Learn how banks can do their own self assessments in areas such as Bank Secrecy Act, IT and Data Security, Community Reinvestment Act, SOX internal controls, and Credit Quality. As examiners devote more of their examination time off-site, this will help you learn to automate the examination process.
Produced by The Knowledge Congress, this two-hour LIVE webinar will provide the information you need in these.
Course Level: Intermediate
Prerequisite: None
Method Of Presentation: Group-Based-Internet
Developer: The Knowledge Conference
Recommended CLE/CPE Hours: 2.0
(Please note, your State Bar or Accounting Board will make the final determination with respect
to continuing education credit.)
Advance Preparation: Print and review course materials
Course Code: 083776
Michael L. Brosnan
Deputy Comptroller for Large Banks
Kris Easter
Branch Chief
OCIE, Office of the Chief Counsel
Mary Beth Quist
Senior Vice President, Supervisory Processes
Jon Hertzke
Branch Chief
OCIE, Market Oversight
Ellen Zimiles
Co-Founder and Chief Executive Officer
Michael L. Brosnan, Deputy Comptroller for Large Banks, Office of the Comptroller of the Currency
1. A successful framework for self assessments
a. Knowing the business
b. Identifying key risks to meeting business objectives
c. Understanding control gaps
d. Tracking metrics that align with key risks
e. Building and adhering to a repeatable risk-based assessment program consistent with a-d
2. Executing self assessments
a. Terminology and Definitions
b. Scope
c. Frequency
d. Preparer vs. Reviewer
e. Purpose and audience
f. Converting data into information (visuals, concise text and metrics)
3. Using the results of self assessments
a. Incenting self identification
b. By business unit, line of business, and enterprise levels
b. Comparing vs. risk tolerance levels for given risk categories: within a business unit, line of business and across enterprise
c. Evaluating symmetry in risk profile for lines of business or enterprise wide
d. Calling out top issues as well as emerging issues
e. Discussions/reviews at senior forums and decision to take or not to take action
Kris Easter, Branch Chief
OCIE, Office of the Chief Counsel,
US Securities and Exchange Commission
and
Jon Hertzke, Branch Chief
OCIE, Market Oversight,
US Securities and Exchange Commission
Regulation S-P Issues to Consider from an SEC Examiner’s Perspective
1. Regulation S-P requires:
a. written procedures that are reasonably designed to:
- Insure security and confidentiality of customer records and info
- Protect against anticipated threats or hazards to security or integrity of customer info
- Protect against unauthorized access to or use of customer records or info that could result in substantial harm or inconvenience to any customer
b. Privacy notices to customers describing how firm may use customer information
c. That customers have opportunity to “opt-out” of third-party sharing of their information
2. If the firm is a broker-dealer, what type of business model does the firm follow?
a. independent representative model? – procedures should take this into account
b. Privacy notices to customers should include a disclosure of what info departing registered reps may take and give customers opportunity to opt-out
3. Self-Assessment – has the firm performed any tests on its systems to assess threats
to the security of information maintained on those systems?
4. If testing performed, what steps have been taken to correct any identified systems vulnerabilities? Who within the organization is responsible for compliance?
5. What training has been provided to employees?
6. Document safeguarding steps » testing process or results, and any corrective measures taken; as well as privacy notices sent and opt-out requests received
AML Issues to Consider from an SEC Examiner’s Perspective
1. Common Theme: Document, Document, Document
2. SARS
a. Systems to monitor
b. Logs detailing alerts, detailing actions
3. Self-Assessment – Not necessarily required, but essential to designing an effective program to monitor for suspicious activity.
4. Independent Test (and Self-Assessment)
a. Sample size/characteristics?
b. How well is it done?
c. How are recommendations for improvements identified and followed-up on?
5. Designated AML Compliance Officer
a. How independent?
b. Can he/she make recommendations to senior management?
c. Recommendation tracking.
Ellen Zimiles, Co-Founder and Chief Executive Officer, Daylight Forensic & Advisory LLC
- Timing of self assessment? Must be done with adequate time to correct issues
before the examination begins.
- Who should perform them? Ideally compliance should be doing regular compliance
testing with the businesses and audit should leverage off that work.
- What should be included? All areas deemed to be high risk because of inherent risk
embedded in products, services, customers, counter-parties or geographic markets; any new businesses acquired since the last assessment; newly offered products,
services and businesses; special attention should be paid to newly system implemented systems. Need to consider extending your assessment to operating subsidiaries
of the bank.
- How should they be documented? Should have a testing/assessment plan much like internal audit has an annual audit plan. This should be provided to the examiners
along with the previous year’s assessment and action plan.
- This is an opportunity for the bank to showcase its program and to create a great first impression. Don’t miss the boat on this.
Mary Beth Quist, Senior Vice President, Supervisory Processes, Conference of State Bank Supervisors
Examination Procedures for Assessing Adequacy of risk assessments
1. What the Examination Process Reviews
a. Assess Risk Profile of the bank & identify the Risk
- specific products, services, customers, entities and geographic locations
b. detailed analysis of the data identified
2. Format of an Institutions Risk Assessment
3. What happens if bank has not completed a Risk Assessment? Steps Examiners take
4. Developing Bank's Compliance Program Based upon the Risk Assessment
Bank supervisors
Risk managers
Compliance Officers
Bank Auditors
Banking Lawyers & Consultants
Financial Insitutions' Executives
Corporate Security
This is a must attend event for anyone interested in understanding the related issues and developments on Self Assessments & the Examination Process for Banks & Financial Institutions
- New guidance explained by the most qualified key leaders & experts
- Hear directly from key regulators & thought leaders
- Interact directly with panel during Q&A