Financial Industry Governance and Compliance

Sarbanes-Oxley, the USA Patriot Act, Bank Secrecy Acts, Basel II, GLBA, SEC Broker Dealer regulations, EU Directives, and Fair Lending all present a complex web of governance challenges that span the enterprise. "Even where chief risk or compliance officers exist at larger banks, the scope of their responsibility is often remarkably narrow, and many times just involving Fair Lending. Meanwhile SOX and the Patriot Act are divvied up between chief financial officers, chief risk officers, and general counsel," said Michael Sisk, Bank Technology News.

If financial institutions had a enterprise view of all governance activities, this would benefit an institution in several ways: improve business process by leveraging the valuable data gleaned about customers for better marketing and pricing of products and services, reduce the chance that something could fall through the cracks, coordinate system and service purchases to yield significant cost savings.

Decision making across an enterprise is currently disjointed. There are many owners, in multiple functional areas. There are multiple layers of coordination as officers struggle to gather and make sense of the data: weekly compliance committee meetings with HR, finance and lending. There are subcommittee meetings for different compliance legislation and regulation, such as the Patriot Act. There are bi-weekly operational committee meetings to discuss risk across the enterprise. Last, there are corporate governance committee meetings that examine regulatory changes and pending legislation.

Larger financial institutions are overpaying for governance, said French Caldwell, vice president research, Gartner Group. "We estimate this approach adds 130 to 150% more to the cost of the compliance effort - and the technology portion costs ten times as much." Everyone is doing his or her own thing. If there were one overall risk program, "overall complexity would be reduced and visibility would be increased."

Implementation Scenario - Banking AML/BSA

Polivec's capabilities to deal with Anti-Money Laundering and Bank Secrecy Act compliance requirements, specifically those requirements established by the Patriot Act are identified in this brief overview.

The following area of Section 352 of the Patriot Act of an AML/BSA compliance program are managed by the Polivec platform:

• Establish and document policies, procedures and controls
• An ongoing employee education program

Polivec offers the Enterprise Governance Solution that allows Financial organizations to manage their policy environment across four areas: 1) developing and maintaining Policies that meet Government Regulations and sound business processes 2) developing and maintaining current versions of regulations, policies and controls, 3) education and certification of employees, and 4) monitoring the total business environment to ensure compliance. The platform is completely independent of specific policy types, regulations, and has connectors to existing point solutions.

Through the implementation of Polivec's product solution, financial institutions will enable bank personnel to monitor, analyze and act (enterprise wide) in a standardized manner to the AML solution.

Establish and document policies, procedures and controls

Financial institutions have been under scrutiny for quite some time to identify potential threats, mitigate risks and maintain regulatory compliance. To be successful firms must be aware of the AML regulations, the costs of implementing and operating a solution, and the state of technology.

Polivec is designed to complement AML Analysis Solutions

An automated AML monitoring solution is expected to perform analysis, detection and provide for advanced data mining. This functionality is required to provide a context for development of an operational baseline to track anomalous transaction patterns alerting bank staff to further investigate. Polivec's product solution is designed to complement and work with these sophisticated systems that analyze transactional behavioral patterns by managing the firm's AML policy and ensuring that they are applied consistently across different lines of business.

Policy Center

The following items would be stored and maintained in the Polivec Policy Center: Appropriate Federal and other regulations, established corporate standards, policy and business procedures for BSA/AML compliance. This repository will then reflect the expectations of the organization's board of directors regarding BSA/AML.

Activity Manager and Technology Manager

Senior management would use Polivec monitoring capabilities to ensure that the standards are implemented across the organization through effective programs tailored to the activities, business lines, or legal entities. In this way, Polivec allows executive management to demonstrate to the board of directors that an effective BSA/AML compliance program is in place across the consolidated organization.

Awareness Manager

Appropriate personnel will be informed and tested on Corporate policy related to BSA/AML and will receive updates to the policy as required and periodic training and testing to ensure they understand the policy.

Evaluation of AML compliance programs has shown that a lack of adequate employee training resulted in employees deviating from standard procedures in order to accommodate certain large customers. The CMS Awareness solution addresses this need by providing a simple but powerful way for any organization to ensure each employee is aware of and understands the organization's policies. Based on their role, each employee is assigned relevant policies and procedures and is required to review, accept and demonstrate their comprehension. Employees can be required to review policies on a regular basis, ensuring they maintain their understanding of the requirements.

The transition away from task-oriented compliance programs to process-oriented compliance programs

The most compelling benefit of the Polivec solution is that all of these components - policies, regulations, technical and manual monitoring and controls - are linked together, providing a complete enterprise wide view of the compliance program.

Polivec provides the operational backbone and capabilities that manage program compliance content: regulatory, policy and procedural documentation associated with the AML program. This is performed in the following manner:

• Board and management oversight of AML risk and exceptions - Issuance of management directives related to program operation
• Policies and procedures effectiveness documentation:
  • Delegation of duties across business, administrative and operational lines
  • Expertise and skill-sets of its AML compliance organization
  • Results from representative sample testing
• Division of duties/responsibilities among:
  • Management and staff
  • Management, staff and independent contractors
  • Management, staff and outsourced service providers
• Remedial actions in response to regulators' deficiency letters
• Impact of the AML program effectiveness on an institution's UFIRS (Uniform Financial Institution Rating System) and URSIT (Uniform Rating System for Information Technology) ratings.

Summary

Polivec's compliance-risk management program is flexible to respond to change and is tailored to an organization's corporate strategies, business activities, and external environment. The transition away from task-oriented compliance programs to process-oriented compliance programs allows compliance policies to be tested and validated on an ongoing basis. Existing local compliance activities in various business units now become a part of an integrated, global program. This promotes consistency in expectations, documentation, assessments, and reporting.