- Financial services risk and compliance expert with a 360-degree stakeholder perspective based on deep experience in and with financial institutions, government bodies, vendors and industry associations
- As Chief Regulatory Officer for IBM Global Financial Services Sector, initiated and managed collaborative relationships between IBM and regulatory bodies and launched IBM's global Extensible Reporting Language program
- Appointed the first Director of the Trade and Development Agency and worked in close coordination with Ex-Im Bank, the Overseas Private Investment Corporation, World Bank, IFC, and regional MDBs such as the Asian Development Bank and the EBRD
- All 10 Best Practices
- Pre-Call Discovery Process
- One-on-One Call with Expert
- Session Summary Report
- Post-Session Engagement
Bank Enterprise Risk Assessment - Optimizing Risk to Build Value
- BSA/AML (Bank Secrecy Act/Anti-Money Laundering)
The Currency and Foreign Transactions Reporting Act of 1970 (commonly referred to as the "Bank Secrecy Act") requires U.S. financial institutions to assist U.S. government agencies to detect and prevent money laundering.
- CAMELS (Capital adequacy, Asset quality, Management, Earnings, Liquidity, Sensitivity to market risk)
A uniform interagency rating system adopted by the FFIEC. CAMELS originated in the U.S. to classify a bank's overall condition and is now used globally. The ratings range from 1 (strong) to 5 (critically deficient). Ratings are based on analysis of financial statements combined with on-site examinations. A bank's CAMELS rating is typically known only to the primary regulator that decides the score and senior management.
- CFR (Code of Federal Regulations)
The CFR is an annual codification of the general and permanent rules published in the Federal Register by the executive departments and agencies of the federal government.
[Source: the Federal Register]
- CIP (Customer Identification Program)
All banks must have a written CIP that is incorporated into the bank's BSA/AML compliance program. The CIP is intended to enable a bank to form a reasonable belief that it knows the true identity of each customer. It must include account opening procedures that specify the identifying information to be obtained from each customer.
- Enterprise Risk Assessment (ERA)
Development of the risk assessment generally involves two steps: first, the bank's specific risk categories (products, services, customers, entities, transactions, and geographic locations) are identified; and second is a detailed analysis of the data identified to assess the inherent risk and residual risk within those categories. The resulting risk profile determines the composition of the bank's written compliance program.
Holding companies or lead financial institutions that implement enterprise-wide compliance programs should assess risk vertically within business lines and horizontally across all activities and legal entities.
(Source: FFIEC Examiners Manual)
- Enterprise Risk Management
There are many definitions of enterprise risk management, but for the purpose of this business topic, it refers to an integrated approach to identifying, assessing, managing, and monitoring risk across the enterprise to promote business success.
Enterprise risk management recognizes and leverages the interconnectivity of different risks and gauges how they can interact to magnify the total impact. This enterprise view can streamline the control structure and increase its efficiency.
- FATF (Financial Action Task Force on Money Laundering
An inter-governmental policy making body whose purpose is to establish international standards, and to develop and promote policies, both at national and international levels, to combat money laundering and financing of terrorism
- FFIEC (Federal Financial Institutions Examination Council)
Member FFIEC agencies include the Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System, and the Consumer Financial Protection Bureau (CFPB)
- FIU (Financial Intelligence Unit)
In the context of this business topic, FIU refers to commercial bank units responsible for identifying, investigating, and reporting suspicious activity including money laundering, terrorist financing, and fraud, as well as providing analytical and operational support to such compliance programs.
More generally, FIU is defined as "A central national agency responsible for receiving (and, as permitted, requesting), and analyzing and disseminating to the competent authorities, disclosures of financial information (i) concerning suspected proceeds of crime, or (ii) required by national legislation or regulation, in order to counter money laundering." [Source: The Egmont Group].
The Financial Crimes Enforcement Network (FinCEN) serves as the FIU for the U.S.
- Inherent Risk
Inherent risk assesses the nature, complexity, and volume of activities giving rise to risk in question. It is important to remember that this assessment of risk is made without considering management processes and controls; rather, these factors are considered in evaluating the adequacy of the institution's risk management systems. Inherent risk is described as high, moderate, or low
Source: Federal Reserve Board's "Framework for Risk-Focused Supervision of Large Complex Institutions," August 8,1997
- KYC (Know Your Customer)
KYC is a foundational requirement of an anti-money laundering compliance program. It involves the Customer Identification Program (CIP) to have reasonable assurance of the true identity of a customer, and Customer Due Diligence (CDD) to understand the account purpose, the nature of a customer's business, and anticipated patterns of transaction. CDD results in an initial customer risk ranking, High, Medium, and Low. If the ranking is medium to high, Enhanced Due Diligence (EDD) should be employed to learn more about the customer and the degree of AML risk. Accounts of higher risk customers should either not be opened, or be subject to enhanced transaction monitoring.
- MLR (Money Laundering Risk System)
An OCC risk identification and analytical tool used in community banks to identify potentially high-risk banks and activities. The combination of ongoing supervision and targeted examinations allows the OCC to determine the adequacy of a bank's BSA/AML compliance program
- MRA (Matters Requiring Attention)
Constitute matters arising from an examination that are important and that regulators expect a banking organization to address over time.
- MRIA (Matters Requiring Immediate Attention)
Matters arising from an examination that require a bank to address immediately. These tend to be matters of significant importance and urgency and may relate to safety and soundness.
- OFAC (Office of Foreign Assets Control)
OFAC is an office of the U.S. Treasury that administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals against entities such as targeted foreign countries, terrorists, international narcotic traffickers, and those engaged in activities related to the proliferation of weapons of mass destruction
- Residual Risk
Residual risk is the level of risk remaining after controls have been implemented. Residual risk typically categorized as high, moderate, or low.
- SARs (Suspicious Activity Reports)
Under 12 CFR 21.11, national banks are required to report known or suspected criminal offenses at specified thresholds, or transactions over $5,000 that they suspect involve money laundering or violate the Bank Secrecy Act. To make that report, the filing institution prepares a SAR, which it files with the Financial Crimes Enforcement Network (FinCEN) of the Treasury Department. The reports are then made available electronically to appropriate law enforcement agencies. Similar regulations by other regulators apply to other financial institutions