Risk Management and Regulatory Examination/Compliance Seminar October 27, Eric Young CCO-Americas and CCO-IHC

Transcription

1 Risk Management and Regulatory Examination/Compliance Seminar October 27, 2015 Eric Young CCO-Americas and CCO-IHC

2 I. Volcker Rule: Overview of the Compliance Program 2

3 The Volcker Compliance Program: Overview of the 6 Pillars of Volcker Rule Compliance Program Policies and Procedures Management Framework Internal Controls Independent Testing Written policies and procedures reasonably designed to document, describe, monitor & limit: Exempted or excluded trading activities including setting, monitoring and managing limits. Exempted or excluded activities and investments with respect to a covered fund. Appropriate management review of trading limits, strategies, hedging activities, investments, incentive compensation and other matters. Responsibility and accountability. System of internal controls to include, but not limited to: monitor on-going compliance with Volcker requirements (e.g., monitoring of MMI limits, new activities/investments, out of scope activity, etc.) ensure escalation of breaches and implementation of remedial actions. Independent audit of the effectiveness of the Compliance Program conducted at least annually. 5 Training Training applicable front, middle, and back office personnel including all level of management. 6 Metrics & Recordkeeping Quantitative metrics related to certain proprietary trading activities to be produced. Records to be maintained at least 5 years to demonstrate compliance. CONFIDENTIAL Internal use only CBSR Project 3

4 The Volcker Compliance Program: Policies and Procedures (Group & Business line level) Policies & Procedures Global Enterprise-Wide Policies Business Line Policies & Procedures Trading Desk Procedures Management Framework Internal Controls Independent Testing Training Metrics & Recordkeeping General requirements of Volcker (e.g., definition, prohibited activities, exemptions/exclusions, global governance framework, etc.) Description of global business line (e.g., BNP Paribas Corporate & Institutional Banking), description of Volcker activities, management framework, escalation procedures, etc. Leverage Existing Policies and Enhance as Necessary: New product/business review Bank investments policy (BHCA) Conflicts of interest Employee compensation Risk management procedures Designed specifically to address exemption/exclusion being relied upon (e.g., trade mandates, desk procedures, hedging procedures, etc. CONFIDENTIAL Internal use only CBSR Project 4

5 The Volcker Compliance Program: Management Framework Policies and Procedures Management Framework Internal Controls Independent Testing Training Metrics & Recordkeeping ISSUE ESCALATION PROCESS Group Board of Directors Group Executive Committee Global Internal Control Committee (GICC) Business Line Volcker Committees (BNPP Internal Controls Committee) Existing Internal Controls Committee expanded to include a Volcker review. On-going Volcker-related issues are reviewed and escalated to the management through this forum. Various Internal Control Functions (1 st level and 2 nd Level) Review of trading desk mandates, monitoring of MMI limits, review of relevant daily metrics, etc. Volcker Office: Oversight of Global Compliance Program The Volcker Rule controls are being embedded in the existing control framework. New Global Volcker Office created to manage the global Volcker Compliance Program. Volcker Office housed within the Compliance function with locations in Paris, New York, London and Hong Kong. CONFIDENTIAL Internal use only CBSR Project 5

6 The Volcker Compliance Program: Internal Controls & Independent Testing Examples of Key 1 st and 2 nd Level Controls Policies and Procedures New group investments Investment in or control (BHCA definition) of iother entities by BNPP Management Framework Internal Controls Independent Testing Training Metrics & Recordkeeping New activities Monitoring of out of scope activities Monitoring of inscope activities Global Sub- Attestation Conflicts of interest Compensation Training Review of new products/activities/business lines Appropriate controls to ensure that excluded activities continue to meet requirements of the relevant exclusion and remain out of scope Controls to ensure that permitted activity continue to meet the specific requirements & restrictions related to the relevant exemption/exclusion (e.g. MMI limit monitoring, etc.) Global and regional sub-certification by heads of business lines as well as functions Controls to monitor that conflicts of interest between BNPP and its clients are appropriately monitored, prevented and resolved (leverage on existing controls) Review of employee compensation including committees to rate employees against control metrics Training of all applicable global and regional employees Independent Testing: 3 rd Level of Control Important to clearly define with role of business line, Compliance, Internal Audit and other functions. CONFIDENTIAL Internal use only CBSR Project 6

7 The Volcker Compliance Program Training & Metrics/Recordkeeping Policies and Procedures Volcker Rule requirements Create and retain records sufficient to demonstrate compliance and support the operations and effectiveness of the compliance program. Retain these records for no less than 5 years or such longer period as required Management Framework Impact Assessment Documentation supporting the impact assessment performed Volcker analysis conducted for new activities/businesses Internal Controls Independent Testing Training Metrics & Recordkeeping Implementation within BNPP Trading activities Funds activities & investments Training List of Volcker trading desks and corresponding exemptions/exclusions Documentation around production and review of metrics An accurate list of funds sponsored or invested in indicating the exclusion or exemption being relied on For each fund sponsored or invested in, the documentation supporting the determination of the elected exclusion or exemption The list of employees that have been trained for the Volcker Rule (combination of live and electronic) Created Train the Trainers program and training program for independent testers Controls & remediation Volcker Committee packages and minutes Issues escalated/remediation plans, etc. CONFIDENTIAL Internal use only CBSR Project 7

8 II. Intermediate Holding Company 8

9 BNP Paribas U.S. Intermediate Holding Company (IHC) The Federal Reserve s Enhanced Prudential Standards require a foreign banking organization (FBO) with more than $50 billion in U.S. non-branch assets to consolidate its U.S. legal entities under an intermediate holding company (IHC) and to manage risk across its combined U.S. operations (CUSO) Group BNP Paribas U.S. Enterprise-wide Compliance activities roll-up, reporting, and analytics Combined U.S. Operations (CUSO) BNP Paribas USA, Inc. (IHC) Day-to-day Compliance activities BancWest Bank of the West First Hawaiian Bank BNP Paribas North America Sec. Corp. PBI Other IP Entities Other U.S. Subsidiaries BNP Paribas U.S. Branches, Agencies, and Representative Office 9

10 IHC Governance Structure Governance structure: CUSO/IHC CUSO/IHC Board Risk Committee Board of Directors Chairman Audit Committee Compensation Committee Board Secretary CEO CUSO/IHC Executive Mgmt. Team CRO General Auditor CCO Head of HR CIO Gen. Counsel CFO CUSO/IHC Executive Mgmt. Team Treasurer CDO BWE CIB/IS Entity CRO CCO CRO CCO IHC Program 10

11 IHC Risk Committee Purpose and Role Oversees and is otherwise responsible for the risk management of BNPP s operations. Approves and provides ongoing oversight of management s risk management framework, including: 1) identification and assessment of risk, including emerging risks; 2) implementation of appropriate control processes to manage those risks; 3) review and approval of policies and processes to manage and control risk, and for risk management governance; 4) oversight of compliance with relevant laws and regulations, and 5) maintenance of a clearly articulated risk appetite statement that aligns with the risk appetite of BNPP. Approves and periodically reviews capital planning processes on capital adequacy, capital actions, capital policies, capital plan, and stress test activities. Risk areas subject to Committee oversight include: credit, market (including interest rate); liquidity operational (including technology, cyber, data security and business continuity risks); Compliance; Legal, and reputational risks. IHC Program 11

12 IHC Risk Committee Key Oversight Responsibilities Executive Management Sets objectives for the Chief Risk Officer and reviews performance and compensation against those objectives. Enterprise Risk Annually reviews and approves enterprise risk management framework. Credit Risk Oversees significant credit policies; reviews and approves material revisions to such policies. Market Risk Oversees significant policies governing the management of market risk, and reviews and approves any material revisions to such policies. Liquidity Risk Annually approves acceptable level of liquidity risk tolerance that BNPP may assume in connection with its operating strategies. Operational Risk Reviews consolidated reports on operational risk, which includes key risk indicators. Compliance Risk Annually reviews and considers for approval any compliance risk policies recommended to it by management and otherwise oversees the implementation of the compliance program. Regulatory Risk Reviews regulatory examination reports and any correspondence addressed to the Board of Directors, including areas of criticism for lessthan-satisfactory ratings. Cyber Risk Oversees business continuity programs. Compensation* Collaborates with compensation committee to integrate risk management and associated controls with management goals and compensation structure. * Impacted if employee is non-compliant IHC Program 12

13 Appendix IHC Program 13

14 IHC Implementation Org Chart Global IHC Steering Committee Quarterly U.S. IHC Steering Committee Monthly IHC Operating Committee Weekly Program Sponsors: Program Manager: Central PMO Program office: Costs: Business Impact & Alignment: Communication: Roadmap & Milestones: Finance Risk Compliance Structuring CCAR ALM-T FinReg Workstreams Data Governance S: PM: PMO: IT S: PM: PMO: HR S: PM: PMO: Governance S: PM: PMO: Audit S: PM: PMO: Regulatory relations S: PM: PMO: S: Sponsor PM: Project Manager PMO: Project Management Office (Facilitator) Note: Subject Matter Experts to bring their expertise on an ad-hoc basis in the Workstreams IHC Program 14

15 U.S. Regulatory Expectations Regarding Compliance Risk U.S. regulatory expectations for FBOs regarding Compliance risk Dimensions of regulatory expectations Required by Enhanced Prudential Standards to implement an enterprise-wide risk management framework, including over compliance risk Enterprise-wide Compliance Management & Oversight Governance Expected by the Federal Reserve to establish integrated compliance programs for the CUSO/IHC, as outlined in SR Compliance Activities Compliance Personnel 1. Compliance Risk Management Programs and Oversight at Large Banking Organizations with Complex Risk Profiles 15

16 Scope of the CUSO/IHC Compliance Program In Scope Compliance Activities Risk Inventory Risk Assessment Risk Profile Setting and Monitoring Annual Compliance Planning Compliance Policies and Training Surveillance, Testing & Monitoring Issue Management Reporting Applicable Regulations Compliance Regulations (e.g., Regulation O, Regulation W, Bank Secrecy Act (BSA), Regulation Z, Regulation B, U.S. federal and state insurance regulations, broker-dealer regulation, French banking regulations) Other Banking Regulations (e.g., regulations relating to capital planning and adequacy, and liquidity risk management) NOTE: Oversight from some independent risk function required Out of Scope Regulations Non-Banking Regulations (e.g., regulations relating to tax, employment, and the environment) Out of Scope Compliance Activities Transactions with Affiliates 1 Scope of Compliance responsibility includes defined operational functions and independent risk oversight 1. The CUSO/IHC Compliance Function owns the CUSO/IHC Transactions with Affiliates Policy. The CUSO/IHC Finance unit is responsible for its implementation. 16