Your SlideShare is downloading. ×
Regulatory hot topics for the financial services industry in 2014 - a Protiviti webinar presentation
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Regulatory hot topics for the financial services industry in 2014 - a Protiviti webinar presentation


Published on

To hear the accompanying audio, please go to the recorded webinar on our website at …

To hear the accompanying audio, please go to the recorded webinar on our website at

With nearly 40 percent of the Dodd-Frank Act yet to be implemented, numerous new consumer protection requirements taking effect this year, and the continued strong focus on anti-money laundering and sanctions compliance, regulatory compliance will remain a major challenge for the financial services industry in 2014.

Protiviti's Tim Long, Scott Jones, John Atkinson, Steven Stachowicz and Nicole Weber, in a webinar, discussed solutions to help compliance, risk and internal audit professionals identify some of the important regulatory issues and developments for 2014 that will need to be included in internal audit and compliance programs.

These are the slides used during this webinar.

Published in: Economy & Finance, Business

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Regulatory Hot Topics for the Financial Services Industry in 2014 A Protiviti Webinar January 29, 2014
  • 2. Presenters Tim Long, Managing Director Shaheen Dil, Managing Director, Model Risk and Capital Management, Protiviti Tim Long is a Managing Director in Protiviti’s U.S. Financial Services Industry Practice and leads our U.S. Regulatory Practice. He brings extensive knowledge of financial services regulation with hands on experience in all bank supervision and policy related matters. Tim retired from the OCC after a 31-year career in which he oversaw virtually all of the agency’s bank supervision and policy units. He has significant experience working with large complex banks, regional financial institutions and community bank organizations. In his most recent role with the OCC, Tim served as Senior Deputy Comptroller for Bank Supervision Policy and Chief National Bank Examiner. He was a key advisor to the Comptroller, a member of the OCC’s Executive Committee, and was the Chair of the Committee on Bank Supervision for the agency. Scott Jones, Managing Director Scott Jones is a Managing Director with Protiviti, and the leader of our firm’s West Region Financial Services Industry (FSI) Internal Audit and Financial Advisory (IAFA) Practice. He is also a member of our Firm’s 6member Global FSI Leadership Council. Overall, Scott has over 30 years experience with financial institutions. He was formerly with Arthur Andersen – and was a founding Managing Director with Protiviti in 2002. He is a Certified Public Accountant and an Attorney-at-Law. 2 © 2014 Protiviti Inc.
  • 3. Presenters John Atkinson, Director Shaheen Dil, Managing Director, Model Risk and Capital Management, Protiviti John Atkinson is a Director with Protiviti in the firm’s Regulatory Risk Consulting practice. At Protiviti John consults with a broad array of financial institution clients on regulatory and risk management issues, including anti-money laundering and sanctions compliance, Dodd-Frank Act regulations, and FATCA implementation. John joined Protiviti in June 2008 after a 30-year career at the Federal Reserve Bank of Atlanta, where he had oversight and management responsibilities at the official level for numerous bank supervision functions. John has been a regular speaker for many years at professional conferences and events for industry, regulatory, and law enforcement groups on both a national and international basis. He holds the Certified Anti-Money Laundering Specialist (CAMS) designation. Steven Stachowicz, Director Steven Stachowicz is a Director and member of Protiviti’s Regulatory Risk Consulting practice in Chicago. Steven has extensive experience advising financial services companies on risk management, with particular emphasis on compliance management systems and consumer protection legal and regulatory requirements, such as privacy, fair lending, and lending and deposits requirements. His clients include major U.S. banks and non-bank financial services companies. Prior to joining Protiviti, Steven worked at a top-10 U.S. bank holding company, where he implemented systemic controls, policies and training related to high cost lending and FCRA compliance, as well as created and maintained a compliance risk assessment and manage compliance reviews of various operations. Steven has written extensively, and has been a frequent speaker, on regulatory issues. 3 © 2014 Protiviti Inc.
  • 4. Presenters Nicole Weber, Associate Director Nicole Weber is an Associate Director and member of Protiviti’s Regulatory Risk Consulting practice in Minneapolis. Nicole has worked with a variety of clients in the financial services industry assisting them with the implementation of the changing regulatory compliance requirements, internal audit, and helping them design new processes to ensure ongoing compliance. She has over 15 years of experience in financial services, including a background in regulatory compliance for retail and wholesale broker-dealers, asset management companies, and hedge fund operations. Prior to joining Protiviti, Nicole worked in the compliance and legal departments for two broker-dealers and an asset management firm where she was responsible for supervision, regulatory reviews, risk assessments, training, and continuing education. 4 © 2014 Protiviti Inc.
  • 5. Agenda Regulatory Environment and 2014 Overview Consumer Financial Lending and Deposits Products 8 Anti-Money Laundering and Sanctions 13 Broker-Dealers and Investment Advisers 17 Impact on Compliance and Internal Audit 5 6 21 © 2014 Protiviti Inc.
  • 6. Regulatory Environment and 2014 Overview Consumer Financial Lending and Deposits Products Anti-Money Laundering and Sanctions Broker-Dealers and Investment Advisers Impact on Compliance and Internal Audit
  • 7. 2014 Regulatory Landscape Consumer Protection Issues • • • • CFPB UDAAP Fair Lending Indirect Auto and Card BSA/AML • Risk Assessment • System Validation and Technology • Audit Third Party Vendor Management Heightened Expectations • Governance • ERM • Internal Audit 7 © 2014 Protiviti Inc.
  • 8. Regulatory Environment and 2014 Overview Consumer Financial Lending and Deposits Products Anti-Money Laundering and Sanctions Broker-Dealers and Investment Advisers Impact on Compliance and Internal Audit
  • 9. 2014 Regulatory Changes and Environment Payday/ Deposit Advance Appraisals HOEPA/ Home Ownership Counseling Remittance Transfers Prepaid Cards Student Lending LO Comp Ability-toRepay/QM Flood Garnishments Overdrafts Mortgage Servicing Standards Escrows Credit Insurance Debt Collections Risk Retention/Q RM Mortgage Origination Disclosures (2015) Mandatory Arbitration 9 © 2014 Protiviti Inc.
  • 10. Avoiding the Mortgage “Debt Trap” • Requires full verification and documentation of financial information • New Loan Estimate and Loan Closing disclosures (2015) • Borrowers’ ability to repay over full period of loan must be determined • Enhanced interest adjustment notifications • Enhanced lender legal protection available when originating “qualified mortgages” • New payoff statements • New monthly billing statements • Enhanced appraisal provision requirements Repayment Ability • Establish servicing and loss mitigation policies and procedures • Intervene early • Avoid “dual-tracking” • Ensure continuity of contact • Enhance hazard insurance forceplacement processes • Longer escrow period for higherpriced mortgages 10 © 2014 Protiviti Inc. Enhanced Disclosures Avoiding the Mortgage “Debt Trap” Servicing & Loss Mitigation Creditor Risk Retention • New homeownership counseling requirements • Enhanced disclosure of MLO licensing/registration information • Retain a portion of the credit risk associated with mortgages securitized • Cannot transfer or hedge credit risk retained • Proposed exemption from requirements established for QMs
  • 11. Non-Mortgage Retail Products and Services Enforcement Activity – December 2013 Only Rulemaking & Guidance • • • • • • • • 11 June 2013: Bulletin issued regarding responsible business conduct: self-policing, selfreporting remediation, and cooperation July 2013: Bulletin issued regarding UDAAP and debt collection September 2013: Bulletin issued regarding credit bureau reporting of credit card disputes under FCRA September 2013: Interagency guidance issued on reporting elder financial abuse and privacy September 2013: Bulletin issued regarding required use of payroll cards October 2013: Final rules regarding remittance transfers effective December 2013: Final rule issued regarding supervision of non-bank student loan servicers December 2013: Interagency guidance issued on social media © 2014 Protiviti Inc. • Health-Care Credit Cards: $34.1m restitution. CFPB raises CARD Act and UDAAP concerns related to enrollment practices • Short-Term, Small-Dollar Loans: CFPB sues to stop collections on loans made online by a tribal lender that were void and refund payments • • Indirect Auto Lending: $80m restitution, $18 CMPs. CFPB and DOJ find fair lending violations related to Bank’s lending practices and a weak compliance program Credit Card “Add-On Products”: $59.5m restitution, $9.6m CMPs. CFPB notes UDAAP and FCRA concerns related to marketing, enrollment and servicing of these products Horizon (2014+) • Campus Financial Products: January 2013 Notice and Request for Information issued • Payday and Deposit Advance Products: April 2013 report finds that products can be a “trap” for consumers • Overdrafts: June 2013 report finds variances in costs and closures related to deposit account overdraft activities • Private Student Loans: October 2013 study finds repayment problems • Debt Collection: November 2013 ANPR issued to gather more information about debt collection practices ahead of proposing FDCPA regulations • Mandatory Arbitration: December 2013 study finds that few customers use arbitration
  • 12. Ever-Expanding Expectations Increased Expectations to Manage… • • • Self-policing and self-reporting Corrective actions and customer remediation Regulatory cooperation • • Unfair, abusive or deceptive acts or practices ‒ Product lifecycle ‒ High-risk products and services Fair lending Your Vendors • • Strategic, well-documented risk management program Increased vendor due diligence and oversight Your Customers • • • Prevention of elder financial exploitation and abuse Customer interaction through social media Servicemember protections Your Diversity • • • Ongoing self-assessment and self-disclosure Employment practices Third-party vendors Your Conduct Your Acts and Practices 12 © 2014 Protiviti Inc.
  • 13. Regulatory Environment and 2014 Overview Consumer Financial Lending and Deposits Products Anti-Money Laundering and Sanctions Broker-Dealers and Investment Advisers Impact on Compliance and Internal Audit
  • 14. Anti-Money Laundering/Sanctions Environment: Compliance issues, and AML in particular, continue to receive high-level attention from Congress and extra scrutiny from regulators. Enforcement actions and “matters requiring attention” are issued with ongoing regularity and demand improvements in AML and sanctions programs that need management time and resources. All indicators are that this Congressional and regulatory emphasis on sound identification and strong management of AML risks will continue, if not grow. “ Bank Secrecy Act (BSA) and anti–money laundering (AML) risks are increasing as BSA programs at some banks fail to evolve or incorporate appropriate controls into new products and services. In addition, changing methods of money laundering and growth in the volume and sophistication of electronic banking fraud are increasing threats. A lack of resources and expertise devoted to BSA/AML risk management in some banks often compounds these issues.” OCC Semiannual Risk Perspective, Fall 2013 14 © 2014 Protiviti Inc. ”
  • 15. Anti-Money Laundering/Sanctions Hot Topics: Governance and Staffing Active support from the board of directors and senior management Effective management reporting to board and senior management Sufficient commitment of resources, with regular staffing analyses Alignment of compensation decisions and compliance performance Customer Due Diligence/Enh anced Due Diligence • • • • Strong onboarding procedures followed by regular updates Robust customer risk scoring systems Easily accessible information for use in investigations, etc. Holistic view of the customer across the organization and all relationships Risk Identification and Assessment 15 • • • • • Clear description of methodology • Quantitative analysis support • “Horizontal” assessment of higher-risk products © 2014 Protiviti Inc.
  • 16. Anti-Money Laundering/Sanctions Hot Topics: Identification and Reporting of Suspicious Activity • • • • Clear link between monitoring efforts and risk Efficient alert management Analysis of SAR information Enterprise-wide coverage Technology Maintenance and Validation • • • • Full use of system(s) functionality Coverage of AML/Sanctions systems by model governance Regular “tuning” of systems to match risk exposures Periodic validation of systems Independent Testing • • • • Scoping consistent with risks Testing by qualified staff/vendors Timely and complete follow-up on previously cited deficiencies Overall assessment of the adequacy of AML/Sanctions program Training 16 © 2014 Protiviti Inc. • Customize training to needs of institution staff • Document new hire training and ongoing training
  • 17. Regulatory Environment and 2014 Overview Consumer Financial Lending and Deposits Products Anti-Money Laundering and Sanctions Broker-Dealers and Investment Advisers Impact on Compliance and Internal Audit
  • 18. Data Collection and Reporting With the implementation of regulations requiring collection and reporting of account and transaction data, regulators will soon have the ability to use the data to recognize trends, identify potential regulatory infractions, and target their exams through data analysis. Consolidated Audit Trail (CAT) Large Trader Reporting • Securities Exchange Act Rule 13h-1 • Firms should continue monitoring the evolution of the Large Trader Reporting requirements to ensure they are coordinated with CAT requirements, while also complying with current reporting requests from the SEC, when received. Enhanced EBS Reporting 18 • SEC Rule 613 • Firms will need to develop plans for complying with CAT to provide requested data in a consistent format that will allow for timely compilation and analysis across the industry. • FINRA Regulatory Notice 13-38 • Firms should review the FINRA requirements and ensure changes are implemented to report the new data elements to SIAC by the effective date. © 2014 Protiviti Inc. Firms should expect to incorporate the processes and procedures related to new data collection and reporting requirements into their existing supervisory oversight and compliance monitoring programs. Internal identification of trends and resolution of potential issues in a timely manner will be key, before regulators identify the trends from their data analysis.
  • 19. Hedge Fund Examinations Section 403 of Dodd-Frank requires hedge fund advisers and other private fund advisers to register with, and in certain instances provide public reports to, the SEC. These firms are likely to face SEC exams in 2014, with a focus on marketing, portfolio management, conflicts of interest, safety of client assets, and the valuation of assets. Before the regulators arrive, firms can prepare for a regulatory exam by: Documenting policies and procedures to understand the business and how the hedge fund operations may differ from operations in the rest of the financial institution, especially if the hedge fund group is part of a larger organization; Identifying risks and controls, including segregation of duties and technology controls; Assessing the design effectiveness of existing controls, identifying gaps, and defining a remediation plan; and Conducting a self-exam to evaluate the operational effectiveness of the processes and controls and allow employees to understand the examination process and prepare accordingly. 19 © 2014 Protiviti Inc.
  • 20. Compliance is in the Details… FINRA Minor Rule Violation Plan Expansion In September 2013, the SEC approved an expansion of FINRA’s Minor Rule Violation Plan, which allows FINRA to fine firms, associated persons and registered representatives up to $2,500 for minor or technical violations of certain rules. An additional 37 rules were added to the list, including: • • • • Failure to comply with Regulatory Element continuing education requirements (FINRA Rule 1250(a)) Failure to create, maintain and update a written business continuity plan and disclose the plan to customers (FINRA Rules 4370(a), (b), (c), (e), and (f)) Failure to disclose conflicts of interest prominently (FINRA Rule 5121(a)) Failure to report or update contact information (NASD Rule 1160) Recruiting Comp and Conflicts of Interest In September 2013, FINRA proposed a change related to disclosure and reporting of recruiting compensation received by registered representatives. Approval would require: • • Disclosure of recruiting compensation of $100,000 or more that is received by a representative as a result of switching firms, prior to the transfer of any customer account and for one year after the representative joins the new firm Reporting to FINRA total compensation increases of 25% or $100,000 over the prior year, whichever is greater, for any representatives who transfer to the hiring firm Proposed rule intends to provide customers with more visibility into potential conflicts of interest that may exist because the representative who is switching firms may have compensation incentives to bring his or her book of business to the new firm Although compliance with all applicable regulations is important, firms should determine if existing policies, procedures, monitoring and supervision are sufficient and whether updates might be required. Firms should utilize these rule changes as an opportunity to reinforce the importance of compliance at every level. 20 © 2014 Protiviti Inc.
  • 21. Regulatory Environment and 2014 Overview Consumer Financial Lending and Deposits Products Anti-Money Laundering and Sanctions Broker-Dealers and Investment Advisers Impact on Compliance and Internal Audit
  • 22. Compliance and Audit Within The Three Lines of Defense FIRST LINE OF DEFENSE (“The Line”) Management Business Unit/System Owners Risk Management THIRD LINE OF DEFENSE (Independent Assurance) 22 © 2014 Protiviti Inc. Compliance Management Finance Legal SECOND LINE OF DEFENSE (Support Functions) Human Resources Operations Internal Audit Technology Credit Review
  • 23. Compliance and Internal Audit Considerations Compliance Management/ Monitoring Considerations Internal Audit Considerations Regulatory Landscape 23 © 2014 Protiviti Inc. • • • • • • • • • • • • • • Organized within Compliance Management Proactively tests for compliance, Helps set policy, Monitors for compliance success Begins with a risk assessment and allocation of resources to monitor risk Challenge: FTE/Skilled Resources/Budget Begins with a risk assessment and allocation of resources to address risk Resources and budgets trending higher (accordingly co-source needs trending higher) Increased examiner scrutiny and expectation Increased compliance skills Changes are as diverse as they are complex Coordinated implementation of new regulation is necessary Pre-implementation project management and post-implementation monitoring Compliance with technical requirements is not enough Beware the “sleeper” requirements and regulatory guidance More changes are still coming (examples: Mortgage origination disclosures, Debt collections, Prepaid Cards)
  • 24. 2014 Suggested Plan Development Philosophy Risk Assessment We believe an internal audit plan should include: • Projects that you have to do • Projects you should do because of significant or emerging risk There are some projects that internal audit is required to do because of legislation/law or because of regulatory examiner expectation. Avoid Radar • Projects you should cycle-in, • Projects requested by the Audit Committee, Management, or arise in the circumstances. 24 © 2014 Protiviti Inc. Projects related to Significant or Emerging Risk Annually Required Projects Management Special Projects There are some projects that may not create risk today, but which management requests internal audit assistance. Manage Risk Other Monitor Risk There are some projects that relate to significant or emerging risk areas, and should be addressed in the current year plan. Cycled Projects There are some projects that relate to well managed or controlled areas, which should be cycled-in to the current year plan.
  • 25. Resources Refer to Protiviti’s website for more resources related to Regulatory Compliance, Risk Management and Internal Audit Title Format Link 2014: The Year Ahead in Financial Services FS Insights Link Protecting Your Customers – Going Above and Beyond Regulatory Expectations POV Link New Consumer Protections Required for International Money Transfers Flash Report Link OCC Updates Guidance on Third-Party Relationships Flash Report Link Views on AML Transaction Monitoring Systems – From System Selection to Effective Governance Compilation of POV Series Link Guide to U.S. Anti-Money Laundering Requirements, Frequently Asked Questions, Fifth Edition Resource Guide Link Getting to Strong – What Banking Organizations Need to Know Whitepaper Link Top Priorities for Internal Audit in Financial Services Organizations Survey Link An Economist Intelligence Unit Restoring Confidence: Risk Management Capabilities in the Wake of the Research Program Sponsored by Financial Crisis Protiviti 25 © 2014 Protiviti Inc. Link
  • 26. Contacts Tim Long Managing Director, Global Regulatory Practice Leader Scott Jones Managing Director, U.S. FSI Internal Audit Practice Leader John Atkinson Director, Regulatory Practice Steven Stachowicz Director, U.S. Regulatory Practice Nicole Weber Associate Director, Regulatory Practice 26 © 2014 Protiviti Inc. Phone: 212-399-8637 Phone: 213-3271442 Phone: 404-926-4347 Phone: 312-931-8932 Phone: 952-249-2230
  • 27. 27 © 2014 Protiviti Inc.