AN IN-DEPTH LOOK AT COMPLIANCE MONITORING

Karen A. Geno – Geno Management Advisory Services

Jeff Blake – Citizens Business Bank

Welcome

• Elements of an Effective Compliance Monitoring Program 1

• Approach, Scope, Frequency – Templates, Examples 2

• Case Studies 3

Session 2 Overview

Learning Objectives

• Definitions

• Approach

• Scope

• Frequency

• Tools

• Results

• Benefits

• Follow Up

COMPONENTS OF AN EFFECTIVE COMPLIANCE MANAGEMENT PROGRAM

A. POLICIES AND PROCEDURES B. TRAINING

C. MONITORING D. CONSUMER COMPLAINT RESPONSE

FDIC COMPLIANCE MANUAL

"Monitoring" in the FDIC Compliance Examination Manual --

• -- proactive approach by the institution to identify procedural or training weaknesses in an effort to preclude regulatory violations

• -- includes reviews at the transaction level during the normal, daily activities of employees in every operating unit of the institution.

HOW MONITORING DIFFERS FROM AUDITS

Periodic monitoring is conducted more frequently than formal compliance audits; can be less thorough in nature and can be conducted by employees not trained in compliance or auditing methods.

Performed By:

Done by the Business Unit Done by the Compliance Manager or Compliance Staff

SCOPE/FREQUENCY OF MONITORING -

ALTERNATIVES

SCOPE

Lending Compliance Examples

– Flood

– Reg. B

Operations Compliance Examples

– Reg. CC

– Reg. D

– Reg. E

FREQUENCY

– Daily

– Monthly

– Quarterly

– Continuous

Measurement

Iden

tifi

cati

on

Analyze Initial Results

Continue to

Improve

Efficiency/ Effectiveness

Evolution of Monitoring

Expand

Scope or Frequency

Monitoring Tools Examples

• Checklists

• Schedules

• Spreadsheets

• Workpapers

Sample Checklist - Lending

FLOOD CHECKLIST

MUST HAVE THE FOLLOWING BEFORE LOAN IS MADE: Comments

1. Completed Flood Calculation Worksheet by lender for: Building coverage: Contents coverage:

Date: By:

2. Flood certification Date: Flood Zone:

3. Flood notice – signed by borrower(s) 10 days before closing? Yes ___ No ___

4. Security Agreement and UCC-1 taken? Yes ___ No___ Includes movable equipment or Inventory? Yes ___ No ___

5. Flood Declaration Page(you can make the loan with application and evidence premium is paid by a receipt; but then you must follow for the Dec Page) a. Bank as loss payee b. Correct address c. Agrees with worksheet coverage, including building and contents d. UCC taken: Yes ___ No ___ e. Dates of coverage f. Zone agrees with zone on flood cert.

a.

b.

c.

d.

e.

f.

Flood Zone on Declaration: Flood Zone on Flood Cert:

6. Appraisal pages a. Improvements value b. Contents value

a.

b.

7. Hazard insurance policy if needed to establish insurable value a. Replacement value on building b. Replacement value on contents

a.

b.

8. Force Placement letter

Comments: Review for adequacy of flood coverage on completed worksheet, continual flood coverage, flood zone agreement, declaration pages only as evidence of insurance, timing of force placement letter and coverage

Loan Date: _____________

Loan Number: ___________

Loan Name: ________________________________________

Sample Checklist - Operations

Checklist YES/NO

1. Don’t use false or misleading header information. Is the “From,” “To,” “Reply-

To,” and routing information – including the originating domain name and

email address – accurate and identify the person or business who initiated the

message?

1. Don’t use deceptive subject lines. Does the subject line accurately reflect the

content of the message?

1. Identify the message as an ad. Is the message identified as an ad? The law

gives a lot of leeway in how to do this, but it must be disclosed clearly and

conspicuously that the message is an advertisement.

1. Tell recipients where you’re located. Does the message include the valid

physical postal address? This can be the current street address, a post office

box registered with the U.S. Postal Service, or a private mailbox registered

with a commercial mail-receiving agency established under Postal Service

regulations.

1. Tell recipients how to opt out of receiving future emails. Does the message

include a clear and conspicuous explanation of how the recipient can opt out

of getting email in the future? The notice should be crafted in a way that is

easy for an ordinary person to recognize, read, and understand. Creative use of

type size, color, and location can improve clarity. Give a return email address

or another easy Internet-based way to allow people to communicate their

choice. A menu may be created to allow a recipient to opt out of certain types

of messages, but the option must be included to stop all commercial messages.

Make sure the spam filter does not block these opt-out requests.

Completed Date

1. Honor opt-out requests promptly. Any opt-out mechanism offered must be

able to process opt-out requests for at least 30 days after the message is sent.

A recipient’s opt-out request must be honored within 10 business days. A fee

cannot be charged, the recipient cannot be required to give you any personally

identifying information beyond an email address, or require the recipient to

take any step other than sending a reply email or visiting a single page on an

Internet website as a condition for honoring an opt-out request. Once people

have told the Bank that they do not want to receive more messages, the Bank

cannot sell or transfer their email addresses, even in the form of a mailing list.

The only exception is that the address may be transferred to a company that

has been hired to help comply with the CAN-SPAM Act.

Monitor what others are doing on your behalf. The law makes clear that

even if you hire another company to handle your email marketing, you can’t

contract away your legal responsibility to comply with the law. Both the

company whose product is promoted in the message and the company that

actually sends the message may be held legally responsible.

CAN-SPAM Act Checklist/Reference Guide for the Marketing Group The checklist is provided to assist the Marketing associates in ensuring the Bank is in compliance to the CAN-SPAM Act.

Sample Checklist - Operations

DISPUTE CHECKLIST

Prior to conducting transaction monitoring, review policies/procedures/forms/dispute letters. Obtain current Reg E log. Choose sample from period of coverage. Obtain dispute documentation for transactions chosen.

Comments

1. Review each dispute for timing rules.

2. Review letters to customer for proper completion and use of correct letter.

3. Review log entries for proper completion.

4. Summarize issues/exceptions to policy/procedures and/or violations below.

5. ISSUES/EXCEPTIONS/VIOLATIONS:

6. CORRECTIVE ACTION RECOMMENDED:

Completed by: Date:

REGULATION E DISPUTE MONITORING

Scope Period of Review: ________________________________________

Transaction Sampling # ____

OPERATIONAL MONITORING PROCEDURES

Reg. E Remittance Transfer Rule Monitoring Procedures

Objective

Regulation E (Reg. E) covers all electronically initiated transactions and establishes rights, liabilities, and responsibilities of consumers and financial institutions. It is the purpose of this monitoring procedure to ensure all EFT disputes are resolved timely and within the guidelines outlined in the regulation.

Effective October 28, 2013 the regulation was changed to: carry out the purposes of the Electronic Fund Transfer Act, which establishes the basic rights, liabilities, and responsibilities of consumers who use electronic fund transfer and remittance transfer services and of financial institutions or other persons that offer these services. The primary objective of the act and this part of the act is the protection of individual consumers engaging in electronic fund transfers and remittance transfers.

Monitoring Frequency The monitoring frequency will be determined upon the completion of annual Risk Assessment. The current monitoring frequency is monthly. The monthly review of the Bank’s remittance transfers will be performed by the Operations Compliance Officer. The following procedures have been implemented to ensure the review process is compliant with the Reg. E policies and procedures adopted by Citizens Business Bank. The following documents will be used to perform the monthly review: Pull various systems reports to identify outgoing consumer foreign wires Monitoring Process Review a random selection of international consumer outgoing wires determined from the reports above. Review at least 25% of the total wires requiring the Consumer International Wire Transfer disclosures. Review each outgoing wire disclosure for:

o Completeness o Correct date, time and signatures (or documentation for verbal disclosure) o Note any discrepancies onto the Deposit and Operations Compliance Exception and Corrective Action Matrix

Record each wire reviewed onto the Reg E Remittance Transfer Rule report Retain copies of source documents for files Prepare Exception Report

o Note exceptions on the Deposit and Operations Compliance Exception and Corrective Action Matrix Exception Report The Operations Compliance Officer will prepare an email notification attaching a copy of the Deposit and Operations Compliance Exception and Corrective Action Matrix and Summary to the Support Services Division Manager and the Senior Operations Manager, as applicable. Board Reports Exceptions will be included on the Deposit and Operations Compliance Exception and Corrective Action Matrix for the Board Report. Retention Documentation used during the review process will be retained from regulatory audit to audit.

OPERATIONAL MONITORING PROCEDURES

EFT Claims Monitoring Procedures

Objective Regulation E (Reg. E) covers all electronically initiated transactions and establishes rights, liabilities, and responsibilities of consumers and financial institutions. It is the purpose of this monitoring procedure to ensure all EFT disputes are resolved timely and within the guidelines outlined in the regulation. Monitoring Frequency The monitoring frequency should be determined upon the completion of annual Risk Assessment; however, may be performed more frequently than indicated by the risk assessment. The current monitoring frequency is monthly. The monthly review of the Bank’s EFT claims will be performed by the Operations Compliance Officer. The following procedures have been implemented to ensure the review process is compliant with the Reg. E policies and procedures adopted by Citizens Business Bank. The following documents will be used to perform the monthly review: EFT Claim Forms and supporting documents (Director) ACH Unauthorized Transactions Report (ViewPoint) ACH Unauthorized Transactions documentation (Director) Monitoring Process Review a random selection of closed EFT claims submitted. (From the Director and ACH Unauthorized Transaction Report to prepare a listing select 15% of total claims received for the month. Review each claim form for:

– Completeness and compliant to regulation E – Verify if account is interest bearing. – Ensure provisional credit has posted accurately to account (if applicable) – Verify interest adjustment is made when providing provisional credit as applicable and service charges due to error reversed – Ensure the appropriate letter(s) have been prepared – Note any discrepancies onto the Deposit and Operations Compliance Exception and Corrective Action Matrix

Record each claim reviewed onto the BCS log. Retain copies of source documents for files Prepare Exception Report

– Note exceptions on the Deposit and Operations Compliance Exception Matrix

Exception Report The Operations Compliance Officer will prepare an email notification attaching a copy of the Deposit and Operations Compliance Matrix and Summary to the BankCard Manager and Payments Operations Manager (as applicable). Board Reports Exceptions will be included on the Deposit and Operations Compliance Exception and Corrective Action Matrix that is provided to Board. Retention Documentation used during the review process will be retained from regulatory audit to audit.

OPERATIONS MONITORING SCHEDULE

OPERATIONS COMPLIANCE MONITORING SCHEDULE - 2014

TOPIC (Q-quarterly; S-semiannual; A-annual) FREQ J F M A M J J A S O N D

Reg. D Monitoring – NOW accounts Q X X X X

Reg. D Monitoring – Excessive Activity on MMDA/Savings M X X X X X X X X X X X X

Reg. DD Monitoring – Periodic Statement Calculations A X

Reg. DD Monitoring – New Account Procedures S X X

BSA/CIP – Missing Documentation Logs and CIP testing M X X X X X X X X X X X X

Branch Security Testing M X X X X X X X X X X X X

Reg. CC – Employees each have copy of policy S X X

Signage – CIP/Reg. CC/Annual Financial Disclosure Poster/FDIC signs Q X X X X

TIN and W-8BEN monitoring M X X X X X X X X X X X X

Reg. E Monitoring - disputes A X X X X X X X X X X X X

Disaster Recovery Kits S X X

Add according to your bank’s procedures

LENDING MONITORING SCHEDULE

ABC BANK

LENDING COMPLIANCE MONITORING SCHEDULE

Management Commpliance Committee Approved 9-15-14 REG REGULATION NAME FREQUENCY JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC

BB CRA - Community Reinvestment Act

1. Lending Test/CD Test - Self Assessment Report A X

2. Community Development Loan Review M X X X X X X X X X X X X

3. Community Development Service Review Q X X X X

4. Community Development Investment Review Q X X X X

5. Checking loan to deposit ratios for prior year with the UBPR A X

6. CRA Sunshine Rules - Covered Agreement Review A X

B ECOA - Equal Credit Opportunity Act/ Fair Lending `

1. Notification of Action Taken (Timing Rules) review M X X X X X X X X X X X X

2. Loan Conversation Log review M X X X X X X X X X X X X

3. Second Review to Adverse Action Notice Q X X X X

4. Joint Credit and Guarantors Taken (Signature Rules) Review M X X X X X X X X X X X X

5. Exception To Policy report review Q X X X X

Flood Disaster Protection Act

1. SFHA Determination Form Review M X X X X X X X X X X X X

2. Flood Coverage Calculation Worksheets AA

3. Flood Notice Mailing Review AA

4. Force placement Review AA

5. Flood Insurance Expired M X X X X X X X X X X X X

"A" Annually

"AA As Applicable

"M" Monthly

"Q" Quarterly

"W" Weekly

LENDING REVIEW SPREADSHEET

Loan # Borrower New or Renew Amount Reviewer Type HMDA Reg Z

Reg AA

Reg O Reg B

FCRA/ ECOA

ID Red Flag LTV Fees

BSA CIP

CIP Docs OFAC Flood RESPA

Reg U Comments

Sample Summaries of Monitoring Results

• Lending Samples

• Operations Samples

Lending Samples

Operations Samples

Operations Samples

BSA Sample

Operations Samples

REPORTING RESULTS - ALTERNATIVES

A. Department Heads

B. Senior Management/Management Committee

C. Audit Committee

D. Board of Directors

Case Study - Lending

ABC Bank has been lacking monitoring for flood compliance. The bank has established procedures, but needs to ensure the procedures are being followed in the commercial loan department which believes compliance matters don’t affect them for some reason…

Discussion

• What does the Compliance Manager, who is new to the bank, do in this situation?

• How would you proceed as the Compliance Manager?

• Best practices

• Take-aways

Case Study-Operations

ABC Bank has been lacking monitoring for Regulation E or EFT compliance. The examiners have cited repeat violations of the timing rules for resolving Reg E disputes. The bank has established procedures, but needs to ensure the procedures are being followed in the Cash Management area of the bank.

Discussion

• What does the Compliance Manager, who is new to the bank, do in this situation?

• How would you proceed as the Compliance Manager?

• Best practices

• Take-aways

Deficiency Follow-Up

A. Accountability B. Corrective Action C. Focused Training

D. How monitoring is used by examiners E. How monitoring is used by auditors

Summary

• Define your challenges

– Technological

– Personnel

– Trust but verify

– Internal pressures

• Set realistic expectations

– Monitoring is an evolutionary process

– Easy for people to get complacent

• Keep your eye on the goal

– Compliance with Regulations

QUESTIONS?

Contact Information

Lead Contact information

Karen Geno kgeno @prodigy.net

Jeff Blake jlblake@cbbank.com