Developing a Culture of Compliance

Size: px

Start display at page:

Download "Developing a Culture of Compliance"

Gilbert Nash
5 years ago
Views:

1 Developing a Culture of Compliance Presented by: Salvatore Zerilli, CPA, CAMS NJ Bankers Association Compliance University June 2016 Certified Public Accountants Consultants Wealth Management Technology

2 Session Attendees Will Learn How industry trends, regulatory pressures and notable incidents may affect their institutions compliance systems and culture. Key strategies and steps to assess and ensure that compliance staff, processes and controls are responsive and effective, leverage existing best practices and opportunities, and are integrated into the culture and strategies of their banks.

3 State of the World Regulatory Pressure Impact to Banking Compliance Management System Lines of Defense Model Navigate the Grey Navigate the Conflict Integration to Bank Strategy Role of Data Agenda

4 State of The World Increasing Threats Increasing Regulatory Expectations Evolving Financial Ideas Negative Interest Rates in Japan and Europe soon USA? Increasing Competition Uberization of Banks Single Biggest Risk Cybersecurity and SWIFT hacks Decreasing Profits

5 Regulatory Pressure Dodd Frank Act Single most comprehensive revamp of 21st century. More than 22,200 pages of rules; equivalent to 15 copies of War and Peace; covers matters from how much capital banks must set aside to how they can advertise. CFPB and regulators still have significant rulemaking left. One of the new rules TRID Role of public opinion and impact on regulation Role of auditors and compliance officers (COs) Jail term proposals for COs implicit in wrongdoing

6 Impact on Banking Lenders awash in new regulations and resultant striking changes to internal cultures Regulatory tightening has changed big bank profiles to look more like utilities Before crisis more congenial relationship with regulators Now formal and informal rifts are defining features of bank life

7 The Statistics Unintended Consequences ABA Survey 46% of banks to pare back offerings for loan accounts, deposit accounts or other services. Fed Financial Analytics Survey Six largest U.S. banks by assets in 2013 together spent at least $70.2 billion that year on regulatory compliance, up from $34.7 billion in 2007.

many compliance staff, grew to 43,000 in 2015 from 24,000 in 2011.

8 The Statistics Unintended Consequences (Cont d) At J.P. Morgan, nation s largest bank by assets, head count in controls area, which includes many compliance staff, grew to 43,000 in 2015 from 24,000 in Colonial Savings, Fort Worth, TX, with 8 branches, had 3 to 4 people in compliance 2 years ago, per Chief CO Richard Harvey, Jr. It now has 14.

examiners from different agencies on site at

9 The Statistics Unintended Consequences (Cont d) Large banks like Bank of America, Citigroup, J.P. Morgan and Wells Fargo, can have up to 200 examiners from different agencies on site at all times, up 20% over the past several years. Practical issue where do they all sit?

The Heart of the Matter Your Compliance Management System Policies and procedures Monitoring and testing CMS reporting integrate complaint data Compliance employees Middlemen between regulatory

10 The Heart of the Matter Your Compliance Management System Policies and procedures Monitoring and testing CMS reporting integrate complaint data Compliance employees Middlemen between regulatory agencies and bank staff, fielding data requests and overseeing exams. Help test products and services to make sure their banks follow rules and don t take unacceptable risks. The new hallway monitors

11 CMS 101 on Steroids Certification Executive sign-offs and regulatory reporting Process certification Remediation Deficiency management Structured process to remediate issues, deficiencies weaknesses Remediati on Certificatio n Assessme nt Reporting Effective & Sustainable Compliance Assessment Compliance strategy Test plan creation Test execution Test review Documentation Reporting Compliance dashboards Program management controls Documentation Design & document control hierarchy: process, risks, controls Process risk assessment

12 CMS Easy Strategies Develop What Could Go Wrong statements; brainstorm solutions Remember anything can happen No one thought subprime could crash except for a few market shorters Use common risk taxonomy and leverage risk assessments for internal audit, SOX, fair lending, compliance, IT, cybersecurity, operational, ERM Know the importance of Fraud Self Assessment

Navigate the Grey Mike Maher, Chief CO, Wells Fargo consumer lending group until last year, recalls a months long discussion between the bank and regulators over whether it should let customers pay

13 Navigate the Grey Mike Maher, Chief CO, Wells Fargo consumer lending group until last year, recalls a months long discussion between the bank and regulators over whether it should let customers pay ahead on mortgages. And if they did, would the bank consider borrowers delinquent if they later missed a month? The regulators, themselves unsure of the rules, were hesitant to take a position or provide guidance.

14 Navigate the Conflict Not uncommon for regulators from different agencies to issue conflicting opinions. It happened to Fifth Third Bancorp, which informed two agency regulators, who conferred and returned same result. These challenges are pronounced for smaller community banks.

Align CMS With Bank Strategy Leverage Components of Risk Appetite and Strategy Identifies key risks impacting capital position and business operations Creates baseline of bank s attitude toward risk

15 Align CMS With Bank Strategy Leverage Components of Risk Appetite and Strategy Identifies key risks impacting capital position and business operations Creates baseline of bank s attitude toward risk Drives alignment of people, processes to proactively respond to risk Not static. Evaluate quantity, quality of risk for each product annually Biggest challenge? Lack of communication and operationalization

defense accountable Compliance Committee cross functional view of systems, process,

16 CMS Making It Work 101 Establish Responsibility Bank and Teammate Board resource availability Management day to day administration; hold teammates at 1 st line of defense accountable Compliance Committee cross functional view of systems, process, disclosures, rules, etc. Compliance Officer and Manager provide expertise and oversight of CMS

17 CMS Making It Work 101 (Cont d) Communicate Responsibilities Written policies, procedures, supervised daily practices become the standard for performance measurement Job descriptions incorporate compliance related responsibilities

18 CMS Making It Work 101 (Cont d) Communicate Responsibilities Written policies, procedures, supervised daily practices become the standard for performance measurement Job descriptions incorporate compliance related responsibilities Bake Compliance Requirements Right Into Business Processes Integrate compliance into operational processes, such as automated systems, system defaults, disclosures, controls over discretion Embedded tools + trained staff = effective compliance

19 CMS Making It Work 101 (Cont d) Complete Reviews to Ensure Responsibilities Are Carried Out Test teammate effectiveness (positive reinforcement) Performance measurement (risk based periodic, documented monitoring reviews, reporting

20 CMS Making It Work 101 (Cont d) Complete Reviews to Ensure Responsibilities Are Carried Out Test teammate effectiveness (positive reinforcement) Performance measurement (risk based periodic, documented monitoring reviews, reporting Take Effective Corrective Action For Isolated/Systemic Errors Fixing root cause as priority of action plan Minimize potential for recurrence

Monitoring & Assessment Critical CMS component ability to collect Key Risk Indicator (KRI) data efficiently and effectively It s all about the data Automation is

21 Monitoring & Assessment Critical CMS component ability to collect Key Risk Indicator (KRI) data efficiently and effectively It s all about the data Automation is optimal Manual processes are expensive, tedious and error prone Data necessary for compliance monitoring and ongoing risk assessment Not all data are created equal

Clear Monitoring & Testing Plans Objectives Testing methodology (quantitative, qualitative) Testing population and sample selection Testing requirements precise statement of

22 Clear Monitoring & Testing Plans Objectives Testing methodology (quantitative, qualitative) Testing population and sample selection Testing requirements precise statement of each what to be tested Timeline and responsible parties Assessment of the detailed findings and recommendations Corrective action plan Ongoing adjustments within the CMS lifecycle

23 Session Take Aways Embedding a Culture of Compliance Know the importance of the Tone at the Top Align your CMS to hot topics/emerging issues/current events Leverage your strategic plan when developing compliance culture; 1 st and 2 nd lines of defense Learn your LOBs and LODs! Keep strategic imperatives top of mind. Keep the board and management apprised of the state of compliance, including gaps and weaknesses, through simple and visually attractive reports like heat maps, dynamic dashboards.

24 Questions?

25 Contact Salvatore Zerilli, CPA, CAMS Managing Director, The Mercadien Group Financial Institutions Services (609)