Uploaded byWajahatAli810625
PPTX, PDF108 views

Monitoring

The document discusses the continuous program cycle for internal audit and monitoring compliance programs. It describes designing, implementing, checking, correcting, and reporting as the ongoing cycle. Key aspects discussed include establishing an annual monitoring plan, defining monitoring, testing, quality control and auditing. The presentation provides guidance on sampling techniques, rating control strength, documentation, corrective action plans, and reporting findings.

Embed presentation

Download to read offline
Washington Bankers Association Executive Development Program Audit and Compliance Internal Audit and Monitoring: The Continuous Program Cycle Presenter: David McCrea U.S. Program Manager Global Regulatory Compliance Team Infosys Limited
The Continuous Program Cycle Designing Implementing & Checking Correcting & Reporting
Testing Your Controls Use your Risk Assessment as the foundation of your monitoring program. • You have documented the controls to test and can validate the control strength ratings • You know where your highest risks are so you can prioritize your program.
Establishing Your Checking Plan • You should set an annual monitoring / testing plan with a goal of validating the effectiveness of key controls at least annually. – Riskier controls should be evaluated more frequently – Validate stronger controls are working as planned – Plan to test adequate and weak controls more vigorously
Definitions • Quality Control – Evaluating a transaction for quality (such as meeting compliance requirements) prior to the transaction being consummated or closed, such that errors made in the initial phases can be corrected prior to the point of no return. • Compliance Monitoring – The process of evaluating reports, systems, analyses, customer complaint trending, or other information in order to determine strengths or weaknesses in the program/process. • Audit – Independent review to ascertain the validity and reliability of information; also to provide an assessment of internal controls. – The goal of an audit is to express an opinion of the person / organization / system under evaluation based on work done on a test basis.
Risk Detection Activities Compliance Dept Activities Testing & Review Monitoring Activities Other Detective Controls Quality Control Audit Regulators Combined Activities Helps to Draw Conclusions about Overall Risk
Monitoring - characteristics –Ongoing and Regular –Typically dependent on business line reports –Results in self-detection of potential weaknesses or violations –Systemic weaknesses identified –Typically more frequent than audits
Monitoring Examples May take a variety of forms:  Periodic review or certification that duties were performed;  Review of regular system-generated exception reports;  Review of periodic ad hoc extract reports;  Review of consumer complaint trend data;  Review of reports of exam/review by Audit, investors, regulators, due diligence firms, etc.
Testing / Review - characteristics • Ongoing • Flexible • Self-detection of potential weaknesses or violations • Risk-based • Quality Control – corrective actions
Testing – Examples May take the form of:  Review of transactional activity (think Reg CC Hold Notices or TILA Disclosures); or  Verification of data against source documents (think loan files against the HMDA LAR);  Review of employee regulatory knowledge through interviews.  Others?
Auditing - characteristics –Independent –More formal –Validates the effectiveness of your program – including your testing and monitoring –Internal or External –Often relies on Compliance Review results or compliance monitoring
Checking Techniques • Scoping • Sampling • Rating Control Strength • Documentation
Scope of Your Program  Monitoring and testing scope and frequency should consider the following: – Inherent Risk Rating – Volume (number or amounts of items) – Complexity of requirements: • Number of endpoints, • Difficulty of performance, • Dependency on manual input or individual performance. – Historical reliability of control processes
Scope - continued Monitoring and testing scope and frequency should also consider internal / external events: – Change in law or regulations, – Reorganization (change in responsibilities), – Changes to process or system, – Turnover and key staffing changes, – New products, services, or jurisdictions. – Customer complaints
Sampling  The basic purpose of sampling is to enable the reviewer to draw an adequately reliable conclusion about a “universe.”  The universe from which the sample is chosen should have similar characteristics  The sample should include an adequate number of transactions to which the requirement applies.
 The size of the sample depends on the complexity of the regulations involved, the bank’s circumstances and characteristics.  Must be large enough to determine the cause and extent of noncompliance.  Be prepared to expand sample if necessary. Sampling
Sampling - Judgmental  Involves an in-depth analysis of only a portion of the group and items are not selected randomly.  Using judgment and knowledge of policies, controls and systems, reviewers identify the areas of greatest exposure to select items for testing.  The time period selected for the sample must yield enough items to provide the reviewer a representative base for the product/process under review (otherwise will need to extend time period).
Sampling-Statistical  Every member of the universe should have an equal chance of being chosen.  The time period selected for the sample must yield enough items to provide the reviewer a representative base for the product/process under review (otherwise will need to extend time period).
Control Strength  Generally, internal controls with an exception rate of 5% or greater are typically considered ineffective. However, the regulatory environment may dictate a lower, perhaps 0% tolerance – for example, matched pairs in fair lending testing.  Exceptions and root causes should be discussed with the business unit management.
Control Strength A Strong Control has less than a __ % error rate. An Adequate Control has between a __% and __% error rate. A Weak Control exceeds an error rate of __%. Other quantitative measures of control effectiveness?
Re-evaluate Control Strength Control Effectiveness Rating Strong Adequate Weak High Moderate Moderate High Moderate Low Moderate Moderate Inherent Risk Rating Low Low Low Low Residual Risk Rating
Supporting Documentation  Activities should be appropriately documented and the performance of the work adequately evidenced to facilitate third-party reviews by corporate compliance, internal/external audit, or regulatory examiners.
Corrective Action Plans • Corrective Action Plan Elements – Develop Steps to Remedy the Issue – Assign Responsible Parties – Establish a Time Frame
Corrective Action Plans - Tracking Establish a Tracking System Elements to Include: – Executive Sponsor – Observations – Risk Ratings – Source of Issue – Target Date for Correction & Date of Completion Notification – Issue Date – Person Accountable for Execution – Action Steps – Comments – Target Date Revisions
Corrective Action Determination • Determine Root Cause • Remember the old rule of asking “why” of each successive answer until you know the true root cause: Is it a policy flaw? An execution blunder? A training mishap? A systems defect?
Reporting: Definition and Purpose – Reporting defined: The use of internally and/or externally generated data to provide ongoing, regular reporting to stakeholders on the state of the institution’s compliance program. – Risk management at each appropriate level – Required reporting to Regulatory Agency, Community Groups, Investors, etc. – Your company’s specific needs are paramount.
Reporting to the Board Describe the general regulatory environment: • Recent fines and penalties imposed on other institutions. • New or revised rules that will impact operations and risk. Also detail your compliance program: • Exam , Audit , or compliance monitoring results • Corrective actions taken • New compliance initiatives • Employee training • Community Development • Supplemental information they have requested.

More Related Content

PPSX
Internal controls
byGeetali Tare
 
PDF
Internal Control
bySalih Islam
 
PDF
Internal control
bySALIH AHMED ISLAM
 
PDF
Chapter 7
byEasyStudy3
 
PDF
Chapter 7
byEasyStudy3
 
PDF
Internal Audit planning _250409_002252.pdf
byArmansyahHeni
 
PDF
SFC Plan of engagement
byJonathan Lamboi
 
PPTX
2. Risk Management.pptx
bySitiKholifatulRizkia1
 
Internal controls
byGeetali Tare
 
Internal Control
bySalih Islam
 
Internal control
bySALIH AHMED ISLAM
 
Chapter 7
byEasyStudy3
 
Chapter 7
byEasyStudy3
 
Internal Audit planning _250409_002252.pdf
byArmansyahHeni
 
SFC Plan of engagement
byJonathan Lamboi
 
2. Risk Management.pptx
bySitiKholifatulRizkia1
 

Similar to Monitoring

PDF
Optimizing Compliance Programs in Organizations: A Top Down Approach
byEthisphere
 
PDF
Internal control system
byMadiha Hassan
 
PDF
Internal control system
byMadiha Hassan
 
PPTX
Ahmedabad_Session_II.pptx dasdfasfasfafafaffafa
bymenakampr823116018
 
PPTX
2016 - IQPC - Understanding and Assessing Corruption Risk
byDr Darren O'Connell AGIA
 
PPTX
Internal controls (2).pptx
byRaafayDogar
 
PPTX
Scce webinar assessment_061316
byEric Morehead
 
PDF
Basic Internal Auditing Presentation
byVernon Benjamin
 
PDF
ANNEX_TO_CV_DR_FEHERVARI_Elisabeth
byDr. Fehérvári Erzsébet
 
PPT
477 10 (5)
bysaramkhan5
 
PPT
The Hidden Dangers of Trying to ‘Do the Right Thing:’ A Practical Look at Aud...
byPYA, P.C.
 
PDF
Information about auditing
byPractice Eye
 
PDF
Implementing, Documenting and Testing Compliance Controls Hernan Huwyler
byHernan Huwyler, MBA CPA
 
PPTX
Risk-Assessment-.pptx
bySiraj332397
 
PPTX
Risk-Assessment-.pptx
bySiraj332397
 
PPTX
Audit and nursing audit
byEkta Patel
 
PPTX
Audit report- Consideration of Internal Control
bynellynljcoles
 
PPTX
Risk Assessments Best Practice and Practical Approaches Webinar
byAviva Spectrum™
 
PPTX
Spire Brief - Risk Consulting
byPrashant Jain
 
PPTX
How to Improve your Company’s Compliance Program.pptx
byanandjoshi714278
 
Optimizing Compliance Programs in Organizations: A Top Down Approach
byEthisphere
 
Internal control system
byMadiha Hassan
 
Internal control system
byMadiha Hassan
 
Ahmedabad_Session_II.pptx dasdfasfasfafafaffafa
bymenakampr823116018
 
2016 - IQPC - Understanding and Assessing Corruption Risk
byDr Darren O'Connell AGIA
 
Internal controls (2).pptx
byRaafayDogar
 
Scce webinar assessment_061316
byEric Morehead
 
Basic Internal Auditing Presentation
byVernon Benjamin
 
ANNEX_TO_CV_DR_FEHERVARI_Elisabeth
byDr. Fehérvári Erzsébet
 
477 10 (5)
bysaramkhan5
 
The Hidden Dangers of Trying to ‘Do the Right Thing:’ A Practical Look at Aud...
byPYA, P.C.
 
Information about auditing
byPractice Eye
 
Implementing, Documenting and Testing Compliance Controls Hernan Huwyler
byHernan Huwyler, MBA CPA
 
Risk-Assessment-.pptx
bySiraj332397
 
Risk-Assessment-.pptx
bySiraj332397
 
Audit and nursing audit
byEkta Patel
 
Audit report- Consideration of Internal Control
bynellynljcoles
 
Risk Assessments Best Practice and Practical Approaches Webinar
byAviva Spectrum™
 
Spire Brief - Risk Consulting
byPrashant Jain
 
How to Improve your Company’s Compliance Program.pptx
byanandjoshi714278
 

Recently uploaded

PDF
TriStar Gold - Corporate Presentation: January 2026
byAdnet Communications
 
PDF
How to Buy Old GitHub Accounts Securely (11).pdf
byBuy Old GitHub Account in USA with Lifetime Support
 
PDF
Annual Toronto Investor Reception - Jan 8 2026
byEquinox Gold Corp.
 
PDF
EQX Annual Toronto Investor Reception.pdf
byEquinox Gold Corp.
 
PDF
WRN_Investor_Presentation_January 2026.pdf
bycmagee4
 
PDF
BLOCK-S2 -AL-UQLAH brief and general -Final Draft_045519.pdf
byMahmoodahmedsaeedabd
 
PDF
03 Trusted Websites for Buying Verified PayPal Accounts in to USA.pdf
bysyt149817
 
PDF
Buy Old Gmail accounts 2025 — Guide & Risks to know.pdf
byhttps://propvaservice.com/product/buy-old-gmail-accounts/
 
PDF
Introduction to 4 Place for Buying Old Gmail Accounts.pdf
byhttps://topsellerit.com/product/buy-verified-paypal-accounts/
 
PDF
Proposal Success with Color Team Reviews
byiQuasar LLC
 
PDF
Buy Gmail Accounts_ Step-by-Step Guide for 2025.pdf
bybesafa2553
 
PDF
How to Buy Gmail Accounts With Instant Delivery from usaallit.pdf
byusaallit.com
 
PDF
7 Best Value Platforms for Verified Stripe Accounts in 2026_27.pdf
byhttps://usashopsell.com/product/buy-verified-paypal-accounts/
 
PDF
How to Buy TikTok Seller Account9.99 (docx).pdf
byzgaptxdary3819la63qg
 
PDF
ttttttttttttttttttttttttttttttttttttttttttttttttttttt
byryof
 
PDF
Where and Why Can I Buy Old Gmail Accounts.pdf
byhttps://propvaservice.com/product/buy-old-gmail-accounts/
 
PDF
Where to Buying Old Gmail Accounts with Real Age and Trusted Understanding (1...
byhttps://propvaservice.com/product/buy-old-gmail-accounts/
 
PDF
Ghana Card now compulsory for every bank transaction - Here are the new stric...
byKweku Zurek
 
DOCX
Essential English Grammar To Buy Old Gmail Accounts_ A Complete Guide for Stu...
byhttps://topsellerit.com/product/buy-gmail-accounts/
 
PDF
17 Sites for Buying Verified Wise Accounts in the US .pdf
byPVAisBack Developer Digital Marketing
 
TriStar Gold - Corporate Presentation: January 2026
byAdnet Communications
 
How to Buy Old GitHub Accounts Securely (11).pdf
byBuy Old GitHub Account in USA with Lifetime Support
 
Annual Toronto Investor Reception - Jan 8 2026
byEquinox Gold Corp.
 
EQX Annual Toronto Investor Reception.pdf
byEquinox Gold Corp.
 
WRN_Investor_Presentation_January 2026.pdf
bycmagee4
 
BLOCK-S2 -AL-UQLAH brief and general -Final Draft_045519.pdf
byMahmoodahmedsaeedabd
 
03 Trusted Websites for Buying Verified PayPal Accounts in to USA.pdf
bysyt149817
 
Buy Old Gmail accounts 2025 — Guide & Risks to know.pdf
byhttps://propvaservice.com/product/buy-old-gmail-accounts/
 
Introduction to 4 Place for Buying Old Gmail Accounts.pdf
byhttps://topsellerit.com/product/buy-verified-paypal-accounts/
 
Proposal Success with Color Team Reviews
byiQuasar LLC
 
Buy Gmail Accounts_ Step-by-Step Guide for 2025.pdf
bybesafa2553
 
How to Buy Gmail Accounts With Instant Delivery from usaallit.pdf
byusaallit.com
 
7 Best Value Platforms for Verified Stripe Accounts in 2026_27.pdf
byhttps://usashopsell.com/product/buy-verified-paypal-accounts/
 
How to Buy TikTok Seller Account9.99 (docx).pdf
byzgaptxdary3819la63qg
 
ttttttttttttttttttttttttttttttttttttttttttttttttttttt
byryof
 
Where and Why Can I Buy Old Gmail Accounts.pdf
byhttps://propvaservice.com/product/buy-old-gmail-accounts/
 
Where to Buying Old Gmail Accounts with Real Age and Trusted Understanding (1...
byhttps://propvaservice.com/product/buy-old-gmail-accounts/
 
Ghana Card now compulsory for every bank transaction - Here are the new stric...
byKweku Zurek
 
Essential English Grammar To Buy Old Gmail Accounts_ A Complete Guide for Stu...
byhttps://topsellerit.com/product/buy-gmail-accounts/
 
17 Sites for Buying Verified Wise Accounts in the US .pdf
byPVAisBack Developer Digital Marketing
 

Monitoring

  • 1.
    Washington Bankers Association ExecutiveDevelopment Program Audit and Compliance Internal Audit and Monitoring: The Continuous Program Cycle Presenter: David McCrea U.S. Program Manager Global Regulatory Compliance Team Infosys Limited
  • 2.
    The Continuous ProgramCycle Designing Implementing & Checking Correcting & Reporting
  • 3.
    Testing Your Controls Useyour Risk Assessment as the foundation of your monitoring program. • You have documented the controls to test and can validate the control strength ratings • You know where your highest risks are so you can prioritize your program.
  • 4.
    Establishing Your CheckingPlan • You should set an annual monitoring / testing plan with a goal of validating the effectiveness of key controls at least annually. – Riskier controls should be evaluated more frequently – Validate stronger controls are working as planned – Plan to test adequate and weak controls more vigorously
  • 5.
    Definitions • Quality Control– Evaluating a transaction for quality (such as meeting compliance requirements) prior to the transaction being consummated or closed, such that errors made in the initial phases can be corrected prior to the point of no return. • Compliance Monitoring – The process of evaluating reports, systems, analyses, customer complaint trending, or other information in order to determine strengths or weaknesses in the program/process. • Audit – Independent review to ascertain the validity and reliability of information; also to provide an assessment of internal controls. – The goal of an audit is to express an opinion of the person / organization / system under evaluation based on work done on a test basis.
  • 6.
    Risk Detection Activities Compliance DeptActivities Testing & Review Monitoring Activities Other Detective Controls Quality Control Audit Regulators Combined Activities Helps to Draw Conclusions about Overall Risk
  • 7.
    Monitoring - characteristics –Ongoingand Regular –Typically dependent on business line reports –Results in self-detection of potential weaknesses or violations –Systemic weaknesses identified –Typically more frequent than audits
  • 8.
    Monitoring Examples May takea variety of forms:  Periodic review or certification that duties were performed;  Review of regular system-generated exception reports;  Review of periodic ad hoc extract reports;  Review of consumer complaint trend data;  Review of reports of exam/review by Audit, investors, regulators, due diligence firms, etc.
  • 9.
    Testing / Review- characteristics • Ongoing • Flexible • Self-detection of potential weaknesses or violations • Risk-based • Quality Control – corrective actions
  • 10.
    Testing – Examples Maytake the form of:  Review of transactional activity (think Reg CC Hold Notices or TILA Disclosures); or  Verification of data against source documents (think loan files against the HMDA LAR);  Review of employee regulatory knowledge through interviews.  Others?
  • 11.
    Auditing - characteristics –Independent –Moreformal –Validates the effectiveness of your program – including your testing and monitoring –Internal or External –Often relies on Compliance Review results or compliance monitoring
  • 12.
    Checking Techniques • Scoping •Sampling • Rating Control Strength • Documentation
  • 13.
    Scope of YourProgram  Monitoring and testing scope and frequency should consider the following: – Inherent Risk Rating – Volume (number or amounts of items) – Complexity of requirements: • Number of endpoints, • Difficulty of performance, • Dependency on manual input or individual performance. – Historical reliability of control processes
  • 14.
    Scope - continued Monitoringand testing scope and frequency should also consider internal / external events: – Change in law or regulations, – Reorganization (change in responsibilities), – Changes to process or system, – Turnover and key staffing changes, – New products, services, or jurisdictions. – Customer complaints
  • 15.
    Sampling  The basicpurpose of sampling is to enable the reviewer to draw an adequately reliable conclusion about a “universe.”  The universe from which the sample is chosen should have similar characteristics  The sample should include an adequate number of transactions to which the requirement applies.
  • 16.
     The sizeof the sample depends on the complexity of the regulations involved, the bank’s circumstances and characteristics.  Must be large enough to determine the cause and extent of noncompliance.  Be prepared to expand sample if necessary. Sampling
  • 17.
    Sampling - Judgmental Involves an in-depth analysis of only a portion of the group and items are not selected randomly.  Using judgment and knowledge of policies, controls and systems, reviewers identify the areas of greatest exposure to select items for testing.  The time period selected for the sample must yield enough items to provide the reviewer a representative base for the product/process under review (otherwise will need to extend time period).
  • 18.
    Sampling-Statistical  Every memberof the universe should have an equal chance of being chosen.  The time period selected for the sample must yield enough items to provide the reviewer a representative base for the product/process under review (otherwise will need to extend time period).
  • 19.
    Control Strength  Generally,internal controls with an exception rate of 5% or greater are typically considered ineffective. However, the regulatory environment may dictate a lower, perhaps 0% tolerance – for example, matched pairs in fair lending testing.  Exceptions and root causes should be discussed with the business unit management.
  • 20.
    Control Strength A StrongControl has less than a __ % error rate. An Adequate Control has between a __% and __% error rate. A Weak Control exceeds an error rate of __%. Other quantitative measures of control effectiveness?
  • 21.
    Re-evaluate Control Strength ControlEffectiveness Rating Strong Adequate Weak High Moderate Moderate High Moderate Low Moderate Moderate Inherent Risk Rating Low Low Low Low Residual Risk Rating
  • 22.
    Supporting Documentation  Activitiesshould be appropriately documented and the performance of the work adequately evidenced to facilitate third-party reviews by corporate compliance, internal/external audit, or regulatory examiners.
  • 23.
    Corrective Action Plans •Corrective Action Plan Elements – Develop Steps to Remedy the Issue – Assign Responsible Parties – Establish a Time Frame
  • 24.
    Corrective Action Plans- Tracking Establish a Tracking System Elements to Include: – Executive Sponsor – Observations – Risk Ratings – Source of Issue – Target Date for Correction & Date of Completion Notification – Issue Date – Person Accountable for Execution – Action Steps – Comments – Target Date Revisions
  • 25.
    Corrective Action Determination •Determine Root Cause • Remember the old rule of asking “why” of each successive answer until you know the true root cause: Is it a policy flaw? An execution blunder? A training mishap? A systems defect?
  • 26.
    Reporting: Definition andPurpose – Reporting defined: The use of internally and/or externally generated data to provide ongoing, regular reporting to stakeholders on the state of the institution’s compliance program. – Risk management at each appropriate level – Required reporting to Regulatory Agency, Community Groups, Investors, etc. – Your company’s specific needs are paramount.
  • 27.
    Reporting to theBoard Describe the general regulatory environment: • Recent fines and penalties imposed on other institutions. • New or revised rules that will impact operations and risk. Also detail your compliance program: • Exam , Audit , or compliance monitoring results • Corrective actions taken • New compliance initiatives • Employee training • Community Development • Supplemental information they have requested.

Editor's Notes

  • #2 9:00 Meg 20 minutes / 14 slides
  • #3 1:00 1 minutes This Morning: Designing Your Program – Strategy and Goals Risk Assessment Basics and Implementation After Lunch: Developing a Monitoring Program to Check your work Corrective Action Reporting your findings Case Study Exercises throughout the day. By the end of today, you will have your virtual bank thought out.
  • #4 1:00 2 min Meg 30 minutes / 14 slides Now that you have documented your controls and assigned a risk rating, it is time to verify that they are working the way you think they are.
  • #5 3 min 1:05 The level of inherent risk drives: Scope; Frequency; and Depth of testing and review. Can test by BU, product or reg. Use your RA as a guidepost BU – if all one control, similar products, larger bank (all regs that impact them): Resi, Sm Biz Product – all one control, more complex environment (easier on them): 30 yr mtg Reg – all one control, smaller shop (holistic view of controls): Flood Group like regs together – look at a loan file for all (Regs B, C, P, Z, FCRA, etc.) RE Lending Start with the highest inherent risk! Any Q’s about setting up your plan?
  • #6 3 min 1:08 Pre-Consummation / Preventative QC Stops the violation from occurring rather than just test to determine level of compliance when most issues simply cannot be corrected. Before the loan closes or before the customer leaves Risk Intolerant Usually at BU level EX: Reg CC hold notice reviewed by the ops manager before the customer leaves the teller window vs. two days later. EX: Reg O daily OD reporting Post-Consummation / Detective Monitoring Ongoing activities that give us a view into compliance without transaction testing: A loan servicing report that shows how many loans have expired flood policies. A branch hold notice log that shows which holds are still active and for how long A BSA account report that shows any new accounts with the word “money” of “check” in the title. An error resolution log that shows how long we’ve been investigating claims. Etc. Testing Transaction testing
  • #7 1 min 1:09 We will focus on the activities that compliance typically performs: Monitoring and testing
  • #8 2 min 1:11 BONUS: Often is an exception report—i.e.., those loans or accounts NOT meeting some criteria, (e.g. loans booked with no govt monitoring info) so you can see how many transactions in the whole population are in error—rather than just a sample as with file testing. Caution: some of these reports may be generated infrequently (monthly) which could result in a lag of self-detection. You may require more frequent reporting for important issues. (e.g. high inherent risks) NEXT: Examples
  • #9 3 min 1:14 EX:loans closed without hazard insurance field completed EX: new accounts boarded without CIP screens completed EX: Reg CC holds / releases EX: Reg D monthly transactions EX: Reg B credit scoring exceptions EX: Rescission Waivers How many of you “monitor”? Examples . . . QUESTIONS on monitoring?
  • #10 2 min 1:16 1. We will be using the terms “testing” and “review” interchangeably Read above. Could be a cooperative effort with the BU and Compliance How many have testing at the BU level? At Compliance level? Kinder, gentler audit – working as a team to fix rather than pointing out problems.
  • #11 3 min 1:19 EX: loans closed without hazard insurance field completed EX: new accounts boarded without CIP screens completed EX: Reg CC holds / releases EX: Reg D monthly transactions EX: Reg E claims (none????) EX: FL Comparative File Review How many of you do testing? Examples . . . Questions on Testing?
  • #12 1 min 1:20 Compliance is NOT independent You may work with Audit to set up a plan. Or you may have things you would specifically like them to look at. You should have a partnership. Q: Any auditors in the house?
  • #13 HOW
  • #14 4 min 1:27 Annual plan but be flexible / Update RA then validate READ ABOVE. Then: Extraordinary focus on activities involving: High potential for error (high likelihood); Potentially significant adverse consequences (high impact / exposure); Areas the regulatory agencies have emphasized a low tolerance for errors; Transactions with previously identified errors; and Trends of customer complaints. Hi = 2x // Med = 1x // Lo = depends on resources Residual Risk / Controls Automated: verify annually Manual: more frequent (higher error potential) Verify corrective action Juggle Annually
  • #15 2 min 1:29 Upon request too Regulator emphasis may change View corrections before next exam Be flexible NOT when there is a new system or crunch time Note: wait to test after new reg implemented or much mitigation Customer Complaints -- social media, marketing, fees, COTs Any questions on monitoring / testing so far? NEXT: Sampling. But first . . . . Others?
  • #16 2:00 Stu 40 minutes / 17 slides Final bullet example: A random sample of closed loans yield a very small number with flood insurance. Therefore you need to pull a random sample of all loans in a flood zone. FL: start with 1 month and go up or down depending on # Note: verify u/w hasn’t changed Reg CC Holds – 1 month or if infrequent, last 6 months 2 Kinds: Judgmental Statistical
  • #18  U-Pick-Em Reg O – you pick the files for me to review Matched pair review Based on Social Media Examples where you’ve used this?
  • #20  No surprises! Talk to the BU while you are testing and share the results. Don’t play Gotcha! If you find problems, work together to find a solution. FL: 0% CC: 5 holds and 1 with an issue – expand the sample More on root cause Examples where you’ve used this?
  • #21 Re-evaluate control strength ratings and residual risk. We intentionally left this blank because there is no CORRECT answer for banks, but it will be dependent on your bank’s risk tolerance. Talk to your execs to determine. Thoughts on %s? EX 1: FL / SAR Reporting Ex 2: Reg Z Ex 3: X number of comments on social media Questions or thoughts on testing?
  • #22 Note this is 3 points. Is it enough?
  • #26 We will have a class on this later this week.
  • #27 3:10 Greggles 30 minutes / 16 slides Definition here is related to ongoing and regular reporting. How many people know what to do if an emergency arises? Performance or risk reporting is a targeted exercise---your info will vary according to the audience. How many people wrote the same way or content for their college history professor as they did for their mother? Differentiate required reporting for agencies, community, etc Most important point. The needs of your company (or constituency) are paramount!! Example of meeting with my boss on reg basis… New officer….15,000 people reporting to him, reg monthly report Go through issues as always have done. List progress with OTS commitments and he is just stone faced. Lying to me last six months about X? Well, X was not about me—brought up by compliance examiner, but not compliance per my purview/job description. He doesn’t care about what my job description says—he cares about his business—so you have to care. There were at least two lesson I should have learned about his question. I am his control function. He trust me to demonstrate integrity and honesty. I need to report on what he wants to know, not only what I think he wants to know.
  • #28 Meg ABA has a training program which helps you report to the Board. Cover the regulatory environment as well as your program.