Regulatory Compliance: Director Competencies & Impact of ...€¦ · •Regulatory Compliance...

Regulatory Compliance:Director Competencies & Impact of Technology

on Credit Union Strategies

1

Andy Poprawa, Senior Regulatory AdvisoryMary-Ann Pedersen, Director, Learning Solutions

CU Training Inc.

Session Outline

• Regulatory Compliance• Director competency requirements• How Board 360 can help

• Impact of Technologies on Credit Union Strategies• Key strategic trends impacting credit unions• Technologies shaping the future of credit unions• What are the risks, and how can directors be assured that

these risks are being properly assessed and managed?

• Questions & Dialogue

2

Regulatory Compliance

• DICO Director Competency Requirements• Competency Characteristics & Levels• Board 360 Weightings• Assessments of Competencies• Questions & Dialogue

3

The purpose of the assessment is to determine competency levels, identify potential gaps in competency requirements and highlight areas where additional training and development might be required.

“

”

Purpose of DICO Assessment

4

DICO Revised Guidance Note January 2018

• Expectation to establish, document and publish:• required director competencies; and • any training requirements that are appropriate for their size and complexity

• DICO will assess the adequacy of director competency levels within the context of the credit union’s size and complexity and its risk profile

• Assessment may include:• interviews with the Chair and other directors;• review of credit union’s policy and practices on director training and qualifications;• director competencies and competency levels, including members of the audit

committee and Chair of the Board;• director competency assessment criteria and processes;• board competencies and assessment criteria; and• continuing director education and development requirements.

5

Competency Characteristics

6

Competency Characteristics - Board 360 Sample Assessment

Knowledge Level Description % Score

Basic

BASIC means that you "know about it": you're aware of the basic concepts and understand the

terminology. You do not have post secondary education in this competency area; less than one

year of direct work experience; less than one year of Board experience, and minimal training.<40%

GoodA GOOD understanding means "you can explain it". You have some post secondary education in

this competency, one to five years work experience, Board experience, or higher-level training

including practical application.>=40%

Strong

You have an excellent understanding and application of concepts - you "can do it". You have adegree in this competency area, or five to ten years work experience, three to six years Boardexperience, or advanced training. All directors should be comfortable with the followingstatements within 24 months of joining the Board. Audit Committee members should have thisknowledge within 12 months. Members of the Governance Committee, the Audit CommitteeChair and the Board Chair should try to achieve this level within 6 months.

>70%

ExpertYou have a comprehensive understanding and knowledge - you "could teach it". You have a

professional designation in this competency area, more than ten years work experience or more

than six years Board experience.>90%

7

Board 360 Assessment Weightings

Response Competency Level

Basic (B) Good (G) Strong (S) Expert (E)

Basic (B) 1.00 1.25 1.50 2.00

Good (G) 1.00 2.50 3.00 4.00

Strong (S) 1.00 3.75 4.50 6.00

Expert (E) 1.00 6.25 7.50 10.00

Based on questions for each core competency in DICO sample self-assessment questionnaire

8

Competency Characteristics - Board 360 Sample Director Assessment

COMPETENCIES BASIC GOOD STRONG EXPERTWeighted

Score

% Aggregate

Weighted Score

Audit and Compliance 2 3 12 11 105/132 80%

Board and CEO Performance 4 3 8 8 106/134 79%

Credit Union Operations 2 0 8 10 77/94 82%

Financial Literacy 9 9 10 2 75/132 57%

Governance and Ethics 0 2 12 20 128/142 90%

Leadership and Communication 0 2 3 12 95/104 91%

Regulatory Environment 1 3 5 11 74/86 86%

Risk Management 2 0 11 12 106/128 83%

Strategic Planning 0 0 3 14 79/82 96%

TOTAL 20 22 72 100Average Score:

83%

9

Competency Characteristics - Board 360 Sample Board Skills Profile

Director NameAudit and

Compliance

Board and

CEO

Performance

Credit

Union

Operations

Financial

Literacy

Governance

and Ethics

Leadership and

Communication

Regulatory

Environment

Risk

Management

Strategic

Planning

Average

Score for

CompletedAssessments

forDirector

Average

OverallScore forDirector

Director 1 23% 0% 0% 0% 0% 0% 0% 0% 0% 23% 3%

Director 2 53% 17% 0% 0% 0% 0% 0% 0% 0% 35% 8%

Director 3 33% 88% 97% 92% 93% 98% 100% 93% 93% 87% 87%

Director 4 21% 0% 21% 23% 24% 0% 0% 20% 21% 22% 14%

Director 5 91% 100% 100% 42% 100% 95% 100% 100% 100% 92% 92%

Director 6 48% 36% 54% 55% 49% 0% 34% 0% 70% 49% 38%

Director 7 80% 79% 82% 57% 90% 91% 86% 83% 96% 83% 83%

Director 8 0% 26% 0% 0% 0% 0% 0% 0% 0% 26% 3%

Director 9 100% 100% 100% 100% 100% 100% 100% 36% 35% 86% 86%

Director 10 73% 26% 74% 86% 75% 85% 65% 65% 72% 69% 69%

Director 11 21% 0% 0% 0% 0% 0% 0% 0% 0% 21% 2%

Average Score for Completed Assessments for Competency

54% 59% 75% 65% 76% 94% 81% 66% 70% 71%

Average OverallScore forCompetency

42% 36% 41% 35% 41% 36% 37% 31% 37% 37%

10

DICO Core Competency Expectations

1. Audit and Compliance Oversight

2. Board and CEO Performance

3. Credit union operations

4. Financial Literacy

5. Governance and Ethics

6. Leadership

7. Regulatory Environment

8. Risk Management Oversight

9. Strategic Planning

11

(1) Audit & Compliance

• Understanding of the risks facing the institution

• How management addresses and mitigates those risks

• Ensures financial statements accurately reflect the credit union

• Demonstrate knowledge and understanding of monitoring and auditing processes required to ensure compliance with the credit union’s policies, standards of sound business practices, and regulatory requirements

• Overall Assessment – Good to Strong

12

(2) Board & CEO Performance

• Assess Board and CEO’s performance

• Supervise the affairs of the credit union through its oversight responsibilities

• Appoints a CEO to manage the day to day operations

• Ensure compensation package of the CEO rewards only prudent risk taking behaviour that promotes the on-going viability of the credit union

• Demonstrate knowledge and understanding • of the tools and methodologies for assessing the Board’s performance• for monitoring the performance and development of the CEO to determine

strengths, deficiencies and areas for improvement


13

(3) Credit Union Operations

• Understanding the co-operative business model, the creditunion and sector

• Understand credit union functions and the financial, human and technological resources the credit union uses in delivering its services

• Demonstrate knowledge and understanding of how the credit union’s infrastructures inter-relate and how they enable the effective and efficient delivery of services while managing risk and regulatory requirements


14

(4) Financial Literacy

• Understanding financial reports and statements, accountingstandards and assumptions and legislative requirements in order oversee the financial performance and condition

• Understand how the annual business plan and budget are developed

• Understand types of analysis required to effectively monitor results and variances

• Demonstrate an appropriate level of financial knowledge

• Interpret financial reports and statements, and monitor corrective action to ensure financial goals and regulatory requirements are met


15

(5) Governance & Ethics

• Understand and contribute to the development and articulation of strategic plans, goals, policies and processes which govern and guide the way the credit union is directed and managed.

• Provide prudent, independent and objective oversight to effectively guide and monitor the implementation of strategic initiatives, oversee risk management activities.

• Participate in communicating a cohesive approach and position.

• Perform their responsibilities in a prudent and objective manner with due regard to the best interests of the credit union.

• Demonstrate knowledge and understanding of the critical elements of good governance and ethics.


16

(6) Leadership

• Demonstrate ability to influence discussions while building consensual solutions.

• Participate with all participants in deliberations and constructive discussion and debate.

• Show leadership by approaching initiatives from a strategic perspective, championing new initiatives and working towards their achievement to deliver quality services to the members and improve the longer term viability of the credit union.

• Demonstrate knowledge and understanding of the attributes of leadership to motivate, influence and support others to accomplish organizational goals and encourage on-going education to further develop competencies.


17

(7) Regulatory Environment

• Credit unions operate in a regulated environment & are governed by the Act & Regulations, DICO By-laws, other legislation and their own by-laws.

• The Act sets the special nature of the credit union governance structure, business powers and lending and investment restrictions and limitations.

• DICO By-laws including By-law #5 provide further guidance.

• Demonstrate an appropriate level of knowledge and understanding of the regulatory environment, policy development and the policies required to meet legal, regulatory and governance requirements.


18

(8) Risk Management Oversight

• Board is responsible for the oversight of the credit union’srisk management practices, including Enterprise Risk Management.

• Risk management involves identifying, measuring and managing significant risks and events that may impact objectives and encompasses policies, procedures and controls and how risks are managed.

• Demonstrate an appropriate level of knowledge and understanding of the tools and methodologies for assessing the Board’s performance and also for monitoring the performance and development of the CEO to determine strengths, deficiencies and areas for improvement.


19

(9) Strategic Planning

• Understand strategic planning process and strategy formulation.

• Good knowledge of credit union’s business and operating environment.

• Being prepared for planning deliberations.

• Collaboration and teamwork skills in developing an appropriate and effective strategic plan.

• Demonstrate understanding of the strategic planning process and contribute to the development of the strategic direction, core values and the strategic goals and objectives for the credit union.


20

Board 360 Average Self Assessment Scores for Ontario

21

Board and Credit Average

CEO Union Score Performance Operations

Average Score for

Completed

Assessments for

Competency

78% 81% 81% 76% 82% 80% 77% 78% 83% 80%

Risk

Management

Strategic

PlanningOntario

Audit and

Compliance

Financial

Literacy

Governance

and Ethics

Leadership and

Communication

Regulatory

Environment

lowest highest

How Does DICO Evaluate Board Competencies?

By reviewing:

•Board Training and Competency policies & procedures

•On-site examination results, including interviews

•Reports produced on compliance (i.e., B360 reports)

• Individual and board self assessments

• Independent reviews of boards and directors

•Minutes of meetings to determine level of enquiry

22

Questions and Dialogue

23

• Key strategic trends impacting credit unions

• Technologies shaping the future of credit unions & what directors need to know about them

• What are the risks & how can directors be assured that these risks are being properly assessed and managed?

• Questions & dialogue

Impact of Technologies on CU Strategies

24

Key Strategic Trends Impacting Credit Unions

*ATOS is a global leader in digital transformation

Research from ATOS* indicates that the 4 most challenges and opportunities for credit unions and other financial institutions for the next 5 years are:

• Response to customer needs

• Optimization of costs

• Creation of new revenue streams

• Development of security and compliance systems

25


Response to member needs

• the need to shift from physical interactions to digital engagement;

• for credit unions that digitize member journeys, there can be a significant benefit in revenues, cost reductions and customer satisfaction.

Optimization of costs

• because of the efficiencies of digital-only competition, credit unions will need to consider divesting from non-core operations and leveraging intelligent automation;

• credit unions will also need to reinvent back office processes and replace aging infrastructure.

26


Creation of new revenue streams

• open banking and the use of APIs will open new opportunities for both cost reduction and revenue growth;

• as the banking ecosystem expands beyond traditional banking services, new products will be developed and segments served that will provide differentiated offerings and monetization opportunities.

Development of security and compliance systems

• with customer data becoming a ‘product’ for many financial institutions, the need for enhanced security and advanced insights (AI) will become a differentiator from both a compliance and customer trust perspective;

• this can lead to reduced costs and potential business growth.

27


October 2018 Innovation in Banking Report:

• Siloed systems traditionally used for transaction, savings, investment and loan accounts not well suited for the level of agility and scalability required for the digital age.

• Banks and credit unions have responded with an increasing array of digitalization and innovation initiatives, using cloud technologies, advanced analytics and new distribution alternatives to respond to consumer expectations.

• All of these initiatives have three things in common, according to the Atos research:• Customer-centric perspective• Real-time intelligent data integration• Open platform foundation

28

Technologies that will shape the future of Credit Unions

29


Mainstream Technologies

Hybrid cloud• optimal mix of traditional IT, public and private clouds

• more and more FIs are moving to an enterprise-wide hybrid cloud strategy

• benefits include reduced costs, improved operational efficiency and enhanced innovation

30

Technologies that will shape the future of Credit Union

Early Adoption Technologies

API Platforms• combination of open platform banking and open APIs will impact products and services offered, delivery

channels used and underlying partnerships• with public APIs, customers will have more options to interact with their FI

Robotic Process Automation (RPA)• accelerates growth by executing pre-programmed rules across a range of structured and unstructured

data• simplifies compliance by keeping detailed logs of automated processes, automatically generating the

reports an auditor needs to see, and eliminating human error

Instant Payments• availability of an instant payments platform will increase the customer satisfaction• with instant payments, more transactions will be made digitally instead of in cash, which means that

payments will become less expensive and more user friendly• by expanding and combining instant capabilities with solutions in e- and m-commerce, banks and credit

unions could develop an innovative portfolio of new services

31


Adolescent Technologies

Artificial Intelligence

• ability to work with large histories of data for every decision made

Blockchain

• improve efficiency, cost-effectiveness, and security

Prescriptive Security

• advanced analytics, real-time monitoring, AI and other tools are used to detect potential cyber risk threats and stop them before they strike

Augmented and Virtual Reality

• could be utilized to give customers autonomy in terms of at-home banking

32


Emerging Technologies

Quantum Computing

• harnesses the laws of quantum mechanics to carry out complex data operations

• major leap forward in computing power, surpassing the potential of the cloud or blockchain

Smart Machines

• smart vision systems, virtual customer assistants, virtual personal assistants, smart advisors, other natural-language processing technologies, etc.

• smart machines acting as digital concierges on behalf of consumers is already here

• customers will continue to self-select the bank that provides the least amount of friction and the most relevant support and guidance

33


What Directors Need to Know….

• Technology Table Stakes – the new wave of emerging technologies will combine digital technologies and the power of data to set new standards

• Investments in Technology – will be required and should be based on the business model and strategy of each credit union

• Skills Gap – recognition that there is a significant skills gap, including cybersecurity and privacy, business development of new technologies and user experience and human-centered design that puts transformation efforts at risk

• Core Competency – emerging technologies must become a core competency

• Sharing Platforms & Systems – effective and efficient use of resources

34

Technologies – The Current Risks

• Technology risks are part of Operational Risk in the DICO ERM Framework

• These include people, physical security, and technology

• Technology risks include (but not limited to) the following:• Cyber Security/unauthorized access

• Data Breaches/unauthorized use of data

• Infrastructure Breakdowns/Downtime

• Attacks including ransomware, phishing, etc.

35

Cyber Security Highlights

• Cyber security combines technologies, policies and processesto protect systems and data against unauthorized access.

• Cyber security risks to operations arise from people, as well as physical and technological infrastructures.

• A comprehensive cyber security program has to stay on top of all of them, and respond effectively and rapidly to threats and attacks.

• International Standard for Information Security Management, ISO 27001, is a model for such a program.

36

Cyber Security – Roles and Responsibilities

The board and senior management should:

• work together on a sound strategic plan and procedures to handle cyber security risks;

• be knowledgeable about cyber threats and cyber security;

• be able to identify major risks and any gaps in risk management;

• have in place a recovery plan in the event of a cyber event.

37


The Board is responsible for:

• Adopting a strategic plan to counter cyber threats;

• Approving the written cyber security program;

• Monitoring the program to ensure it is properly implemented and maintained by the employees responsible;

• Managing business enterprise risk - understanding relevant risks and ensuring systems are in place to monitor and manage them;

• Ensuring integrity of internal controls and management information systems;

• Assigning responsibility for implementation of the program;

• Assigning responsibility for review of annual reports on the program.

38


Management is responsible for:

• Reporting all relevant vulnerabilities and threats to the board in a timely manner;

• Providing necessary information to help the board make effective choices and ensure proper monitoring of business operations and full compliance with law and policy;

• Providing a report to the board or committee annually, or more frequently as set out in the cyber security program.

39

Cyber Security – Director Training & Development

The Board 360 application ensures that once completed,directors will understand:

• different types of cyber security threats to our organization; • requirements of a comprehensive cyber security program; • roles and responsibilities of the board and senior management; • how to identify risks and develop policies and procedures to address them; • the importance of ongoing assessment and training to fill security skills gaps; • effectiveness testing of all elements of the cyber security program; • tools and strategies for ongoing management of information systems threats; and • elements of an effective incident response program, including data recovery.

40

Thank you

Questions and Dialogue

Andy Poprawa1.416.464.9749

[email protected]

Mary-Ann Pedersen1.888.466.1634

[email protected]

41

mailto:[email protected]

mailto:[email protected]

Regulatory Compliance: Director Competencies & Impact of ...€¦ · •Regulatory Compliance...

Documents

Transcript of Regulatory Compliance: Director Competencies & Impact of ...€¦ · •Regulatory Compliance...