BEIJING BRUSSELS CHICAGO DALLAS GENEVA HONG KONG LONDON LOS ANGELES NEW YORK SAN FRANCISCO SHANGHAI SINGAPORE TOKYO WASHINGTON, D.C.

Transcription

1 BEIJING BRUSSELS CHICAGO DALLAS GENEVA HONG KONG LONDON LOS ANGELES NEW YORK SAN FRANCISCO SHANGHAI SINGAPORE TOKYO WASHINGTON, D.C. BANK EXAMINATION ISSUES: Some Practical Advice for International Banks Connie M. Friesen Institute of International Bankers Conference of State Bank Supervisors U.S. Regulatory/Compliance Orientation Program July 29, 2009

2 Introduction The bank examination process presents an opportunity for an international bank with U.S. operations to demonstrate its understanding of applicable U.S. laws and regulations. It also permits a bank to share with regulators its successful implementation of risk management, corporate governance and compliance programs that are consistent with applicable safety and soundness concerns. However, using the examination process to a bank s advantage is not easy. Preparation for a successful exam requires the consistent attention over time of senior management, the compliance function, risk management and internal audit personnel, and business line managers. 2

3 I. Preparation is a Continuous Process Comprehensive Risk Management and Compliance Plan Safety and soundness is always a primary focus of the examination process. Demonstrate that your bank is aware of safety and soundness issues and manages them well. A key element of good preparation is a comprehensive risk management and compliance plan. 3

4 I. Preparation is a Continuous Process Corporate Governance and Risk Management It is important to demonstrate that good corporate governance is a top priority for your bank and that the linkage between strong corporate governance and effective risk management is well understood. A plan that focuses on risk management and compliance requirements for each line of business will demonstrate that a bank is aware of safety and soundness issues and manages them well. 4

5 I. Preparation is a Continuous Process Active Involvement of U.S. Senior Management and Head Office Hold monthly meetings of senior management, the compliance function and business line managers to discuss compliance issues and to make certain they are dealt with appropriately. Hold quarterly liaison meetings with representatives of Head Office to coordinate handling of issues. Be certain to document the meetings and any compliance initiatives that result from them. Create a record that you can share with bank examiners. Such a record will demonstrate that your bank is pro-active and anticipates issues. 5

6 I. Preparation is a Continuous Process Recognition of Special Burden of U.S. Compliance Requirements U.S. senior management should be certain that Head Office understands the special burden of U.S. compliance requirements and examination process. Adopting a uniform global set of policies and procedures will not be sufficient. Sufficient resources (personnel, time, systems) must be devoted to U.S. operations. OFAC compliance, the internal audit function, data protection and BSA/AML compliance are examples of areas where U.S. approach may diverge from expectations and practice in the home country*. * See Exhibit A for a list of useful sources on U.S. bank examination requirements and expectations. 6

7 I. Preparation is a Continuous Process Co-ordination Issues Be prepared to share and discuss issues that may have developed during a previous exam and are now resolved; even if this examination is conducted, for example, by the Federal Reserve Bank of New York ( FRBNY ), the FRBNY examination team will be interested in how you resolved issues from a previous examination by the New York State Banking Department ( NYSBD ). Note that regulators share information. 7

8 II. Management and Compliance Function Should Work Together Promoting a Compliance Culture General manager should lead the continuous preparation process and should always be fully informed. General manager sets the tone for compliance standards and ethical conduct of business. General manager should communicate with head of compliance function on a continuing basis. General manager should make certain that U.S. compliance function receives the support, attention and resources that it needs. 8

9 II. Management and Compliance Function Should Work Together Compliance Function Must Assume Leadership Responsibility Objective should be to maintain a compliance culture which sets high standards for everyone in the U.S. office or offices. U.S. Head of Compliance should be responsible for continuous monitoring of changes in statutes and regulations. Quarterly reports from U.S. Head of Compliance and outside counsel may serve to clarify new issues and steps to be taken. Continuous dialogue between U.S. Head of Compliance, U.S. business lines and Head Office compliance function is essential. 9

10 III. Incorporate a Risk-Based Focus in All Lines of Business Risk-Based Focus and Preparation Efforts Remember that a primary objective of exam process is to evaluate the condition of the U.S. office. Key part of the evaluation is to assess levels of current risk and the possibility that future risks will result from current and planned activities. U.S. office needs to demonstrate full control of a robust risk-management process. Because of current crisis, measures taken by a bank to deal with market risk, liquidity risk and credit risk, in particular, will be subject to intense scrutiny. 10

11 III. Incorporate a Risk-Based Focus in All Lines of Business Risk Assessment Make a risk-based assessment part of every line of business, every new product and every new customer relationship. Risk-based assessment means an assessment of operational risk, legal risk, counterparty risk, market risk, funding risk, interest rate risk, etc. Branch risk assessment and customer risk assessment are now key requirements for BSA/AML compliance program. 11

12 IV. Develop Books and Records that will Serve as an Examination Resource Compliance Risk Matrix Develop a Compliance Risk Matrix that will serve as a checklist and index. See Exhibit B for an example of one possible format for a compliance risk matrix. The compliance risk matrix will help U.S. office identify necessary policies and procedures. 12

13 IV. Develop Books and Records that will Serve as an Examination Resource Compliance Review Risk matrix will identify levels of risk as high, medium or low. Compliance review of various activities can be scheduled at various intervals depending on level of risk. Compliance review will look at policies and procedures to see if they reasonably address the regulatory requirements and are adapted to level of risk. 13

14 V. Be Prepared to Respond to Examination Questions About Items Highlighted by Internal Audit or Compliance Review Response to Internal Audit Issues Bank examiners often look first to issues highlighted by internal audit. Therefore, pay particular attention to issues detected during the internal audit process. Document carefully and fully all measures taken to address issues highlighted by internal audit. 14

15 V. Be Prepared to Respond to Examination Questions About Items Highlighted by Internal Audit or Compliance Review Response to Compliance Review Issues Any deficiencies in policies or procedures identified in compliance review process should be addressed before the bank examination begins. As is the case with deficiencies identified by internal audit, it is important to document fully all steps taken to remedy deficiencies cited in compliance review process. 15

16 VI. Use First Day Letter as a Guide to Exam Preparation Contents of First Day Letter So-called First Day Letter will be sent to bank about one month before scheduled bank examination date. Typically, bank is required to provide responses (preferably in electronic format) just before start date of actual examination. First Day Letter will be signed by examiner-in-charge and bank will have an opportunity to ask questions. Typical areas of focus will be general lines of business, safety and soundness and BSA/AML issues. 16

17 VI. Use First Day Letter as a Guide to Exam Preparation First Day Letter Changes Reflecting Crisis Contents of typical First Day Letter will likely reflect special concerns arising from current financial crisis, including such matters as: Revisions to profitability forecasts due to market constraints and related changes to strategic plan. Special reports that may have been issued by internal audit and management s response. Data security and other issues relating to payment systems and funds transfer. Specific risk management policies and procedures to protect customer information. Criteria and procedures used to identify, report and monitor existing and/or potential problem credits. 17

18 VI. Use First Day Letter as a Guide to Exam Preparation General Manager Questionnaire A Questionnaire for General Manager may be part of First Day Letter. It might request information about items such as the following: List of new products and services introduced since last examination. Head office plans for the U.S. office. Identification of any changes that might require approval or licensing (additional offices, broker-dealer, IBF, Cayman Branch). Description of Head Office support for branch (liaison committees; attempts to integrate compliance). Views of general manager on corporate governance, risk management and AML compliance. 18

19 VI. Use First Day Letter as a Guide to Exam Preparation Effective Use of First Day Letter Be certain that U.S. office understands what is required by each item of the First Day Letter. Contact the regulators if items are not clear. Assign responsibility for response to appropriate personnel. Compliance officer and senior management should coordinate the preparation and gathering of materials; liaison and contact persons for each line of business should be identified. Compliance officer should have a general understanding of every item prepared or provided for the response. 19

20 VII. Be Prepared for Intense Scrutiny of BSA/AML and Risk Management Issues Focus on BSA/AML Issues BSA/AML and risk management items are a significant part of typical First Day Letter requests. Specific areas of BSA/AML focus might include: Approval and appropriate revisions of BSA/AML Program. Determination that BSA/AML Program meets all USA PATRIOT Act requirements. Documentation of Training Program, including specialized training programs for particular functions or lines of business. Risk assessment of products, services, customers and geographic locations. List of high risk accounts. List of customers on which bank took adverse action because of its CIP. 20

21 VII. Be Prepared for Intense Scrutiny of BSA/AML and Risk Management Issues Additional BSA/AML Issues Additional areas of BSA/AML focus: SARs (including documentation for SARs considered but not filed). Procedures used to monitor transactions for suspicious activity. Funds transfer records. Foreign correspondent accounts. OFAC issues: Policies and procedures; Risk assessment and risk management; Iran; Description of any initiatives undertaken to address the new MT20X SWIFT enhanced message format. 21

22 VII. Be Prepared for Intense Scrutiny of BSA/AML and Risk Management Issues Focus on Risk Management Issues Specific areas of risk management focus might include: Risk management structure for identifying, measuring, monitoring and controlling the risks involved in various lines of business. General risk management policies and procedures and policies and procedures addressing specific risks, such as credit, market, liquidity, operational and compliance risks. Credit risk: criteria and procedures for identifying, reporting, and monitoring existing and potential problem credits; credit rating system; credit risk management reports; loan review. Liquidity risk: limit structure for liquidity risk management; Contingency Funding Plan. Market risk: risk measurement methodologies; stress analysis; investment criteria. Enterprise-wide compliance risk management program. 22

23 VIII. Be Prepared for Hot Issues and New Items New Developments Be certain to review the most recent months of releases, notices, statements of guidance issued by NYSBD, FRB and OCC. If any of these regulatory changes have affected a particular bank, they are likely to receive special focus during the examination. 23

24 VIII. Be Prepared for Hot Issues and New Items Examples: Funding, credit and liquidity issues relating to current crisis Holdings of asset-backed securities and valuation procedures with respect to such holdings Loans to hedge funds; accounts for hedge funds Account relationships with money services businesses ( MSBs ) Any transactions that might relate to Iran Participation in complex structured finance transactions Correspondent banking relationships OFAC compliance Monitoring to detect suspicious transactions Foreign Corrupt Practices Act compliance Privacy/Data Security Third Party Service Providers/Vendor Management (Outsourcing) Foreign Bank Account Report ( FBAR ) issues 24

25 IX. Be Responsive During the Examination Conduct of the Examination Have detailed, organized files containing responses to First Day Letter requests ready for examiners when they arrive. Have a meeting with examiners when they arrive to introduce contact people and explain the preparation done by U.S. office. Develop a process to respond quickly to requests for clarification, additional information, etc. If examiners request information U.S. office does not have, either try to obtain it as quickly as possible or explain why it cannot be provided. Keep a tracking sheet to reflect all questions of examiners, and bank s responses. Be certain that all examiner questions have been answered completely and to examiner s satisfaction. 25

26 IX. Be Responsive During the Examination Dealing with Problems or Weaknesses To the extent possible, try to deal with any identified issues or weaknesses immediately. For larger issues, explain why past practice has been to deal with an issue in a particular way, but express willingness to do things differently if this is what is expected by examiners. To the extent possible, try to take recommended actions on identified issues immediately; do not wait for the conclusion of the exam. If there are problems relating to current crisis, document fully the specific steps taken to resolve them. 26

27 IX. Be Responsive During the Examination When to Suggest Alternative Approaches If examiners indicate you should really be following approach x and your bank has special reasons for following approach y to achieve a better result, try to explain this to regulators prior to or at the exit interview and ask if they are willing to accept the bank s approach. 27

28 IX. Be Responsive During the Examination Keep Head Office Informed U.S. senior management and compliance officer should keep Head Office informed of the progress of the exam. If significant weaknesses or major issues develop, try to involve Head Office in the resolution. Try to make certain Head Office understands the perspective of U.S. regulators and examiners. Try to work with Head Office so responsible personnel will know what to say to home country regulators. Be certain Head Office understands the different expectations of home country and U.S. regulators. 28

29 X. Tips for a Successful Exit Interview Polite and Diplomatic Responses Follow Common Rules of Business Behavior Be polite and respectful. Respond diplomatically to questions and criticisms. Emphasize your bank s culture of compliance and proactive approach. Try to Limit Scope of Criticism Resolve any misunderstandings about specific items. Explain that each criticized item will be taken care of immediately. Follow through on promises to correct criticized items, however small. 29

30 X. Tips for a Successful Exit Interview Limiting Cited Items Try to limit number and significance of items that will appear in Written Report of Examination. Indicate that you have developed a plan of action to respond to items cited in draft report. Note that certain items that were the subject of examination attention have now been fully resolved (if that is true). If examiners indicate that the final examination report will cite a deficiency, ask to discuss the issue with them while they are still on-site and develop and implement a plan to remedy the deficiency as soon as possible. 30

31 Conclusions Preparation for bank examinations is a continuous process. Prevention is the best cure. Make certain that Head Office understands examination issues and the responses provided by U.S. office being examined. NY _1.ppt 31

32 Contact Information Connie M. Friesen Partner, Sidley Austin LLP

33 Exhibit A: How to Prepare for Bank Examinations: Useful Sources From Websites of the Bank Regulatory Agencies Federal Reserve Commercial Bank Examination Manual (October 2008) Bank Holding Company Supervision Manual (January 2009) Examination Manual for U.S. Branches and Agencies of Foreign Banking Organizations (September 1997) (updated periodically) Trading and Capital Markets Activities Manual (January 2009) OCC Federal Branches and Agencies Supervision, Comptroller s Handbook (December 1999) Bank Supervision Process, Comptroller s Handbook (September 2007) Community Reinvestment Act Examination Procedures, Comptroller s Handbook (May 1999) 33

34 Exhibit A: How to Prepare for Bank Examinations: Useful Sources From Websites of the Bank Regulatory Agencies FDIC Risk Management Manual of Examination Policies (FDIC examination of a bank's overall financial condition) Trust Examination Manual (FDIC examination of a bank s trust operations) Compliance Examination Handbook (September 2007) (FDIC examination of a bank s compliance with consumer protection regulations) FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual (August 2007) Information Technology Examination Handbook 34