250 likes | 355 Views
Meeting regulatory expectations Through technology assessments. December 14, 2011. BACKGROUND ON A&M. About Alvarez & marsal.
E N D
Meeting regulatory expectations Through technology assessments December 14, 2011
About Alvarez & marsal For nearly three decades, Alvarez & Marsal has set the standard for working with organizations to tackle complex business issues, boost operating performance and maximize stakeholder value. Europe and the Middle East London (European HQ) Amsterdam Athens Dubai Madrid Milan Latin America São Paulo (Latin American HQ) Mexico City Asia Hong Kong (Asian HQ) Beijing Mumbai Shanghai Moscow Munich Paris Warsaw • About A&M • Founded in 1983 by co-CEOs Tony Alvarez II and Bryan Marsal • 1,700+ professionals • 39 cities; 17 nations; 4 continents • 300+ Managing Directors • North America • New York (Global HQ) • Atlanta • Birmingham • Boston • Calgary • Charlotte • Chicago • Dallas • Denver • Detroit • Houston • Kansas City Los Angeles Miami Nashville Philadelphia Phoenix San Antonio San Francisco Seattle Toronto Vancouver Washington, D.C.
THE A&M DIFFERENCE A&M’s operational heritage and depth of senior resources allows us to rapidly diagnose and execute practical solutions in complex business environments. • LEADERSHIP • Focusing senior resources at every stage of the delivery process • Forging consensus around credible, executable solutions • Engaging and partnering with the organization • SENIOR RESOURCE DEPTH • Global reach • Executives drawn from commerce, professional services firms and financial institutions • Majority of professionals Director grade and above have extensive Board-level operational experience • MANAGING COMPLEXITY • Proven track record in managing complex, high-profile situations • Delivery through assured leadership and execution • SPEED TO EXECUTION AND BIAS TOWARD ACTION • Focus on delivering rapid results • Coordinate short- and medium-term objectives and credible plans with achievable milestones • OPERATIONAL HERITAGE • Proven, fact-based, financial approach • Nearly 30 years of operational experience • Ability to provide interim executives for rapid implementation • PRACTICAL BOTTOM-LINE ORIENTATION • Keen awareness of what can be implemented in a turnaround environment • Overarching focus on improving bottom-line results
WHO ARE OUR CLIENTS? • 98 • 20% • 19 • 300+ • 50% • 18 out of 20 of AmLaw 100 firms of the Fortune Global 500 of the FTSE 100 Mid- and Large-Cap Private Equity Firms of all Fortune 100 companies of the largest banks in the United States
TOPICS FOR DISCUSSION • Cash Remains King • Wachovia Bank, National Association – Consent Order • Common Threads • What Should be on Your Radar • Striking the Balance Through Technology Assessment • Rapid Independent Technology Assessment Approach
Cash Continues to be the king of all transactions • In the United States, cash represents 65% of all transactions • In Asia, the percent grows to 79% • For Latin America, 72% of Business-to-Business Payments are made in cash • Cash transactions are significantly less expensive for merchants • The cost to a merchant to process cash is the least expensive form of payment and for small transactions can be the difference between a profit and a loss • Cash provides a sense of anonymity whereas check, debit and credit cards do not • While prepaid cards are making small inroads and potentially will compete with debit cards and checks, cash remains the king of all transactions
So, What does this mean for banking organizations? • It is never business as usual • Customer and transaction monitoring continues to become more complex • Experienced staffing and effective systems are critically important to have in place • Regulatory expectations remain at an all time high • Enforcement actions and Civil Money Penalties will be assessed for non-compliance
Consent Order – Zions First National Bank • The OCC placed Zions under a Consent Order and issued a Civil Money Penalty in February of 2011 • The Comptroller found the Bank: • Failed to adequately monitor $5.4 billion of activity in 2006 and 2007 for a new product initiative – Remote Deposit Capture (“RDC”) • Failed to adequately monitor wire activity of its former foreign correspondent customers, including $7.9 billion of wire activity with CDC customers in 2006 and 2007, before the Bank exited the business in 2008 • Had inadequate SARS process for its former CDC and foreign correspondent customers and failed to file SARS on a timely basis • Failed to comply with the Bank’s internal policies and statutory requirements regarding customer due diligence and enhanced due diligence for its former correspondent customers for a period of over 2 years (2006 – 2008) • The OCC further cited 2 significant violations of law: • 31 USC 5318(G) and 12 CFR 21.21: Failing to adequately monitor CDC and other high risk foreign correspondent accounts to fulfill its suspicious activity reporting obligations and by failing to file timely SARS involving suspicious transactions conducted through the Bank • 31 USC 5318(I) and 31 CFR 103.176: Failing to adequately implement a due diligence program that enables the Bank to detect and report, on an ongoing basis, any known or suspected money laundering activity conducted through or involving any of its foreign correspondent accounts • Zions First National Bank was assessed an $8,000,000 Civil Money Penalty
Take Aways from the ZIONS FIRST NATIONAL BANK CONSENT ORDER • Risks associated with offering RDC to foreign correspondent customers, especially to CDCs • Risks associated with offering wire services to foreign correspondent customers, especially to CDCs • Inadequate oversight and non-compliance with internal policies related to CDD and EDD of foreign correspondent customers
What should be on your radar • Comprehensive Iran Sanctions, Accountability and Divestment Act (“CISADA”) • Signed into Law on July 1, 2010 • David S. Cohen (Undersecretary of the Treasury) addressed the Senate Committee on Banking, Housing and Urban Affairs on October 13, 2011. He stated: • “The key focus on our efforts remains Iranian banks that either directly facilitate Iran’s WMD and missile proliferation activity, or that provide material support to banks that have been designated for engaging in that activity.” • His comments went on to state: • “CISADA offers a clear choice: A foreign financial institution can have access to the largest and most important financial sector in the world – the United States – or it can do business with the Iranian banks sanctioned for facilitating Iran’s illicit activity, but it cannot do both.” • In early October, Treasury issued a final rule to implement section 104(E) of CISADA that established reporting requirements for US banks that will complement the efforts to identify CISADA-sanctionable activity by foreign banks • The regulators have made it very clear that if they become aware of possible CISADA violations they will seek prompt resolution • Is it clear that banks must further strengthen their CDD and EDD efforts along with close monitoring to ensure compliance with CISADA
What should be on your radar (CONTINUED) • Remote Deposit Capture (RDC) • As covered in the Zions Consent Order – the regulators are viewing RDC very closely. They do not view it as a new service, they view it as a new delivery system and require both effective safeguards to be in place and comprehensive due diligence for access granted to foreign correspondent customers • Cover Payments • While not specifically covered in the Zions Consent Order, reading between the lines, it is clear the regulators had concern over potential cover payments • One example of enforcement is the action taken against Lloyds TSB. In the complaint, Lloyds was found to have deliberately removed material information (such as customer names, bank names and addresses) from payment messages so that wire transfers would pass undetected through filters at US financial institutions • Lloyds was assessed a $350,000,000 Civil Money Penalty for its actions
the assessment stack • Striking the right balance… Drivers Balance Technology Assessment Results and Corrective Actions
Meeting regulatory expectations • Sanctions Compliance – CISADA • Requires that screening goes beyond the account holder (know your customer’s customer -- KYCC) • Requires real-time monitoring of accounts and transactions • Potential creation of sub-structures that complement the customer/account profiles • Remote Data Capture • Additional due diligence will be required for those customers deemed high risk or where the RDC capture device is located • Risk complexity varies depending upon the RDC implementation and exposure faced by the institution • Image exchange versus ACH network • Use of RDC by foreign correspondent financial institutions and foreign MSBs to replace pouch and clearing activities • Legal risk exposure related to poor controls over the process used by the image capture or exchange • Cover Payments • Current messaging practices do not ensure full transparency • Lack of originator and beneficiary information can complicate the intermediary bank’s ability to properly assess risk with correspondent and clearing operations • Presents potential for hidden risks where information is deliberately left off the message
Transaction monitoring Transaction Monitoring System (TM) is considered the nucleus of the AML program within a financial institution. • USA PATRIOT Act is the key driver for financial institutions to establish reasonably successful programs to detect and report suspicious transactions related to money laundering • After more than a decade, original assumptions still govern compliances’ business-as-usual, resulting in • Poor alert quality • TM environments have become difficult to manage and audit • Software monitoring algorithms have varied little over time • Regulators’ acceptance to status quo providing a symbolic level of assurance • Technology and staffing spend has gone beyond any reasonable expectation
risk areas within the transaction monitoring process input controls processing controls output controls NOTABLE POTENTIAL RISK AREAS CLIENT, ACCOUNT AND TRANSACTION DATA DATA INGESTION SCENARIOS, SCORING AND ALERT GENERATION ALERT REVIEW Source System Feedback and Suggested Updates Data Remediation Calibration Updates
effectiveness of controls • Regulators’ focus is now shifting towards evaluating the quality of the alerts generated from data capture (at the source) to investigation, therefore requiring a deeper review of internal controls at each level of the process flow • Input controls • Process controls • Output controls • Control monitoring is the assessment of the internal control performance overtime • Ensures that internal controls are adequately designed, properly executed and effective • Input Controls • Review of source data through ingestion and load process • Process Controls • Perform a comprehensive review of transformation rules relative to scenarios and scoring • Review thresholds parameters • Output Controls • Review audit trails to ensure completeness and accuracy • Ensures that output risk is keep at a reasonable level
transactional data • Data quality, at all levels, is still a significant challenge and vexing issue for almost all financial institutions • Directly impacts sanctions compliance due to poor or incomplete data • Dilutes the quality of alerts generated resulting additional overhead costs, incorrect threshold calibrations • Disparate databases across an enterprise as a result of “siloed” businesses, new acquisitions and out-dated monitoring environments • The amount of data being loaded into the transaction monitoring environment should be “right sized” • Eliminate unnecessary data elements • Focus on the data elements that are relevant to • Scenarios and filtering • Scoring and threshold calibration
cdd and edd Risk ranking, a method of providing a more focused review, while easing the compliance burden has resulted in mixed reviews. • Decreases the efficiency of the monitoring program by drawing attention away from potential laundering activities • Perceived low risk customers may be reviewed on a period basis • Experienced money launders will make sure they fall within a low risk profile • Disproportionate number of high risk customers • Expensive process to maintain over time • Use of outdated criteria and methods for risk ranking
Ongoing monitoring is vital… • …UPDATED CUSTOMER INFORMATION IS CRITICAL Sanction Lists CONTINUOUS CUSTOMER DATA REFRESH Global Transaction Advisory Hidden Relationships CUSTOMER / ACCOUNT BEHAVIOR Rapid Movement of Funds Changing Instructions Incomplete Wire Messages Recurring Transactions DormantActivity
conducting the technology assessment Rapid Independent Technology Assessment (RITA) STEP ONE SELECT AND GATHER • Select specific transactions, customers and accounts for review • Obtain appropriate systems related documentation include historical testing results relative to parameter and threshold settings, etc. • Regulatory, audit reviews and corresponding commentary STEP TWO TRACK AND ANALYZE • Identify specified transaction flow – from source through target including scenarios, scoring parameters, alert generation, etc. • Analyze and evaluate using a selected approach and tools • Document salient results and score accordingly • Review results with compliance • Obtain consensus and buy-in STEP 3 RECOMMEND AND REMEDIATE • Categorize and prioritize recommendations (i.e., Source Data, Mapping, scenarios, scoring parameters, etc.) • Develop remediation plan, listing detail activities and timelines • Finalize all workpapers for audit review (if required)
Craig D. Stone Senior Director FIRAS Craig D. Stone is a Senior Director with Alvarez & Marsal Financial Industry Regulatory Advisory Services in Houston, Texas. Mr. Stone brings a unique and varied background with substantial and proven financial service experience, focusing on risk identification and controls. With more than 27 years in regulatory bank supervision, Mr. Stone has been directly involved in troubled bank oversight, compliance risk management and fiduciary activities risks assessment. Mr. Stone possess a broad set of skills with experience in wide-variety of banking activities including enterprise-wide risk management, corporate governance and consumer compliance. Prior to joining A&M, Mr. Stone was the Deputy Ombudsman for the Comptroller of the Currency (OCC) charged with the day-to-day management of the Customer Assistance Group (CAG). In this role, he was responsible for leading a staff of more than 70 professionals including, National Bank Examiners, consumer compliance specialists and information technology experts. Mr. Stone was a key contributor in the creation of early warning tools and measures to identify emerging industry and/or institution specific risks, through the leveraging of customer complaints received by CAG. In addition, Mr. Stone led or provided support in the analysis and processing of complex regulatory disputes and appeals received by the Ombudsman from national banks. Furthermore, he pioneered the concept and branding of a consumer-based internet site which automated select business support functions and expanded customer self-service. Previously, Mr. Stone served as a National Bank Examiner with a focus on retail banking and compliance management. In this role, he was directly involved in reviews and examinations of many of the largest banking organizations in the country. Mr. Stone has also provided expert witness testimony in Federal Court on allegations involving fraudulent lending and improper insider transactions. Mr. Stone began his regulatory career in the analysis and examination of bank fiduciary activities and asset management, earning a National Trust Examiner commission. Mr. Stone received a bachelor’s degree in Banking and Finance from Texas State University. He later attended the United States Treasury Executive Leadership Program at Charlottesville, Virginia. Mr. Stone is a founding member of the International Network of Financial Service Ombudsman. In addition, he is a frequent speaker at industry conferences on Financial Institution Risks, Consumer Compliance and Customer Service.
Donna DeMartino Senior Director GFD – FTS Donna DeMartino is a Senior Director with Alvarez & Marsal’s Global Forensic and Dispute Services in New York. She brings more than 20 years of management consulting experience in leading and managing complex technology implementation efforts, investigations, forensic audit projects. She is currently heading up the BSA/AML , Fraud and FCPA technology service line with a specific focus on technology assessments , application augmentation, data ingestion , scenario review and threshold calibration. Ms. DeMartino specializes in managing large technology projects that focus on, but are not limited to, audit restatements, fraud investigations, anti-money laundering and litigation support. She possess a strong background in information technology, business process improvement, technology risk assessment, data management and systems development lifecycle methodologies. Her technical experience extends across a wide spectrum of industries, including financial services – banking and brokerage, manufacturing and consumer business. Ms. DeMartino managed several data mining assignments that supported the financial audit for both manufacturing and investment banking clients. She also provided project management oversight for global IT audit clients that focused on resource allocation planning, enhancing the overall approach, while minimizing costs through the use of data mining techniques and internal audit risk assessment reviews. Prior to joining A&M, Ms. DeMartino was with the Data, Quality and Integrity practice in the Audit and Enterprise Risk Services group at Deloitte & Touche. She was also a Senior Manager with the Analytic and Forensic Technology within Deloitte’s Financial Advisory Services practice, where she focused on anti-money laundering engagements, forensic investigations, litigation support and business interruption projects. At Deloitte, Ms. DeMartino also focused on systems integration projects to support ERP implementations, and specialized in Customer Relationship Management software selection for financial services industry clients. Prior to Deloitte, Ms. DeMartino was with Pinkerton Consulting and Booz Allen & Hamilton, where she was responsible for managing a number of application development efforts, providing business improvement and IT strategy expertise in the Financial Services Sector. Ms. DeMartino earned a dual bachelor's degree in arts and sciences from Syracuse University with honors. She is also a Certified Fraud Examiner and Anti-Money Laundering Specialist.