Thread Options
|
#298057 - 01/04/05 08:03 PM
Compliance Officer vs. Internal Auditor
|
Platinum Poster
Joined: Sep 2003
Posts: 729
|
I am looking for banks similar in size and type to ours to tell me how their Compliance Department and Internal Audit Department works.
My bank is $160 million with 87 employees, 11 branches, 2 loan production centers, and 1 mortgage center. We have one Compliance Officer/Internal Auditor who handles all Deposit and Lending Compliance as well as auditing for all areas of the bank.
Is this how other banks handle these departments? If not, what are the responsibilities of the Compliance Officer and the responsibilities of the Internal Auditor?
Thanks for any help!
|
Return to Top
|
|
|
|
#298060 - 01/04/05 09:49 PM
Re: Compliance Officer vs. Internal Auditor
|
Platinum Poster
Joined: Sep 2003
Posts: 729
|
Pizzaz: Do you do internal audits and if so what all do you audit?
|
Return to Top
|
|
|
|
#298063 - 01/05/05 04:50 PM
Re: Compliance Officer vs. Internal Auditor
|
Gold Star
Joined: Oct 2003
Posts: 473
the Bat Cave
|
Just curious "mom," - I am the manager of the Loan Review Department. Exactly what do you audit in Loan Review? We have no transactional authority. Our check and balance is our annual safety and soundness FDIC & State exam. I just never really thought about Audit "auditing" my department - what do you look for?
|
Return to Top
|
|
|
|
#298065 - 01/05/05 06:01 PM
Re: Compliance Officer vs. Internal Auditor
|
Gold Star
Joined: Oct 2003
Posts: 473
the Bat Cave
|
Gottcha. I just wanted to know if I needed to suggest to my audit department that they include my department in their audit schedule to protect my behind!!! But since I am lending compliance also, we review loan files for everything from cash flow and appropriate grade to compliance with all laws and regulations. I also calculate the loan loss adequacy report which is reviewed semi-annually and validated by external auditors. Thanks for the reply. I hope your daughter is having a great day! (and you too!)
|
Return to Top
|
|
|
|
#298066 - 01/05/05 10:22 PM
Re: Compliance Officer vs. Internal Auditor
|
Anonymous
Unregistered
|
I would also be interested to know the difference in bank's compliance officer's role and the internal auditor's roles. Any help out there?
|
Return to Top
|
|
|
|
#298067 - 01/05/05 11:17 PM
Re: Compliance Officer vs. Internal Auditor
|
Anonymous
Unregistered
|
IMHO, the best use of a compliance officer is policy writing, staff training, compliance reviews (sampling and checking for regulatory compliance exceptions), and maybe most importantly help desk for everything regarding regulations (this could simply be a teller with a question about a customer sitting at their station all the way to state/federal legal matters the CEO is curious about). Also, cooridinating exams and government reporting (HMDA/CRA). The best use of an auditor is to perform audits using audit programs and keeping to a calendar approved/established by audit committee. The audits I am familiar with are typically more procedures inspecting and internal control weaknesses related. The auditor should be completely independent of operations (including policy writing) and should audit the compliance function of the bank. Also common for auditors is to include IT auditing.
Again this is simply my opinion and I would be the first to say there is no one right way and everything else is wrong. It depends a lot on the bank and their needs. The board owns the bank and it is their responsibility to address liability.
I would further say in my opinion auditors strive to minimize/reduce financial loss exposure to the bank. Compliance officers strive to minimize/reduce loss from regulatory compliance violation exposure (both potential lawsuit losses and potential governmental penalties).
At many if not most banks employees have to wear multiple hats. I have seen a recent survey that showed about 30% was both compliance and audit, about 30% was compliance and security, about 10% were soley compliance, and the other 30% wore compliance plus another hat besides audit or compliance.
|
Return to Top
|
|
|
|
#298068 - 01/06/05 12:23 AM
Re: Compliance Officer vs. Internal Auditor
|
Platinum Poster
Joined: Sep 2003
Posts: 729
|
Thank you for that last post - that was the information I was looking for as far as responsibilities for CO and IA, but I would still like to get more input from other banks what they do for IA and CO. Thanks!
|
Return to Top
|
|
|
|
#298069 - 01/06/05 12:34 PM
Re: Compliance Officer vs. Internal Auditor
|
10K Club
Joined: Sep 2002
Posts: 13,965
TN
|
I will tell you several years ago I audited the Loan Review function. I found where there were statements in the review that weren't true and brought it to management's attention. Unfortunately, the head of loan review was making short cuts and not obtaining annual statements, but still coming out with satisfactory reviews. It wasn't pretty.
_________________________
My Opinions Only
|
Return to Top
|
|
|
|
#298070 - 01/06/05 04:04 PM
Re: Compliance Officer vs. Internal Auditor
|
Diamond Poster
Joined: May 2004
Posts: 1,475
Big Brother knows and that's a...
|
We are approaching $300 Million in assets. We have 2 auditors, and a compliance officer- seperate from the audit function. 120 FTEs. The CO is only responsible for consumer compliance (go figure) and that is the only hat he wears. In my opinion money could be saved by combining the position with something else, maybe the security officer.
Last edited by jennyfromthebloc; 01/06/05 04:04 PM.
_________________________
My opinion is mine only- not my employer's!
|
Return to Top
|
|
|
|
#298072 - 01/07/05 05:22 PM
Re: Compliance Officer vs. Internal Auditor
|
100 Club
Joined: Jan 2005
Posts: 135
Sunny Florida
|
We are $325MM, 11 offices, 150 employees and I had been wearing Audit and Compliance hats until recently. We added a Loan Compliance officer and I still have Deposit Compliance. She also wound up with HR so I just quietly kept the Deposit Compliance. Progress is progress.
|
Return to Top
|
|
|
|
#298073 - 01/07/05 06:48 PM
Re: Compliance Officer vs. Internal Auditor
|
Gold Star
Joined: Oct 2003
Posts: 473
the Bat Cave
|
Either we are grossly overstaffed, or we are trying to control every aspect operations and human nature because we are at $320,000,000, 152 FTE staff, 6 locations and have an Internal Audit department with 3 (includes deposit compliance and IT security) and a Loan Review Department with 3 (which includes lending compliance, CRA & Freddie Mac quality control).
Last edited by beaten blind; 01/07/05 06:49 PM.
|
Return to Top
|
|
|
|
#298075 - 01/07/05 09:57 PM
Re: Compliance Officer vs. Internal Auditor
|
Gold Star
Joined: Jun 2004
Posts: 290
California
|
We are 1.1B, 14 branches, 280 employees. Compliance Officer/General Counsel w/ one assistant. All auditing is outsourced.
|
Return to Top
|
|
|
|
#298076 - 01/12/05 06:56 PM
Re: Compliance Officer vs. Internal Auditor
|
Anonymous
Unregistered
|
$200 million, 14 branches, 110 employees. Compliance officer - no auditing, Internal auditing - completes all internal audits, also outsource audits as a follow up to the Internal Auditor.
|
Return to Top
|
|
|
|
#298077 - 01/12/05 07:14 PM
Re: Compliance Officer vs. Internal Auditor
|
Member
Joined: Apr 2003
Posts: 79
southeast
|
$650 million, 21 branches, 300 employees, the Audit and Compliance Department is combined and consist of three people. Have separate BSA Officer, Security Officer,a CRA Officer (they wear additional hats). Compliance is monitored by Loan Operations and Deposit Operations. Some monitoring is done by the Audit/Compliance Department - we also audit for compliance so we have to be careful of who is responsible for which audit for independence purposes. We also outsource IT, Consumer Protection, and ACH audits - but we do some in-house auditing in these areas as well. This department was combined back in middle 2004 - seems to be working really well so far.
|
Return to Top
|
|
|
|
#298078 - 01/12/05 10:51 PM
Re: Compliance Officer vs. Internal Auditor
|
Anonymous
Unregistered
|
We are a $185 million bank. We currently have 95 employees. We have 1 CO and 1 IA. The CO also is BSA/CRA/HMDA/Sec Offcr. IA complete consumer audits, NDIP, ACH as well as Safety & Soundness type audits. We also outsource auditing 12-18 months as a checkback to the IA dept.
|
Return to Top
|
|
|
|
#298079 - 01/25/05 02:47 PM
Re: Compliance Officer vs. Internal Auditor
|
Anonymous
Unregistered
|
We are a $270 million bank with 11 branches. Our bank has 1 Compliance Officer, 1 Internal Audit and 1 Security Officer. CO is responsible for Deposit and Lending Compliance and is also the BSA officer. The Compliance Officer has been working with a retired employee to begin conducting compliance audits. I/A performs all other audits, including BSA, NDIP, Deposits, Loans, Maintenance Changes, Funds Transfer, Asset Liability Management, Safeguarding Customer Info, Investments, etc..
|
Return to Top
|
|
|
|
#298080 - 01/26/05 04:27 PM
Re: Compliance Officer vs. Internal Auditor
|
Gold Star
Joined: Feb 2002
Posts: 461
Mississippi River Valley
|
We have a BHC that owns 5-chartered banks, for a total of 18-branches and 350+ employees. In the BHC we have both a compliance dept and an internal audit dept and each dept is staffed with three persons. I am one of the BHC compliance staff. About 90% of the compliance reviews are done by the BHC compliance staff, the other 10% is outsourced. The audit reviews are about 75% done by BHC audit staff with the remaining 25% outsourced.
Within each of the bank charters is a CO, but most of them are in name only....... we are still trying to get them to be more involved within the compliance aspect, but that is an ongoing struggle since that is not their "main job". Each charter also has a CRA Officer, BSA Officer, etc. They may or may not be the same person.
_________________________
How long a minute is depends on what side of the bathroom door you're on.
|
Return to Top
|
|
|
|
#298081 - 02/03/05 05:08 PM
Re: Compliance Officer vs. Internal Auditor
|
Anonymous
Unregistered
|
I just currently took the job as compliance officer and internal auditor. We have not had this position before. Our compliance was divided out amongst different officers and out audits were outsourced. We are a $50 million bank and we have 2 branches and 35 employees. Do we need to do two risk assessments? One for compliance and one for audit? I would love any input.
|
Return to Top
|
|
|
|
#298082 - 02/03/05 05:53 PM
Re: Compliance Officer vs. Internal Auditor
|
10K Club
Joined: Dec 2002
Posts: 40,766
Turnpike Exit 10
|
I know of several banks that do this. How about if you review the programs you will be using and see if it will cover both? I was just thinking, our IA does things like branch audits, bank rec audits, money order/trav check audits... and the like. Those are things I would not do as a CO.
So, I guess you just have to make sure you cover anything. It is probably very manageable for a smaller bank. Maybe all that you need to do is incorporate your compliance reviews with the audit programs. I'll be interested to hear what the others have to say. I know there are several on BOL.
Hopefully you have a strong audit committee as well. Best of luck. Sorry I am not more help.
_________________________
Get your facts first, then you can distort them as you please. - Mark Twain
|
Return to Top
|
|
|
|
#298084 - 02/04/05 05:01 AM
Re: Compliance Officer vs. Internal Auditor
|
Platinum Poster
Joined: Jan 2004
Posts: 555
Louisiana
|
Quote:
Do we need to do two risk assessments? One for compliance and one for audit? I would love any input.
I am over both. We are about $110MM with 4 locations. I do one assessment but I seperate the compliance and IA items. I schedule compliance and IA items at the same time and report on both. For example, when I perform a loan review, I also look at Reg Z, HMDA, RESPA, etc. I find it easier to kill 2 birds with one stone.
Quote:
From an internal audit standpoint, I would not want to be responsible also for the compliance function being that it would compromise my independence. My job is to audit to ensure that the company is acting to ensure the compliance.
I disagree that it compromises my independence. We have a staff Compliance Committee that is made up of key people in each department. Each member is responsible for the day-to-day management of compliance in their area. My role as Chairman of the committee is to make sure that everyone is kept informed of changes, etc. I am also a resource for the "tough calls". Therefore, when I audit, I am more auditing them, then myself. See the FDIC's FIL 52-2003 from 6/20/03. An excerpt from the Overview of the Compliance Exam:
A compliance committee, either as an alternative to or in addition to a full-time compliance officer, could be formed consisting of the compliance officer, representatives from various departments, and member(s) of senior management or the board. However, the ultimate responsibility of overall compliance with all statutes and regulations resides with the board.
This FIL would be a good place for you to start, if you are new to the compliance area. There is also an Interagency Policy Statement on the Internal Audit Function that would also be good for you to read.
_________________________
You gain education by reading the fine print. You gain experience by not.
|
Return to Top
|
|
|
|
#298088 - 02/09/05 04:43 PM
Re: Compliance Officer vs. Internal Auditor
|
100 Club
Joined: Jan 2005
Posts: 135
Sunny Florida
|
I don't think you're overstaffed...we are understaffed. Of course we are probably paid much more than you are.
_________________________
We shall endeavor to persevere.
|
Return to Top
|
|
|
|
#298089 - 02/16/05 07:05 PM
Re: Compliance Officer vs. Internal Auditor
|
Anonymous
Unregistered
|
I am employed at the Holding Company level, holding company owns 3 banks with total 500,000 million. I am responsible for compliance and also assist in audits. We have 3 other individuals in the audit dept. We do all audits and reviews for the 3 banks.
|
Return to Top
|
|
|
|
#298090 - 02/17/05 11:08 PM
Re: Compliance Officer vs. Internal Auditor
|
Anonymous
Unregistered
|
We are 200 mil, 60 employees, 4 branches, 1 LPO and two more branches "in the oven". I am an audit department of one. I do everything except the IT audit; including loan review. I am also the compliance officer. All our managers have the final responsibility for compliance-I make suggestions and facilitate a monthly compliance committee meeting. I do not write policies or procedures, but I do review them. I also review all advertising for compliance and monitor for check kiting. I recently obtained more objectivity in that I report directly to the board and the audit committee chairman (board member) conducts my reviews. This also allows me to assist our external auditors, saving time and money.
Hope this gives you some ideas.
|
Return to Top
|
|
|
|
#298091 - 06/29/05 07:21 AM
Re: Compliance Officer vs. Internal Auditor
|
Anonymous
Unregistered
|
Hi visit www.bis.org and write the word compliance you will find a vary useful information
|
Return to Top
|
|
|
|
#298092 - 06/29/05 12:18 PM
Re: Compliance Officer vs. Internal Auditor
|
Anonymous
Unregistered
|
Hi Kari, I am a new compliance officer. Our bank is $125M and is also in Pa., have a separate internal audit function. I would like to share ideas with you from time to time as it may benefit us both.
|
Return to Top
|
|
|
|
#298093 - 06/29/05 01:55 PM
Re: Compliance Officer vs. Internal Auditor
|
Anonymous
Unregistered
|
Quote:
From an internal audit standpoint, I would not want to be responsible also for the compliance function being that it would compromise my independence. My job is to audit to ensure that the company is acting to ensure the compliance.
An institution can successfully meld compliance and audit, as long as the compliance role involves compliance assurance versus compliance ownership of all compliance activities. In other words, if the business units assimilate the compliance requirements and properly implement their compliance responsibilities, then the compliance assurance testing will evaluate the effectiveness of compliance in that business area. Unfortunately, in many institutions under $500 million the compliance officer is oftentimes stuck with doing the compliance for the business areas. Every institution is different.
|
Return to Top
|
|
|
|
#298095 - 07/08/05 06:56 PM
Re: Compliance Officer vs. Internal Auditor
|
Anonymous
Unregistered
|
don't know but I think the best person to answer this would be EdOils or Devil Queen!!
|
Return to Top
|
|
|
|
#298096 - 07/08/05 07:31 PM
Re: Compliance Officer vs. Internal Auditor
|
10K Club
Joined: Nov 2003
Posts: 12,846
|
Quote:
What about this - is there any conflict of interest in having an Operations Department Manager also be the BSA Officer?
I see no problem with that. There is no reason that the BSA officer needs to be independent of other functions (except the required annual monitoring).
|
Return to Top
|
|
|
|
#298098 - 07/09/05 01:01 PM
Re: Compliance Officer vs. Internal Auditor
|
10K Club
Joined: Jul 2001
Posts: 83,390
Galveston, TX
|
It really depends on their job duties. the new examination guidelines indicates that one of the things to review for is:
Provide for dual controls and the segregation of duties. Employees that complete the reporting forms (e.g., SARs, CTRs, and CTR exemptions) should not also be responsible for filing the reports or granting the exemptions.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com
|
Return to Top
|
|
|
|
#298099 - 07/11/05 12:59 PM
Re: Compliance Officer vs. Internal Auditor
|
10K Club
Joined: Dec 2002
Posts: 40,766
Turnpike Exit 10
|
At my old bank, I was deposit ops mgr adn BSA officer. I didn't do the daily CTRs, but I signed off on them. I did grant the exemptions, and I did file the SARs.
The annual review had to be done by our internal auditor.
_________________________
Get your facts first, then you can distort them as you please. - Mark Twain
|
Return to Top
|
|
|
|
#298100 - 07/11/05 01:42 PM
Re: Compliance Officer vs. Internal Auditor
|
10K Club
Joined: Nov 2003
Posts: 12,846
|
Quote:
Joker, would you say in that case then, that the Operations Department manager should have inquiry only access to the internal systems?
There may be other reasons you would want your operations manager to not have maintenance access to your core systems, but I can't think of one for BSA. You may want to restrict access on BSA software for the reason Randy cited.
|
Return to Top
|
|
|
|
|
|