2. 1 US Regulatory/Compliance Orientation  WHAT TO EXPECT FROM AN EXAMINATION  HOW TO PREPARE JULY 16, 2007

3. 2 DISCUSSION POINTS  Supervisors  FBO Risk Focused Supervision  SOSA Ranking  ROCA Rating  RFI/C (D) Rating  CAMELS Rating

4. 3 FBO SUPERVISORS  FBOs’ potential US regulators FEDERAL RESERVE BANKS (FED) OFFICE OF THE COMPTROLLER OF THE CURRENCY (OCC) FEDERAL DEPOSIT INSURANCE CORPORATION (FDIC) STATE BANKING DEPARTMENTS THE SECURITIES & EXCHANGE COMMISSION (SEC)

5. 4 FBO SUPERVISORS - continued  Regulator determined by charter: Branches, agencies, and banks can have a Federal or State charter  Federal chartered institution is regulated by OCC  State chartered institution regulated by the appropriate Sate Banking Department If a branch or bank has federal deposit insurance, the FDIC also has a regulatory role Broker/dealers and other financial nonbanks are regulated by the SEC

6. 5 Examination Cycle  Smaller institutions < $250 million  Larger institutions > $250 million  Ratings matter  Joint vs. alternate year examinations  18 vs. 12 month cycle

7. 6 Examination Procedures  On-site planning  Scope development  Prepare First Day Letter  Staff needs determined  On-site examination  Report writing and vetting  Exit meeting with management

8. 7 FOCUS  Numbers? Profits?  Ability to rely upon Internal Audit Independence Qualifications of personnel Senior management cooperation Audit program standards Annual audit plan Quality Control Scope of Audits

9. 8 Results of Planning  Risk Matrix/Assessment  Scope  First Day Letter

10. 9 Effective Planning  On-going supervisory concerns  Prior examination report & transmittal letter  Management’s response to the report  Supervisory actions?  Specialty exams?  Pending applications?  Regulatory Reports  Public information

11. 10 Preparation of First Day Letter  Prepare in advance of examiners arrival  Liaison Officer’s duties Central point for information requests Examiner room Supplies Secure facilities Arrange meetings

12. 11 FBO SUPERVISION PROGRAM Systematic, coordinated approach to the supervising of US operations of Foreign Banking Organizations includes:  SOSA = Strength of Support Assessment of the FBO  ROCA = Rating system for branches and agencies: Risk Management, Operational Controls, Compliance & Asset Quality  Combined Rating = Based on ROCA rating  Continuous Monitoring = Regulatory reporting and periodic visits SR Letter 00-14

13. 12 STRENGTH-OF-SUPPORT ASSESSMENT (SOSA)  Analysis starts with an Institutional Profile based on rating agency reports, annual and interim reports, interviews & meetings, and public information.  Assesses FBO’s ability to support US operations  Places US operations in a larger context  Aids risk focused exam process by highlighting FBOs warranting higher levels of supervisory attention  Disclosed to Institution and Home Supervisor

14. 13 SOSA RANKINGS  “1” = low risk that FBO will be unable to support its US Operations  “2” = more than normal review warranted  “3” = significant weaknesses apparent

15. 14 SOSA RANKINGS - Continued Characteristics of “1”  Investment Grade  Meet or exceeds international capital standards  Ample access to US Dollar funding  No concerns with home country support & supervision or transfer risk Characteristics of “2”  Non-investment grade  Does not meet international capital standards  Mitigating factors – home country support and supervision – transfer risk concerns Characteristics of “3”  Seriously deficient financial profile (government/outside support maybe required)  Lack of supervisory oversight and support  Significant transfer risk  FBO may be unable to honor US Obligations

16. 15 ROCA RATING SYSTEM  R isk Management  O perational Controls  C ompliance  A sset Quality  We also assign a Composite Rating  Used for Branches and Agencies  Scale 1-5

17. 16 “R”- RISK MANAGEMENT  Process of identifying, measuring, controlling, monitoring, and reporting various risks Credit Market Liquidity Operational Reputational Legal

18. 17 “O”- OPERATIONAL CONTROLS  Evaluates the effectiveness of all operational controls –  Internal/External Audit  Information Technology/Security  Funds Transfer  Accounting

19. 18 “O”- OPERATIONAL CONTROLS CON’D Internal audit frequency & scope – how often, what areas? adequacy of program – does it cover all areas? head office approval – oversight? independence of reporting line? risk sensitive – focus on areas of greater risk? staffing size and appropriate expertise? audit reporting process timely reports, findings, opinion of controls tracking responses/resolutions and escalation process

20. 19 o External audit reports will be reviewed  Financial audit required annually of insured branches over $500 million  Other “agreed upon procedures.” o Information Technology/Security o Appropriate access to system o Proper controls to ensure customer privacy, and the integrity of the data o Availability of the systems “O”- OPERATIONAL CONTROLS CON’D

21. 20 “O”- OPERATIONAL CONTROLS CON’D o Funds transfer  proper authorization  segregation of duties o Accounting, financial & general ledger  safeguards over assets and records  chart of accounts  segregation of duties  suspense, receivable, dormant, other accounts, reconciliations

22. 21 “C”- COMPLIANCE  Extent of compliance with and understanding of U.S. laws & regulations  Policies and procedures  Staff training  Regulatory Reporting  Management responsiveness & openness  Involvement of internal audit  Independent compliance officer

23. 22 “C”- COMPLIANCE CONT’D  Laws and Regulation  USA Patriot Act AML/BSA  OFAC - U.S. Treasury rules, dealings with selected foreigners.  Reg K - FBOs in the US; legal lending limit  Reg D - IBF requirements; reserve requirements  Asset Pledge/Maintenance

24. 23 “A” - ASSET QUALITY  Numerically driven, unlike “R”  Reflects level, trend and severity of problem credits  Policies, Procedures, Credit Files, Watch Lists, and Credit Administration  Ratings of Special Mention, Sub- Standard, Doubtful, Loss changing with introduction of Basel II – awaiting final guidance

25. 24 “A”- ASSET QUALITY CONT’D  Allowance for loan losses Branches not required to maintain general reserves Must have in place robust system of identifying losses and either charging them off or setting aside specific reserves for regulatory reporting purposes

26. 25 RATING’S DEFINITIONS  1 -- Strong in every respect; requires only normal supervisory attention.  2 -- Satisfactory condition; may have modest weaknesses correctable in normal course of business; normal supervisory attention

27. 26 COMPOSITE RATING CONT’D  3 -- Fair; exhibit combination of weaknesses that cause supervisory concern; requires more than normal supervision.

28. 27 COMPOSITE RATING CONT’D  4 -- Marginal; serious weaknesses reflected in the components; unsafe & unsound banking practices or operations exist; requires close supervisory monitoring, definitive action by management  5-- Unsatisfactory; high level of severe weaknesses or unsafe, unsound conditions; need urgent restructuring by management

29. 28 RFI/C (D) RATING SYSTEM  R isk Management  F inancial Condition  I mpact  C omposite  D epository Institution  Used for Bank Holding Companies  Scale 1-5  See SR Letter 04-18

30. 29 “R” RISK MANAGEMENT RATING Four subcomponent ratings of “R” I. Board and Senior Management Oversight II. Policies, Procedures, and Limits III. Risk Monitoring and Management Information Systems IV. Internal Controls

31. 30 FINANCIAL CONDITION RATING  Evaluate the consolidated organization’s financial strength, inclusive of the Parent Company and non-depository institutions  Focus on ability of the BHC’s resource to support the risks associated with its activities  Evaluate and assign ratings to the four subcomponents of the “F” rating (Capital, Earnings, Asset Quality, Liquidity)

32. 31 IMPACT RATING  Assess impact of non-depository entities and parent on the depository institutions  Evaluate both risk management/ controls and financial condition of the non- depository entities Do the non-depository entities provide services to depository institution, are they critical services?  Consider current and potential issues in overall assessment Potential issues include: growth plans, new products/services to both 3 rd parties, and related depository institution(s)

33. 32 COMPOSITE RATING  Represents the overall assessment  Encompasses both a forward- looking and static assessment of the consolidated BHC  Reflects examiner judgment with regard to the relative importance of each RFI component (not an average)

34. 33 DEPOSITORY INSTITUTIONS RATING  “D” rating stands outside of the composite rating  Accept the primary/functional regulator’s CAMELS rating  Multi-bank holding company where there are different ratings?  Weighted average of composite ratings scheme, but ambiguous

35. 34 “ CAMELS” RATING SYSTEM  C apital Adequacy  A sset Quality  M anagement  E arnings  L iquidity  S ensitivity to Market Risks  We also assign a Composite Rating  Used for Financial Institutions  Scale 1-5

36. 35 OTHER ITEMS  Confidentiality of information  Examination ratings are not negotiated, rather vetted in our offices for uniformity  Examiners do expect management to resolve problems and issues – ideally prior to the examination  Ask rather than guess

37. 36 RESOURCES  FOR Manuals: www.federalreserve.gov/boarddocs/supmanual/  FOR SR Letters: www.federalreserve.gov/boarddocs/srletters

38. 37 Questions

39. 38 Margaret (Meg) L. Bonner Senior Examiner/Relationship Specialist Federal Reserve Bank of NY margaret.bonner@ny.frb.org 212 (or 646) 720 -2615 margaret.bonner@ny.frb.org Warren Hochbaum Assistant Deputy Superintendent of Banks New York State Banking Department warren.hochbaum@banking.state.ny.us 212 709-1599