Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. Frank Masi, EVP Operations. Agenda History; Definition; Compliance Monitoring; Compliance Monitor; Purpose; Example Use Cases; Users; Testing\Review;

Similar presentations


Presentation on theme: "Dr. Frank Masi, EVP Operations. Agenda History; Definition; Compliance Monitoring; Compliance Monitor; Purpose; Example Use Cases; Users; Testing\Review;"— Presentation transcript:

1 Dr. Frank Masi, EVP Operations

2 Agenda History; Definition; Compliance Monitoring; Compliance Monitor; Purpose; Example Use Cases; Users; Testing\Review; and Benefits. 2 Copyright (2014) ARC Risk and Compliance

3 “For more than a hundred years, public policy has been advanced via a legal instrument that ensures equal access to standardized information through mandatory public disclosure by companies” (Fastering, 2012) In the past compliance monitoring was know as self- assessment/self-regulation. Governmental agencies have created regulatory legislation to force self-assessment or self-regulating on difference industries. Some examples: FDA on the food processors and pharmaceutical companies; SEC on the financial sector; EPA on corporate manufacturing; and OSHA to protect workers. Copyright (2014) ARC Risk and Compliance 3 History of Compliance Monitoring

4 In the area of BSA/AML and OFAC there are considerable regulatory requirements. Responsible persons: Auditors; BSA/OFAC Officers; Risk Managers; and Compliance Monitors. Policies, procedures, processes and systems are put into place to automate and maintain regulatory compliance. Copyright (2014) ARC Risk and Compliance 4 History of Compliance Monitoring

5 Compliance monitoring is the continued self- assessment and adherence to policies, procedures, and processes within the compliance program. It is also the continuous validation of model within systems. This is all in an effort to reduce reputational and regulatory risk. Copyright (2014) ARC Risk and Compliance 5 Compliance Monitoring

6 Consider the position Lobue (2002) demonstrated: If an individual manager is going to affect performance in the business process and learning and growth categories favorably, he/she must first, identify those areas that are producing less than expected results and then second, implement changes that result directly in the improved performance. This responsibility falls classically under the fundamental management function of control. (p. 287) This is telling because he is presenting that it is in controls and understanding that improvements are made. This directly correlates to compliance monitoring and your understanding of the current state of affairs. Copyright (2014) ARC Risk and Compliance 6 Compliance Monitoring

7 The role is responsible for internal department compliance and controls. The purpose of the role is to provide ongoing monitoring and focused sampling of processes to validate policies and procedures are complied with. This is not a function of Audit. It is a documented formal compliance monitoring for the institution. This is done to avoid discovery of issues during annual audit reviews. The compliance monitoring position could provide institution with document controls on policies and procedures in a smaller institution. One example of responsibility would be to review a number of loan documents to validate all of the data has been entered correctly, completely, and in accordance with policies and procedures. The exercise may be completed a number of times per month or quarter. Copyright (2014) ARC Risk and Compliance 7 Compliance Monitor

8 Qualified candidates would have: 5-10 years of AML\BSA and\or OFAC compliance monitoring; Technical\system and\or compliance analyst both would be best; and\or 5 – 10 years of audit compliance, documentation experience such as policies and procedures. The larger the department the more specialized the position can be or the deeper the skill sets. The smaller the institutions the broader the skill sets (many hats) sacrificing length of experience. Copyright (2014) ARC Risk and Compliance 8 Compliance Monitor Qualifications

9 This position would report into the BSA\OFAC Officer or CCO directly. This effectively segregates their duties from operational functions. Please example see chart: Copyright (2014) ARC Risk and Compliance 9 Organizational Structure CCO EVP BSA\OFAC Compliance Officer SVP BSA Supervisor BSA Analyst BSA Analyst BSA Analyst OFAC Supervisor OFAC Analyst KYC Senior Analyst KYCC Analyst Compliance Monitor Audit Analyst

10 Beyond the regulatory requirements (Federal Financial Institutions Examination Council, 2010); Board of Governors of the Federal Reserve System, Supervision and Regulation Letters (SR 11-7) and (SR 11-7a1); testing is conducted in different departments for different purposes. In the IT department you are focusing on software and system quality, bug identification and integration accuracy. The audit and compliance departments are validating the continued accuracy and compliance to policies and procedures. Why Test 10 Copyright (2014) ARC Risk and Compliance

11 11 Distributed Risk Areas

12 Copyright (2014) ARC Risk and Compliance 12 ControlsPolicies ProcessesTraining Branches On- boarding SalesCompliance Distributed Risk Controls

13 The purpose of testing is to validate that what was presented and what was delivered is the same. Testing is generally broken down into two types, event testing and monitoring (sampling, on-going, compliance…). Event testing as the nomenclature represents is in response to an event, such as new system launch or product upgrade. 13 Copyright (2014) ARC Risk and Compliance Purpose

14 Proposal for change; New product; Services; Change management; Introduction of new process; New systems; or Monitoring control. Event Testing Monitoring Testing Testing Examples Reconciliation; New product offer; New service offer; New transaction code; KYC data collection process; Log file reviews; or System controls. 14 Copyright (2014) ARC Risk and Compliance

15 “Random sampling is likely to reduce the effectiveness to identify risk or emerging issues” according to (Hyde, G., 2007). It is these factors that drive monitoring testing. Targeted or focused testing replaces random sampling based on risk and impact. Tests should be created with focus on risk and impact of compliance to policies and procedures. You should leverage year-over-year metrics to baseline, trend, and refine testing focus. Effectiveness of Testing 15 Copyright (2014) ARC Risk and Compliance

16 Reconciliation of imported data; Accurately completed KYC forms (targeted sampling); Log file reviews; Loan applications completed correctly; System updates; and Regulatory list updates validated. Example Use Cases 16 Copyright (2014) ARC Risk and Compliance

17 Compliance; Compliance Controls; Customer Onboarding\CIP; Technology controls IT; Loan forms; Wire room processes; and Alert\Case SAR\CTR filing. Example Areas 17 Copyright (2014) ARC Risk and Compliance

18 Testing Flow 18 Copyright (2014) ARC Risk and Compliance

19 Testing Process Factors Reusability Consistency Completeness Reporting Repeatable process. Validation process Thorough understand of policies and procedures. Documented approach Year-over-year metrics 19 Copyright (2014) ARC Risk and Compliance

20 Consistency Controls and standardization through management; and Review of processes to procedures. Completeness GAP understanding between procedures and processes; Year over year reviews; and Established validation from previous reviews. Controls Identification and enforcement of policies and procedures; and Schedulable testing events. Reporting Documented validation of adherence; and Demonstratable reporting. Benefits of Monitoring 20 Copyright (2014) ARC Risk and Compliance

21 The continuous monitoring scenarios are the strength of the position. These documented scenarios and result sets are demonstration of the status of the overall AML\BSA program. By identifying challenges or issue early management can quickly close the GAP on the exceptions. This direct access to senior management presents a clear picture of the status of the compliance function. The role can add value to the department through communication, efficiency improvements, manual workflow issues or work-around. This activity can be directly correlated to the cost of compliance and staffing improvements. The value of this role is to detect and identify issues that the different departments are following polices and procedure, developed by compliance, through compliance monitoring with the detail of a compliance professional. This is the greatest value and the largest GAP is created when operational functions are relied upon for managing ongoing compliance. In this scenarios issues are only discover annually by audit or worse examiners when this role does not exist in the organization. Copyright (2014) ARC Risk and Compliance 21 Value of Monitoring

22 Compliance monitor can provide a significant advantage in regulatory reviews providing a real-time view into the quality and compliance of the compliance program. This role can decrease institutional risk by identifying the following before they achieve financial concern. Presenting open issues; Areas of concern; and Non-compliance Copyright (2014) ARC Risk and Compliance 22 Conclusion We continue to see this role leveraged in some institutions and this role is underutilized in others.

23 References Board of Governors of the Federal Reserve System Office of the Comptroller of the Currency. (2011, April 4). Supervision and Regulation Letters (SR 11-7a1). Retrieved May 1, 2014, from Board of Governors of the Federal Reserve System: Board of Governors of the Federal Reserve System. (2011, April 4). Supervision and Regulation Letters (SR 11-7). Retrieved April 30, 2014, from Board of Governors of the Federal Reserve System: Fasterling, B. (2012). Development of norms through compliance disclosure. Journal of Business Ethics, 106(1), doi:http://dx.doi.org/ /s y Federal Financial Institutions Examination Council (2010). Bank Secrecy Act/ Anti-Money Laundering Examination Manual. Retrieved June 21, 2013: Frank Masi, (2013). “Compliance Testing”, Compliance Professional Resource Newsletter, June. Frank Masi, (2013). “Compliance Monitoring Position”, Compliance Professional Resource Newsletter, December, pp 3-5. Hyde, G. (2007). Enhanced audit testing. The Internal Auditor, 64(4), 65-68,8. Retrieved from Robert LoBue, (2002) "Team self-assessment: problem solving for small workgroups", Journal of Workplace Learning, Vol. 14 Iss: 7, pp.286 – Copyright (2014) ARC Risk and Compliance

24 24 Copyright (2014) ARC Risk and Compliance Contact Information: Frank Masi, Ph.D ext. 102


Download ppt "Dr. Frank Masi, EVP Operations. Agenda History; Definition; Compliance Monitoring; Compliance Monitor; Purpose; Example Use Cases; Users; Testing\Review;"

Similar presentations


Ads by Google