OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks
Heightened standards for compliance risk … standards for compliance risk ... of the compliance...
-
Upload
duongxuyen -
Category
Documents
-
view
222 -
download
7
Transcript of Heightened standards for compliance risk … standards for compliance risk ... of the compliance...
Heightened standards for compliance risk management Lines of defense — compliance’s role
1
Post-financial crisis, the Office of the
Comptroller of the Currency (OCC) developed
a set of heightened expectations to enhance
the risk management practices of large banks.
On September 2, 2014, the OCC issued a set
of final rules and guidelines to expand these
previously non-codified expectations into a
set of enforceable minimum standards that
require management to demonstrate a strong
risk governance framework. The final rules and
guidelines will apply to banks with average
total consolidated assets equal to or greater
than US$50 billion as of the effective date of
November 1, 2014.
The final rules and guidelines provide greater
clarity and specificity around expectations for
the design, implementation and oversight of
an institution’s risk governance framework.
Future OCC examinations will broadly focus on
an institution’s operating model and execution,
with a specific focus on the following four areas:
• Board of director oversight
• Personnel management
• Lines of defense
• Risk appetite
This paper focuses on the lines of defense,
specifically related to compliance’s role.
1 As highlighted in Supervision and Regulation Letters SR 08-8 and SR 12-17 issued by the Board of Governors of the Federal Reserve System.
Lines of defense — independent risk managementThe final rules and guidelines define the roles and responsibilities for front line units, independent risk management (inclusive of the compliance function) and internal audit. Specifically, an independent risk management function should:
• Take primary responsibility and accountability for designing a risk governance framework commensurate with the size, complexity and risk profile of the bank
• Establish and adhere to enterprise risk policies
• On an ongoing basis, identify and assess material aggregate risks and determine which actions to take to strengthen risk management or risk reduction
• Identify and communicate to the CEO and the board material risks as well as significant instances where a front line unit is not adhering to the framework, or where independent risk management and front line unit assessments differ
What should banks do now?Going forward, the banking regulators broadly continue to expect strong risk management frameworks, with defined roles and responsibilities for each line of defense. Specifically, the oversight of compliance risk should not rest purely on the Compliance function. To address these requirements, banks should assess the structure of their current compliance framework, establish clear accountability and ownership of compliance risks, and consider the following key areas of the compliance risk management approach:1
• Clearly defined roles and responsibilities for compliance risk management, including the monitoring and oversight of compliance risks outside of Compliance (e.g., Business, Operations, Finance, Market or Credit Risk, Technology)
• Firmwide approach to enhance coverage and consistency of the compliance risk management/oversight across the bank
• Independence, stature and influence of compliance staff demonstrated through the ability to effectively challenge business and affect business decisions
• Sound practices for compliance monitoring and testing to stay abreast of changes that may indicate potential increases to compliance risk
2Heightened standards for compliance risk management |
3 | Heightened standards for compliance risk management
To translate the above key areas into elements of success, banks should assess whether there is a consistent and comprehensive approach for the following:
1 Banks should foster the stature and independence of Compliance, balancing its role as business advisor and its responsibility for oversight and broad risk management, by establishing:
• Clear roles and responsibilities for compliance oversight
• Reporting relationships between the global chief compliance officer (CCO) and lines of business (LOBs) and regional CCOs
• Communication and reporting between compliance, senior management and the board
• Escalation and reporting protocols
2Banks should strive for consistency of scope and approach across LOBs and geographies. Additionally, clear accountability and ownership of compliance risks should be established, by defining:
• The coordination between Compliance and other functions to provide comprehensive coverage of compliance management activities, gain efficiencies where possible and avoid unnecessary duplication
• Standards for consistency in application and approach to address similar risk issues, share common views of compliance risk and facilitate central oversight
• A reporting framework and process for normalizing and aggregating information across the enterprise
Board
Global CCO
Enterprise team
Seniormanagement
Consistent standardsacross LOBs and regions
LOBcompliance
Agg
rega
te, a
naly
ze a
nd r
epor
t
LOBcompliance
Set s
trat
egic
vis
ion
and
prio
ritie
s
LOBcompliance
Regionalcompliance
Regionalcompliance
Regionalcompliance
Organizational structure
Enterprise-wide approach
Enterprise teamGlobal CCO
Board
Seniormanagement
Region 1CCO
Region 2CCO
LOB 1CCO
LOB 2CCO
4Heightened standards for compliance risk management |
3A sustainable compliance program should address a set of integrated activities to identify, assess, control, measure, monitor and report on compliance risk. Additionally, the program should:
• Support the execution of activities with sufficient resources of the requisite knowledge, expertise and skills (e.g., technology, testing)
• Enhance systems and technologies for integrated and consistent coverage of compliance processes (e.g., common platforms to address compliance risks)
Compliance life cycle
RiskassessmentInventory
A. Identifying regulations and assessing
Technology enablement
Reporting
D. Communicationand reporting
Issuetracking andescalation
Testing
C. Compliance monitoring
Monitoringsurveillance
B. Policy framework
Business linesOperationsTechnologyRegulators
Advisory activities
Organization, statureand objectivity
TrainingPolicies
Governance and oversight
Establishing a set of integrated activities and components for the compliance life cycle will facilitate a comprehensive and sustainable compliance risk management framework.
5 | Heightened standards for compliance risk management
How we can helpOur Regulatory Compliance team brings deep experience in current supervisory expectations and the range of practices in the financial services industry. Specifically, we can assist with compliance function strategy and design reviews to help our clients identify practical opportunities for improvement. The reviews provide an independent perspective on issues, gaps and benefits related to the current compliance structure, as well as recommendations for enhancements.
In addition, we have facilitated workshops with compliance management to create action plans to remediate issues identified through our reviews and to determine the direction of the organization moving forward. Our team has also provided numerous educational sessions for compliance organizations in the areas of supervisory expectations, strategic planning, execution of key compliance activities and the scope of compliance.
We have also assisted clients with aligning their organizations to supervisory expectations and industry practices through the creation of a target operating model. The intent of the target operating model is to create a compliance organization that enables stronger governance and oversight, promotes consistency and standardization of approach, and clearly delineates roles and responsibilities across the organization.
Timeline
Compliance dates
2014 2015 2016
9/2/2014:Final rules and guidelines effective date
5/1/2015:Compliancefor banks with less than US$750 billion but greater than or equal to US$100 billion
5/1/2016:Compliance date for banks with less than US$100 billion but greater than or equal to US$50 billion
Ernst & Young LLP contactsMichael R. Patterson Principal, Advisory Financial Services +1 212 773 2824 [email protected]
Madeline Miller Executive Director, Advisory Financial Services +1 212 773 7615 [email protected]
6Heightened standards for compliance risk management | 6Heightened standards for compliance risk management |
EY | Assurance | Tax | Transactions | Advisory
About EYEY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.
Ernst & Young LLP is a client-serving member firm of Ernst & Young Global Limited operating in the US.
EY is a leader in serving the global financial services marketplaceNearly 43,000 EY financial services professionals around the world provide integrated assurance, tax, transaction and advisory services to our asset management, banking, capital markets and insurance clients. In the Americas, EY is the only public accounting organization with a separate business unit dedicated to the financial services marketplace. Created in 2000, the Americas Financial Services Office today includes more than 6,900 professionals at member firms in over 50 locations throughout the US, the Caribbean and Latin America.
EY professionals in our financial services practices worldwide align with key global industry groups, including EY’s Global Wealth & Asset Management Center, Global Banking & Capital Markets Center, Global Insurance Center and Global Private Equity Center, which act as hubs for sharing industry-focused knowledge on current and emerging trends and regulations in order to help our clients address key issues. Our practitioners span many disciplines and provide a well-rounded understanding of business issues and challenges, as well as integrated services to our clients.
With a global presence and industry-focused advice, EY’s financial services professionals provide high-quality assurance, tax, transaction and advisory services, including operations, process improvement, risk and technology, to financial services companies worldwide.
© 2015 Ernst & Young LLP.All Rights Reserved.
SCORE No. CK09401504-1439248 NYED None
This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.
ey.com