PROGRAM GOVERNANCE FRAMEWORK

Transcription

1 PROGRAM GOVERNANCE FRAMEWORK MAY 16, 2017 ELLEN ZIMILES, MANAGING DIRECTOR FINANCIAL SERVICES ADVISORY & COMPLIANCE SEGMENT LEADER HEAD OF GLOBAL INVESTIGATIONS & COMPLIANCE 1 / 2017 NAVIGANT CONSULTING, INC. ALL RIGHTS RESERVED

2 TABLE OF CONTENTS I. Introduction II. Elements of a Sanctions Framework III. Conclusions 2

3 I. INTRODUCTION Regulators have become increasingly focused on the governance of Sanctions Compliance Programs. While there is no one-size-fits-all model for a Sanctions Compliance Program, leveraging certain best practices can support robust oversight of sanctions operations. A strong governance function can alert institutions to emerging sanctions risks, establish standards for compliant behavior and deliver a clear tone from the top that compliance with sanctions laws is prioritized by the institution. SANCTIONS COMPLIANCE PROGRAM Sanctions Program Executive Regular Program Assessment Program Development & Management Training & Development Enterprise-wide Sanctions Risk Assessment Independent Audit 3

4 I. INTRODUCTION (CONT D) Often, a typical OFAC Settlement Agreement will require institutions to maintain policies and procedures that prohibit, and are designed to minimize the risk of recurrence or, similar conduct in the future. Sanctions Program Executive Knowledgeable Sanctions Program Owner; Established Committee & Group Oversight Regular Program Assessment Program Development & Management Training & Development Risk Assessment; Audit; Assurance; Quality Control; Program Control Testing Policies, Procedures, DOIs; Management Information; Issue & Remediation Tracking Staff Training; Targeted Assessments 4

5 II. ELEMENTS OF A SANCTIONS PROGRAM FRAMEWORK A. Overview 1. Sanctions Program Executive and Committees a. Sanctions Compliance Officer b. Committees & Groups 2. Program Assessment a. Oversight (Audit, Assurance, and Quality Control) b. Risk Assessment 3. Program Development and Management a. Policies, Procedures, and Desktop Operating Instructions b. Management Reporting & Trending c. Program Controls Testing d. Issue Tracking and Reporting 4. Training and Development 5

6 II. ELEMENTS OF A SANCTIONS PROGRAM FRAMEWORK (CONT D) B. Specific Elements 1. Sanctions Program Executive and Committees a. Sanctions Compliance Officer i. The Officer should have sufficient sanctions technical experience and delegated authority to perform the Roles & Responsibilities outlined in their Job Description ii. Key role for establishing sanctions Tone at the Top and communicating the compliance tone and sanctions principles to the institution as a whole b. Committees and Groups i. Issuance of a Terms of Reference ( TOR ) that identifies the members of the meeting, meeting frequency, establish requirements for voting and quorum, and define purpose and scope. In addition, the TOR establishes information input and output requirements, including metrics, minutes, and reporting ii. In addition, prior to the start of the meeting, an easy to follow agenda pack should be submitted to all members identifying the items for the meeting and the time allocated for discussion of each item iii. Strong committee governance dictates that identifying a spokesperson to lead the meeting and facilitate viable, though-provoking discussion while ensuring all topics of discussion are addressed within the appropriate time allotted 6

7 II. ELEMENTS OF A SANCTIONS PROGRAM FRAMEWORK (CONT D) 2. Program Assessment a. Oversight (Audit, Assurance, and Quality Control) i. Oversight areas should have sufficient resources, knowledgeable in sanctions regulation and internal policy and procedure requirements, to perform their responsibilities ii. Audit findings should be free from influence and documented, reported, and tracked through completion iii. Audit, Assurance, and Quality Control findings should identify program weaknesses, which should be leveraged to strengthen the program b. Risk Assessment i. Risk Assessment should have an established Methodology that is reviewed and approved annually ii. Risk Assessment staff should have sufficient sanctions knowledge and experience to assess the risks of the institution 7

8 II. ELEMENTS OF A SANCTIONS PROGRAM FRAMEWORK (CONT D) 3. Program Development and Management a. Policies, Procedures, and Desktop Operating Instructions i. Should address risks associated with size, footprint, products and segments and provide sufficient guidance and/or instructional value to staff ii. Updated annually or as needed and approved by appropriate authority b. Management Reporting & Trending i. Based on Key Risk Indicators ii. Management Information ( MI ) should feed into committees in an effort to mitigate recurrence of risk events and identify downstream risks c. Program Controls Testing i. Controls should be tested in accordance with the associated risk ii. Control testing should adapt to program, product, and regulatory changes d. Issue Tracking and Reporting An issue tracking mechanism should be established and capable of producing reporting for Board, Committee, and Management oversight 8

9 II. ELEMENTS OF A SANCTIONS PROGRAM FRAMEWORK (CONT D) 4. Training and Development a. Training should provide the audience with sufficient information about the program and subject to regular review and update based on changes to the program, products, and regulations b. Targeted training should augment the group training and focus, or target, on specific roles and responsibilities associated with the program oversight, administration, compliance, and operations c. Supplemental training should be developed and delivered to staff who fail to meet the minimum standards established by management or job description 9

10 III. CONCLUSION Key Takeaways A. Program Management: Critical elements of a strong sanctions officer include: 1) technical background, 2) operational understanding and awareness, and 3) program management B. Effective Controls: Produce applicable sanctions policies, procedures, and controls that have been appropriately designed and implemented to adhere to such standards and guidance in all material aspects C. Appropriate Oversight: Audit staff with appropriate knowledge and structure and an Assurance program that allows provides for adequate control testing D. Training: Training and development ensures that sanctions compliance efforts are analyzed and designed to improve efficiency and effectiveness of resources. The uniform evaluation of the resources and outputs promotes a consistent and global approach 10

11 ELLEN ZIMILES BIO Ellen Zimiles is Head of Navigant s Financial Services Advisory and Compliance segment and its Global Investigations and Compliance practice. She has more than 30 years of litigation and investigation experience, including 10 years as a federal prosecutor. As an assistant United States attorney in the Southern District of New York, Ms. Zimiles served in the civil and criminal divisions and was chief of the forfeiture unit for over six years. She was responsible for many high-profile money laundering, fraud and forfeiture cases. Ms. Zimiles is a leading authority on fraud control, anti-money laundering programs, corporate governance, foreign and domestic public corruption matters, regulatory and corporate compliance and monitorships. She has worked with a multitude of financial institutions preparing for regulatory exams, developing remediation programs and assisting organizations as a regulatory liaison. Ms. Zimiles serves as a Monitor for various federal and state law enforcement and regulatory agencies in financial crime and other compliance matters. 11

12 CONTACT Ellen Zimiles Managing Director Financial Services Advisory and Compliance Segment Leader Head of Global Investigations & Compliance navigant.com 12