Setting the pace: How financial institutions are staying ahead of changes in the compliance testing arena

Transcription

1 Setting the pace: How financial institutions are staying ahead of changes in the compliance testing arena July 2018 How are financial institutions improving their compliance testing programs? We asked. Here is what they said.

2 The heart of the matter Prioritizing expansion and improvement According to our 2017 Financial Services Compliance Testing Survey, most financial institutions are continuing to improve their compliance testing programs, and are making progress on key challenges identified in our prior (2015) survey. As we noted then, to make the grade, financial organizations should focus on aligning testing across the three lines of defense, addressing resource constraints, and more fully leveraging technology and data analytics. Survey responses in 2017 tell us that banks are rethinking some of the options available to address these challenges. Some firms divested business units that no Compliance testing is a critical element of every financial institution s compliance management system (CMS). A compliance and controls testing program includes testing that occurs at the business-unit level (first line of defense), within the compliance function (second line of defense and the focus of this paper), and by internal audit (third line of defense) (see Figure 1). A testing program provides an institution with the ability to monitor its compliance risk exposure and self-correct as necessary. It also helps regulators assess an institution s compliance and determine if its CMS meets regulatory expectations. Since 2008, financial institutions have invested heavily in the development of compliance testing and other processes to help them meet new and more extensive regulatory requirements. Despite that progress, PwC s 2017 Financial Services Compliance Testing Survey shows that 75% of financial institutions (closely equivalent to 77% in 2015) still plan to do more by expanding their compliance testing activities within the next two years. About PwC s 2017 Financial Services Compliance Testing Survey We surveyed 32 compliance testing executives who oversee risk and represent a broad cross-section of financial institutions operating in the US. Nearly 80% of the respondents are headquartered in the US, and 62% operate globally. Firms range in asset size from $10 billion to more than $250 billion, with several in excess of $500 billion. A slight majority (54%) were in the $10 to $50 billion asset size range (up from 33% in 2015). Responding institutions engage in consumer banking (81%), commercial banking (85%), wealth management (88%), treasury/securities services (88%), asset management (91%), capital markets (64%), private banking (83%), and investment banking (36%). The number of full-time equivalents (FTEs) in the compliance testing function was reported as less than 10 (34%), 11 to 60 (48%), 61 to 100 (8%), and more than 100 (10%). Setting the pace: How financial institutions are staying ahead of changes in the compliance testing arena 1

3 In 2017, institutions cited new several factors that contributed to the need for expansion: Determining and maintaining adequate resource capability (43%). Alignment with enterprise compliance risk management and governance in achieving organizational goals (36%). Increased use of technology solutions (25%). These areas are in addition to factors also cited in 2015 as contributing factors related to the need for expansion: Increasing regulatory expectations related to compliance testing. Ongoing changes in laws and regulations. The need to increase the effectiveness of the testing function. Growth and/or changes in business activities. In this paper, we discuss the challenges financial institutions continue to face, and the approaches for meeting those challenges. Based on trends we have identified across organizations, we see three key focus areas for banks: (1) centralization, such as creation of testing Centers of Excellence (COEs) and convergence of risk disciplines (including coverage of compliance and operational risk testing); (2) addressing resource constraints without increasing head count; and (3) leveraging recent and rapidly advancing technology breakthroughs. We believe these approaches are helping institutions more effectively and efficiently meet their compliance testing objectives. The results include decreased potential for non-compliance issues, reduced operational and reputational risk, and addressing growing cost pressures and stake holder expectations. In our view, most financial institutions still have some distance to go to test smarter. Survey participants in 2017 cite a variety of actions needed to promote required development of their compliance testing functions. Many priorities remained in line with 2015 results, such as increasing the knowledge level of testing resources and better alignment with other assurance functions. But 2017 results highlighted several topics that are new or growing areas of focus. Setting the pace: How financial institutions are staying ahead of changes in the compliance testing arena 2

4 An in-depth discussion In our prior survey, 55% of respondents cited availability and retention of staff as the top challenge in compliance testing. By contrast, in 2017, 58% reported achieving efficiencies among enterprise-wide risk assurance functions (e.g., Three Lines of Defense partners) as the top challenge a jump from 36% of respondents in An evolving regulatory landscape and rising expectations In recent years, regulators have increasingly looked for financial institutions to meet specific compliance requirements, while having a robust, high-functioning CMS that includes compliance testing. For financial institutions regulated by the Federal Reserve, for example, Supervisory Letter SR 08-8 describes expectations around CMSs, including the need for effective risk assessment, monitoring, and testing programs. SR 08-8 also indicates that robust compliance monitoring and testing play a key role in identifying weaknesses in existing compliance risk management controls and are, therefore, critical components of an effective firm-wide compliance risk management program. 1 Other regulators also view compliance testing as a critical element of a financial institution s CMS. Top challenges in improving the compliance testing function Financial institutions continue to face challenges related to their compliance testing programs. When we asked respondents to identify the top three challenges: When asked to identify the top three steps planned to further develop the compliance testing function, the top priority remained Increased leverage and collaboration within the organization (e.g., Three Lines of Defense framework, enterprise compliance risk management, etc.), which was cited by 85% and 88% respectively in 2017 and However, survey respondents in 2017 also included new strategies for addressing testing challenges: About one-third (32%) cited organizational structure changes, including increased centralization, as a needed step. More than half (51%) cited increased leverage of technology solutions. Although organizations remain challenged by resource constraints, plans to increase the number of compliance testing personnel dropped by nearly half. Achieving greater collaboration within and among the three lines of defense testing functions was cited as the single top challenge by 58% in 2017 (up from 36% in 2015). Availability and retention of staff resources was a close second, cited by 55% of 2017 respondents (54% in 2015). In 2017, 46% pointed to budgetary constraints, up from 29% in This result aligns with the marketplace need to reduce costs while improving effectiveness. This aligns with our marketplace observations that increasing the number of testing resources is increasingly costly. Doing so is not a preferred or even practical solution, and banks are increasingly pursuing alternatives to upgrade compliance testing skills and knowledge Federal Reserve, Supervisory Letter SR 08-8, Compliance Risk Management Programs and Oversight at Large Banking Organizations with Complex Compliances Profiles, October 16, 2008, Setting the pace: How financial institutions are staying ahead of changes in the compliance testing arena 3

5 We generally agree that upgrading resource knowledge and improving alignment among the lines of defense are good areas for continued focus (Figure 1). For example, increasing the skill levels of testing staff can help address regulatory expectations, improve effectiveness, and build credibility with other stakeholders. A strong focus on collaboration among the testing functions and proper alignment of their roles and responsibilities can increase buy-in from business stakeholders by minimizing testing redundancies. Both resource upgrades and improved alignment can contribute significantly to streamlining enterprise-wide risk assurance functions. Our 2017 survey and marketplace observations show that institutions are considering, planning and launching new approaches to address these issues. Trends toward centralization and redeploying critical staff to a more strategic focus are steps in the right direction. An additional, vital step can further improve the effectiveness of a compliance testing program: increased/use of technology. Based on survey results and our industry experience, we see many institutions actively seeking the benefits of better, smarter use of data analytics and automation. The discussion below takes a deeper look at how banks are addressing their key challenges by centralizing, working around resource constraints, and better leveraging technology direction and are gaining traction. The trend toward centralization and risk convergence to better align the three lines of defense One hundred percent of 2017 survey respondents currently have their compliance testing function within the second line of defense of a formal three lines of defense structure. Typically, this second line has primary responsibility for establishing and maintaining an enterprise-wide compliance program, whereas the first line conducts process-level testing and the third line reports on the overall effectiveness of the compliance program. Figure 1: Each of the three lines of defense plays a role in effective compliance controls, but it is critical to clearly define roles and responsibilities. 1 st line of defense Own and manage risk Execute business processes Establish compliance controls to mitigate risks Own and operate controls Consult with compliance officers embedded in each business line Assume general responsibility for policies and procedures that guide employees adherence to laws and regulations Perform ongoing monitoring and testing of process-level compliance 2 nd line of defense Oversee risk Establish and maintain an enterprise-wide compliance program and governance framework Advise business on compliance with rules and regulations Monitor and advise on changes to laws and regulations Test business unit compliance controls Issue reports and monitor remedial actions 3 rd line of defense Provide independent assurance Test business unit compliance controls (1 st line) Test compliance unit controls (2 nd line) Issue reports and monitor remedial actions Assess and report on overall effectiveness of controls on an enterprise-wide basis Setting the pace: How financial institutions are staying ahead of changes in the compliance testing arena 4

6 Yet many financial institutions continue to struggle to align and coordinate compliance testing across their three lines of defense. In both the 2015 and 2017 surveys, more than two thirds of respondents reported lack of effective engagement and coordination between the second and third lines of defense. This disconnect can result in communication gaps, high-profile redundancies, and reporting inconsistencies. Similarly, our observations show that the first and second lines of defense often fail to coordinate or share knowledge because they are siloed and in different stages of development. These misalignments frequently create testing gaps, duplication, and unwarranted pressures on business operations. These, in turn, can lead to productivity and profitability losses and negatively impact customers. More financial institutions are now learning to coordinate their lines of defense as they embrace a centralized testing approach. While we had observed a few leading banks taking this direction in 2015, that year s survey showed that only 7% of respondents planned or considered use of a centralized service delivery platform for testing. In contrast, responses in 2017 support a continuing trend toward centralized testing activities, including a convergence of testing coverage across risk areas: 74% have established or are considering establishing a central testing utility to increase efficiency. 38% report that their testing covers both operational and compliance risk. With improved effectiveness, efficiency gains, and related cost considerations as the primary drivers, a growing number of financial institutions are centralizing through in-house re-structuring. Popular mechanisms include creating Centers of Excellence and/or using a co-source partner to provide dedicated, specialized execution of certain testing activities. Against the backdrop of widespread scarcity of qualified personnel, the benefits of centralization and/or use of a third-party service delivery center are increasingly attractive for many organizations. Staffing resource constraints Financial institutions across the industry have for some time reported a significant shortage of compliance professionals, such as compliance officers and audit specialists. With the requisite compliance and business knowledge as well as sufficient testing experience in short supply, financial institutions are struggling to support compliance testing programs effectively. Consistent with prior results, our current survey shows that roughly two-thirds of respondents remain challenged by a lack of qualified candidates in local markets. Additionally, 46% of our 2017 respondents told us they are affected by budgetary constraints, such as caps on FTEs and compensation levels. While banks should continue to recruit essential staff, a growing number are looking to resolve staffing issues without increasing headcount. Banks realize that upgrading the skill and knowledge levels of compliance testing personnel is crucial. While cited by a large majority of banks in both surveys as a top priority, leading banks are trending to other solutions to achieve this goal. Alternatives include co-sourcing certain parts of testing execution and training, thereby allowing internal staff to re-focus on more strategic responsibilities. Setting the pace: How financial institutions are staying ahead of changes in the compliance testing arena 5

7 Training remains a pressing need for compliance testing groups, with 79% of 2017 survey respondents citing the necessity of increasing appropriate knowledge/skill levels of compliance testing staff. Survey results also showed a significant increase in banks that have established minimum requirements for professional training for testing staff up to 75%, from 10% in Beyond training, the 2017 survey results indicate that banks are considering several new alternatives in addressing resource challenges. Only 48% are planning to increase the number of FTE, down from 88% in A growing number of banks are considering use of a third-party SDC co-sourcing option as a primary alternative. This option provides not only efficiencies in routine testing execution, but typically frees a financial institution from non-core tasks such as hiring, training and retaining lowerlevel personnel. Instead, these tasks are performed by a co-source partner who has already standardized these processes at a lower cost basis. Survey respondents using or considering use of a third-party SDC cited the following benefits: Testing execution at 77%, this was the top reason cited. Better allocation of internal staff for higher priority tasks (31%). Rapid expansion and/or scalability of staff resource capabilities (also 31%) to meet demand volatility. Promoting innovation by combining external knowledge with in-house business expertise (21%). Leveraging external advisory capabilities (62%). Leveraging third-party solutions in enhanced data analytics and automated testing as one of the main drivers for employing co-sourcing options (43%). In summary, more banks are looking to a combination of restructuring, bolstering inhouse knowledge with transferable thirdparty expert support, and co-sourcing noncore tasks such as routine testing activities. Setting the pace: How financial institutions are staying ahead of changes in the compliance testing arena 6

8 Information technology as a solution Along with alternatives aimed at shrinking the testing gap, it is no surprise that an earlier emerging trend has continued to gain momentum: increased leverage of information technology. Fifty-one percent of our 2017 survey respondents identified increased use of technology solutions as a top need and it was specifically called out by 25% of respondents as an area needing improvement from a regulator s point of view. Limited use of technology and data analytics As shown in Figure 2, our survey reveals that only 15% of respondents have implemented and continue to enhance their data analytics. Seventy-two percent report being in the early implementation stage or preliminary planning stage. Only 14% say they have rarely or never performed data analysis and have no plans or limited plans for further development of data analytics. Figure 2: Which stage of evolution best represents your use of data/data analytics? 11% Implemented and subject to ongoing enhancement 43% 4% Best practices implemented and effective 29% Planning in place and continuing progress with implementation Early stages of planning and implementation 14% Data analysis rarely or never performed, with limited or no plan for further development Setting the pace: How financial institutions are staying ahead of changes in the compliance testing arena 7

9 For both 2015 and 2017, roughly half of the financial institutions surveyed cited the following three top reasons why they have not yet fully implemented data analytics: Lack of sufficient IT expertise within the compliance testing group. Insufficient development of IT systems or applications that support compliance requirements. Lack of technology tools within the compliance testing group. Unsurprisingly, even when financial institutions deploy data analytics, their capabilities tend not to be fully mature, and they do not keep pace with new innovations As examples, 65% primarily use data for risk-based or targeted sampling. While useful, this tool falls far short of the richer potential of more advanced data mining and analytical techniques. Similarly, data analytics results are often delivered through static reports rather than dedicated, realtime dashboards. Frequently, internal IT resources are numerically insufficient or lack the specific skills needed to drive innovation and successfully implement leading-edge solutions. More than half (54%) the respondents in both the 2015 and 2017 surveys reported that they expected to see significant near-term investments in technology such as Governance, Risk and Compliance (GRC) or analytical tools. However, nearly all respondents in both surveys also reported they do not have dedicated IT personnel on their compliance testing teams. Clearly more progress is needed. Senior executives are demanding better testing capabilities not just to meet regulatory demands but also to take advantage of the vast amounts of available data. This data can help executives make better, more informed business decisions that more accurately reflect the risks their institutions face. The intelligent use of data needs to be a priority, not only to improve compliance testing but also to meet customer experience, growth, and enterprise objectives For more information, see PwC s The extra mile: Risk, regulatory, and compliance data drive business value, April 2015, Setting the pace: How financial institutions are staying ahead of changes in the compliance testing arena 8

10 Our recommendations The basics: Alignment and transparency At a high level, a leading compliance testing program should have an end-to-end, automated, controls-based operation that allows for full population testing and realtime monitoring. It should leverage data analytics and consider structural changes such as increased centralization to optimize structural effectiveness and to promote strategic alignment among the three lines of defense. We encourage financial institutions to complete a selfdiagnostic assessment to identify gaps in current compliance testing processes and procedures. As a starting point, we recommend that financial institutions develop a coordinated approach to compliance testing by establishing a formal policy for key stakeholders across the three lines of defense. The policy should begin by articulating the role and value proposition of each risk management function across the enterprise. A foundational component is to agree on and establish an integrated, three-tiered testing approach that effectively coordinates and optimizes resources. Such a policy should recognize and leverage the relative strengths and weaknesses of testing within each line of defense. Next step: Optimization Testing functions should consider how leading organizations are seeking to optimize the allocation of testing skills and resources. Practical examples include: Re-thinking the organization s testing strategy and approach, such as more testing of key controls rather than solely testing transactions. Analyzing firm-wide testing activities to identify and address gaps, redundancies, and inconsistent execution. Leading organizations are driving improvements through increased centralization and convergence of risk disciplines. Identify opportunities to foster professional reliance 3 among testing groups, such as establishing agreed conditions or principles under which a testing group s basis for reliance can be measured and assessed. Optimization includes better allocating the responsibilities of key staff, a crucial consideration when faced with resource shortages Journal of Accountancy, March 1, 2018, A More Effective Approach for Internal Audit. Setting the pace: How financial institutions are staying ahead of changes in the compliance testing arena 9

11 Managing resource limitations Although it can be difficult, financial institutions should address the challenge of staffing their compliance testing functions: Perform a compliance competency/skills assessment to determine whether training programs are delivering the desired results. Require a minimum amount of ongoing professional training relevant to staff members responsibilities. Put the right personnel in place to execute testing to prevent quality issues and reduce time and additional QA and rework costs. Identify activities suitable for co-sourcing, such as routine test execution, with the goal of refocusing and redeploying key staff to more strategic responsibilities. Complete a cost-benefit analysis to determine whether co-sourcing testing activities with third-party centers of excellence could reduce operating costs. Co-sourcing specialists can provide personnel with advanced skills and expertise that can improve the overall quality and efficiency of testing (see Figure 3). The illustration below is an example of how leading banks are aiming to maximize benefits through co-sourcing. These benefits include automation and the ability to deliver quality efficiently while scaling up or down based on planned or unplanned fluctuations in volume. Develop a strong technology program, including the use of data analytics and automated testing to reduce overall staffing needs and develop more nontraditional skill sets, such as information technology experience. When looking for top talent, consider adding staff members with technology and advanced analytic skills, including an understanding of GRC technology, and data analytics expertise. Figure 3: Key roles optimized use of compliance resources. The split of testing activities from one into three roles Subject matter Expert Quality Assurance & coordination Execution & documentation Skills Compliance topic expert (e.g., FATCA/Cross Border) Deep Compliance knowledge & experience Tasks Conducting risk assessment and defining scope for testing plan Bringing their expertise to define objectives Supporting the maintenance of the compliance framework and addressing finding Conducting testing where their SME knowledge is needed or in high risk areas Stakeholder/Relationship management Skills Audit/Testing expert Compliance topic SME Deep Compliance knowledge & experience Tasks Supporting Compliance SMEs to define testing activities to meet objectives Supporting tracking and reporting activities Providing Program Quality Assurance Supporting Coordination across streams and Business Skills Compliance tester Compliance documentation specialist Tasks Preparing test scripts Executing Testing, in particular data gathering, evidence verification Documentation testing results Preparing report Setting up meeting Setting the pace: How financial institutions are staying ahead of changes in the compliance testing arena 10

12 Leveraging technology and data analytics In addition to growing a data-driven talent pool, we recommend that financial institutions integrate information technology into their compliance testing processes and invest in initiatives to develop advanced data analytics and automation. Leading compliance testing groups are moving ahead with these efforts, evolving from more basic tasks such as self-extraction of data from financial or operational systems to more advance uses of technology. These include workflow/dashboarding/reporting tools, GRC applications, use of analytics for more advance testing procedures, and deploying analytics to determine risk and scoping of test activities. Other end goals include evolution to automation, predictive analysis, and analytics visualization. As we discuss in Revolution, not evolution Breaking through internal audit analytics arrested development, testing functions should make analytics a core technology for everyone. Some examples are: Analyze unstructured data in minutes instead of hours. Use Robotics (automated apps) to initiate and execute activities 24/7 and replace FTEs. Financial institutions should also use technology to automate testing processes that are standardized, repeatable, and costeffective. One way to accomplish these testing objectives is through a larger upgrade of the company s GRC infrastructure. Financial institutions can implement GRC technology to configure their testing programs policies, standards, and associated workflows to guide a user through all required activities, which we discuss in more detail in Getting tactical Improving enterprise resiliency with GRC technology. GRC technology can automate these tasks so that compliance managers can focus on data quality, risk transparency, and strategic planning. 4 To be successful in these efforts, institutions should work with key stakeholders as part of an enterprise-wide effort, or they can also pilot discrete initiatives to deliver early wins and build support for further change. Where in-house expertise is not up to the task, institutions should leverage external resources to help develop, implement, and pilot advances in data analytics while upgrading the skill sets of their internal personnel. Make analytics part of every audit phase from continuous risk assessment through reporting. Formalize a dedicated data team to embed analytics into every audit. Train (and cross-train) the data analytics team and business-focused testers for joint knowledge sharing PwC, Getting tactical Improving enterprise resiliency with GRC technology, April 2015, Setting the pace: How financial institutions are staying ahead of changes in the compliance testing arena 11

13 Sample health check assessment We encourage financial institutions to grade themselves on their current compliance testing processes and procedures. Figure 4 provides a health check or self-analysis that financial institutions can use as part of this assessment. The answers to the health check can be the starting point for developing a plan for improvement, one that focuses the organization s use of time and resources. The health check can also help build the business case for change. To keep pace with trending regulatory expectations, financial institutions are progressing from a tick the box testing approach to more nuanced compliance testing programs and increased transparency into compliance and risk management activities. Through technology, including ongoing breakthroughs in areas such as robotics and automation, financial institutions can transform their reactive compliance functions into proactive teams that are better able to anticipate risks and prevent non-compliance incidents while supporting strategic business goals. Those that do so will be those chasing the pacesetters in their race to stay ahead of the changing compliance landscape. Figure 4: Questions financial institutions should ask themselves. Perform a self analysis or health check to identify gaps in current compliance testing processes and procedures. Questions to ask include: 1. Do we have a centralized compliance testing group independent of the operating units that perform the process being tested? 2. Are we able to share leading-practice compliance testing processes across the enterprise? 3. Is our compliance testing function engaged with internal audit? 4. Is our compliance testing program controls-based? 5. Does our compliance testing program leverage technology, or do we have realistic plan to do so? 6. Do we have in-house capabilities and bandwidth to drive innovation, including technology advancements? If an organization answers no to one or more of the questions above, a plan to close these gaps should be developed. Additional questions to ask include: 1. What are the timelines and resources needed to conceptualize and build an effective testing function? What will the impact be on organizational resources and key stakeholders? 2. What are financial and time costs of hiring internal resources versus engaging third-party skills? Do our internal structure and practice lend themselves to a standardized, lower cost model? 3. Where are our peers on leading practices? Setting the pace: How financial institutions are staying ahead of changes in the compliance testing arena 12

14 What this means for your business Since our last survey in 2015, financial institutions have continued to progress toward creating a stronger, more effective compliance testing function, and many organizations are taking a new look at how to structure and optimize the most appropriate testing model. Scarcity of personnel with the requisite skills and increasing costs are driving testing organizations toward a more centralized approach, re-allocation of responsibilities of key resources across testing activities, and leveraging technology, including GRC technology and data analytics. Centralization and alignment of testing activities. Centralization, such as development of a testing COE, helps achieve greater consistency and transparency in the end-to-end testing process: from hiring and training staff, to testing universe development, through planning, execution and reporting. Benefits of convergence, i.e. testing across broader risk disciplines, also improves project management, communication with stakeholders, and, above all, provides greater transparency into the organization s true residual risk. Additionally, centralization helps leverage first-line work and can foster a higher degree of professional reliance by internal audit. Business and key support stakeholders benefit from reduced testing fatigue, resulting in improved productivity and morale in both business and testing functions. New ways to manage resource constraints. Re-allocating responsibilities of key compliance staff from basic testing execution to a more risk-based, strategic focus can result in a more effective testing function. Leading banks are moving toward dedicated, centralized service delivery centers (SDCs) for lower cost testing execution and support, while maintaining or enhancing quality standards. Banks looking to implement this solution are weighing the benefits of developing an in-house SDC, or partnering with a third-party provider to design a customized model for the organization s individual needs. When institutions lack the human or technical resources necessary to accomplish these goals on their own, co-sourcing with an experienced third party can effectively bridge the gaps. Third party co-sourcing teams are often called upon to serve multiple clients with far-ranging needs. This not only provides a basis and scale necessary to achieve significant cost savings, but also brings the requisite subject knowledge and experience in virtually every applicable area of regulation. Whereas many financial institutions find it difficult to develop and maintain a comparable level of expertise and testing firepower in-house, the co-sourcing model gives institutions the option to quickly scale up or down the testing resources based on need. An integrated team approach with a co-source partner keeps your in-house compliance testing staff involved and highly informed of testing outcomes. This better positions staff to manage strategic reporting and relationship components. Leveraging technology and data analytics. Organizations that have embraced technology and data analytics are able to more quickly identify the root cause of compliance shortfalls and promptly deploy resources to correct issues that present the greatest risk. Automating testing processes can help financial institutions enhance their overall risk assessment and testing processes, while also freeing up skilled personnel to focus on areas of higher complexity or risk. Effective use of GRC technology can support the configuration of policies, standards, and associated workflows to guide users through all required activities and create efficiencies throughout the program. Setting the pace: How financial institutions are staying ahead of changes in the compliance testing arena 13

15 For a deeper conversation, please contact: Richard Reynolds Compliance Testing Leader (646) richard.reynolds@pwc.com Michael Walker Banking Consumer & Corporate Compliance Testing (646) michael.t.walker@pwc.com Yoon Chong Capital Markets Compliance Testing (646) yoon.h.chong@pwc.com Brian Schwartz GRC Technology Solutions Leader (202) brian.schwartz@pwc.com 028b446/ Marcel Tschanz FS Advisory & Europe Compliance Testing marcel.tschanz@ch.pwc.com Adam Gilbert Global Regulatory and Compliance Leader (646) adam.gilbert@pwc.com Glenn Cheng Banking Consumer & Corporate Compliance Testing (646) glenn.cheng@pwc.com Seth Rosensweig Internal Audit Analytics Leader (646) seth.m.rosensweig@pwc.com a726/ Roberto Hernandez Consumer Finance Group (214) roberto.g.hernandez@pwc.com David Klidjian FS Advisory & Europe Compliance Testing david.klidjian@ch.pwc.com Follow us on 2018 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.