VCM BLOG

Re-Imagining Compliance-Part Two-Winter is Coming, March 15, 2017

March15

 

 

In the popular HBO series “Game of Thrones” one phrase that is repeated often is “Winter is Coming”.   While the true meaning of that phrase will only be known at the time the show reaches its climax, it serves as an ominous warning that change is afoot. The same thing can be said in the banking industry; significant change is coming that will impact the business model of financial institutions.  This will be especially true for community and regional banks and credit unions. There are two forces that are bearing down on the financial services industry that are sure to bring about significant change.  These changes will dramatically impact the role of compliance.

From One Direction- A Significant Market with Needs

The first force that will impact banking is the large number of unbanked and underbanked people in the united states. There are millions of potential customers who have either a limited relationship with financial institutions or no relationship at all as the FDIC showed inn their 2015 study of Unbanked and underbanked populations.[1]

The FDIC has defined Unbanked and underbanked as follows:

“…… many households—referred to in this report as “unbanked”—do not have an account at an insured institution. Additional households have an account, but have also obtained financial services and products from non-bank, alternative financial services (AFS) providers in the prior 12 months. These households are referred to here as “underbanked.”[2]

Per the Corporation for Enterprise Development, there are millions of unbanked and underbanked households across the country.  For example, in 2010 the same organization estimated that 20% of the households in New Jersey are underbanked[3].     The number of unbanked and underbanked people that live within the service areas of financial institutions presents both an opportunity and a level of risk.  As the FDIC pointed out in there May 2016 study “Bank Efforts to serve underbanked and unbanked Communities” the whole banking community is better served when the level of trust and participation is increased[4].

 

 

Why are so Many Unbanked and Underbanked?

The FDIC asks similar of questions every year and the answers have been consistent.  Here are the key observations:

  • The most commonly cited reason was “Do not have enough money to keep in an account.” An estimated 57.4 percent of unbanked households cited this as a reason and 37.8 percent cited it as the main reason.
  • Other commonly cited reasons were “Avoiding a bank gives more privacy,” “Don’t trust banks,” “Bank account fees are too high,” and “Bank account fees are unpredictable.
  • Perceptions of Banks’ Interest The 2015 survey included a new question asked of all households: “How interested are banks in serving households like yours?”
  • The survey results revealed pronounced differences across households.
  • Approximately 16 percent thought that banks were “not at all interested” in serving households like theirs, and the perceptions of the remaining 8 percent were unknown.
  • Unbanked households were substantially less likely than underbanked or fully banked households to perceive that banks were interested in serving households like theirs. More than half (55.8 percent) thought that banks were not at all interested, compared to roughly 17 percent of underbanked households and 12 percent of fully banked households.

 

Ultimately, there are well over 50 million households in America that currently either don’t have a relationship with a bank or have only a minimal one.

In many cases, misperceptions from the point of view of customers and financial institutions keep them apart.  For far too long it has been an axiom that the costs of providing banking services for consumer accounts prevents an acceptable rate of return.  However, through the development and use of new technologies, the costs associated with consumer accounts has significantly declined.

Many of the unbanked and underbanked turn to Money Service Businesses (“MSB’s”) to transaction business. Both the check cashing and money remittance industries handle billions of dollars on an annual basis for their customers.  The fees available to financial institutions willing to provide bank accounts to MSB’s present a significant opportunity for income. Unfortunately, too many institutions still feel the sting of “operation chokepoint” a misguided attempt by regulators to drive MSB’s out of the financial services industry. Financial institutions willing to invest in the proper infrastructure to bank these customers have found the return to be worth the investment.

Without significant competition for the unbanked and underbanked households, financial needs are met by businesses that are predatory.  Financial technology (“Fintech”) companies have set out to change the landscape and to fill the need of this massive pool of potential clients. So far, these efforts have yielded products such as digital wallets, person to person networks (such as PayPal and Venmo), fundraising sites and even remote bill paying. Most recently, there are a number of fintech companies venturing in to the consumer and business loan arena.

From Another Direction- Technology

Advances in technology have made it possible for customers to enjoy many of the services of a bank without actually having a banking relationship. Using a smart phone coupled with software programs, from financial technical companies, people can have access to money at ATM’s, pay bills, receive payroll and buy things, all without having a bank account.

The fact that many of the products that are being developed by fintech companies can be delivered to smartphones should not be lost on financial institutions. The unbanked and underbanked may not have accounts at financial institutions, but almost all of them have a smartphone.   A large percentage of the people who fit into this category are millennials who have become accustomed to conducting business on their smart devices.

A growing number of institutions have recognized the potential benefits of working with fintech companies.  In late 2016, the firm Manatt, Phelps & Phillips, LLP, conducted a survey of banks that have engaged in partnerships with fintech companies and the results are enlightening. There were four key takeaways that are useful to everyone in the banking and fintech sectors when approaching the challenges that come with collaboration:

  • Banks are on board with fintech. At 81%, the overwhelming majority of regional and community banks are currently collaborating with fintechs. In addition, 86% of regional and community bank respondents said that working with fintechs is “absolutely essential” or “very important” for their institution’s success.
  • Lower costs + a better brand = a win-win. For regional and community banks, enhanced mobile capabilities and lower capital and operating costs were highlighted as the benefits of collaborating with fintechs. Fintechs named market credibility and access to customers in regional markets as the main benefits to partnering with banks.
  • Data security remains a challenge. Both banks and fintech companies are highly sensitive to the ways in which data is shared and secured. This means extra attention must be paid to cybersecurity when the two sides collaborate—especially given the cultural mismatch that can exist between them. Despite the optimism among banks for collaboration, preparedness is a large concern. Almost half of regional and community bank respondents said they are just “somewhat prepared” or even “somewhat unprepared” for this kind of partnership.
  • Regulatory concerns remain paramount. For banks and fintech firms, structuring relationships that are regulatory compliant, including, if required, prior regulatory approval, is critical to ensuring success and the opportunity to change the way financial services are ultimately delivered.[5]
  • As partnerships with Fintech firms become more commonplace, so does the need for compliance staff who are fully versed in this area. Compliance staff fully versed in both fintech and regulatory requirements have/will become key figures in an institutions’ ability to offer fintech products that are successful and compliant.

“Winter” is definitely coming- will you be ready?

[1] Estimates from the 2015 survey indicate that 7.0 percent of households in the United States were unbanked in 2015. This proportion represents approximately 9.0 million households. An additional 19.9 percent of U.S. households (24.5 million) were underbanked, meaning that the household had a checking or savings account but also obtained financial products and services outside of the banking system.

[2] FDIC survey of unbanked and underbanked households

[3]See https://cfed.org/assets/pdfs/Most_Unbanked_Places_in_America.pdf  June 2016

[4]Bank Efforts to serve underbanked and unbanked Communities

[5] Fintech comes to Regional and Community Banks- Fintech Finance 2017.

 

Re-Imagining Compliance: Part One, February 27, 2017

Feb27

 

Re-Imagining Compliance- A Three-Part series

Part One – Compliance is here to Stay

Every culture has its own languages and code words. Benign words in one culture can be offensive in another. There was a time when something that was “Phat” was really desirable and cool while there are very few people who would like being called fat! Compliance is one of those words that, depending on the culture, may illicit varying degrees of response. In the culture of financial institutions, the word compliance has some negative associations.   Compliance is often considered an unnecessary and crippling cost of doing business. Many of the rules and regulations that are part of the compliance world are confusing and elusive. For many institutions, has been the dark cloud over attempts to provide new and different services and products.

Despite the many negative connotations that surround compliance in the financial services industry, there are many forces coming together to alter the financial services landscape. These forces can greatly impact the overall view of compliance. In fact, it is increasingly possible to view expenditures in compliance as an investment rather than a simple expense.   In this three-part blog, we ask that you reimagine your approach to compliance.

Why do we have Compliance Regulations?

Many a compliance professionals can tell you about how difficult it is to keep everybody up to date on the many regulations that apply to financial institutions. However, if you ask why exactly do we even have an Equal Credit Opportunity Act or a Home Mortgage Disclosure Act (“HMDA”), it would difficult to get a consensus.   All of the compliance regulations share a very similar origin story.   There was bad or onerous behavior on the part of financial institutions, followed by a public outcry, legislative action to address the bad behavior and then eventually regulations. The history of Regulation B provides a good example:

A Little History

The consumer credit market as we now know it grew up in the time period from World War II and the 1960’s.  It was during this time that the market for mortgages grew and developed and became the accepted means for acquiring property, financing businesses, developing wealth and upward mobility.  By the late 1960’s the consumer credit market was booming.

The Equal Credit Opportunity Act (“ECOA”) and regulation B are not nearly as old as you might think. In fact, the first attempt at regulating credit access was the Consumer Credit Protection Act of 1968.  This legislation was passed to protect consumer credit rights that up to that point been largely ignored.  The 1968 regulation was passed as the result of continuing growth in consumer credit and its effects on the economy.  For example, in the year before the regulation was passed, consumers were paying fees and interest that equaled the government’s payments on the national debt!  One of the goals of the Consumer Credit Protection Act was to protect consumer rights and to preserve the consumer credit industry.

The Civil Rights Movement was occurring at the same time as the passage of the CCPA and in 1968, the Fair Housing Act was passed by Congress.  The FHA was designed to assist communities that that had been excluded from credit markets obtain access to credit.  We will discuss the Fair Housing Act in more detail next month.

One of the things that the CCPA did was to empanel a commission of Congress called the National Commission on Consumer Finance.  This commission was directed to hold hearings about the structure and operation of the consumer credit industry.

Unintended Consequences

While performing the duties they were assigned, the members of the National Commission on Consumer Finance conducted several hearings about the credit approval process for consumer loans.  The stories and anecdotes from these hearings raised a tremendous public outcry about the behavior of banks and financial institutions that were in the business of granting credit.   One of the common themes of the testimonies given was that women and minorities were being left behind when it came to the growth of the consumer credit market.  Public pressure forced additional hearings on the consumer credit market, and the evidence showed that women in particular and minorities in general were being given unfair and unequal treatment by banks.

What was Going On? 

So what were banks doing that was a cause of concern?  There were several practices that had become normal and regular for banks when the applicant for consumer credit was a woman or a member of a racial minority group.

Women had more difficulty than men in obtaining or maintaining credit, more frequently were asked embarrassing questions when applying for credit, and more frequently were required to have cosigners or extra collateral.   When a divorced or single woman applied for credit she was immediately asked questions about her life choices, sexual habits, and various other personal information that was both irrelevant to the credit decision and not asked of men.

Racial minorities had difficulty even obtaining credit applications let alone credit approvals.  In cases, where members of minority groups attempted to get a loan applicant, there were either told that the bank was not making consumer loans, or that the area that the person lived was outside of the lending area of the bank.

For applicants that receive public assistance, child support of alimony, banks would not consider these as sources of income under the theory that they were temporary and might disappear.

Despite being subjected to embarrassing or incorrect information, in the cases where women and minorities persisted and completed a credit applications, banks would drag out the process for interminable time periods and would engage in strong efforts to discourage the applicant from going forward.

In many cases, when a person lived in a neighborhood that was predominately comprised of minorities, the borrower was told that the collateral did not have enough value without further explanation.  

The ECOA

Though these stories created a great deal of interest, the CCPA was not amended until 1974 when the first Equal Credit Opportunity Act was passed.  This Act prevented discrimination in credit based on sex and marital status.

Why are there a Regulation B and the ECOA?

The development of the consumer credit market brought with it a series of bad behaviors that directly and negatively impacted the ability of women and minorities to obtain credit.   These behaviors included asking women to check with their husbands before getting a loan, denying a single woman credit, discouraging minorities from applying for credit and outright refusal to grant credit.

The law and regulation are designed to open credit to all who are worthy by limiting practices that unfairly exclude groups of people and by making sure that applicants are fairly informed of the reasons for a denial.

The regulations exist because there was bad behavior that was not being addressed by the industry alone. Many of the compliance regulations share the same origin story.

Compliance is not all Bad

Sometimes, we are caught up on focusing on the negative to the point that it is hard to see the overall impact of bank regulations.   One of the positive effects of compliance regulations is they go a long way toward “leveling the playing field” among banks.   RESPA (the Real Estate Settlement Procedures Act) provides a good example.  The focus of this regulation is to get financial institutions to disclose the costs of getting a mortgage in the same format throughout the country.   The real costs associated with a mortgage and any deals a bank has with third parties, the amount that is being charged for insurance taxes and professional reports that are being obtained all have to be listed in the same way for all potential lenders.  In this manner, the borrower is supposed to be able to line up the offers and compare costs.  This is ultimately good news for community banks.  The public gets a chance to see what exactly your lending program is and how it compares to your competitors.  The overall effect of this legislation is to make it harder for unscrupulous lending outfits to make outrageous claims about the costs of their mortgages.   This begins to level the playing field for all banks.  The public report requirements for the Community Reinvestment Act and the Home Mortgage Disclosure Act can result in positive information about your bank.    A strong record of lending within the assessment area and focusing on reinvigoration of neighborhoods is a certainly a positive for the bank’s reputation.  The overall effects of the regulations and should be viewed as a positive.

Protections not just for Customers

In some cases, consumer regulations provide protection not just for consumers but also for banks.  The most recent qualifying mortgage and ability to repay rules present a good case.  These rules are designed to require additional disclosures for borrowers that have loans with high interest rates.   In addition to the disclosure requirements, the regulations establish a safe harbor for banks that make loans within the “qualifying mortgage” limits.  This part of the regulation provides strong protection for banks.  The ability to repay rules establish that when a bank makes a loan below the established loan to value and debt to income levels, then the bank will enjoy the presumption that the loan was made in good faith.  This presumption is very valuable in that It can greatly reduce the litigation costs associated with mortgage loans.  Moreover, if a bank makes only “qualifying mortgages’ the level of regulatory scrutiny will likely be lower than in the instance of banks that make high priced loans.

Compliance regulations will no doubt be a part of doing business in the financial industry for the foreseeable future.   However, all is not Considering a strategy that embraces the regulatory structure as an overall positive will allow management to start to re-imagine compliance and consider greater investment.   In our next blog, we will discuss the forces that are converging to make the return on investment in compliance strong.

Strategic Risk- a top Consideration in 2017, February 2, 2017

Feb2

 

For many financial institutions as January ends, the implementation phase of plans begins. As you put the finishing touches on your plans and give it one last look, among the critical things to consider should be your assessment of strategic risk. For the prudential regulators (the FDIC, the Federal Reserve, the OCC and the CFPB), strategic risk has become the preeminent issue, as indicated in public statements, guidance and planned supervisory focus documents. The main issue driving strategic risk is the convergence of unbanked/underbanked people, the growth of financial technology (” fintech”) firms and shrinking demand for traditional lending. And to paraphrase the comments of Comptroller of the Currency Thomas Curry, those who fail to innovate are doomed.

Strategic risk is generally defined as:

Strategic risk is a function of business decisions, the execution of those decisions, and resources deployed against strategies. It also includes responsiveness to changes in the internal and external operating environments.[1]

The OCC’s Safety and Soundness Handbook- Corporate Guidance section discusses strategic risk as follows:

The board and senior management, collectively, are the key decision makers that drive the strategic direction of the bank and establish governance principles. The absence of appropriate governance in the bank’s decision-making process and implementation of decisions can have wide-ranging consequences. The consequences may include missed business opportunities, losses, failure to comply with laws and regulations resulting in civil money penalties (CMP), and unsafe or unsound bank operations that could lead to enforcement actions or inadequate capital.[2]

More to the point, strategic risk today is the difference between being able to “think outside the box” and being mired in tradition.   Banking as we know it is being disrupted by technology. There are many customers who have never had bank accounts and an equally large number of people who use banks on a limited basis. Many fintech firms have been founded specifically to offer products that meet the needs of these customers. Products such as online lending, stored value and bill payments are here to stay and they are changing the places customers look to fill their banking needs.

Both the FDIC and the OCC in their annual statements recognized the need to address strategic risk and will be looking at the institutions they regulate to determine the level of consideration of this risk. [3]

So, what does consideration of strategic risk look like? It means consideration of new types of products, customers and sources of income. It also means reimagining compliance.

Types of Products

Today a traditional financial institution offers a range of deposit products, consumer loans and commercial loans traditional loans. Tomorrows’ bank will offer digital wallets, stored value accounts, and financing that is tailored to the needs of customers. Loans with terms like $7,200 with a 7-month term which are not economically feasible, will be commonplace soon. Commercial loans will come with access to business management websites that offer consultation for the active entrepreneur, savings account will be attached to the digital profile of the customer. Banking will be done from the iPad or another digital device.   Your institution can be part of this updated version of banking or continue to suffer declines as your current customer base grows old and disappears.   Consider deciding which fintech companies will allow your bank to offer a full range of products that have not yet been offered. No need to reinvent the wheel, simply join forces

Types of Customers

The number of customers that are available for traditional commercial lending products is a finite pool and there is tremendous competition for these customers. However, for financial institutions that are willing to rethink the lending process there are entrepreneurs and small businesses that are seeking funding in nontraditional places. Fintech companies have developed alternative credit scoring that is highly accurate and predictive. Consider partnering with these firms to allow underwriting of nontraditional loan products.

The dreaded “MSB” word

In the early part of this decade we experienced the unfortunate effects of “operation chokepoint” a regulatory policy specifically aimed at subjecting MSB’s to strict scrutiny. Many financial institutions ceased offering accounts to these businesses. The law of unintended consequences was invoked as many of the people who used the MSB’s were left without financial services. Even today there are sizable communities of people are still hurt by the inability to get financial services. More importantly, financial institutions are missing the opportunity to develop fee income, expand their customer base and reshape the business plan.

MSB’s facilitate a huge flow of funds that flow throughout the world in one form or another and the more financial institutions are a part of that flow, the safer and more efficient it will be. MSB’s provide an extremely important service that will be filled one way or another- why not be part of it? [4]

 

Compliance as an investment

When considering overall strategic risk, an institution must balance risk levels with the systems in place to mitigate that risk. New products and different types of customers carry with them different levels and types of risk. Your system for risk management and compliance must be up to the task of administrating new challenges.   The traditional planning process considers the compliance program only after the products and customers have been determined. A proactive approach to risk would consider expanding the resources and capabilities of the compliance department to an end; adding products and services that can breathe economic life into your institution.

When the ability to monitor, and administrate new products and customers is acquired by the compliance program, your financial institution can grow and expand. Now is the time to start thinking of compliance as an investment rather than an expense.   This of course requires an investment in compliance, but the return is well worth it.

[1]Businessdirectory.com

[2] OCC Comptrollers Handbook-Safety & Soundness- Corporate Risk management

[3] OCC Report Discusses Risks Facing National Banks and Federal Savings Associations

WASHINGTON — The Office of the Comptroller of the Currency (OCC) reported strategic, credit, operational, and compliance risks remain top concerns in its Semiannual Risk Perspective for Fall 2016, released today.

 

[4] Per the world bank High-income countries are the main source of remittances. The United States is by far the largest, with an estimated $ 56.3 billion in recorded outflows in 2014. Saudi Arabia ranks as the second largest, followed by the Russia, Switzerland, Germany, United Arab Emirates, and Kuwait. The six Gulf Cooperation Council countries accounted for $98 billion in outward remittance flows in 2014.

Aligning Your Compliance Department with Risk, January 26, 2017

Jan18

 

There are many reasons financial intuitions suffer through periods of poor compliance performance. The causes for these problems are myriad. One of the key contributors to compliance woes is often overlooked. When resources in the compliance department are misaligned or inadequate, trouble is bound to follow. Inadequate resources result from not just a small compliance staff, but also instances of “over-compliance”.   Misaligned staff occurs when your institution’s risk assessment fails to identify the highest risks or is not used as part of the compliance planning process.

Inadequate Resources

Too few resources can result from many different sources including:

  • Training – Online training is a good first start for helping staff understand the basics of compliance. These courses are cost effective and provide good basic information about various topics in compliance. However, training that includes some in-person components tends to be more effective. In-person classes allow staff to review case studies, ask in-depth questions and gain a more complete understanding of the rationale for regulations. In addition, these types of classes significantly increase the retention for participants.
  • Software used for monitoring – Determine whether your software provider effectively helps you monitor compliance activities. Many compliance officers “take what they get” from their software providers and make do with the reports that get generated. Having a discussion with your vendor can result in significant changes. Software providers have significant resources including the ability to tailor the report you receive to meet specific needs. If the reports that are generated create more work than they resolve questions, now is good time to have a discussion with your software provider.
  • Compliance officer overburdened – Compliance has become a full-time occupation. In addition to constant reporting requirements there are nuances to the position that require the full focus and attention of the compliance officer.   Despite these requirements, there are many compliance officers that serve in various capacities in addition to their compliance duties.   When a compliance officer is overburdened, the compliance program suffers. Attention can only be addressed toward the pressing issues of the moment. Potential problems are left for consideration at the time they have become compliance violations.
  • Too Much Unnecessary information – In some cases, it is possible to engage in “over-compliance”, meaning developing data bases that are simply too large to effectively review and interpret. For example, some institutions make a habit of filing Suspicious Activity Reports on all clients that have even a whiff of questionable activity. Alternatively, some institutions include a large portion of their customer base as high risk customers. The sentiment for taking this course of action is understandable- a conservative approach to risk. However, the net result of taking such an approach is information overload. Massive amounts of data are presented to compliance staff rendering them unable to keep up and the process gets overwhelmed.

 

Misaligned Compliance

Compliance resources are limited in almost all institutions.   This is also true in the regulatory agencies that supervise financial institutions. Therefore, the regulatory institutions take the risk based approach to supervision.   The goal of the risk based approach is not to necessary catch every flaw in a compliance system. The idea is that the areas of greatest risk should receive the most attention. The same philosophy is at the heart of the compliance rating system announced by the FFIEC.   The effectiveness of the compliance program will be reviewed and rated. Individual findings of low importance will still be addressed, but put into an overall context of risk. The point is that the areas with the highest risk should get the most attention.

At your institution, one of the ways to make your compliance program most effective is to concentrate on the highest levels of risk.   You can do this be “letting go” in some cases and focusing on others. One of the areas that is illustrative is an institution with many Suspicious Activity Reports.   For example, in this case the institution has $1 billion in assets that writes SARS on over 70 clients a month.   The SAR process requires that each of these SAR reports has a follow-up at 90 days. The SAR reports describe activity that such as structuring and potential tax evasion. The compliance team at this institution has determined that all potential structuring activity will result in a SAR.   The institution quickly finds out that the time that is taken by filing SARS and following up on them leaves little time to research the customer and to determine if there are business reasons for the activity that is viewed as suspicious.   The number of SARs continues to grow while the amount of time that is spent on research of individual customers continues to shrink. Eventually SARs are filed late and compliance concerns are noted by the regulators.

In the above instance, a re-alignment of compliance resources would focus on getting to “know your customer”. By doing research on the customer and talking to them, the activity may not be suspicious at all. For example, one customer deposits cash in amounts between $8,000 and $9,300 every two days. This pattern may not be structuring at all if the customer is a small store that can prove the deposits are the actual cash receipts for the day. The compliance team could ask the customer to report cash sales weekly, match the results with the deposits and have a level of comfort that structuring was not taking place. Without a proper balance between KYC and SAR reporting, a compliance team can engage in a death spiral that included excessive SAR filing and inadequate research.

Compliance programs should look for the root cause of a concern and address that root cause rather than attempt to apply “bandages” when findings are noted.   Training programs that help staff learn about the financial needs of the client base are also an effective means to aligned compliance resources. If your institution does not offer credit cards, then course information on these products could be reduced in exchange for information on current products.

Aligning Compliance to Risk

The compliance risk assessment is the best place to start the alignment of compliance risk to resources. Developing a comprehensive and effective compliance risk assessment will allow the institution to identify the greatest areas of risk and to direct resources to those areas.

 

Some Items to Consider for Your Audit Scope, January 18, 2017

Jan18

 

As you prepare your annual audit schedule, a task that can often seem mundane, there are significant opportunities to take charge and “change the game”.   The schedule is often set by focusing on the number of audits that must be completed within the year. The bulk of the planning attention goes to the task of scheduling the audits in a manner that is least disruptive.   There is often little attention paid to the construction of the components of the audit scope.   Consider building the scope of the audits around the results of your risk assessment and you can greatly enhance the effectiveness of the audit reports.

The Standard Menu

Outsourced internal audit firms design the scopes for the audits that they conduct based upon their knowledge of auditing, regulatory trends, best practices and the overall knowledge of their staff. This practice allows the firms to bring a wealth of experience and important information from outside of the financial institutions that they are reviewing.   When your audit firm presents you the scope that they propose it is based upon completely external actors and considerations. This is not a criticism of the firm, it is a standard practice.   However, setting of the scope for internal audits is really supposed to be a collaborative effort, and both the audit firm and your institution are best served by developing the scope for audits together, after all, who knows the strengths and weaknesses of your institution better than the management? To get the biggest bang for your buck, why not tie the audit scope into the results of your risk assessment?

The Risk Assessment and the Internal Audit

An effective risk assessment of your compliance program can be an excellent source document for various things including budgeting requests for additional resources and scoping of audits.   Completing the assessment includes considering the inherent risk at your institution, the internal controls that have been established to address risk and a determination of the residual risk.   The process is intended to be one of self-reflection and consideration of the areas of potential weakness. For those areas that have the potential to be a problem, the best practice is to make sure they are included in the scope of an audit. Audit firms are more than happy to work with the management of the institutions they are reviewing on developing a scope. One of the crucial goals of the audit is to uncover areas where there are weaknesses in internal controls. For example, in your risk assessment, you may have noted a large number or errors in disclosures for new accounts. This should be a focus for the internal auditors when the compliance audit is performed.

Root Causes

An area that is often overlooked in audits is a discussion of the root causes for findings. For every violation or a problem noted during an examination or audit, there is a reason the violation occurred. Ineffective training, incomplete written procedures, poor communication or incompetence are all possible causes of a finding. Getting feedback from the auditors on the root cause of a problem allows the remediation to be most effective. One of the main reasons for repeat findings is ineffective remediation.

Future or Strategic Risks

The environment for banking is going through significant change as fintech companies have begun to make inroads into the financial markets. Financial institutions should consider whether their current systems, business plans and infrastructure is well positioned to meet the annual goals. External audit firms can be a very good source of information for industry trends and ideas.   Building a consideration of both future and strategic risks into the scope of the audit can yield significant benefits.

Self-Policing and the New Compliance Ratings

One of the main reasons to expand the scope of your audits is to take advantage of the new compliance ratings systems that take effect in March of 2017. The new ratings will consider the Board and management oversight, strength of the compliance program as well as the potential for consumer harm. These new ratings will put an increased premium on an institutions ability to self-police potential violations. The ability of a financial institution to identify problems, determine the root cause and to remediate the problem will have a large impact of the overall rating of the institution. By setting the scope of your audits to help self -police, your institution can take full advantage of the new ratings system.

 

Your Partner in Balancing Compliance