization Manages compliance monitoring and audit findings, as well as corrections 9 What should the Compliance Program include? Policies and Procedures Policies state management s compliance goals Procedures provide detail for performing transactions They provide consistency Biggest aid to achieve compliance 10 Page 5

Training is also a key piece of a compliance program For everyone, including directors Cover regulations AND FI s own Policies and Procedures Have a schedule Use various methods Maintain a training file Assess knowledge retention Refresh as things change 11 Compliance Management System What is the difference between monitoring, testing, and auditing? 12 Page 6

Three lines of defense - Monitoring Think of monitoring as quality control testing as the production occurs. This provides more immediate results to management regarding internal production successes or failures. Should be done at regularly scheduled intervals Should be done by department staff 13 Three lines of defense - Monitoring Results should be reported Include disclosures, calculations, transactions, posted notices, marketing literature, anything recently changed 14 Page 7

Three lines of defense - Testing Internal Quality Control Making sure the monitoring is effective Should be done at regularly scheduled intervals Can be done by compliance staff Results should be reported Include disclosures, calculations, transactions, posted notices, marketing literature, anything recently changed 15 Three lines of defense - Auditing A formalized testing program based on a set schedule. The schedule is determined by a formalized risk assessment. Tests the effectiveness of the Compliance Program Identifies noncompliance with laws and policy gaps Assesses if Board directives are being followed Complements monitoring & testing activities 16 Page 8

Three lines of defense - Auditing Should be independent Results should be reported to Board or Audit Committee Risk-based scope 17 Compliance Risk Assessments The compliance risk assessment should: Cover all areas of the Bank (loans, deposits, operations, trust, nondeposit investment products). Detail areas rated. Contain an analysis of how the ratings were defined. Be presented to the Board and/or Audit Committee for approval. Be revisited at least annually or when major changes occur. 18 Page 9

Compliance Risk Assessments For many community institutions, a simple rating system of low, medium, or high risk from the outset is the best way to begin. Define functional areas, products, or regulations to cover. Document your risk assessment. Be able to justify your ratings. 19 Compliance Risk Assessments Prior Exceptions Potential financial reimbursement or civil money penalties Quality of written procedures and policies and implementation Complexity of regulation Regulatory priority and newness of the regulations Centralization of document preparation and standard of software used or reliance on third parties Volume of transactions impacted by regulation Asset size number of bank offices Staff stability and knowledge 20 Page 10

Complaint Management Establish a system to receive and manage complaints Determine if there are trends Evaluate for possible violations of law Use information to improve customer service 21 Closing CMS Comments Successful compliance management is ongoing; you don t set up a CMS and think that s it Successful compliance management involves everyone at the institution, not just the compliance officer Successful compliance management should result in a good regulatory examination Successful compliance management isn t hard if you tackle it in components (how many? 5!) 22 Page 11

One More Time! Board and Management Oversight (governance) Compliance Program (Policies and Procedures) Training (continuous, based on job impact) Monitoring, Testing, and Auditing (testing for weakness) Complaint Management (listen to customers) 23 Questions? 24 Page 12

www.wipfli.com/fi www.wipfl i.com 25 Page 13

Area of Responsibility Develop and coordinate the Financial Institution s efforts to comply with laws and regulations. Develop compliance policies and procedures. Implement compliance policies and procedures. Revise compliance policies and procedures. Maintain current knowledge of applicable laws, regulations and issues. Monitor legislative and regulatory developments for the Financial Institution and report important compliance developments to management and other Financial Institution personnel. Research regulatory issues and respond to compliance questions from Financial Institution personnel, utilizing legal and regulatory reference manuals or contacting consultants, professional associations and organizations as appropriate. Develop training to educate Financial Institution personnel on compliance requirements and procedures in their respective areas of responsibility. Implement training to educate Financial Institution personnel on compliance requirements and procedures in their respective areas of responsibility. Conduct training to educate Financial Institution personnel on compliance requirements and procedures in their respective areas of responsibility. Monitor compliance with laws and regulations throughout the Financial Institution. Develop internal controls as well as provide for external reviews to test compliance. Coordinate responses and corrective actions to these reviews, if necessary. Assess the effectiveness of Financial Institution compliance efforts. Develop procedures to address corrective action and time frames guidelines for corrections. Assist Financial Institution management with the handling of substantive consumer complaints against the Financial Institution, working with legal counsel and regulatory agencies when appropriate. Review forms, notices, brochures and advertisements for compliance with laws and regulations. Participate in meetings to bring the compliance perspective to the development of new products and services and modification of existing ones. Assist in preparing for audits and regulatory examinations, coordinate audit and examination efforts, provide responses to examinations and audits, and provide support in the Financial Institution s regulatory relations. As time permits, coordinate analysis of proposed regulations and develop position papers and comment letters to regulatory bodies. Develop plan(s) to correct any violations reported by regulatory agencies. Record and maintain minutes of compliance related meetings. Compliance Officer Compliance Committee Department Supervisors Page 14

Page 15

Page 16

BOARD & MANAGEMENT OVERSIGHT (Detail) Key Actions to demonstrate commitment to maintaining an effective compliance management system and to set a positive climate for compliance include: 1) Demonstrating clear and unequivocal expectations about compliance; - The Board and senior management should discuss compliance topics during their meetings. They should include compliance matters in their communications to institution personnel and the general public. Institution management and staff should have a clear understanding that compliance is important to the Board and senior management, and that they are expected to incorporate compliance in their daily operations. 2) Adopting clear policy statements; - Policy statements on compliance topics provide a framework for the institution's procedures and provide clear communication to management and employees of the Board's intentions toward compliance. 3) Appointing a compliance officer with authority and accountability; - Board and senior management must grant a compliance officer sufficient authority and independence to cross departmental lines; have access to all areas of the institution's operations; and effect corrective action. 4) Allocating resources to compliance functions commensurate with the level and complexity of the bank's operations -- To be effective at overseeing compliance and maintaining a strong compliance posture, a compliance officer must be provided with ongoing training, as well as sufficient time and adequate resources to do the job. The compliance officer may utilize third-party service providers or consultants to help administer the compliance program or audit functions. However, the compliance officer should perform sufficient due diligence to verify that the provider is qualified, because ultimately the institution is accountable for compliance with consumer protection laws and regulations. 5) Conducting periodic compliance audits; - A compliance audit is an independent review of an institution's compliance with consumer protection laws and regulations and adherence to internal policies and procedures. The audit helps management ensure ongoing compliance and identify compliance risk conditions. It complements the institution's internal monitoring system. The Board of Directors of the institution should determine the scope of an audit, and the frequency with which audits are conducted 6) Providing for recurrent reports by the compliance officer to the Board Page 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information