Financial Institutions Consulting. Quality service. Personal attention.

Transcription

1 Financial Institutions Consulting Quality service. Personal attention.

2 Why Weaver? With more than 65 years of experience and a commitment to our financial institution clients, Weaver is established as a top-40 accounting firm in the U.S. and a premier provider of financial institutions consulting services. Our practice delivers the following services: Compliance review Internal audit SOX/FDICIA compliance Information technology FFIEC and security reviews Financial statement audit Our clients include banks, loan originators, third-party services, mortgage companies, insurance companies, hedge funds and collection agencies, among others. At Weaver, we re passionate about client service. We provide creative and practical risk management solutions to help our financial institution clients thrive so they can focus on providing the highest quality of service to their customers. 2

3 Weaver s Financial Institutions Consulting Services Weaver s team of seasoned CPAs, former bank regulators, former lenders, internal auditors and IT security professionals helps financial institutions manage the complex risks unique to the industry. Our extensive experience allows us to help clients assess strategic, financial, operating and compliance risks, and provide efficient solutions to mitigate loss and take advantage of opportunities. Risk Assessment Services While some risks are inherent to any institution, others are not so obvious to recognize. Risk assessments help identify areas of exposure and are useful in determining response plans for risk mitigation. A well-thought-out risk response strategy enables senior management to better anticipate change and be more proactive in order to mitigate loss or take advantage of opportunities. Given the numerous regulations that institutions are subject to, in addition to emerging risks, a robust risk assessment becomes a critical strategic management tool, as well as a key component of enterprise risk management. The following targeted risk areas may be appropriate for a separate assessment depending on an organization s operating environment: Strategic and enterprise risk management (ERM) Lending and credit administration Regulatory compliance Fair Lending practices Bank Secrecy Act/Anti-Money Laundering Internal audit Operations Sarbanes-Oxley/FDICIA compliance Community Reinvestment Act Cybersecurity Information technology E-Banking Information security/ Gramm-Leach-Bliley Act Vendor management Lobby operations Interest rate and liquidity risk 3

4 Risk Assessment Services (continued...) Once an institution s risks are identified, part of the response plan is to determine a control strategy using the Three Lines of Defense model for effective risk management: Internal controls over functions that own and manage risk Internal controls that monitor the first line of defense Internal audit or independent assurance that monitors the first two lines of defense and ensures they are operating effectively These activities help create a strong internal control environment, including a secure information systems environment. 4

5 Regulatory Compliance Audit Services Regulatory compliance audits are an essential component of an effective compliance management program. They are instrumental to objectively evaluating compliance with laws, regulations and the associated policies and procedures. In tailoring our service approach, Weaver s experienced consultants work to provide a risk-based compliance audit plan consistent with your institution s size, complexity and risk profile. Our approach to regulatory compliance audit services includes: STEP 1 Understanding the operating environment and risk profile STEP 2 Designing a risk-based audit plan focusing on key exposure areas STEP 3 Providing regular status updates throughout the engagement process STEP 4 Communicating findings and a remediation strategy to management In addition to strengthening your existing compliance programs, an independent regulatory compliance audit helps your financial institution avoid costly non-compliance penalties. We address areas of concern through recommendations tailored specifically to your operating environment based on industry best practices. Once an appropriate remediation plan is developed, we will provide feedback and assistance if desired. Key areas for review include: Bank Secrecy Act/Anti-Money Laundering reviews Fair Lending assessments Lending and deposit compliance audits Remote deposit capture reviews Automated Clearing House FFIEC IT and other IT security reviews Other specialized audits 5

6 Mortgage Regulatory Compliance The emerging regulatory environment surrounding mortgage lending, combined with an increased focus on consumer advocacy by regulatory bodies, creates a substantial source of uncertainty. Financial organizations must stay on top of the fluid regulatory environment, and they need an experienced partner to guide them. Weaver can help. Mortgage Compliance Services Ability-to-pay determinations Fair Lending compliance RESPA obligation guidance Loan originator compensation Compliance risk assessments Schedule implementation and maintenance Appraisal disclosure compliance HOEPA fulfillment Specialized Audit Areas Privacy compliance Marketing programs and materials 6

7 Consumer Financial Protection Bureau (CFPB) Readiness Our CFPB Readiness services assess exposure to risk and potential control gaps that help mitigate the risk of non-compliance with regulatory requirements. Our services include providing guidance and recommendations on remediation strategies to address exposure areas and strengthen internal controls. Our CFPB Readiness Assessment covers the following areas: Compliance Management Assessment Compliance management system (CMS) components Board and management oversight Compliance program Policies and procedures Training Monitoring and corrective action Vendor management and third-party relationships Response to consumer complaints Compliance audit and quality control Operational Controls Assessment Organizational responsibilities and evaluation of the three lines of defense Policies and procedures Quality control and exception management Board of directors and management oversight Segregation of duties Assessment of fraud risk and related mitigating controls Technology Assessment Strategy and implementation IT risk assessment Application and system development Internal network and application security External security and threat assessment Access to consumer information Business continuity planning 7

8 Internal Audit Outsourcing and Co-Sourcing Organizations with strong governance and internal control employ sound processes for risk identification, risk response and monitoring of operating effectiveness within the control environment. Our approach is flexible and tailored to meet the needs of our clients. We can supplement an existing internal audit plan by providing additional resources or expertise where needed. Alternatively, we can assist with an entity-wide risk assessment and work in tandem with the audit committee to address its concerns and develop a comprehensive internal audit plan. Our internal audit methodology seeks first to understand the organization s culture, operating environment and strategic objectives. We listen to feedback from management and/or the board to understand concerns and assess risks qualitatively. We use this information, coupled with evaluating quantitative metrics, to determine the significance of operating activities and related risks. In addition to evaluating risks currently impacting the organization, we assess emerging risks that can have an impact in the future. Using this approach helps our clients identify emerging trends and proactively establish risk mitigation strategies, if necessary. Weaver s risk model is designed to assist stakeholders in developing a risk rated internal audit universe, which identifies high exposure areas. The internal audit universe is used as the basis of the annual audit plan that outlines the frequency and scope of the internal audits to be performed. When executing our internal audit methodology, we assess effectiveness of control processes using the Three Lines of Defense model for effective risk management: Management controls and internal control measures Risk control and compliance oversight Independent assurance internal audit 8

9 Internal audit activities focus on asset protection, loss prevention, compliance, internal controls and fraud. Key steps in our internal audit service methodology include: Review Risk Model Review Risk Assessment of Audit Areas Set Timing of Internal Audit(s) Perform Internal Audit Procedures Report Findings Internal audit areas typically subject to review include Risk assessment completeness Mortgage lending Internal audit plan completeness Warehouse lending Policies and procedures completeness Accounting and financial reporting Due from banks and borrowings Investment portfolio Interest rate risk management Liquidity risk management Lending Branch operations Deposits Wire transfer Human resources/payroll Bank-owned life insurance Non-deposit investment products Trust compliance and operations Outsourcing While maintaining objectivity and independence, outsourcing your internal audit function can provide technical proficiency related to core processes and assessments that may not be available in the organization. Additionally, this can help eliminate the constraints of managing, attracting and retaining internal audit staff, allowing management more time to devote to strategic and profit generating activities. Co-Sourcing Internal audit professionals are experienced in project planning, risk management, financial reporting, IT and operations. As specific skill set needs vary from one organization to another, augmenting your existing staff with assistance from Weaver will provide in-depth audit skills and industry knowledge that may not be available internally. A9

10 IT Advisory Services Our IT advisory services evaluate the processes within your technology environment used to safeguard the integrity of your systems and your customers data. By evaluating your processes before an event occurs, management can significantly lessen the threat of financial loss from fraud or theft, productivity loss from system downtime, and the risk of compromising customer data and proprietary operating information. IT Audit An IT audit evaluates your financial institution s information systems for potential vulnerabilities to external threats and internal compromise. A variety of state and federal regulations require independent verification of IT systems and controls, including: Federal Deposit Insurance Corporation Improvement Act (FDICIA) Sarbanes-Oxley Act (SOX) Federal Financial Institutions Examination Council (FFIEC) Gramm-Leach-Bliley Act (GLBA) We are experienced in integrating our audit procedures to enable our clients to demonstrate management s assessment across multiple requirements. Cybersecurity Services Weaver s security services team will evaluate your systems, policies and procedures to identify where vulnerabilities may exist either from external threats or from internal compromise. We offer several options when evaluating security procedures and vulnerabilities: Internal vulnerability scans External vulnerability scans Penetration testing Social engineering Network architecture reviews Wireless and mobile device evaluation 10

11 For more information, contact: Bruce Zaret, CPA, Partner, Advisory Services James Mihills, CPA, Partner, Advisory Services What Can Weaver Do For You? Weaver offers a full range of assurance, tax and advisory services. Every day, our clients rely on us for: Assurance Audit, review and compilation Employee benefit plan audit Agreed-upon procedures IFRS assessment and conversion Private equity services Public company services SSAE 16/SOC 1, 2 and 3 Tax Federal tax compliance and planning International tax State and local tax Wealth strategies Advisory Financial institutions consulting Risk advisory IT advisory Transaction advisory Public company services Energy compliance and consulting Forensics and litigation Weaver.com info@weaver.com facebook.com/weavercpas youtube.com/weavercpas linkedin.com/company/weaver twitter.com/weavercpas 11