2016 IBA Compliance Compliance Officer Presentation Final ...
Transcript of 2016 IBA Compliance Compliance Officer Presentation Final ...
The Bank Compliance Officer Role: A Trajectory over TimeIncreasing Visibility and InfluenceExpanding Topic Matter and Responsibility
Phone: 515-689-2114
You Tube: https://www.youtube.com/channel/UC8L_SrabonOYLPQ0FW96o4A
Trajectory of One Compliance Officer
Bank Examiner in Iowa
Consultant
Very Large Bank and Mortgage Company
Community Bank between $1billion and $5 billion
Mortgage Originations Service Provider
Consultant
How Has The Role Changed?
How many have seen "scope creep" or additional
areas of oversight added your roles since 2008?
What contributed to this?
What new areas of responsibility have you assumed?
What challenges have you faced?
Do you have days where you feel like…
”
“ …You Never Know
What You Will Get?
Think of it as…
entertaining chaos
Will it be dry?
Business as
Usual (BAU)
Will it be snowy?
Prepare for winter
Will it be
muddy?
Triage
Material
We Will
Cover
Visibility and Influence of Role:
Evolution of Compliance Officer duties
Evolution of Skillset
Expanding Topic Matter:
Operational Risk
Conduct risk, Governance, Cultural Change
Cyber security
UDAAP
Anti-money laundering and BSA
Technology and data integrity
Change Management
Third Party Management
Practical Matters:
Three Lines of Defense
How to Keep Up
Reprioritizing
Triage
Evolution of Compliance Officer Role
Legacy Role
Focus on technical knowledge of regulations
Low visibility and limited interface with business
leaders and technology
Not an influential role
Detail oriented - testing and checklists
Siloed or bolted on to business process
Rigid definition of “compliance”
Focused on identifying errors and driving
remediation
Staying abreast meant reading proposed and
final rules
Evolved Role
Technical knowledge still important but within the
context of business process
High visibility and frequent interface with business
leaders and technology
Highly influential role
Big picture oriented
Integrated with business process
Elastic definition of “compliance”
Focused on collaborating with operations when
they self identify errors
Staying abreast expanded to monitoring and
understanding enforcement action
From Check the Box to Strategic Partner
Visibility and Influence
What Skills do I Need?
Cross-functional experience is becoming a requirement
A track record in delivering change
Ability to independently engage, question and drive resolution – Credible Challenge
Strategy and big picture
Cultural awareness and change
Relationships and collaboration
More emphasis on finding efficiencies
New Topics and
Territory …
Compliance is evolving
toward a more
integrated, enterprise
role.
BEING PREPARED
FOR - YOU NEVER
KNOW WHAT YOU
WILL GET…
Operational Risk
Operational risk is the prospect of loss resulting from inadequate or failed
procedures, systems or policies. Employee errors. Systems failures. Fraud
or other criminal activity. Any event that disrupts business processes.
Need deeper understanding of operational risk
Understand your bank’s operations in all areas
Compliance issues are born of operational risk
Implement root cause analysis, identify trends, develop measurements
and metrics
Cybersecurity
Interconnectedness with Third Parties Biggest Risk – Internet of Things https://motherboard.vice.com/read/15-million-connected-cameras-ddos-botnet-brian-krebs
FFIEC Cybersecurity Assessment Tool (CAT) https://www.ffiec.gov/cyberassessmenttool.htm
Dwolla Enforcement – CFPB received no complaints to trigger http://www.consumerfinance.gov/about-us/newsroom/cfpb-takes-action-against-dwolla-for-misrepresenting-data-security-practices/
Incident Response
Education! 25% of people who get phishing emails open them and 11% click on links
FDIC Board Vignettes for BOD Training https://www.fdic.gov/regulations/resources/director/technical/cyber/purpose.html
Technology and Data Integrity
Understand your bank’s technology infrastructure and data
flows
Be aware of software releases in critical systems and ensure
they are tested, implemented, tested again
Make sure data you rely on for reporting is good – garbage in
garbage out
Leverage technology wherever you can
BSA
BSA is inextricably tied to fraud – look for ways to reduce duplication, create
synergy
Personal Liability
FinCEN’s final rule on Customer Due Diligence Requirements for Financial Institutions
https://www.federalregister.gov/articles/2016/05/11/2016-10567/customer-due-
diligence-requirements-for-financial-institutions
New rule does not require that CDD verification steps be identical to CIP requirements
Covered financial institutions have until May 11, 2018 to implement
The rule is not retroactive; it does not require a “lookback” for existing
customers, unless those customers experience a triggering event.
Conduct Risk, Governance, Cultural Change
Conduct Risk
Whistleblower duties (Code of Ethics)
Formality of governance
Reporting to Board – Dashboards and Metrics
Culture of Compliance
UDAAP
Military Lending (MLA)
Elderly
Students
Disabled
Digital Accessibility
UDAAP
Change Management
Project Management
Challenges in defining “Project”
Technology Change Management
Technology Releases again – monitor and ensure they
receive appropriate prioritization
Regulatory Change Management
Leverage project management process
Regulatory Change Management Tool Requirements and Project Committee Comments Regarding Impact
Item NumberAgency or
EntityTitle of Rule
Short
DescriptionEffective Date Risk Level
Link to
Legislation /
Material
Responsible
Party
Requirements Due
By
Project
Reference or
Link
Compliance and
RiskLending
Facilities and
OpsTechnology Deposits
High Level
Status
1 CFPB Regulatory
Agencies
2016 E-Alerts
CFPB – Annual
Threshold
Adjustments for
2017
The Bureau of
Consumer
Financial
Protection
(CFPB) issued
a final rule
amending the
regulatory text
…..
01/01/17 Low http://www.con
sumerfinance.g
ov/about-
us/newsroom/c
onsumer-
financial-
protection-
bureau-
announces-
annual-dollar-
thresholds-
truth-lending-
act-regulations-
certain-credit-
transactions/
12/01/16 June 4, 2016
MMR
COMPLETED
NO IMPACT
Third Party Management
Oversee the program, ensure it is sound
Make sure contracts include key areas outlined in
regulatory guidance – the OCC guidance lays this out
well https://www.occ.gov/news-
issuances/bulletins/2013/bulletin-2013-29.html
Leverage BCP/Business Impact Analysis
Consider forming a committee to review and approve
new third party relationships
Three Lines of Defense
Trickle down of three lines of defense from heightened standards for
large banks – which speaks to clarity of roles and formality of risk
management system. http://www.occ.gov/news-issuances/news-
releases/2014/nr-occ-2014-4a.pdf
Implementing preventive controls into first line of defense and
assigning ownership of risks creates efficiencies across the
organization
Given that compliance officers are responsible for more and more,
clarity in their oversight role within second line of defense is critical
There is a push for integrated risk management structures from both a
regulatory and an efficiency perspective
How to Keep Up
Collaborate
Build network
Subscription tools
Associations
Don’t get caught in the “too busy” trap
Technology – Continuous monitoring is replacing periodic review. Instant notification vs. waiting for 2nd/3rd lines of defense.
Creative solutions to resource challenges – cross department, interns
Importance vs Urgency http://www.businessinsider.com/dwight-eisenhower-nailed-a-major-insight-about-productivity-2014-4
Prioritizing
Make Your Lists
Master List, Today List, This Week List,
Review your lists
Recalibrate
Regular meetings
Coaching
Triage and Reprioritizing
Back to importance vs urgency
Start with your lists and recalibrate
Some examples of when you have to stop the bleeding
Fraud cases
Code of Ethics Violations
UDAAP
Reimbursables
Discriminatory Practices
Regulatory Action
Conclusion
Take advantage of the opportunities in “You Never Know What You Will Get”
Learn the big picture and keep it in mind when prioritizing
Develop your ability to independently engage, question and drive positive change –
Credible Challenge
Train departments to be first line of defense
Understand and leverage technology
Leverage network, associations, subscription services
Develop relationship with your executive team
Attend training in areas of expanding responsibility
Questions?
Phone: 515-689-2114
You Tube: https://www.youtube.com/channel/UC8L_SrabonOYLPQ0FW96o4A