I am currently working on writing a full compliance program. I know that internal monitoring is a main portion of the compliance program as recommended by FDIC. I am afraid that this may be an area in which we are not doing as much as we should. Where can I find what internal monitoring is recommended in the areas of compliance. Does anyone have some type of spreadsheet or something that lists what internal monitoring is recommended or which areas your perform monitoring for the different areas?

Hi! I came across your question because I too am looking for something like this. Did you ever find anything?
Thanks!

No, I did not ever get anything to help. I ended up just writing something myself. We are having an audit of our Compliance Program this year so I guess we will see then if I did a good job or not. Good Luck!

I completed a compliance risk assessment in the 4th qtr of 2010 that helps to determine the risks for different laws and regulations. It lists the law or regulation; cite; summary; industry Inherent risk; direction; which policies, procedures or controls to mitigate the risk; bank risk level after controls; the control strenght; residual risk; and audit history.

I will be willing to share the excel sheet. Just PM me and give me your email address and state you want the compliance risk assessment.

I think what areas of internal monitoring that need to be done depends on your level of risk. Definately, areas that have been cited in exams before should be included. Due to all the recent regulatory changes, some areas I identified as Low I actually moved to Moderate due to the increase in regulation. I think if you assign a risk to each regulation, you will get a pretty good idea of what you should be monitoring.