Fina ancial Institution n Com mplian nce Update U e Se eptember 22, 2015 Thiss communicatio on is designed to provide you u with quick sna apshots and tim mely perspectivve on recent re egulatory devellopments. Inttegrating g Data Analytics in nto the Th hree Line es of Defe ense ackground d Ba Wh hen organizations manag ge complianc ce risk with effective intternal contro ols, they realize cost an nd efficiency imp provements. The T Three Liines of Defen nse that comp prise effective e compliance e managemen nt programs h help to align and d enhance co ompliance co ontrols and coordinate c effforts related to risks and d controls. Da ata analytics can further enh hance complia ance program m effectivenes ss and can be e applied to ea ach of the de efense lines. In ttheir January,, 2013 positio on paper, The e Three Lines s of Defense in Effective R Risk Managem ment and Con ntrol, the IIA deffines each lin ne according to their risk responsibilitiies. Analyticss can be use ed in each off these areass to provide con nsistent overs sight of risk-ac ctivities. Firrst Line off Defense – Functio ons that Own O and Ma anage Ris sk Ope erational man nagers own and manage risks. This is i where the activity occurs. Automated controls are often bu uilt into the ormation sys stem to prev vent or dete ect non-comp pliance with info con ntrols; but ma any systems, particularly legacy applic cations, may nott be designed d to address the current control requirements. Ad y scheduled analytic a routin nes can chec ck for control hocc or regularly com mpliance befo ore, during, an nd after the processing of transactions. t This is typically addressed by exception reports r that highlight h only side the norm mal or expecte ed ranges or those transactions falling outs erances. The ese transactions can be quickly bro ought to the tole atte ention of the managers m clo osest to the so ource of the trransaction to be addressed. Se econd Line e of Defen nse – Functions tha at Ov versee Ris sk In the second line of deffense, the compliance c management m ponsible for establishing e a compliance e framework function is resp d developing compliance program ele ements such as policies, and training and mon nitoring activities. Typically y, under the direction d of a p procedures and controls are Chiief Compliance Officer, policies, devveloped for monitoring m co ompliance ris sk manageme ent activities and d controls within the bus siness lines. Training an nd oversight, 1st Line – Manage ement Control Operating Man nagement Fu unctions that own & manag ge risks ay-to-day riskk managemen Da nt 2nd L Line – Risk & Control Ove ersight Functtions evelops risk m De management fra amework Oversees and challenges rissk management m ance & directio on Prrovides guida Re eports primarrily to manage ement 3rd Liine – Independent Assurrance eviews 1st an Re nd 2nd lines Prrovides an ind dependent pe erspective & cchallenges the prrocess eports to govverning body Re consultation, and remediation tracking comprise this risk management function. Trends can be identified and monitored in order to identify efficiency recommendations or other needed adjustments to the controls. When organizations use automated controls or analytics to monitor compliance, they are able to focus efforts and attention on those areas presenting the greatest risks. The same is true for monitoring and assessing remediation efforts with automated controls. Third Line of Defense – Functions that Provide Independent Assurance The primary performer of the third line of defense activities is Internal Audit (IA). IA provides independent assurance about the effectiveness of risk management and control to senior management and the Board. Using risk-based audits and reviews of critical applications can increase audit efficiency and provide organizations a more comprehensive view of how inherent risks are mitigated, and how effective compliance controls are in the first and second lines of defense. Data analytics can assist the assurance functions in defining and monitoring the risks: Defining Risks - Using company-specific and process metrics, analytics can assist in identifying the audit risks. Dashboards - Reporting to executive leadership and the Board is further enhanced with reliable data, especially for identifying trends in inherent risk and the relationship between new products and services, changes in the organization’s business or geographic profile, or significant personnel changes. Monitoring - As remediation efforts are carried out, reporting data can also keep management informed of progress. Aligning the three lines of defense and utilizing data analytics strategies to further enhance risk management efforts creates a more efficient and effective compliance risk management program. How Experis can help Experis Finance offers industry experience in all aspects of financial services institution compliance including: policy and procedure development and review, business process review and transformation, governance, comprehensive risk assessments, internal control testing and monitoring techniques. Data analytics services include: Helping internal audit departments bridge the experience gap by providing the expertise and technology to perform data analysis Developing scripts and analytic repositories, classified by business process, which can be leveraged by internal audit and business unit personnel Utilizing DA tools in performing audit services and projects at the special request of management Assessing the degree to which resources are utilized effectively and programs are carried out as intended Validating the integrity and quality of data resident in client IT systems Determining the degree to which the client organization complies with various policies, procedures, law, and regulations Measuring and reporting important financial and operating key indicators To learn more about our industry best practices or how Experis can assist you with data analytics services, contact us at financialservicesindustry@experis.com or visit Experis Finance.