BEIJING BRUSSELS CHICAGO DALLAS GENEVA HONG KONG LONDON LOS ANGELES NEW YORK SAN FRANCISCO SHANGHAI SINGAPORE TOKYO W ASHINGTON, D.C.
Connie M. Friesen
Institute of International Bankers
Conference of State Bank Supervisors
U.S. Regulatory/Compliance Orientation Program
July 29, 2009
The bank examination process presents an opportunity for an international bank with U.S. operations to demonstrate its understanding of applicable U.S. laws and regulations. It also permits a bank to share with regulators its successful implementation of risk management, corporate governance and compliance programs that are consistent with applicable safety and soundness concerns.
However, using the examination process to a bank’s advantage is not easy. Preparation for a successful exam requires the consistent attention over time of senior management, the compliance function, risk management and internal audit personnel, and business line managers.
2
Comprehensive Risk Management and Compliance Plan
• “Safety and soundness” is always a primary focus of the examination process.
• Demonstrate that your bank is aware of “safety and soundness” issues and manages them well.
• A key element of good preparation is a comprehensive risk management and compliance plan.
3
Corporate Governance and Risk Management
• It is important to demonstrate that good corporate governance is a top priority for your bank and that the linkage between strong corporate governance and effective risk management is well understood.
• A plan that focuses on risk management and compliance requirements for each line of business will demonstrate that a bank is aware of safety and soundness issues and manages them well.
4
Active Involvement of U.S. Senior Management and Head Office
• Hold monthly meetings of senior management, the compliance function and business line managers to discuss compliance issues and to make certain they are dealt with appropriately.
• Hold quarterly liaison meetings with representatives of
Head Office to coordinate handling of issues.
• Be certain to document the meetings and any compliance initiatives that result from them.
• Create a “record” that you can share with bank examiners.
• Such a record will demonstrate that your bank is pro-active and anticipates issues.
5
Recognition of Special Burden of U.S. Compliance Requirements
• U.S. senior management should be certain that Head Office understands the special burden of U.S. compliance requirements and examination process.
– Adopting a uniform “global” set of policies and procedures will not be sufficient.
– Sufficient resources (personnel, time, systems) must be devoted to U.S. operations.
– OFAC compliance, the internal audit function, data protection and BSA/AML compliance are examples of areas where U.S. approach may diverge from expectations and practice in the home country*.
__________
* See Exhibit A for a list of useful sources on U.S. bank examination requirements and expectations.
6
Co-ordination Issues
• Be prepared to share and discuss issues that may have developed during a previous exam and are now resolved; even if this examination is conducted, for example, by the Federal Reserve Bank of New York
(“FRBNY”), the FRBNY examination team will be interested in how you resolved issues from a previous examination by the New York State Banking
Department (“NYSBD”).
• Note that regulators share information.
7
Promoting a Compliance Culture
• General manager should lead the continuous preparation process and should always be fully informed. General manager “sets the tone” for compliance standards and ethical conduct of business.
• General manager should communicate with head of compliance function on a continuing basis.
• General manager should make certain that U.S. compliance function receives the support, attention and resources that it needs.
8
Compliance Function Must Assume Leadership Responsibility
• Objective should be to maintain a “compliance culture” which sets high standards for everyone in the
U.S. office or offices.
• U.S. Head of Compliance should be responsible for continuous monitoring of changes in statutes and regulations.
• Quarterly reports from U.S. Head of Compliance and outside counsel may serve to clarify new issues and steps to be taken.
• Continuous dialogue between U.S. Head of
Compliance, U.S. business lines and Head Office compliance function is essential.
9
Risk-Based Focus and Preparation Efforts
• Remember that a primary objective of exam process is to evaluate the condition of the U.S. office.
• Key part of the evaluation is to assess levels of current risk and the possibility that future risks will result from current and planned activities.
• U.S. office needs to demonstrate full control of a robust risk-management process.
• Because of current crisis, measures taken by a bank to deal with market risk, liquidity risk and credit risk, in particular, will be subject to intense scrutiny.
10
Risk Assessment
• Make a risk-based assessment part of every line of business, every new product and every new customer relationship.
• “Risk-based” assessment means an assessment of operational risk, legal risk, counterparty risk, market risk, funding risk, interest rate risk, etc.
• Branch risk assessment and customer risk assessment are now key requirements for BSA/AML compliance program.
11
Compliance Risk Matrix
• Develop a “Compliance Risk Matrix” that will serve as a checklist and index.
• See Exhibit B for an example of one possible format for a compliance risk matrix.
• The compliance risk matrix will help U.S. office identify necessary policies and procedures.
12
Compliance Review
• Risk matrix will identify levels of risk as “high,”
“medium” or “low.”
• Compliance review of various activities can be scheduled at various intervals depending on level of risk.
• Compliance review will look at policies and procedures to see if they reasonably address the regulatory requirements and are adapted to level of risk.
13
Response to Internal Audit Issues
• Bank examiners often look first to issues highlighted by internal audit.
• Therefore, pay particular attention to issues detected during the internal audit process.
• Document carefully and fully all measures taken to address issues highlighted by internal audit.
14
Response to Compliance Review Issues
• Any deficiencies in policies or procedures identified in compliance review process should be addressed before the bank examination begins.
• As is the case with deficiencies identified by internal audit, it is important to document fully all steps taken to remedy deficiencies cited in compliance review process.
15
Contents of First Day Letter
• So-called “First Day Letter” will be sent to bank about one month before scheduled bank examination date.
• Typically, bank is required to provide responses
(preferably in electronic format) just before start date of actual examination.
• First Day Letter will be signed by examiner-in-charge and bank will have an opportunity to ask questions.
• Typical areas of focus will be general lines of business, safety and soundness and BSA/AML issues.
16
First Day Letter – Changes Reflecting Crisis
• Contents of typical First Day Letter will likely reflect special concerns arising from current financial crisis, including such matters as:
– Revisions to profitability forecasts due to market constraints and related changes to strategic plan.
– Special reports that may have been issued by internal audit and management’s response.
– Data security and other issues relating to payment systems and funds transfer.
– Specific risk management policies and procedures to protect customer information.
– Criteria and procedures used to identify, report and monitor existing and/or potential problem credits.
17
General Manager Questionnaire
• A “Questionnaire for General Manager” may be part of First Day
Letter. It might request information about items such as the following:
– List of new products and services introduced since last examination.
– Head office plans for the U.S. office.
– Identification of any changes that might require approval or licensing (additional offices, broker-dealer, IBF, Cayman
Branch).
– Description of Head Office support for branch (liaison committees; attempts to integrate compliance).
– Views of general manager on corporate governance, risk management and AML compliance.
18
Effective Use of First Day Letter
• Be certain that U.S. office understands what is required by each item of the First Day Letter.
• Contact the regulators if items are not clear.
• Assign responsibility for response to appropriate personnel.
• Compliance officer and senior management should coordinate the preparation and gathering of materials; liaison and contact persons for each line of business should be identified.
• Compliance officer should have a general understanding of every item prepared or provided for the response.
19
Focus on BSA/AML Issues
• BSA/AML and risk management items are a significant part of typical First Day Letter requests.
• Specific areas of BSA/AML focus might include:
– Approval and appropriate revisions of BSA/AML Program.
– Determination that BSA/AML Program meets all USA PATRIOT
Act requirements.
– Documentation of Training Program, including specialized training programs for particular functions or lines of business.
– Risk assessment of products, services, customers and geographic locations.
– List of high risk accounts.
– List of customers on which bank took adverse action because of its CIP.
20
Additional BSA/AML Issues
• Additional areas of BSA/AML focus:
– SARs (including documentation for SARs considered but not filed).
– Procedures used to monitor transactions for suspicious activity.
– Funds transfer records.
– Foreign correspondent accounts.
– OFAC issues:
Policies and procedures;
Risk assessment and risk management;
Iran;
Description of any initiatives undertaken to address the new
MT20X SWIFT enhanced message format.
21
Focus on Risk Management Issues
• Specific areas of risk management focus might include:
– Risk management structure for identifying, measuring, monitoring and controlling the risks involved in various lines of business.
– General risk management policies and procedures and policies and procedures addressing specific risks, such as credit, market, liquidity, operational and compliance risks.
– Credit risk: criteria and procedures for identifying, reporting, and monitoring existing and potential problem credits; credit rating system; credit risk management reports; loan review.
– Liquidity risk: limit structure for liquidity risk management;
Contingency Funding Plan.
– Market risk: risk measurement methodologies; stress analysis; investment criteria.
– Enterprise-wide compliance risk management program.
22
New Developments
• Be certain to review the most recent 12-18 months of releases, notices, statements of guidance issued by
NYSBD, FRB and OCC.
• If any of these regulatory changes have affected a particular bank, they are likely to receive special focus during the examination.
23
Examples:
• Funding, credit and liquidity issues relating to current crisis
• Holdings of asset-backed securities and valuation procedures with respect to such holdings
• Loans to hedge funds; accounts for hedge funds
• Account relationships with money services businesses (“MSBs”)
• Any transactions that might relate to Iran
• Participation in “complex structured finance transactions”
• Correspondent banking relationships
• OFAC compliance
• Monitoring to detect suspicious transactions
• Foreign Corrupt Practices Act compliance
• Privacy/Data Security
• Third Party Service Providers/Vendor Management (Outsourcing)
• Foreign Bank Account Report (“FBAR”) issues
24
Conduct of the Examination
• Have detailed, organized files containing responses to First Day
Letter requests ready for examiners when they arrive.
• Have a meeting with examiners when they arrive to introduce contact people and explain the preparation done by U.S. office.
• Develop a process to respond quickly to requests for clarification, additional information, etc.
• If examiners request information U.S. office does not have, either try to obtain it as quickly as possible or explain why it cannot be provided.
• Keep a tracking sheet to reflect all questions of examiners, and bank’s responses. Be certain that all examiner questions have been answered completely and to examiner’s satisfaction.
25
Dealing with Problems or Weaknesses
• To the extent possible, try to deal with any identified issues or weaknesses immediately.
• For larger issues, explain why past practice has been to deal with an issue in a particular way, but express willingness to do things differently if this is what is expected by examiners.
• To the extent possible, try to take recommended actions on identified issues immediately; do not wait for the conclusion of the exam.
• If there are problems relating to current crisis, document fully the specific steps taken to resolve them.
26
When to Suggest Alternative Approaches
• If examiners indicate you should really be following approach “x” and your bank has special reasons for following approach “y” to achieve a better result, try to explain this to regulators prior to or at the exit interview and ask if they are willing to accept the bank’s approach.
27
Keep Head Office Informed
• U.S. senior management and compliance officer should keep Head Office informed of the progress of the exam.
• If significant weaknesses or major issues develop, try to involve Head Office in the resolution.
• Try to make certain Head Office understands the perspective of U.S. regulators and examiners.
• Try to work with Head Office so responsible personnel will know what to say to home country regulators.
• Be certain Head Office understands the different expectations of home country and U.S. regulators.
28
Polite and Diplomatic Responses
• Follow Common Rules of Business Behavior
– Be polite and respectful.
– Respond diplomatically to questions and criticisms.
– Emphasize your bank’s “culture of compliance” and “proactive” approach.
• Try to Limit Scope of Criticism
– Resolve any misunderstandings about specific items.
– Explain that each criticized item will be taken care of immediately.
– Follow through on promises to correct criticized items, however small.
29
Limiting Cited Items
• Try to limit number and significance of items that will appear in Written Report of Examination.
– Indicate that you have developed a “plan of action” to respond to items cited in draft report.
– Note that certain items that were the subject of examination attention have now been fully resolved (if that is true).
– If examiners indicate that the final examination report will cite a deficiency, ask to discuss the issue with them while they are still “on-site” and develop and implement a plan to remedy the deficiency as soon as possible.
30
• Preparation for bank examinations is a continuous process.
• “Prevention is the best cure.”
• Make certain that Head Office understands examination issues and the responses provided by
U.S. office being examined.
31
NY1 7034874_1.ppt
Connie M. Friesen
Partner, Sidley Austin LLP
212-839-5507 cfriesen@sidley.com
32
Exhibit A: How to Prepare for Bank Examinations:
Useful Sources From Websites of the Bank Regulatory
Agencies
Federal Reserve
Commercial Bank Examination Manual (October 2008) http://www.federalreserve.gov/boarddocs/supmanual/cbem/200810/0810cbem.pdf
Bank Holding Company Supervision Manual (January 2009) http://www.federalreserve.gov/boarddocs/supmanual/bhc/200901/bhc0109.pdf
Examination Manual for U.S. Branches and Agencies of Foreign Banking Organizations (September
1997) (updated periodically) http://www.federalreserve.gov/boarddocs/supmanual/us_branches/usbranch.pdf
Trading and Capital Markets Activities Manual (January 2009) http://www.federalreserve.gov/boarddocs/supmanual/trading/200901/0901trading.pdf
OCC
Federal Branches and Agencies Supervision, Comptroller’s Handbook (December 1999) http://www.occ.treas.gov/handbook/fba.pdf
Bank Supervision Process, Comptroller’s Handbook (September 2007) http://www.occ.treas.gov/handbook/banksup.pdf
Community Reinvestment Act Examination Procedures, Comptroller’s Handbook (May 1999) http://www.occ.treas.gov/handbook/craep.pdf
33
Exhibit A: How to Prepare for Bank Examinations:
Useful Sources From Websites of the Bank Regulatory
Agencies
FDIC
Risk Management Manual of Examination Policies
(FDIC examination of a bank's overall financial condition) http://www.fdic.gov/regulations/safety/manual/index.html
Trust Examination Manual
(FDIC examination of a bank’s trust operations) http://www.fdic.gov/regulations/examinations/trustmanual/index.html
Compliance Examination Handbook (September 2007)
(FDIC examination of a bank’s compliance with consumer protection regulations) http://www.fdic.gov/regulations/compliance/handbook/index.html
FFIEC
Bank Secrecy Act/Anti-Money Laundering Examination Manual (August 2007) http://www.ffiec.gov/bsa_aml_infobase/documents/BSA_AML_Man_2007.pdf
Information Technology Examination Handbook http://www.ffiec.gov/ffiecinfobase/html_pages/it_01.html
34