CFO attestation: building a sustainable process

Similar documents
Proposed Attestation Requirements for FR Y-14A/Q/M reports. Overview and Implications for Banking Institutions

Surveillance Program Design and Behavioral Analytics Implementation

Federal Reserve Guidance on Supervisory Assessment of Capital Planning and Positions for Large Financial Institutions.

WHITE PAPER. Comprehensive Capital Analysis and Review (CCAR) CFO attestation Recommended approach

26th Annual Health Sciences Tax Conference

The winning tax transformation trinity. Data, technology and operations

Modernizing regulatory reporting in banking & securities Where to get started. CENTER for REGULATORY STRATEGY AMERICAS

represents a likely source of cost savings, improved business performance and stronger customer-facing capabilities.

Session 4C: Model Governance: What Could Possibly Go Wrong? (Part I) Moderator: Dwayne Allen Husbands, FSA, MAAA

Consolidated Audit Trail

The Value of Continuous Accounting for Business. White Paper. Establishing the Foundation for a Strategic Finance Organization.

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

Model risk management A practical approach for addressing common issues

Growing opportunity, growing business. EY s financial services practice in ASEAN

Extended Enterprise Risk Management

Get ready for robots: why planning makes the difference between success and disappointment

The Future of Internal Auditing:

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale

Peter Fuss Senior Advisory Partner Automotive Ernst & Young

Effective Risk Management With AML Risk Assessment. January 25, 2017

A guide to assessing your risk data aggregation strategies. How effectively are you complying with BCBS 239?

Implementing Analytics in Internal Audit. Jordan Lloyd Senior Manager Ravindra Singh Manager

STANDING ADVISORY GROUP MEETING

Synergies between Risk Modeling and Customer Analytics

Back to School for Business Services how to get it right?

Operational Risk Management (#DOpsRisk) Solutions suite

The Firm of the Future How Technology Will Impact and Enable Effective Firm Management. Sponsored By:

Effective implementation of COSO s new anti-fraud guidance

Third Party Risk Management ( TPRM ) Transformation

EY Advisory: Driving business performance

Business resilience in the provider care sector. Actively adapting to a changing environment

Governing the cloud. insights for 5executives. Drive innovation and empower your workforce through responsible adoption of the cloud

TEI. Robotics and Digital Automation. May 3, 2017

A trade name of Wells Fargo Clearing Services EMPOWERING SOLUTIONS FOR YOUR BUSINESS

Best practice workshop. Training course outline

Risk reduction? Value creation?

Implementing Category Management for Common Goods and Services

Enterprise risk management Protecting and enhancing value Advisory

Standardize, streamline, simplify: Applications rationalization during M&A Part of the Wired for Winning series on M&A technology topics

SOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT

Developing high performance teams. 2 3 October 2017

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

The New 404 Balancing Act

Implementation Tips for Revenue Recognition Standards. June 20, 2017

Risk Management For and By the BOT. Secured BOT Series

A Strategic Approach to Bank Fraud

Banking on gender differences? Similarities and differences in financial services preferences of women and men in a digital world

See your auditor clearly. Transparency report: How we perform quality audit engagements

Risk Management and Regulatory Examination/Compliance Seminar October 27, Eric Young CCO-Americas and CCO-IHC

Transforming the office of the CFO

DNA of the CFO: Disruptive technologies that will reshape finance as we know it. February 22, 2017

Fisher & Paykel Healthcare Limited Review of Directors Fees Summary of EY report dated 19th June 2017

Crowe Caliber. Using Technology to Enhance AML Model Risk Management Programs and Automate Model Calibration. Audit Tax Advisory Risk Performance

The trouble with culture:

KPMG Smart Controls. Putting you in control of your controls. kpmg.co.uk

Model Risk Management

Customer experience of the future. How intelligent virtual assistants and chatbots can enhance service interactions

Integrated Business Planning. Robert Rossi May 2015

Transformation in the Internal Audit Function Neil White October 5, 2017

An Oracle White Paper December Reducing the Pain of Account Reconciliations

Practice Guide. Developing the Internal Audit Strategic Plan

Emotional Intelligence

International Finance Corporation

Brexit: considerations for your Internal Audit operating model

Sales & Operations Planning: An Introduction

Cultivating a Risk Intelligent Culture A fresh perspective

Enterprise intelligence in modern shipping

Report. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report

Leveraging Stress Testing Processes and Systems Page 1

Building the talent of the future

MiFID II Extraterritorial Impacts. Product Manufacturing and Distribution

COSO Updates and Expectations. IIA San Diego Chapter January 8, 2014

At the Heart of Assured Quality Management

SOLUTION BRIEF IDENTITY AND ACCESS GOVERNANCE. Simplify Identity Governance and Reduce Risk With the CA Identity Suite

Harmonizing financial accounting, budgeting and macroeconomic statistics: towards a common GAAP-based framework?

AUDITING. Auditing PAGE 1

Horizontal and Vertical Applications

Success peak performance and personal branding December 2017

ANNUAL PERFORMANCE REPORT DATA ASSURANCE PLAN 2015/2016

ServiceNow Knowledge 2016

WinCo Foods LLC Texas Workforce Conference Diversity and Inclusion in Today s Business

Achieve Powerful Business Benefits by Streamlining Document Workflows

ACHIEVING OPTIMAL IFRS9 COMPLIANCE

IIROC 2015 Financial Administrators Section Conference

Intelligent automation and internal audit

Madison Consulting Group. An Introduction to AML Compliance Consulting Services

Managing Strategic Initiatives for Effective Strategy Execution

WHITE PAPER. Banks Regulatory Reporting Compliance The Challenges and the Solution. Abstract

Rising to the challenge Delivering Internal Audit excellence

Risk Based Approach and Enterprise Wide Risk Assessment Edwin Somers / Inneke Geyskens-Borgions 26 September 2017

CFO SERVICES. Leadership. Action. Results. For CFOs evolving needs. LEADERSHIP ACTION RESULTS

Information paper. Transaction filtering, systems testing and annual certification: driving business benefits

It s time to revisit your anti-corruption compliance program How to design an effective and defensible compliance program in response to global trends

VENDOR RISK MANAGEMENT FCC SERVICES

Leveraging IT risk management to boost competitive advantage

THE SECRETS TO SUSTAINABLE REGULATORY COMPLIANCE

Internal controls over financial reporting

Financial Planning & Analysis Solution. A Financial Planning System is one of the core financial analytics applications that an enterprise needs.

SPHERA CUSTOMER CASE STUDIES. ADVANCING OPERATIONAL EXCELLENCE A focus on Incident Management

Transcription:

CFO attestation: building a sustainable process

This regulatory briefing highlights the challenges faced by firms in establishing their CFO attestation supporting capabilities, as well as the priorities for improving and sustaining these capabilities for future reporting. Additionally, we highlight where technology and automation may be implemented or considered.

Background The Federal Reserve Board (FRB) established an FR Y-14 attestation requirement for Large Institution Supervision Coordinating Committee (LISCC) firms, where the CFO must attest to each FR Y-14 annual (A), Quarterly (Q) and Monthly (M) submission. For US bank holding company LISCC firms, initial attestations were submitted on April 5, 2017 for data as of December 31, 2016. For intermediate holding company LISCC firms, initial attestations will apply to data as of December 31, 2017 (official attestation submission dates have not yet been published by the FRB). Additionally, the FRB requires that firms have a materiality policy in place for assessing materiality in the context of management s attestation that the data is materially accurate and that internal controls over FR Y-14A/Q/M reports are free of material weaknesses. Similar to other regulatory reports, the FR Y-14 attestation certifies the effectiveness of the firm s control environment and conformance of the reports with the instructions issued by the FRB. However, this attestation is more prescriptive and extensive than in the past, as it introduces new requirements around materiality, involvement of internal audit and compliance, and data accuracy. Although today the Comprehensive Capital Analysis and Review CFO attestation requirements are applicable only to LISCC firms, many firms have taken this opportunity to revisit materiality considerations across the full suite of regulatory reports. The table below highlights the FR Y-14 CFO attestation statements and how they compare to other existing attestations. Data type Attestation statement requirement Differences from other attestations Projections and actuals The reports have been prepared in conformance with the Explicit certification of data accuracy, in addition to instructions issued by the FRB. effectiveness of the control environment Actuals Management is responsible for the internal controls over the reporting of the FR Y-14 data. The data reported are materially correct to the best of his or her knowledge. Controls are effective and include those practices necessary to provide reasonable assurance as to the accuracy of these data. Controls are audited annually by internal audit or compliance staff. Controls are assessed regularly by management of the named institution. Management or the CFO agrees to report material weaknesses in these internal controls and any material errors or omissions in the data submitted to the FRB promptly as they are identified. Coverage of a broader and more granular data set, including: Non-financial data Transaction-level data Projections New materiality requirements in the context of data, controls and issues, based on impact to capital New requirement for management assessment of internal controls Direct involvement of internal audit or compliance US LISCC bank holding companies Bank of America Corporation Bank of New York Mellon Citigroup Goldman Sachs Group, Inc. JPMorgan Chase & Co. FBO LISCC intermediate holding companies Barclays Credit Suisse Deutsche Bank UBS Morgan Stanley State Street Corporation Wells Fargo & Company CFO attestation: building a sustainable process 1

CFO attestation program setup In preparation for their FR Y-14 attestations, firms have placed significant attention on enhancing their supporting capabilities and systems, as well as launching initiatives to address critical gaps. To oversee these efforts, some firms established centralized governance structures, with cross-functional representation across risk, finance, operations, technology, and capital, etc., while others leveraged a more decentralized approach with responsibilities embedded across functions. In either scenario, reporting packages and performance metrics have typically been developed to facilitate communication of program outcomes with senior management and governance committees. Supporting capabilities Efforts have focused on the following foundational capabilities that support the CFO attestation process: Program governance and executive communication Materiality Issue management Internal controls Independent review Data Attestation Training Challenges and priorities Program governance and executive communication Effective governance plays a critical role in the success of an attestation program. CFOs and relevant cross-functional executive leadership should be highly engaged in: Setting program objectives and designing the operating model Providing input into the structure and contents of the executive attestation report Reviewing outcomes of supporting processes and material issues When developing the operating model and plan, attestation program leads must allocate sufficient time for communication with governance committees and executive leadership. Given the inherent time constraints, organizations are seeking to enhance their processes by: Re-evaluating the contents and level of detail within their executive attestation reports Exploring automated methods to more easily collect, analyze and report outcomes Materiality For LISCC firms, an FR Y-14 materiality policy must be in place for assessing materiality in the context of management s attestation that the data is materially accurate and that internal controls over FR Y-14 A/Q/M reports are free of material weaknesses, taking into account both quantitative and qualitative considerations. While firms have similar policies in place in relation to SOX requirements, the FR Y-14 materiality policy is distinct in its application to capital ratios. Beyond FR Y-14 A/Q/M reporting, many firms have established broad regulatory reporting materiality thresholds across all reports. Moving forward, recommended priorities include: Enhancing materiality frameworks to better define qualitative considerations in support of prioritization of efforts related to critical data and issue evaluation Defining ownership and a business-as-usual (BAU) operating model for ongoing application of the materiality framework each year 2 CFO attestation: building a sustainable process

Issue management In order for CFOs to attest that all material issues have been reported to the FRB, firms need to evaluate many of their existing issues for impact to capital, FR Y-14 and other regulatory reports. Moving forward, recommended priorities include: Establishing a clear link or alignment with existing issue management programs (e.g., SOX, data management) Defining the population of issues not currently covered by an existing program that require incremental evaluation Enhancing qualitative considerations for assessing the magnitude of impact to capital within their materiality policies to better support the evaluation process Internal controls Multiple attestation statements stress the need for effective internal controls. To demonstrate an effective control environment, firms have sought to leverage their existing control frameworks for financial, regulatory and operational reporting and enhance them for incremental and more granular coverage. Key controls are then identified based on the materiality policy. A critical challenge that many continue to face is driving accountability further upstream, through data origination processes. Moving forward, recommended priorities include: Enhancing regulatory control frameworks to extend responsibilities beyond finance into the broader organization (e.g., data providers) Enhancing upstream data origination and data provider controls in support of data accuracy and conformance with instructions Designing and implementing a sustainable BAU operating model for ongoing maintenance of control standards and control inventories Data The FR Y-14 attestation is unique in its requirement to attest directly to the material accuracy of the data reported to the FRB. Additionally, the reported data must conform to the FRB s instructions. This poses a considerable challenge given the granularity of the data reported. Both the FR Y-14 Q and FR Y-14 M reports capture transaction-level data that includes both financial and non-financial attributes. Many firms have sought to address data accuracy and conformance for FR Y-14 and all other regulatory reports through a combination of various initiatives, including: Tracing the movement of critical data from system to system to gain insight into data sources, transformations and accountability across the data supply chain Decomposing the reporting requirements at the data element level, documenting the current data used for reporting, as well as identified reporting logic or conformance issues, and capturing where requirements overlap with other reports, as well as data owners, sources and associated documentation Moving forward, recommended priorities include: Expanding data documentation to cover a larger population of data elements Developing technology and the capability to store and manage documentation for use within the attestation program, in line with their evolving business and technology infrastructures Attestation Prior to the release of the attestation requirement for the FR Y-14 reports, many firms had existing attestation processes in place for SOX and other regulatory reports (e.g., FR Y-9C, FFIEC 101). Given the additional requirement for CCAR, firms have begun to develop tools to facilitate their attestation processes. Firms have also focused on enhancing attestation language to support the new requirement. Moving forward, recommended priorities include: Streamlining attestation tools to more systematically collect attestations and reduce redundancy across reports Leveraging their data initiatives to evaluate whether the current attestations provide sufficient coverage of data across the end to end process Enhancing their attestation frameworks to extend accountability further upstream to data owners and providers and establish clearer linkages to downstream requirements CFO attestation: building a sustainable process 3

Independent review Firms have sought to rationalize existing testing plans to determine how they could be leveraged and to expand control and data assessment programs across their first, second and third lines of defense. This includes testing the effectiveness of business and IT controls and verifying that reported transactions reconcile back to origination systems or source documentation. Many institutions also are currently undergoing data lineage and quality testing to verify the accuracy and completeness of data movement throughout the data supply chain. However, additional testing requirements have placed significant demand on existing personnel. Moving forward, recommended priorities include: Leveraging near-shore and offshore centers or a managed services model Defining manageable test plans based on materiality by scoping critical data elements and controls Communicating ownership and coordination of the testing across the three lines of defense earlier in the process to more effectively allocate resources Implementing automated capabilities to more effectively manage assessments and findings between teams, including the use of robotics and workflow tools Training Training is viewed by many firms as a critical way of supporting conformance with instructions. As such, training efforts have been ramped up with a focus on providing stakeholders with awareness of the attestation requirements and related capabilities. Moving forward, recommended priorities include: Developing product- and schedule-specific trainings to reinforce linkages across regulatory reports Developing process training and more granular job aids for upstream data providers to support conformance with the reporting instructions EY views on automation Business process management (BPM) BPM is a solution that enables firms to improve business processes through creating a detailed view of a process with the ability to track/record completed steps and analyze process performance. BPM could initially be adopted for some of the components that are tracking intensive. Below is a list of processes that could be improved through a BPM solution: Attestation is a cumbersome process that is very manual in nature and requires coordination across a wide group of stakeholders. A BPM solution for attestation can help facilitate the processes and dependencies, provide tracking of attestations occurring across a firm and integrate with other key process inputs. Issue management requires input/assistance from different stakeholders and adequate information to link similar issues across an organization, making it a good candidate for BPM. Documentation is also a prime candidate for a BPM tool because it requires coordination across stakeholders to develop, update and finalize policies, procedures and other supporting documentation for regulatory reporting. As other processes mature, they should also be incorporated into the BPM solution to create a more robust view of the endto-end process, including control and data testing. BPM solutions improve the efficiencies of regulatory reporting by providing a real-time status of the reporting process and creating a platform to perform additional process analysis. Analytics Analytics solutions enable firms to capture snapshots of the reporting process, create customizable metrics for ad hoc analysis and generate reports for relevant committees and boards. Analytics improves the reporting process by improving the overall efficiencies related to collecting, consolidating and aggregating data, as well as generating automated reports on an ad hoc basis. Robotic process automation (RPA) RPA is a technology solution that is useful for understanding and improving processes within a firm through automating repetitive, manual processes that are performed on a regular basis. RPA can be employed in independent review environments to assist with the surge in controls and transaction testing of regulatory reports. Successful RPA implementations can reduce costs by decreasing the amount of full-time employee time required for process execution and increase efficiencies by improving the frequency and/or coverage of the current process. 4 CFO attestation: building a sustainable process

Conclusion and next steps LISCC firms face a number of challenges when trying to establish and execute their supporting capabilities to meet FR Y-14 CFO attestation requirements. IHCs, in particular, face an added challenge, as a number of processes that were leveraged by BHCs for the initial submission are not yet in place or have just been developed. To effectively navigate through this environment, it is important to keep the following actions in mind: Continually rationalize the processes and systems in place to determine whether they are sustainable and can be leveraged across a broader suite of regulatory reports Identify areas where processes can be enhanced through technology or automation (e.g., singular tool for attestation, workflow capability to integrate different aspects of the issue management process, analytics tool to simplify aggregation and reporting of program outcomes, and automated regulatory reporting solutions) Consider alternative resource models to tackle surges in demand, such as leveraging near-shore and offshore resources or external managed services providers As supporting processes begin to stabilize, leverage workflow capabilities to better orchestrate CFO attestation programs more broadly, with added control over the handoffs across the end-to-end process Though the CFO attestation requirement is relevant only to LISCC firms, this requirement further demonstrates the FRB s heightened expectations more broadly regarding governance, controls and data accuracy around regulatory filings for the production of complete and accurate reports. Ernst & Young LLP contacts Anita Bafna Partner +1 212 773 3938 anita.bafna@ey.com Christine Burke Senior Manager +1 212 773 5607 christine.burke@ey.com Abraham Mizrahi Manager +1 212 773 8632 abraham.mizrahi@ey.com Vadim Tovshteyn Executive Director +1 212 773 3801 vadim.tovshteyn@ey.com Eileen Miller Senior Manager +1 212 773 5852 eileen.miller@ey.com CFO attestation: building a sustainable process 5

EY Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. Ernst & Young LLP is a client-serving member firm of Ernst & Young Global Limited operating in the US. 2017 Ernst & Young LLP. All Rights Reserved. SCORE no. 05620-171US 1709-2406811 ED None This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax or other professional advice. Please refer to your advisors for specific advice. ey.com

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback