Boot Camp refers to military new recruit training , the initial indoctrination and instruction given to military personnel. Creates a base level of conditioning and discipline . Awareness of requirements and expectations. Creates a set of shared core values
BUY THIS BOOK (Create your own Compliance Library) Integrated Compliance & Total Risk Management Mark G. Arthus
SOURCE MATERIALS (Create your own Compliance Library)
FDIC’s Trust Examination Handbook , May 2005
OTS’s Trust and Asset Management Handbook , July 2001
Asset Management , December 2000
Collective Investment Funds , October 2005
Conflicts of Interest , June 2000
Custody Services , January 2002
Investment Management Services , August 2001
Personal Fiduciary Services , August 2002
Retirement Plan Services , December 2007
FRB’s Trust Examination Manual , February 1997
FRB’s Transfer Agent Examination Manual , February 1997
The Trust Compliance Handbook , Price Waterhouse
SOURCE MATERIALS (Create your own Compliance Library)
Bank directors must use care and prudence in the administration of the bank’s fiduciary activities and must exercise caution to see that applicable laws, regulations, and fiduciary principles, policies and procedures are not violated.
If, through their failure to do so, a loss to the beneficiaries or the bank results, they can be held liable for such loss in an action for damages.
Banks are encouraged to purchase insurance to provide appropriate protection from financial loss imposed by such potential liability.
Directors should recognize that all aspects of the bank’s performance of its fiduciary duties are their responsibility and the official records of the board should clearly reflect the proper discharge of that responsibility.
The system of organization and the manner of administration of the bank’s fiduciary activities should be prescribed in the bank’s bylaws or by resolutions of the board of directors.
Each board should make an annual reassessment of trust department organization and administration to ensure the proper exercise of fiduciary powers.
If some responsibilities of the board of directors are assigned to persons or committees by resolution , it should be done annually during the organizational meeting at which committees and officers are appointed.
The directors must implement sufficient trust department policies, procedures , and internal controls to promote high-quality fiduciary administration.
When properly monitored by the directors , well-developed policies, procedures, and internal controls promote efficiency and compliance with laws and sound fiduciary principles, and deter losses through charge offs or surcharge.
When the directors lack adequate knowledge of trust audit techniques and procedures, or internal auditors lack expertise , boards are encouraged to employ outside auditors to perform the trust department audit on their behalf.
An audit by an outside firm is more beneficial to the directors if the audit committee or the entire board is well informed of audit activity and audit results.
Directors are responsible for approving and monitoring audit scope, reviewing audit findings, and ensuring correction of all audit exceptions.
Before concluding an audit review, directors should understand thoroughly the significance of the report.
The audit committee should determine that the scope of audit is sufficient to present a true picture of the department’s condition.
A formal program of fiduciary risk management should be established to identify and control fiduciary risks.
Board participation and control of the risk management process is essential.
The program should include delineation by management and the board of the risk they are willing to assume, identification of risks in current operations, supervision of current and proposed operations, implementation of adequate controls and risk monitoring systems .
Compliance and risk management review is not seen as an income/profit producing event.
Senior management, fiduciary examining committees, and board of directors get their information through slide presentations and bullet memos.
There is no consistent business-wide management communication top down or bottom up .
Senior management, fiduciary examining committees, and boards of directors do not hold regularly scheduled compliance and risk reviews and thus, are not always kept current on compliance and risk matters.
Review and formally approve annually the internal audit programs and schedule of audits.
Review all internal audit results . Ensure that all major risk issues haves been identified and are being addressed.
Give a report to the Board Of Directors on a quarterly basis, on the committee’s evaluations, conclusions, and recommendations on the condition of the organization’s compliance and risk management activities and the effectiveness of its policies, procedures, and controls, with regulation, law, corporate policy, and sound compliance and risk management principles.
Review all external audits and examinations by outside accounting firms and government regulators.
A prerequisite to designing good internal controls used by an organization is to have clear, precise, and quantifiable objectives in place.
An excellent place to start when identifying objectives is the Strategic Plan and Mission Statement of your area .
Objectives are needed in order to determine what are the necessary controls to put in place and when the controls have been successful.
When objectives have been established, the risks associated with accomplishing each objective can be determined.
Only when risks associated with the activities involved in completing objectives are identified can the required controls be determined to ensure successful completion of the objectives.
Internal Control Development as it Relates to Risk OBJECTIVE (What do you want to accomplish?) RISK (What can go wrong to prevent you from accomplishing your objectives?) CONTROLS (What can be done to minimize the risks?)
Internal control is broadly defined as a process, effected by management and other personnel, designed to provide reasonable assurance that the objectives of the area are being achieved in the following categories:
Effectiveness and efficiency of operations including the use of the entity’s resources.
Reliability of financial reporting , including reports on budget execution, financial statements, and other reports for internal and external use.
The control environment sets the tone of an organization , influencing the control consciousness of its people.
It is the foundation for all other components of internal control, providing discipline and structure.
Several key factors affect the control environment.
Integrity and ethical values maintained and demonstrated by management and staff is one factor.
Area management plays a key role in providing leadership in this area, especially in setting and maintaining the organization’s ethical tone, providing guidance for proper behavior, removing temptations for unethical behavior, and providing discipline when appropriate.
Since information is valuable and often confidential, it must be physically safeguarded against unauthorized access and intentional or unintentional damage.
Access devices are designed so that only certain persons can operate them, passwords are used, data is encrypt ed, computer rooms are locked and protected against fire and heat, files are carefully handled and controlled, data is copied and stored in separate, offsite locations, and other similar procedures are followed.
Allocating resources for future activities require management authorization to ensure the proper use of personnel, office equipment and other assets to avoid waste and minimize possible conflicting needs within an organization.
In larger organizations, or those whose work must be integrated with work completed by another operating unit, flow charting or otherwise documenting the workflow is a key element in maintaining internal control.
Critical points where two or more non-integrated information systems must agree or where potential control problems might occur must be identified and control procedures incorporated into the workflow at those points.
Since the cost of duplicating critical activities is prohibitive, a good internal control system employs a separation of activities into interrelated segments, which must mesh at critical points within a process.
If one segment is off, the other parts should reflect the imbalance.
Management must identify the points within the area’s operating processes that are most critical and routinely supervise these activities to help ensure the area’s objectives are being met in a competent manner.
Input controls are essential to assure that only authorized data is entered into the computer and that such data is correct.
Among the more important types of input controls are; “Key Verification” that allows the typist to re-key in entries to check the data for correctness, and the use of “Check Digits” and “Control Totals” to verify that all of the data put into the computer is processed.
With the heightened reliability of today’s Electronic Data Processing systems, and reliable Input controls, the need for Output controls is limited to error listings and the physical control of the reports that are generated.
The Compliance Officer As a First Class Consultant EXTRA CREDIT
The Compliance Officer as “Consultant to Management”