1 / 26

Regulatory Requirements & Compliance: Ensuring Effective Outcomes

Regulatory Requirements & Compliance: Ensuring Effective Outcomes . Presented By: John E. Palmer, CPA Managing Director/Principal. Agenda. Compliance Management System Risk-Based Approach Compliance Training Monitoring and Internal Audit Communication Recommended Steps.

liuz
Download Presentation

Regulatory Requirements & Compliance: Ensuring Effective Outcomes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Regulatory Requirements & Compliance: Ensuring Effective Outcomes • Presented By: John E. Palmer, CPA • Managing Director/Principal

  2. Agenda • Compliance Management System • Risk-Based Approach • Compliance Training • Monitoring and Internal Audit • Communication • Recommended Steps

  3. Compliance Management System

  4. CMS Compliance Management System • Reflect the bank’s business, culture, vision • Identify and quantify compliance risks • Build compliance into business processes and culture – who is responsible? • Supported by a risk – based compliance program • Demonstrate strong communication and accountability

  5. CMS Interdependent Elements • Board and Management oversight • Compliance program • Compliance monitoring and audit

  6. Management Responsibilities • Clear and unequivocal expectations • Clear policy statements • Authority and accountability • Adequate resources • Periodic compliance audits • Reports to the Board • Issue tracking and resolution

  7. Board Responsibilities • Understand Requirements • Delegate Authority, but not Responsibility • Ensure Qualified Management • Provide Adequate Resources • Supervise Management • Establish policies • Monitor implementation • Provide for independent reviews • Address supervisory reports • Maintain Independence

  8. Risk-Based Approach

  9. Compliance Risk-Based Program • Risk Matrix/Applicability • Risk Assessments • Risk Assessment Concepts/Methods • Success Factors

  10. Regulator Institution Type Applicable Universe of Laws, Regulations, and Guidance Business Lines, Delivery Channels, Products/Services, and Practices Applicability Matrix REQUIREMENTS Risk Assessment Policies and Procedures Internal Controls Training Self -Assessment Monitoring Internal Audit

  11. Risk Assessments • Compliance • BSA/OFAC/Customer Risk Rating • Information Security - GLBA • ACH (Cash Management/Electronic Banking) • Red Flag Assessment

  12. Risk Assessment Terms and Concepts • Inherent Risk vs. Residual Risk • Exposure – Extent of Possible Damage • Likelihood- Probability of an Event Occurring • Risk Tolerance Measurements • Risk Controls • Risk Ranking and Heat Map

  13. Risk Tolerance Measurements • Events that Establish Managements Tolerance for Risk. • Examples: • Regulatory Violations and fines • Customer Complaint Letters • Regulatory Exam Criticism

  14. Risk Controls • Risk controls relate to activities that are implemented to reduce the likelihood of an exposure event occurring. These activities include both preventive and detective controls: • Preventive measure • Training/automated system • Detective measure • Review after the fact. Can also mean audit and monitoring activities

  15. Success Factors • Measurable outcomes from a risk – based compliance program should include: • Risks are identified, measured and subject to a control structure • Supported by tailored policies procedures and functional controls at the business level • The compliance monitoring schedule and testing program has been set around the risk profile • Results are reported effectively and tracked

  16. Compliance Training

  17. Compliance Training • Board, Management, Staff • Job-specific, Role-based • Blended learning • Online • Classroom • Recordkeeping

  18. Compliance Monitoring and Auditing

  19. Compliance Monitoring • Risk-based, proactive testing • Self-monitoring at the department level • Monitoring by the Compliance Department • New products, services, delivery channels • New or amended regulations • New staff • Tracking corrective actions

  20. Compliance Auditing • Integrated Audits • Test compliance with high-risk laws and regulations during operational audits • Targeted Compliance Audits • Compliance Function Audit • Evaluate the effectiveness of the compliance function

  21. Communication

  22. Communication • The biggest challenge in communication is to first think through the following basic concepts: • Audience • Purpose of the communication • How do you need the audience to respond • Level of detail needed for the purpose • Risk level of content • Importance of timing and frequency

  23. Types of Communication • Risk Assessments • Program and Scope overviews • Monitoring/Audit reports • Board/Management reports • Open issue tracking reports • Program status and progress reports • Business unit monitoring results

  24. Recommended Steps • Take a deep breath • Sit back and relax • Review where you are • Consider is your message heard • Does your program have the right risk based balance • Write down 5 action steps to improve your program • results

  25. John E. Palmer, CPA Managing Director/Principal jpalmer@icscompliance.com Office: (954) 489-2712 Cell: (954) 806-1863 Thank You

More Related