www.cls-group.com

® CLS and the CLS Logo are registered trademarks of CLS UK Intermediate Holdings Ltd © 2014 CLS UK Intermediate Holdings Ltd.

Corporate Compliance: Compliance Framework and Hot Topics

Tammy EisenbergExecutive Director, Corporate Compliance

CLS GroupMarch 6, 2014

2

The views represented herein are solely those of the author and do not necessarily represent the views of the CLS Group.

Disclaimer

3

At it’s most fundamental, a bank Corporate Compliance program is about ethics and managing conflicts of interest. Put simply, it’s about doing the right thing.

What is Corporate Compliance?

4

Compliance Policy

Framework

Compliance Risk

Framework

TrainingMonitoring&

Testing

Elements of a Corporate Compliance Program

» How does your organization define “Compliance Risk?”

» Basel Committee on Banking Supervision – “Compliance and the Compliance Function in Banks.”

» Compliance Risk is the risk of legal or regulatory sanctions, material financial loss, or loss of reputation a bank may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory standards, and codes of conduct applicable to its banking activities.

What is Compliance Risk

5

6

» A Compliance Risk Framework is a tool that identifies, measures, documents and assesses compliance risk associated with a bank’s activities, including:

» Development of new products/services» New business practices» New types of business/customer relationships» Material changes to any of the above

What is a Compliance Risk Framework

7

» Federal Reserve SR 08-8 “Compliance Risk Management Programs at Large Banking Organizations with Complex Compliance Profiles.”

» SEC Release Nos. IA-2204; IC-26299 “Compliance Programs of Investment Companies and Investment Advisers.”

» FINRA Rule 3012 “Supervisory Control System.”

Expectations of Regulators

8

Board of Directors

Senior Management

Employees

Roles and Responsibilities

9

Governance

Risk Assessment

Monitoring and Testing

Training

Reporting & Communication

Process

10

• Define Roles & ResponsibilitiesStructure

• Initial Inventory of Laws• Updates to Inventory of LawsMethodology

• Document in PolicyPolicy

Governance

11

Inherent Risk

Control Environment

Residual Risk

Risk Assessment

12

Changes to Inventory of

Laws/Inherent Risk

Changes to Control

Environment

Changes to Residual

Risk

Monitoring and Testing

13

» Ensure understanding of:

» Purpose of Compliance Risk Framework» Roles and Responsibilities» Methodologies» Information to be Reported

Training

14

Business Units

Senior Management

Board of Directors

Reporting and Communication

15

Classifications• Type of policy

documents

Governance• Approval process• Review process• Reporting of

violations• Training

Requirements• Format• Required content

What is a Compliance Policy Framework?

16

Policy

• Describes how law/regulation/rule/standard applies and the requirements that must be met in order to achieve compliance.

• Generally, policies must be “reasonably designed” to achieve compliance.

Guidelines

• Additional guidance or specifications underlying the policy

Procedure

• A series of steps taken to accomplish the requirements of a policy or guideline.

• Describes: who is responsible, what must be done, how the procedure is followed, how often and how the procedure is documented.

Types of Policy Documents

17

Compliance Risk

Framework (identifies type and severity of

risk)

Compliance Policy

Framework (policy +

procedures)

Compliance Program

Relationship between Frameworks

18

Types of Compliance Policies

CODE OF CONDUCT

Anti-Money Laundering

Supervisory Affairs

Records Retention

Anti Bribery & Corruption

Gifts and Entertainment

Information Barrier Policy

19

There are hot topics for almost every kind of compliance policy!

Hot Topics

20

Hot topic• Any impact on

current/potential activity?

Assessment

• Is this risk identified in the Compliance Risk Framework?

Analysis•Are there policies and procedures which are reasonably designed to address (i.e., control environment)?

Lessons Learned

21

Questions