Optimizing Your Regulatory Compliance Program MAY 17, 2017 Optimizing Your Regulatory Compliance Program New York Bankers Association Technology, Compliance & Risk Management Forum

Offices in Buffalo, Batavia, Rochester and Syracuse NY WHO WE ARE More than 300 employees Established in 1958 Offices in Buffalo, Batavia, Rochester and Syracuse NY Tax, Audit, Financial & Technology Risk Management services Industry practices in financial institutions, healthcare, manufacturing and real estate

Agenda Regulatory Environment Elements of a Compliance Management System Consumer Compliance Rating System Size, Complexity & Risk Open Discussion

Regulatory Environment Regulatory Guidance? Should or Shall The CFPB Effect Pace of change More regulatory monitoring Risk-Based examination focus Will include an analysis of your overall compliance management processes (OCC). Can you demonstrate an effective compliance management system? Enforcement Actions Increasingly becoming formal and public; Impact to CAMELS; Monetary penalties Require assembly of a compliance committee and retention of outside consultant ($)

“ The enforcement actions we are issuing today make it clear that the OCC will take forceful action, not only when the institutions we supervise engage in wrongdoing, but when management fails to exercise the oversight necessary to ensure that employees follow laws and regulations intended to protect customers and maintain the integrity of markets. “ - Thomas J. Curry, Comptroller of the Currency, November 2014

Elements of a Compliance Management System Tone at the top – is there evidence of board oversight? Consumer Compliance Officer If your board only appoints a BSA Compliance Officer… may want to rethink that. Elements of CMS Policies and Procedures Training Monitoring Response to consumer complaints Independent Compliance Audit (s) Change Control Sys·tem (‘sistem/) n, A particular set of connected things or parts forming a complex whole A set of principles or procedures according to which something is done; an organized scheme or method

FFIEC Interagency Guidance – Consumer Compliance Rating System Guiding Principles for Regulators Risk-based (size, complexity and risk profile) Transparent (clear distinctions of categories – all on the same page) Actionable (direct attention to areas of weakness) Incent Compliance (self identification and correction) Rating Scale – 1 – 5 (COSO) 1 – Highest rating; strong program 5 – Lowest rating; critically deficient

Consumer Compliance Rating System Three broad categories Board and Management Oversight Compliance Program Assessment categories – size, complexity and risk “All institutions, regardless of size, should maintain an effective CMS.” Violations of Law and Consumer Harm Root Cause; Severity; Duration; and Pervasiveness Section 1025 of DFA – applies to federally insured institutions with more than $10 billion in total assets. Exclusive authority to CFPB

Size, Complexity and Risk Profile Here’s what we know about size… Big Banks (> $50 billion) “Getting to Strong” is the expectation – this is not new Major hurdles True independence for compliance management and staff Compliance budget Monitoring / Testing Employee goals and evaluations Effective escalation procedures

Size, Complexity and Risk Profile COMPLEXITY AND RISK GO TOGETHER GOVERNANCE ORGANIZATIONAL STRUCTURE THIRD PARTY PROCESSORS INCENTIVE COMPENSATION PRIVATE BANKING CONCENTRATIONS AUDIT ISSUES PRODUCTS & SERVICES FOOTPRINT REGULATORY ISSUES OUTSOURCING MODELS

Optimization Critical CMS Components RISK ASSESSMENT POLICIES & PROCEDURES GOVERNANCE Critical CMS Components COMPLIANCE MONITORINIG & TESTING REGULATORY INTERACTION COMPLIANCE TECHNOLOGY REPORTING & COMMUNICATION COMPLIANCE TRAINING

Optimization Good things… “Getting to Great” may or may not be not optimal for you Compliance Self Assessment Compliance Strategic Plan Compliance Committee (Board) Knowledge Center (Technology) Bad things… doing nothing, assuming your CMS is fine

Thank You! FREEDMAXICK.COM