Presentation is loading. Please wait.

Presentation is loading. Please wait.

Staying Ahead of the Compliance & Risk Management Curve

Published byWinfred Russell Modified over 6 years ago

Similar presentations

Presentation on theme: "Staying Ahead of the Compliance & Risk Management Curve"— Presentation transcript:

1 Staying Ahead of the Compliance & Risk Management Curve
Fran M. DeMaris Executive Vice President

2 Supervisory Focus

3 What do FIDUCIARY examiners typically focus on
What do FIDUCIARY examiners typically focus on? FIRMA Annual Conference 2018 Bank Management’s evaluation of AM Risk Fiduciary Audit – scope, staffing, expertise Conflicts of Interest Collective Fund Risk Management Third Party and New Product Oversight Model Risk management Retail Nondeposit Investment Products Internal Control Weaknesses Account Administrative Reviews Unique and Hard to Value Assets Delegated Investment Responsibility SEC MMF Rules

4 What do FIDUCIARY examiners typically focus on
What do FIDUCIARY examiners typically focus on? FIRMA Annual Conference 2018 Continuing pressure on Risk Management, Compliance, and Audit Oversight functions Growing importance of Vendor Risk Management Supervision and Control Account Review Process - Balance of automation with human judgement

5 Supervisory Focus Asset Management

6 Supervisory Focus Internal Control Weaknesses
Account Administrative Reviews Unique and Hard to Value Assets Delegated Investment Responsibility and Monitoring SEC MMF Rules (OCC Bulletin )

7 Supervisory Focus Asset Management

8 Macro-Supervisory Strategies-2018
Cyber-security and operational resiliency Business model sustainability, viability and strategy changes Change management to address new regulatory changes and new product offerings Bank secrecy act/anti-money laundering compliance management

9 Investment Risk Market Volatility Interest Rate Risk
Use of complex products Liquidity Increased Litigation and Reputation risks

10 Retail Nondeposit Investment Products
Principal risks include Aggressive sales practices Improper use of complex products Weaknesses in determining suitability and proper use of higher-risk products Areas of Focus Banks’ initial & ongoing due diligence Effective governance and bank oversight of RNDIP sales processes “Retail Nondeposit Investment Products” booklet of the Comptroller’s Handbook (January 2015)

11 Conflicts of Interest Conflicts of interest pose legal, reputation and compliance risk Banks need effective processes to identify and address all types of conflicts of interest Unless authorized by applicable law, placing client funds for which the bank has investment discretion in proprietary products is, by definition, self-dealing Even when self-dealing is authorized, bank fiduciaries must still demonstrate how proprietary products are appropriate for that client and establish how those products meet the bank’s fiduciary obligations for its clients Proprietary products should be subject to same due diligence standards as third party products

12 Operational Risk Cyber risks Third party service provider oversight
External fraud – Distribution requests/authentication Client account take-over Third party service provider oversight Legacy systems Emerging systems Interconnectedness New Product Bulletin (OCC Bulletin ) Understanding of risks associated with new product On-going focus on value added (if any) of new product Service provider consolidation/concentration AM outsourcing – effective oversight Internal Controls – fundamental risk management

13 Other Risks Overall bank AM asset accumulation is slowing and revenues are flat. Earnings compression appears to be due to competition. Passive investment strategies Digital advisers Other asset managers (Banks and RIAs) Emerging state laws introduce new capacities, some limiting liability for bank fiduciaries. Core requirements of a fiduciary remain regardless of whether a bank has investment discretion or is merely a directed trustee. Fiduciary powers; documented pre-acceptance account reviews; custody of fiduciary assets; annual fiduciary audits; policies; record keeping; and self-deposit pledge requirements While state laws may permit banks to rely on a third-party investment manager for valuations, banks remain responsible for accuracy of Schedule RC-T and IRS reporting

14 Supervisory Focus: Third-Party Relationships
OCC Bulletin , (January 24, 2017) – “Third-Party Relationships: Supplemental Examination Procedures” Tailored to risk and complexity of bank’s third-party relationships Procedures to assess a bank’s quantity of risk and quality of risk management, especially over critical service providers Includes consideration of Service providers’ use of subcontractors Bank’s due diligence and ongoing monitoring of financial market utilities Reg W compliance for affiliated service providers Conflicts of interest Focus on risk management throughout the lifecycle of third- party relationship

15 Supervisory Focus: Third-Party Relationships
OCC Bulletin (June 7, 2017) – “Third-Party Relationships: Frequently Asked Questions to Supplement OCC Bulletin ” Risk management practices should be commensurate with risk and complexity of third-party relationship, adjusted for risk, and should be periodically reviewed and updated as needed Highlights bank collaboration for oversight, including user groups Provides guidance for Fintech relationships Addresses use of third-party compliance management systems Addresses use of SSAE 18 Service Organization Control Report, especially with respect to third party’s oversight of subcontractors to assess whether additional audit or review is required Addresses bank access to Service Provider ROEs

16 Supervisory Focus: New Products
OCC Bulletin (October 20, 2017) – “New, Modified, or Expanded Bank Products and Services – Risk Management Principles” Adequate due diligence and approvals before introducing a new activity Policies & procedures to properly identify, measure, monitor, report, and control risks Effective change management for new activities or affected processes and technologies Ongoing performance monitoring and review systems Management and board limits on risk exposure Specific objectives and criteria to evaluate whether the new activities are successful Testing for compliance and effectiveness of operational controls and safeguards Exit strategy for activities that fail to achieve projections

17 Supervisory Focus: Asset Management
Investment Issues/concerns Anxiety for income/improved investment performance – increased risk taking Ineffective due diligence processes in selecting, retaining, and monitoring investment managers and funds (UPIA) Lack of independent risk management function over investment area Inadequate model risk management (OCC ) Improper oversight and controls over delegation of trust assets to affiliated broker’s financial advisors Performance related litigation risk Program/algorithmic trading activities

18 Supervisory Focus: Oversight
Board & Management Oversight Committee Functions Risk Management Risk Appetite Statements

19 Supervisory Focus: Investments
Investment Issues/concerns: Unique Assets Stale valuations/valuation practices Stale reviews of unique assets Hedge Funds Lack of financial transparency Lack of product knowledge and expertise Client suitability

20 Supervisory Focus: Operations
Operational Risk Concerns Impact of earnings pressure on Internal controls Staffing Compliance/Risk Management functions Audit Coverage Third-party service provider oversight (OCC ) Asset controls On-premises/off-premises/all locations/all assets Accurate reporting of losses and settlements Fee rebates and concessions Oversight Committees/Schedule RC-T of Call Report Reg. R-Calculations

21 Supervisory Focus: Audit
Fiduciary Audit Committee Oversight Fiduciary Audit Committee must ensure proper oversight of fiduciary audit function, whether performed by internal or external auditors Committee membership must meet independence requirements of 12 CFR (FSAs) When fiduciary audit is outsourced to a third-party auditor: Trust company must not be overly reliant on third-party auditor to develop audit scope Committee should consider internal risk assessment to assess the proposed scope should ensure that it includes all significant fiduciary activities and an assessment of all key controls at appropriate intervals Committee should have processes to ensure that third-party auditor completes procedures as outlined in the engagement letter or that internal audit program is completed as planned

22 Supervisory Focus: Conflicts of Interest
Umbrella for other Handbooks-Appendices Need comprehensive policies and procedures to identify, mitigate, and report conflicts of interest Board and management should periodically review all activities to determine if conflicts exist in current practices due to changes in the trust company’s activities, legal environment, or regulatory environment Audit Committee should ensure the audit scope includes an evaluation of the trust company’s conflict of interest risk management systems, including testing of transactions Board may need to engage third-party providers (e.g., outside legal counsel) to conduct a review of existing or proposed activities

23 Supervisory Focus: Retail Nondeposit Investment Products
New Handbook

24 Supervisory Focus Asset Management

25 Supervisory Themes… Continuing pressure on Risk Management, Compliance, and Audit Oversight functions Growing importance of Vendor Risk Management Supervision and Control Account Review - Balance of automation with human judgement

26 Risk Management, Compliance & Audit
Sound risk management systems and processes assist the firm in identifying, measuring, monitoring, and controlling risk Elements of a sound risk management system include: Active board and senior management oversight Adequate policies, procedures, and limits Adequate risk measurement, monitoring, and management information systems Comprehensive internal controls and independent audit

27 Risk Management Control Functions
Risk management control functions include: Risk Management Compliance Internal Audit Each control function has differing responsibilities; however, each is equally important to a sound risk management system

28 Risk Management Board retains ultimate responsibility
Continuing need for current and well-conceived policies and procedures Need for effective testing against policies and standards, exception reporting, escalation, and follow up

29 Compliance Day-to-day monitoring and testing conformance with
Policies and processes Laws, regulations, and rulings Reporting exceptions to the Board and senior management Providing staff training to facilitate adherence to policies and processes

30 Internal Audit Serves as the independent eyes and ears of the Board and senior management Identifies deviation from established policies, procedures, and standards Evaluation of Compliance and Risk Management processes Assesses program adequacy and effectiveness Affirms findings Validates corrective actions are effective

31 Vendor Risk Management
Growing reliance on third party vendors for trust accounting and middle and back office functions Firm can delegate authority (function) but not responsibility Overall Vendor Risk Management processes should include: Comprehensive Risk Assessment Thorough Vendor Selection/Due Diligence Comprehensive Contract Review Service Monitoring/Oversight

32 Account Review Process
Increased use of Automated “Reg 9” Review Processes May not adequately consider all account assets such as Hard to Value, Real Estate, Mineral Interests, etc. May not include the “human factor”/judgement including narratives describing unique or complex situations May not provide mechanisms for exception follow-up and remediation Reviews only account assets – does not consider supplemental information or administrative components Factor in supplemental information such as client discussions, tracking systems and periodic meetings and other discussions of account needs

33 Recent Examination Issues and Findings

34 Examination Issues and Findings
Review of fiduciary accounts – failure to comply with 12 CFR 9.6/150 - pre-acceptance, initial post-acceptance, annual review Inadequate account acceptance Not including all assets in review Adequacy of assets in meeting investment objective Not meeting requirements of OCC Bulletin Audit requirements – failure to comply with 12 CFR 9.9/150 Inadequate scope of audit – failure to include all significant fiduciary activities at appropriate intervals Ineffective audit program Failure to adhere to requirements for Fiduciary Audit Committee independence

35 Examination Issues and Findings
Account Administration Adequacy of administrative review process (failure to detect issues and coding errors) Discretionary distribution process (inadequate documentation to support decision-making) Self-directed IRAs (inadequate documentation for directed investments, including prohibited transactions) Internal Controls - Asset/Money Movement Free deliveries Disbursement controls (lack of dual controls noted—some trust companies have experienced fraud) Vendor Management Inadequate monitoring of third-party service providers

36 Thank you!

Download ppt "Staying Ahead of the Compliance & Risk Management Curve"

Similar presentations

Comptroller of the Currency Administrator of National Banks OCC Operations Update Michael D. Drury Asset Management Policy Group Office of the Comptroller.

Comptroller of the Currency Administrator of National Banks OCC Operations Update Michael D. Drury Asset Management Policy Group Office of the Comptroller.
Investments Institute of Insurance and Risk Management (IIRM) Hyderabad, India 15 November 2005 Arup Chatterjee – Advisor International Association of.

Investments Institute of Insurance and Risk Management (IIRM) Hyderabad, India 15 November 2005 Arup Chatterjee – Advisor International Association of.
Performing a Fiduciary Review of Trust Administration FIRMA April 2009 Independent Fiduciary Services ® Independent Fiduciary Services, Inc.  805 15 th.

Performing a Fiduciary Review of Trust Administration FIRMA April 2009 Independent Fiduciary Services ® Independent Fiduciary Services, Inc.  th.
Association of Washington Public Hospital Districts The Role of the Audit Process in Sustaining Your District’s Credibility.

Association of Washington Public Hospital Districts The Role of the Audit Process in Sustaining Your District’s Credibility.
Audit Planning and Analytical Procedures Chapter 8.

Audit Planning and Analytical Procedures Chapter 8.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
IS Audit Function Knowledge

IS Audit Function Knowledge
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Internal Control and Internal Audit

Internal Control and Internal Audit
Purpose of the Standards

Purpose of the Standards
1 Oversight of New Product Development FIRMA Conference Phoenix April 17, 2007 Presented by George Lencyk.

1 Oversight of New Product Development FIRMA Conference Phoenix April 17, 2007 Presented by George Lencyk.
Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.

Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.
Vendor Risk: Effective Management is Essential

Vendor Risk: Effective Management is Essential
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Fiduciary Key Risk Indicators

Fiduciary Key Risk Indicators
Governance of the Treasury Function CIPFA Scottish Treasury Management Forum Alan George, Regional Director 23rd February 2012.

Governance of the Treasury Function CIPFA Scottish Treasury Management Forum Alan George, Regional Director 23rd February 2012.
Elements of an Effective Fiduciary Program Elizabeth Meier Senior Examiner Federal Reserve Bank of New York Federal Reserve Bank of New

Elements of an Effective Fiduciary Program Elizabeth Meier Senior Examiner Federal Reserve Bank of New York Federal Reserve Bank of New
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.

D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.

Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.

Similar presentations

Ads by Google