Regulatory suggested initiatives in the compliance area for a Compliance Management System (CMS) follow a multi-tier monitoring approach:
- Independent review (internal or external or a combination thereof)
- Internal Self-Assessment monitoring with a formal self-assessment program
- Ongoing daily process monitoring with trend reporting to management and the Board
- Formal risk assessment
This article will briefly address some of these areas.
Internal Self-Assessment Monitoring
This type of documented monitoring is a component of most successful CMS programs and is thus recommended by regulators.
In the Compliance Area, the regulations have a number of areas with periodic monitoring expectations which can be efficiently and effectively achieved through a Control Self-Assessment monitoring (CSA) program encompassing the retail, deposit, and loan compliance areas.
A Compliance CSA monitoring and reporting program should be set up and enacted covering these and other high-risk compliance monitoring areas. Program results and trends should be reported, as appropriate, to a functional Compliance Committee/Audit Committee.
Ongoing Monitoring with Trend Reporting
Even on secondary market brokered loans, in today’s regulatory environment, the financial institution is NOT ABSENT RESPONSIBILITY for the accuracy of the Loan Estimate (LE) and to ensure that the Closing Disclosure (CD) is properly prepared and disclosed by the investor.
Risk Assessments
Financial institutions generally maintain risk assessments for the areas of BSA, OFAC, and even Identity Theft. We recommend that compliance risk assessments be expanded to address the most significant compliance areas presenting risks to the bank. Internal CSA review, external and internal compliance reviews, and training should be structured to align with these risk assessments. Areas for coverage consideration include the areas such as:
- TRID
- HMDA
- Reg. D
- Reg. DD
- Reg. CC
- Fair Lending
- CRA
- Unfair, Deceptive, Abusive, Acts Practices (UDAAP)
- Vendor Management (Compliance Perspective)
All these components are vital to a successful CMS for financial institutions.
