UNIT 13 – Monitoring & Compliance Monitoring and Compliance UNIT 13.
AN IN-DEPTH LOOK AT COMPLIANCE MONITORING...1 Compliance Monitoring Program ... of messages, but the...
Transcript of AN IN-DEPTH LOOK AT COMPLIANCE MONITORING...1 Compliance Monitoring Program ... of messages, but the...
AN IN-DEPTH LOOK AT COMPLIANCE MONITORING
Karen A. Geno – Geno Management Advisory Services
Jeff Blake – Citizens Business Bank
Welcome
• Elements of an Effective Compliance Monitoring Program 1
• Approach, Scope, Frequency – Templates, Examples 2
• Case Studies 3
Session 2 Overview
Learning Objectives
• Definitions
• Approach
• Scope
• Frequency
• Tools
• Results
• Benefits
• Follow Up
COMPONENTS OF AN EFFECTIVE COMPLIANCE MANAGEMENT PROGRAM
A. POLICIES AND PROCEDURES B. TRAINING
C. MONITORING D. CONSUMER COMPLAINT RESPONSE
FDIC COMPLIANCE MANUAL
"Monitoring" in the FDIC Compliance Examination Manual --
• -- proactive approach by the institution to identify procedural or training weaknesses in an effort to preclude regulatory violations
• -- includes reviews at the transaction level during the normal, daily activities of employees in every operating unit of the institution.
HOW MONITORING DIFFERS FROM AUDITS
Periodic monitoring is conducted more frequently than formal compliance audits; can be less thorough in nature and can be conducted by employees not trained in compliance or auditing methods.
Performed By:
Done by the Business Unit Done by the Compliance Manager or Compliance Staff
SCOPE/FREQUENCY OF MONITORING -
ALTERNATIVES
SCOPE
Lending Compliance Examples
– Flood
– Reg. B
Operations Compliance Examples
– Reg. CC
– Reg. D
– Reg. E
FREQUENCY
– Daily
– Monthly
– Quarterly
– Continuous
Measurement
Iden
tifi
cati
on
Analyze Initial Results
Continue to
Improve
Efficiency/ Effectiveness
Evolution of Monitoring
Expand
Scope or Frequency
Monitoring Tools Examples
• Checklists
• Schedules
• Spreadsheets
• Workpapers
Sample Checklist - Lending
FLOOD CHECKLIST
MUST HAVE THE FOLLOWING BEFORE LOAN IS MADE: Comments
1. Completed Flood Calculation Worksheet by lender for: Building coverage: Contents coverage:
Date: By:
2. Flood certification Date: Flood Zone:
3. Flood notice – signed by borrower(s) 10 days before closing? Yes ___ No ___
4. Security Agreement and UCC-1 taken? Yes ___ No___ Includes movable equipment or Inventory? Yes ___ No ___
5. Flood Declaration Page(you can make the loan with application and evidence premium is paid by a receipt; but then you must follow for the Dec Page) a. Bank as loss payee b. Correct address c. Agrees with worksheet coverage, including building and contents d. UCC taken: Yes ___ No ___ e. Dates of coverage f. Zone agrees with zone on flood cert.
a.
b.
c.
d.
e.
f.
Flood Zone on Declaration: Flood Zone on Flood Cert:
6. Appraisal pages a. Improvements value b. Contents value
a.
b.
7. Hazard insurance policy if needed to establish insurable value a. Replacement value on building b. Replacement value on contents
a.
b.
8. Force Placement letter
Comments: Review for adequacy of flood coverage on completed worksheet, continual flood coverage, flood zone agreement, declaration pages only as evidence of insurance, timing of force placement letter and coverage
Loan Date: _____________
Loan Number: ___________
Loan Name: ________________________________________
Sample Checklist - Operations
Checklist YES/NO
1. Don’t use false or misleading header information. Is the “From,” “To,” “Reply-
To,” and routing information – including the originating domain name and
email address – accurate and identify the person or business who initiated the
message?
1. Don’t use deceptive subject lines. Does the subject line accurately reflect the
content of the message?
1. Identify the message as an ad. Is the message identified as an ad? The law
gives a lot of leeway in how to do this, but it must be disclosed clearly and
conspicuously that the message is an advertisement.
1. Tell recipients where you’re located. Does the message include the valid
physical postal address? This can be the current street address, a post office
box registered with the U.S. Postal Service, or a private mailbox registered
with a commercial mail-receiving agency established under Postal Service
regulations.
1. Tell recipients how to opt out of receiving future emails. Does the message
include a clear and conspicuous explanation of how the recipient can opt out
of getting email in the future? The notice should be crafted in a way that is
easy for an ordinary person to recognize, read, and understand. Creative use of
type size, color, and location can improve clarity. Give a return email address
or another easy Internet-based way to allow people to communicate their
choice. A menu may be created to allow a recipient to opt out of certain types
of messages, but the option must be included to stop all commercial messages.
Make sure the spam filter does not block these opt-out requests.
Completed Date
1. Honor opt-out requests promptly. Any opt-out mechanism offered must be
able to process opt-out requests for at least 30 days after the message is sent.
A recipient’s opt-out request must be honored within 10 business days. A fee
cannot be charged, the recipient cannot be required to give you any personally
identifying information beyond an email address, or require the recipient to
take any step other than sending a reply email or visiting a single page on an
Internet website as a condition for honoring an opt-out request. Once people
have told the Bank that they do not want to receive more messages, the Bank
cannot sell or transfer their email addresses, even in the form of a mailing list.
The only exception is that the address may be transferred to a company that
has been hired to help comply with the CAN-SPAM Act.
Monitor what others are doing on your behalf. The law makes clear that
even if you hire another company to handle your email marketing, you can’t
contract away your legal responsibility to comply with the law. Both the
company whose product is promoted in the message and the company that
actually sends the message may be held legally responsible.
CAN-SPAM Act Checklist/Reference Guide for the Marketing Group The checklist is provided to assist the Marketing associates in ensuring the Bank is in compliance to the CAN-SPAM Act.
Sample Checklist - Operations
DISPUTE CHECKLIST
Prior to conducting transaction monitoring, review policies/procedures/forms/dispute letters. Obtain current Reg E log. Choose sample from period of coverage. Obtain dispute documentation for transactions chosen.
Comments
1. Review each dispute for timing rules.
2. Review letters to customer for proper completion and use of correct letter.
3. Review log entries for proper completion.
4. Summarize issues/exceptions to policy/procedures and/or violations below.
5. ISSUES/EXCEPTIONS/VIOLATIONS:
6. CORRECTIVE ACTION RECOMMENDED:
Completed by: Date:
REGULATION E DISPUTE MONITORING
Scope Period of Review: ________________________________________
Transaction Sampling # ____
OPERATIONAL MONITORING PROCEDURES
Reg. E Remittance Transfer Rule Monitoring Procedures
Objective
Regulation E (Reg. E) covers all electronically initiated transactions and establishes rights, liabilities, and responsibilities of consumers and financial institutions. It is the purpose of this monitoring procedure to ensure all EFT disputes are resolved timely and within the guidelines outlined in the regulation.
Effective October 28, 2013 the regulation was changed to: carry out the purposes of the Electronic Fund Transfer Act, which establishes the basic rights, liabilities, and responsibilities of consumers who use electronic fund transfer and remittance transfer services and of financial institutions or other persons that offer these services. The primary objective of the act and this part of the act is the protection of individual consumers engaging in electronic fund transfers and remittance transfers.
Monitoring Frequency The monitoring frequency will be determined upon the completion of annual Risk Assessment. The current monitoring frequency is monthly. The monthly review of the Bank’s remittance transfers will be performed by the Operations Compliance Officer. The following procedures have been implemented to ensure the review process is compliant with the Reg. E policies and procedures adopted by Citizens Business Bank. The following documents will be used to perform the monthly review: Pull various systems reports to identify outgoing consumer foreign wires Monitoring Process Review a random selection of international consumer outgoing wires determined from the reports above. Review at least 25% of the total wires requiring the Consumer International Wire Transfer disclosures. Review each outgoing wire disclosure for:
o Completeness o Correct date, time and signatures (or documentation for verbal disclosure) o Note any discrepancies onto the Deposit and Operations Compliance Exception and Corrective Action Matrix
Record each wire reviewed onto the Reg E Remittance Transfer Rule report Retain copies of source documents for files Prepare Exception Report
o Note exceptions on the Deposit and Operations Compliance Exception and Corrective Action Matrix Exception Report The Operations Compliance Officer will prepare an email notification attaching a copy of the Deposit and Operations Compliance Exception and Corrective Action Matrix and Summary to the Support Services Division Manager and the Senior Operations Manager, as applicable. Board Reports Exceptions will be included on the Deposit and Operations Compliance Exception and Corrective Action Matrix for the Board Report. Retention Documentation used during the review process will be retained from regulatory audit to audit.
OPERATIONAL MONITORING PROCEDURES
EFT Claims Monitoring Procedures
Objective Regulation E (Reg. E) covers all electronically initiated transactions and establishes rights, liabilities, and responsibilities of consumers and financial institutions. It is the purpose of this monitoring procedure to ensure all EFT disputes are resolved timely and within the guidelines outlined in the regulation. Monitoring Frequency The monitoring frequency should be determined upon the completion of annual Risk Assessment; however, may be performed more frequently than indicated by the risk assessment. The current monitoring frequency is monthly. The monthly review of the Bank’s EFT claims will be performed by the Operations Compliance Officer. The following procedures have been implemented to ensure the review process is compliant with the Reg. E policies and procedures adopted by Citizens Business Bank. The following documents will be used to perform the monthly review: EFT Claim Forms and supporting documents (Director) ACH Unauthorized Transactions Report (ViewPoint) ACH Unauthorized Transactions documentation (Director) Monitoring Process Review a random selection of closed EFT claims submitted. (From the Director and ACH Unauthorized Transaction Report to prepare a listing select 15% of total claims received for the month. Review each claim form for:
– Completeness and compliant to regulation E – Verify if account is interest bearing. – Ensure provisional credit has posted accurately to account (if applicable) – Verify interest adjustment is made when providing provisional credit as applicable and service charges due to error reversed – Ensure the appropriate letter(s) have been prepared – Note any discrepancies onto the Deposit and Operations Compliance Exception and Corrective Action Matrix
Record each claim reviewed onto the BCS log. Retain copies of source documents for files Prepare Exception Report
– Note exceptions on the Deposit and Operations Compliance Exception Matrix
Exception Report The Operations Compliance Officer will prepare an email notification attaching a copy of the Deposit and Operations Compliance Matrix and Summary to the BankCard Manager and Payments Operations Manager (as applicable). Board Reports Exceptions will be included on the Deposit and Operations Compliance Exception and Corrective Action Matrix that is provided to Board. Retention Documentation used during the review process will be retained from regulatory audit to audit.
OPERATIONS MONITORING SCHEDULE
OPERATIONS COMPLIANCE MONITORING SCHEDULE - 2014
TOPIC (Q-quarterly; S-semiannual; A-annual) FREQ J F M A M J J A S O N D
Reg. D Monitoring – NOW accounts Q X X X X
Reg. D Monitoring – Excessive Activity on MMDA/Savings M X X X X X X X X X X X X
Reg. DD Monitoring – Periodic Statement Calculations A X
Reg. DD Monitoring – New Account Procedures S X X
BSA/CIP – Missing Documentation Logs and CIP testing M X X X X X X X X X X X X
Branch Security Testing M X X X X X X X X X X X X
Reg. CC – Employees each have copy of policy S X X
Signage – CIP/Reg. CC/Annual Financial Disclosure Poster/FDIC signs Q X X X X
TIN and W-8BEN monitoring M X X X X X X X X X X X X
Reg. E Monitoring - disputes A X X X X X X X X X X X X
Disaster Recovery Kits S X X
Add according to your bank’s procedures
LENDING MONITORING SCHEDULE
ABC BANK
LENDING COMPLIANCE MONITORING SCHEDULE
Management Commpliance Committee Approved 9-15-14 REG REGULATION NAME FREQUENCY JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC
BB CRA - Community Reinvestment Act
1. Lending Test/CD Test - Self Assessment Report A X
2. Community Development Loan Review M X X X X X X X X X X X X
3. Community Development Service Review Q X X X X
4. Community Development Investment Review Q X X X X
5. Checking loan to deposit ratios for prior year with the UBPR A X
6. CRA Sunshine Rules - Covered Agreement Review A X
B ECOA - Equal Credit Opportunity Act/ Fair Lending `
1. Notification of Action Taken (Timing Rules) review M X X X X X X X X X X X X
2. Loan Conversation Log review M X X X X X X X X X X X X
3. Second Review to Adverse Action Notice Q X X X X
4. Joint Credit and Guarantors Taken (Signature Rules) Review M X X X X X X X X X X X X
5. Exception To Policy report review Q X X X X
Flood Disaster Protection Act
1. SFHA Determination Form Review M X X X X X X X X X X X X
2. Flood Coverage Calculation Worksheets AA
3. Flood Notice Mailing Review AA
4. Force placement Review AA
5. Flood Insurance Expired M X X X X X X X X X X X X
"A" Annually
"AA As Applicable
"M" Monthly
"Q" Quarterly
"W" Weekly
LENDING REVIEW SPREADSHEET
Loan # Borrower New or Renew Amount Reviewer Type HMDA Reg Z
Reg AA
Reg O Reg B
FCRA/ ECOA
ID Red Flag LTV Fees
BSA CIP
CIP Docs OFAC Flood RESPA
Reg U Comments
Sample Summaries of Monitoring Results
• Lending Samples
• Operations Samples
Lending Samples
Operations Samples
Operations Samples
BSA Sample
Operations Samples
REPORTING RESULTS - ALTERNATIVES
A. Department Heads
B. Senior Management/Management Committee
C. Audit Committee
D. Board of Directors
Case Study - Lending
ABC Bank has been lacking monitoring for flood compliance. The bank has established procedures, but needs to ensure the procedures are being followed in the commercial loan department which believes compliance matters don’t affect them for some reason…
Discussion
• What does the Compliance Manager, who is new to the bank, do in this situation?
• How would you proceed as the Compliance Manager?
• Best practices
• Take-aways
Case Study-Operations
ABC Bank has been lacking monitoring for Regulation E or EFT compliance. The examiners have cited repeat violations of the timing rules for resolving Reg E disputes. The bank has established procedures, but needs to ensure the procedures are being followed in the Cash Management area of the bank.
Discussion
• What does the Compliance Manager, who is new to the bank, do in this situation?
• How would you proceed as the Compliance Manager?
• Best practices
• Take-aways
Deficiency Follow-Up
A. Accountability B. Corrective Action C. Focused Training
D. How monitoring is used by examiners E. How monitoring is used by auditors
Summary
• Define your challenges
– Technological
– Personnel
– Trust but verify
– Internal pressures
• Set realistic expectations
– Monitoring is an evolutionary process
– Easy for people to get complacent
• Keep your eye on the goal
– Compliance with Regulations
QUESTIONS?
Contact Information
Lead Contact information
Karen Geno kgeno @prodigy.net
Jeff Blake [email protected]