Presentation is loading. Please wait.

Presentation is loading. Please wait.

Association of International Bank Audit

Published byBenedict Greene Modified over 5 years ago

Similar presentations

Presentation on theme: "Association of International Bank Audit"— Presentation transcript:

1 Strong enterprise compliance risk management enables effective BSA/AML/OFAC compliance
Association of International Bank Audit and Compliance Professionals Inc. Eric Young, Americas & CUSO-IHC Chief Compliance Officer March 26, 2019

2 Agenda Thank you - Michele Fleming, Anthony D’Anna, AIBACP, and ARC
Enterprise Compliance Risk Management – What / Why Important? As a foreign banking organization (FBO) in the US? For BSA/AML/OFAC compliance officers? Silos, Flows and Circles = People, Process, and Technology Effective people, process and technology = acceptable compliance residual risk Within an approved Risk Appetite Including BSA/AML/OFAC, e.g., DFS 504 certifications and equivalents Questions and answers CCO Report | | 05/02/2016 |

3 Enterprise Compliance Risk Management – What/Why Important? (1/2)
Firm-wide approach to Compliance FBOs – US extensions of parents FBOs are part of parent’s global network Fed’s SR 08-8: “Compliance Risk Management Programs and Oversight at Large Banking Organizations with Complex Compliance Profiles” Issued in 2008—expected to be revised in 2019. Sets, at least, four key expectations regarding Compliance Programs. Compliance Independence Universally important (see Basel 2005 Compliance paper) Compliance Monitoring & Testing How do you know it’s working? Board & Executive Oversight Demands accountability, sets culture 4½ Conduct, Data Integrity, Sustainable Demands accountability, sets culture E. Young AIBACP Keynote

4 Enterprise Compliance Risk Management – What/Why Important? (2/2)
Compliance is a key component of a larger integrated enterprise risk management framework Within the US But also across global network Especially with IT dependencies from HQ Enterprise Risk Management Framework Front Office (1LOD) Conduct (and other 1LOD Controls) Compliance (2LOD) Risk (2LOD) Audit (3LOD) A. Legal & Regulatory Inventory, and Change Management G. Reporting, Analysis, Escalation and Thematic Commentary B. Risk Assessments (factoring RCSAs, audits, exams, etc) F. Compliance Resourcing & Budgeting C. Compliance Control Documents (Policies / Procedures) and Training. Key Components of Compliance Framework E. Surveillance, Monitoring and Testing D. Compliance-Owned Internal Audit & Regulatory Findings. H. Annual Compliance Plan E. Young AIBACP Keynote 4

5 RE-THINKING COMPLIANCE RISK MANAGEMENT CAPABILITY
Silos, Flows and Circles = People, Process and Technology - Governance, Risk Management & Compliance (“GRC) tools enable effective Compliance Risk Management RE-THINKING COMPLIANCE RISK MANAGEMENT CAPABILITY ROLES & RESPONSIBILITY ACCOUNTABLITY MODEL ORGANIZATIONAL STRUCTURE COMMON COMPLIANCE RISK PROCESSES RISK & OBLIGATION IDENTIFICATION ANALYSIS & ASSESSMENT RISK MITIGATION & CONTROL DESIGN CONTROL ACTIVITIES / CORPORATE POLICIES MONITORING, TESTING & ASSURANCE REMEDIATION ACTIONS REPORTING & COMMUNICATION INFORMATION FLOWS & REPORTING CHANNELS REPORTING & ANALYSIS TECHNOLOGY Common taxonomies & processes One Golden source for Compliance data Reporting & Visualization capabilities Data Security & Quality Mgt Repository/ Single source of « truth » Information to support risk decisions Efficiency of Compliance Risk Mgt processes Timely Assess and Report on emerging & changing risks information Avoid duplicate with multiple Assurance Activities across the Company Obtain Quality Risk Information from the Business Have Transparency on Key Risks Keep connect Risk Appetite/Risk profile & GRC efforts Avoid manual and inefficiencies processes Align GRC effort to strategy delivery Cross functional integration & clarity of accountability KEY OBJECTIVES OF GRC Technology 1 2 3 4 5 6 8 7 E. Young AIBACP Keynote

6 Effective people, process and technology = acceptable compliance residual risk
Boards of Directors (and FBO Risk Committees) rely on: High-quality information, to oversee, approve (and certify) Especially whether residual risks are within approved Risk Appetites Key data, metrics and KRIs should be: Consolidated enterprise-wide across entities, business lines, functions Granular, comprehensive and accurate Thematic and risk-based; easily understandable to judge and act DATA INTEGRITY IS ESSENTIAL Key dependencies Information technology, model risk validation, data governance, cyber08- 08). CUSO/IHC Board Orientation Materials| | 05/12/2016 |

7 Effective people, process and technology = effective compliance including DFS 504 certifications and equivalents BSA/AML/Sanctions compliance Is a microcosm of an overall Compliance program An effective enterprise compliance program Enables robust AML/BSA/OFAC compliance DFS 504 codifies whether: AML/BSA/OFAC is robust Comprehensive Reflects an end-to-end, effective set of people, process and technology With data integrity Model validation Controls which can be certified Hypothetical process map of 504 compliance

8 Takeaways Enterprise Compliance Risk Management – IS Important for:
Foreign banking organizations (FBO) in the US – however small, simple, big, complex For BSA/AML/OFAC compliance officers Silos, Flows and Circles = People, Process, and Technology Effective people, process, and technology = acceptable compliance residual risk within an approved Risk Appetite Including BSA/AML/OFAC, e.g., DFS 504 certifications and equivalents Questions and answers CCO Report | | 05/02/2016 |

Download ppt "Association of International Bank Audit"

Similar presentations

Debt Management Strategy: Governance and Transparency

Debt Management Strategy: Governance and Transparency
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems

Control and Accounting Information Systems
Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.

Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Risk Management at ANZ Banking Group Jun 18, 2008 Patrick Zhu Head of Retail Risk China Partnerships.

Risk Management at ANZ Banking Group Jun 18, 2008 Patrick Zhu Head of Retail Risk China Partnerships.
Euseden INTERNAL AUDIT & ASSURANCE SERVICES.

Euseden INTERNAL AUDIT & ASSURANCE SERVICES.
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.

CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.

“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
PAINTING THE FULL PICTURE

PAINTING THE FULL PICTURE
Information Technology Audit

Information Technology Audit
Session No. 3 ICAO Safety Management Standards ICAO SMS Framework

Session No. 3 ICAO Safety Management Standards ICAO SMS Framework
Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.

Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.
WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.

WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.
1.  The views expressed are those of the speaker and do not necessarily reflect the views of the Federal Reserve Board of Governors, or the Federal Reserve.

1.  The views expressed are those of the speaker and do not necessarily reflect the views of the Federal Reserve Board of Governors, or the Federal Reserve.

Similar presentations

Ads by Google