Thread Options
|
#1666170 - 02/16/12 03:20 PM
Compliance Audits vs. Compliance Monitoring
|
Member
Joined: Feb 2010
Posts: 64
|
IMO Compliance regulations should be included in the audit universe and subject to audit. We outsource our audit function and they have not included any compliance audits in their audit plan. The answer I received, "Compliance performs monitoring reviews based on their regulator's exam program. We don't need to perform compliance audits because we're relying on your monitoring program." Am I missing something? I would think compliance would be part of any bank audit plan. Thoughts?
|
Return to Top
|
|
|
|
#1666221 - 02/16/12 04:07 PM
Re: Compliance Audits vs. Compliance Monitoring
GatorsFan
|
100 Club
Joined: Jun 2011
Posts: 156
New York, NY
|
We don't need to perform compliance audits because we're relying on your monitoring program. Seems like your IA doesn't know what they are talking about. Basically, they refuse to audit your bank's AML program because they solely rely on your internal procedures? This is a recipe to disaster... One of the four pillars of BSA is having an independent audit to test your bank's overall AML Compliance program. You may be better off by finding a competent IA.
_________________________
"Give thanks in all circumstances; for this is God's will for you in Christ Jesus." -Thessalonians 5:18
|
Return to Top
|
|
|
|
#1666305 - 02/16/12 05:31 PM
Re: Compliance Audits vs. Compliance Monitoring
GatorsFan
|
100 Club
Joined: Nov 2007
Posts: 114
|
Agree with Aqua
At our institution, Compliance does some monitoring, but we still have our Internal Audit department conduct Compliance audits.
|
Return to Top
|
|
|
|
#1666314 - 02/16/12 05:37 PM
Re: Compliance Audits vs. Compliance Monitoring
GatorsFan
|
10K Club
Joined: Dec 2000
Posts: 21,293
|
IMO Compliance regulations should be included in the audit universe and subject to audit. We outsource our audit function and they have not included any compliance audits in their audit plan. The answer I received, "Compliance performs monitoring reviews based on their regulator's exam program. We don't need to perform compliance audits because we're relying on your monitoring program." Am I missing something? I would think compliance would be part of any bank audit plan. Thoughts? In some situations, if a bank has an extensive compliance monitoring process, the audit will audit that process and do validation testing to ensure that it is a good process and can be relied upon. It won't repeat the same level of testing but the audit still occurs. In other cases, with a less formal monitoring program, there will be full audits of the regulations. I don't see where AML was referenced in the original post.
|
Return to Top
|
|
|
|
#1666392 - 02/16/12 06:56 PM
Re: Compliance Audits vs. Compliance Monitoring
Kathleen O. Blanchard
|
100 Club
Joined: Jun 2011
Posts: 156
New York, NY
|
I don't see where AML was referenced in the original post. KB, referenced or not, AML is inclusive of the overall banking Compliance. Bottom line - an independent audit/testing MUST be performed across the entire compliance program at least on an annual basis.
_________________________
"Give thanks in all circumstances; for this is God's will for you in Christ Jesus." -Thessalonians 5:18
|
Return to Top
|
|
|
|
#1666401 - 02/16/12 07:02 PM
Re: Compliance Audits vs. Compliance Monitoring
GatorsFan
|
10K Club
Joined: Jul 2001
Posts: 83,364
Galveston, TX
|
Probably not something that needs to be explained to KB as she does this for a living
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com
|
Return to Top
|
|
|
|
#1666423 - 02/16/12 07:21 PM
Re: Compliance Audits vs. Compliance Monitoring
Kathleen O. Blanchard
|
Member
Joined: Feb 2010
Posts: 64
|
IMO Compliance regulations should be included in the audit universe and subject to audit. We outsource our audit function and they have not included any compliance audits in their audit plan. The answer I received, "Compliance performs monitoring reviews based on their regulator's exam program. We don't need to perform compliance audits because we're relying on your monitoring program." Am I missing something? I would think compliance would be part of any bank audit plan. Thoughts? In some situations, if a bank has an extensive compliance monitoring process, the audit will audit that process and do validation testing to ensure that it is a good process and can be relied upon. It won't repeat the same level of testing but the audit still occurs. In other cases, with a less formal monitoring program, there will be full audits of the regulations. I don't see where AML was referenced in the original post. Thanks to everyone for their responses. Just an note, our compliance monitoring process is not extensive. I would not feel comfortable having an auditor rely on the testing as we can never cover everything that should to be covered.
|
Return to Top
|
|
|
|
#1666425 - 02/16/12 07:37 PM
Re: Compliance Audits vs. Compliance Monitoring
AquaMarine
|
10K Club
Joined: Dec 2000
Posts: 21,293
|
I don't see where AML was referenced in the original post. KB, referenced or not, AML is inclusive of the overall banking Compliance. Bottom line - an independent audit/testing MUST be performed across the entire compliance program at least on an annual basis. I mentioned it because everyone went off on a tangent about AML and that is not usually part of a bank's "compliance monitoring program" which focuses on testing loans and deposits for the "usual" regs like B, Z, etc.
|
Return to Top
|
|
|
|
#1666426 - 02/16/12 07:38 PM
Re: Compliance Audits vs. Compliance Monitoring
GatorsFan
|
10K Club
Joined: Dec 2000
Posts: 21,293
|
IMO Compliance regulations should be included in the audit universe and subject to audit. We outsource our audit function and they have not included any compliance audits in their audit plan. The answer I received, "Compliance performs monitoring reviews based on their regulator's exam program. We don't need to perform compliance audits because we're relying on your monitoring program." Am I missing something? I would think compliance would be part of any bank audit plan. Thoughts? In some situations, if a bank has an extensive compliance monitoring process, the audit will audit that process and do validation testing to ensure that it is a good process and can be relied upon. It won't repeat the same level of testing but the audit still occurs. In other cases, with a less formal monitoring program, there will be full audits of the regulations. I don't see where AML was referenced in the original post. Thanks to everyone for their responses. Just an note, our compliance monitoring process is not extensive. I would not feel comfortable having an auditor rely on the testing as we can never cover everything that should to be covered. Then in this case, yes you need compliance audits!
|
Return to Top
|
|
|
|
#1666471 - 02/16/12 07:53 PM
Re: Compliance Audits vs. Compliance Monitoring
AquaMarine
|
10K Club
Joined: Jul 2004
Posts: 18,989
|
I don't see where AML was referenced in the original post. KB, referenced or not, AML is inclusive of the overall banking Compliance. Bottom line - an independent audit/testing MUST be performed across the entire compliance program at least on an annual basis. The examiners include AML with their S&S exams, not compliance.
_________________________
With the lights out, it's less dangerous.
|
Return to Top
|
|
|
|
#1666589 - 02/16/12 09:44 PM
Re: Compliance Audits vs. Compliance Monitoring
A_G
|
Diamond Poster
Joined: Nov 2004
Posts: 2,309
|
In my last exam which was our first with the OCC, the person handling the compliance part of the exam covered BSA/AML.
_________________________
Opinions expressed are my own and not necessarily those of my employer. They are not legal advice.
|
Return to Top
|
|
|
|
#1666673 - 02/17/12 12:43 PM
Re: Compliance Audits vs. Compliance Monitoring
Kathleen O. Blanchard
|
10K Club
Joined: Jul 2004
Posts: 18,989
|
Sorry - I didn't mean to imply it was a lending or finance S&S examiner; only that the BSA examiners have always been onsite with those examiners (not with the "traditional" compliance ones), and as you mention, include BSA in that report.
_________________________
With the lights out, it's less dangerous.
|
Return to Top
|
|
|
|
#1666778 - 02/17/12 02:25 PM
Re: Compliance Audits vs. Compliance Monitoring
GatorsFan
|
Power Poster
Joined: Nov 2003
Posts: 3,726
|
As I have tried, unsuccessfully, to implement, I think compliance monitoring is first done at the department level- they need to be responsible for ensuring their staff is following compliance rules and usually do so using checklists, etc. Then compliance spot checks the process and checklists. Additional compliance monitoring by compliance would be checking after a software upgrade or shortly after a new regulation is implemented. My monitoring is NOT fully based on the examiner's audit but rather on the key points of the regulation where the bank would be likely to make a mistake. Internal audit then does the full examiner's audit.
While this all makes sense to me, it can't be documented neatly into a "schedule" or reported in a consistent format like an audit can, so I get stuck doing the examiner's audit. Even commercial monitoring programs you can buy are just the regulator's audit broken down into pieces.
Am I the one off base here? What good does it do to check a box saying "Yes, we don't discriminate" if you aren't digging deeper into HOW you don't discriminate???
_________________________
It's not that I take life for granted. It's only that the good won't make it. Innocence dies, while Villany Thrives.
|
Return to Top
|
|
|
|
|
|