Compliance Management Systems
Transcript of Compliance Management Systems
![Page 1: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/1.jpg)
Compliance Management Systems
A Structure of Excellence
![Page 2: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/2.jpg)
• Jim Bedsole’s Working Definition:
A compliance management system (CMS) is the process used by a financial institution to provide a comprehensive program designed to reasonably ensure compliance with consumer protection laws and related regulations and minimize and remediate violations and instances of consumer harm resulting from violations.
What is a Compliance Management System?
![Page 3: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/3.jpg)
• Uniform Interagency Compliance Rating System (Effective Mar 2017) Defines components – three main categories
Board and Management Oversight
Compliance Program
Violations of Law and Consumer Harm
Establishes risk‐based benchmarks
Provides for consistency and transparency Actionable Incent strong compliance and self‐identification and correction
What is a Compliance Management System?
![Page 4: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/4.jpg)
Board & Management Oversight
Risk Assessment
Policies/ Procedures/ Controls
Systems
TrainingMonitoring
Complaint Management
Independent Testing
Corrective Actions
Compliance Culture
What is a Compliance Management System?
![Page 5: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/5.jpg)
Board & Management Oversight
Risk Assessment
Policies/ Procedures/ Controls
Systems
TrainingMonitoring
Complaint Management
Independent Testing
Corrective Actions
Compliance Culture
What is a Compliance Management System?
![Page 6: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/6.jpg)
Board & Management Oversight
Risk Assessment
Policies/ Procedures/ Controls
Systems
TrainingMonitoring
Complaint Management
Independent Testing
Corrective Actions
Compliance Culture
What is a Compliance Management System?
![Page 7: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/7.jpg)
Board & Management Oversight
Risk Assessment
Policies/ Procedures/ Controls
Systems
TrainingMonitoring
Complaint Management
Independent Testing
Corrective Actions
Compliance Culture
What is a Compliance Management System?
![Page 8: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/8.jpg)
Board & Management Oversight
Risk Assessment
Policies/ Procedures/ Controls
Systems
TrainingMonitoring
Complaint Management
Independent Testing
Corrective Actions
Compliance Culture
What is a Compliance Management System?
![Page 9: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/9.jpg)
Board & Management Oversight
Risk Assessment
Policies/ Procedures/ Controls
Systems
TrainingMonitoring
Complaint Management
Independent Testing
Corrective Actions
Compliance Culture
What is a Compliance Management System?
![Page 10: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/10.jpg)
Board & Management Oversight
Risk Assessment
Policies/ Procedures/ Controls
Systems
TrainingMonitoring
Complaint Management
Independent Testing
Corrective Actions
Compliance Culture
What is a Compliance Management System?
![Page 11: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/11.jpg)
Board & Management Oversight
Risk Assessment
Policies/ Procedures/ Controls
Systems
TrainingMonitoring
Complaint Management
Independent Testing
Corrective Actions
Compliance Culture
What is a Compliance Management System?
![Page 12: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/12.jpg)
Board & Management Oversight
Risk Assessment
Policies/ Procedures/ Controls
Systems
TrainingMonitoring
Complaint Management
Independent Testing
Corrective Actions
Compliance Culture
What is a Compliance Management System?
![Page 13: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/13.jpg)
Board & Management Oversight
Risk Assessment
Policies/ Procedures/ Controls
Systems
TrainingMonitoring
Complaint Management
Independent Testing
Corrective Actions
Compliance Culture
What is a Compliance Management System?
![Page 14: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/14.jpg)
Board & Management Oversight
Risk Assessment
Policies/ Procedures/ Controls
Systems
TrainingMonitoring
Complaint Management
Independent Testing
Corrective Actions
Compliance Culture
What is a Compliance Management System?
![Page 15: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/15.jpg)
Board & Management Oversight
Risk Assessment
Policies/ Procedures/ Controls
Systems
TrainingMonitoring
Complaint Management
Independent Testing
Corrective Actions
Compliance Culture
What is a Compliance Management System?
![Page 16: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/16.jpg)
Board & Management Oversight
Risk Assessment
Policies/ Procedures/ Controls
Systems
TrainingMonitoring
Complaint Management
Independent Testing
Corrective Actions
Compliance Culture
What is a Compliance Management System?
![Page 17: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/17.jpg)
Board & Management Oversight
Risk Assessment
Policies/ Procedures/ Controls
Systems
TrainingMonitoring
Complaint Management
Independent Testing
Corrective Actions
Compliance Culture
What is a Compliance Management System?
![Page 18: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/18.jpg)
CMS in Practice
![Page 19: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/19.jpg)
• Failure to institute clear policies & procedures, lines of communication, and employee training
• Inconsistent investigation processes
• Failure to take corrective action (“sweep it under the rug”)
• Records of complaints and resolution not adequately retained or centralized
CMS Deficiencies – Complaint Management
![Page 20: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/20.jpg)
• Complaint management policy – define what is a complaint, including complaints resolved at point of contact• Monitor complaints from all sources (verbal, written, regulatory, social media)• Training & accountability• Emphasize self‐identification of issues as a positive• Automate where possible• Easy to access complaint recording tools• Centralized review of complaint trends and resolution• Root cause analysis• Open lines of communication at all levels including Board and Management
CMS Deficiencies – Complaint Management
How to avoid:
![Page 21: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/21.jpg)
• Training not tailored to staff roles and responsibilities
• Compliance culture not threaded through product development, marketing, customer service
• Monitoring and/or audit schedule and coverage not aligned with risk assessments and prior audits/exams
• Third party management, oversight, and due diligence not appropriately scaled to risk
CMS Deficiencies – Misappropriately Scaled CMS
![Page 22: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/22.jpg)
• Compliance committee structure – involve all parties who own compliance risk or indirectly address compliance risk
• Align technology for risk assessments, compliance monitoring, and auditing where possible
• Plan internal audits strategically and in alignment with risk profile
CMS Deficiencies – Misappropriately Scaled CMS
How to avoid:
![Page 23: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/23.jpg)
• Policies don’t match procedures and processes
• Required policies are not reviewed, revised, updated, adopted, or maintained
• Policies are a “check‐the‐box” exercise with no real oversight or governance
• Policies and procedures are hard to retrieve, in various formats and locations
CMS Deficiencies – Governance
![Page 24: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/24.jpg)
• Centralize policy management – leverage technology
• Assign policy owner for each policy
• Create and automate policy review schedule
• Ensure regulatory change management includes policy review and revision where needed
• Standardize format
• Don’t use policy templates without appropriate tailoring to your institution
• Policy attestation by affected employees
CMS Deficiencies – Governance
How to avoid:
![Page 25: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/25.jpg)
• Changes are not captured and evaluated for impact (cost, systems, policies & procedures, training, monitoring)
• Action plans are weak or non‐existent• Responsible parties not assigned• Progress due dates not tracked/reported
CMS Deficiencies – Change Management
![Page 26: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/26.jpg)
• Automate tracking
• Spend time analyzing change
• Leverage technology and third parties
• Solid action plans
• Due date tracking and reporting – accountability
• Post‐implementation evaluation – what can we do better next time?
CMS Deficiencies – Change Management
How to avoid:
![Page 27: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/27.jpg)
Build It or Buy It?
![Page 28: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/28.jpg)
What is Unique About Today’s Environment?
![Page 29: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/29.jpg)
Governing body roles: Integrity, leadership, and transparency
Third line roles:Independent and objective assurance and advice on all matters related to the achievement of
objectives
First line roles:Provision of
products/services to clients; managing risk
Second line roles:Expertise, support, monitoring, and challenge on risk‐related matters
Achieving CMS Agility ‐ Three Lines Model
GOVERNING BODYBoard/Audit Committee/Compliance Committee
Accountability to stakeholders for organizational oversight
MANAGEMENTActions (including managing risk) to achieve
organizational objectives
INTERNAL AUDITIndependent assurance
KEY: Accountability, reportingDelegation, direction,Resources, oversight
Alignment, communication coordination, collaboration
EXTER
NAL A
SSURANCE P
ROVIDER
SExte
rnal A
udit/R
egulato
rs
![Page 30: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/30.jpg)
Deployment and Implementation of RegTech
![Page 31: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/31.jpg)
What Does Agility/Adaptability Look Like in a CMS?
Board & Management Oversight
Risk Assessment
Policies/ Procedures/ Controls
Systems
TrainingMonitoring
Complaint Management
Independent Testing
Corrective Actions
Compliance Culture
![Page 32: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/32.jpg)
Compliance as a Competitive Advantage
![Page 33: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/33.jpg)
OODA Loop
![Page 34: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/34.jpg)
Q&A Time
![Page 35: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/35.jpg)
Regulator CMS Expectations
OCC: Comptroller’s Handbook, Consumer Compliance, Compliance Management Systems (June 2018)
FDIC: Consumer Compliance Examination Manual – Compliance Management Systems (June 2019)
FRB: Community Bank Risk‐Focused Consumer Compliance Supervision Program
CFPB: Examination Procedures – Compliance Management Review (August 2017)
Uniform Interagency Compliance Rating System
![Page 36: Compliance Management Systems](https://reader034.fdocuments.in/reader034/viewer/2022051600/628022a7e4e805751c759323/html5/thumbnails/36.jpg)
Contact Me