Skip to content
BOL Conferences
Page 1 of 2 1 2
Thread Options
#298057 - 01/04/05 08:03 PM Compliance Officer vs. Internal Auditor
Snowgirl Offline
Platinum Poster
Joined: Sep 2003
Posts: 729
I am looking for banks similar in size and type to ours to tell me how their Compliance Department and Internal Audit Department works.

My bank is $160 million with 87 employees, 11 branches, 2 loan production centers, and 1 mortgage center. We have one Compliance Officer/Internal Auditor who handles all Deposit and Lending Compliance as well as auditing for all areas of the bank.

Is this how other banks handle these departments? If not, what are the responsibilities of the Compliance Officer and the responsibilities of the Internal Auditor?

Thanks for any help!

Return to Top
Audit
#298058 - 01/04/05 08:10 PM Re: Compliance Officer vs. Internal Auditor
Kari Offline
100 Club
Kari
Joined: Sep 2002
Posts: 131
PA
We are a $156 million bank with 47 employees - 4 branches - 1 loan department. I am the compliance ofcr/interal auditor who handles all deposit and lending auditing. Besides these hats I oversee HR and marketing. Sorry I couldn't put more of a positive spin and get you some help. But after 4 years I finally rec'd an HR generalist and a marketing coordinator to assist me. But compliance is still all mine. Hope this helps. Have a great NY!

Return to Top
#298059 - 01/04/05 09:16 PM Re: Compliance Officer vs. Internal Auditor
P*Q Offline

Power Poster
P*Q
Joined: May 2001
Posts: 8,458
Somewhere
We are $250 million, 6 branches, 1 loan center. I am compliance officer and internal auditor, security officer, etc.... However, we also outsource annual audits of all compliance areas to an external audit firm. They're my check and balance.

Return to Top
#298060 - 01/04/05 09:49 PM Re: Compliance Officer vs. Internal Auditor
Snowgirl Offline
Platinum Poster
Joined: Sep 2003
Posts: 729
Pizzaz: Do you do internal audits and if so what all do you audit?

Return to Top
#298061 - 01/05/05 03:32 PM Re: Compliance Officer vs. Internal Auditor
P*Q Offline

Power Poster
P*Q
Joined: May 2001
Posts: 8,458
Somewhere
I do internal self-assessment audits of loan files, deposit operations compliance, NDIP and branch audits. Our external audit firm conducts audits in the above area annually, as a cross-check to me.

Return to Top
#298062 - 01/05/05 03:55 PM Re: Compliance Officer vs. Internal Auditor
QCL Offline
Power Poster
QCL
Joined: May 2002
Posts: 6,259
NW IL
We are $280 million, 5 branches.
2 in the audit dept (including me). One of us is also IT and compliance. The other(that's me) is SLOWING taking on the compliance role, too. We have a seperate loan review dept., that I audit quarterly.

Return to Top
#298063 - 01/05/05 04:50 PM Re: Compliance Officer vs. Internal Auditor
beaten blind Offline
Gold Star
Joined: Oct 2003
Posts: 473
the Bat Cave
Just curious "mom," - I am the manager of the Loan Review Department. Exactly what do you audit in Loan Review? We have no transactional authority. Our check and balance is our annual safety and soundness FDIC & State exam. I just never really thought about Audit "auditing" my department - what do you look for?

Return to Top
#298064 - 01/05/05 05:32 PM Re: Compliance Officer vs. Internal Auditor
QCL Offline
Power Poster
QCL
Joined: May 2002
Posts: 6,259
NW IL
I am mostly looking at a selection of files for compliance violations, whereas the loan review is looking at them for credit/ collateral worthiness. So I guess it's not really an audit of the "loan review" dept., sorry if I sounded like that.

I look to make sure the Grade assigned to a loan agrees to our system, there is compliance with Reg. Z, the board is properly aware of Watch list and Classified loans, bank policy is being followed, upgraded or downgraded loans are properly approved, and that there is proper documentation of charged off loans. I also do this audit with a Reserve for Loan Loss audit, so I am particularly concerned with the amounts that make up each of our grading categories.

Return to Top
#298065 - 01/05/05 06:01 PM Re: Compliance Officer vs. Internal Auditor
beaten blind Offline
Gold Star
Joined: Oct 2003
Posts: 473
the Bat Cave
Gottcha. I just wanted to know if I needed to suggest to my audit department that they include my department in their audit schedule to protect my behind!!! But since I am lending compliance also, we review loan files for everything from cash flow and appropriate grade to compliance with all laws and regulations. I also calculate the loan loss adequacy report which is reviewed semi-annually and validated by external auditors. Thanks for the reply. I hope your daughter is having a great day! (and you too!)

Return to Top
#298066 - 01/05/05 10:22 PM Re: Compliance Officer vs. Internal Auditor
Anonymous
Unregistered

I would also be interested to know the difference in bank's compliance officer's role and the internal auditor's roles. Any help out there?

Return to Top
#298067 - 01/05/05 11:17 PM Re: Compliance Officer vs. Internal Auditor
Anonymous
Unregistered

IMHO, the best use of a compliance officer is policy writing, staff training, compliance reviews (sampling and checking for regulatory compliance exceptions), and maybe most importantly help desk for everything regarding regulations (this could simply be a teller with a question about a customer sitting at their station all the way to state/federal legal matters the CEO is curious about). Also, cooridinating exams and government reporting (HMDA/CRA). The best use of an auditor is to perform audits using audit programs and keeping to a calendar approved/established by audit committee. The audits I am familiar with are typically more procedures inspecting and internal control weaknesses related. The auditor should be completely independent of operations (including policy writing) and should audit the compliance function of the bank. Also common for auditors is to include IT auditing.

Again this is simply my opinion and I would be the first to say there is no one right way and everything else is wrong. It depends a lot on the bank and their needs. The board owns the bank and it is their responsibility to address liability.

I would further say in my opinion auditors strive to minimize/reduce financial loss exposure to the bank. Compliance officers strive to minimize/reduce loss from regulatory compliance violation exposure (both potential lawsuit losses and potential governmental penalties).

At many if not most banks employees have to wear multiple hats. I have seen a recent survey that showed about 30% was both compliance and audit, about 30% was compliance and security, about 10% were soley compliance, and the other 30% wore compliance plus another hat besides audit or compliance.

Return to Top
#298068 - 01/06/05 12:23 AM Re: Compliance Officer vs. Internal Auditor
Snowgirl Offline
Platinum Poster
Joined: Sep 2003
Posts: 729
Thank you for that last post - that was the information I was looking for as far as responsibilities for CO and IA, but I would still like to get more input from other banks what they do for IA and CO. Thanks!

Return to Top
#298069 - 01/06/05 12:34 PM Re: Compliance Officer vs. Internal Auditor
Skittles Offline
10K Club
Skittles
Joined: Sep 2002
Posts: 13,965
TN
I will tell you several years ago I audited the Loan Review function. I found where there were statements in the review that weren't true and brought it to management's attention. Unfortunately, the head of loan review was making short cuts and not obtaining annual statements, but still coming out with satisfactory reviews. It wasn't pretty.
_________________________
My Opinions Only

Return to Top
#298070 - 01/06/05 04:04 PM Re: Compliance Officer vs. Internal Auditor
J2C Offline
Diamond Poster
Joined: May 2004
Posts: 1,475
Big Brother knows and that's a...
We are approaching $300 Million in assets. We have 2 auditors, and a compliance officer- seperate from the audit function. 120 FTEs. The CO is only responsible for consumer compliance (go figure) and that is the only hat he wears. In my opinion money could be saved by combining the position with something else, maybe the security officer.
Last edited by jennyfromthebloc; 01/06/05 04:04 PM.
_________________________
My opinion is mine only- not my employer's!


Return to Top
#298071 - 01/06/05 05:54 PM Re: Compliance Officer vs. Internal Auditor
Bullseye Offline
Platinum Poster
Bullseye
Joined: Jan 2004
Posts: 968
We are approaching $500 Million in assets and have 7 branches and about 200 employees. Here we have a full time Internal Auditor (focuses on internal controls, matching procedures with bank policy), full time CRA/CO (handles loan review, policies, training, large bank CRA & does various other audits for bank-wide compliance) & full time CO Assistant (handles CRA/HMDA data entry, monitors flood insurance, Reg D violations, etc.). Our BSA and Security is handled by people that wear additional hats.

Return to Top
#298072 - 01/07/05 05:22 PM Re: Compliance Officer vs. Internal Auditor
GregS Offline
100 Club
Joined: Jan 2005
Posts: 135
Sunny Florida
We are $325MM, 11 offices, 150 employees and I had been wearing Audit and Compliance hats until recently. We added a Loan Compliance officer and I still have Deposit Compliance. She also wound up with HR so I just quietly kept the Deposit Compliance. Progress is progress.

Return to Top
#298073 - 01/07/05 06:48 PM Re: Compliance Officer vs. Internal Auditor
beaten blind Offline
Gold Star
Joined: Oct 2003
Posts: 473
the Bat Cave
Either we are grossly overstaffed, or we are trying to control every aspect operations and human nature because we are at $320,000,000, 152 FTE staff, 6 locations and have an Internal Audit department with 3 (includes deposit compliance and IT security) and a Loan Review Department with 3 (which includes lending compliance, CRA & Freddie Mac quality control).
Last edited by beaten blind; 01/07/05 06:49 PM.
Return to Top
#298074 - 01/07/05 09:53 PM Re: Compliance Officer vs. Internal Auditor
Richard Insley Offline
10K Club
Richard Insley
Joined: Oct 2000
Posts: 10,179
Toano, VA
Quote:

...we are grossly overstaffed...because we are at $320,000,000....



Asset size only matters when it comes to CRA. Of much greater importance, you need to consider factors like:
  • the range and complexity of your products (plain vanila vs. head to head with money center banks)
  • your history (banks under or coming off a formal enforcement action will have extra strength risk control)
  • your structure (departmentalized vs. generalists)
  • your customer base (international private banking clients, for example, skyrocket the need for CIP/KYC/AML work)
  • your systems (home-grown consume more staff resources than outsourced)
_________________________
...gone fishing.

Return to Top
#298075 - 01/07/05 09:57 PM Re: Compliance Officer vs. Internal Auditor
berico Offline
Gold Star
Joined: Jun 2004
Posts: 290
California
We are 1.1B, 14 branches, 280 employees. Compliance Officer/General Counsel w/ one assistant. All auditing is outsourced.

Return to Top
#298076 - 01/12/05 06:56 PM Re: Compliance Officer vs. Internal Auditor
Anonymous
Unregistered

$200 million, 14 branches, 110 employees. Compliance officer - no auditing, Internal auditing - completes all internal audits, also outsource audits as a follow up to the Internal Auditor.

Return to Top
#298077 - 01/12/05 07:14 PM Re: Compliance Officer vs. Internal Auditor
Roun Offline
Member
Joined: Apr 2003
Posts: 79
southeast
$650 million, 21 branches, 300 employees, the Audit and Compliance Department is combined and consist of three people. Have separate BSA Officer, Security Officer,a CRA Officer (they wear additional hats). Compliance is monitored by Loan Operations and Deposit Operations. Some monitoring is done by the Audit/Compliance Department - we also audit for compliance so we have to be careful of who is responsible for which audit for independence purposes. We also outsource IT, Consumer Protection, and ACH audits - but we do some in-house auditing in these areas as well. This department was combined back in middle 2004 - seems to be working really well so far.

Return to Top
#298078 - 01/12/05 10:51 PM Re: Compliance Officer vs. Internal Auditor
Anonymous
Unregistered

We are a $185 million bank. We currently have 95 employees. We have 1 CO and 1 IA. The CO also is BSA/CRA/HMDA/Sec Offcr. IA complete consumer audits, NDIP, ACH as well as Safety & Soundness type audits. We also outsource auditing 12-18 months as a checkback to the IA dept.

Return to Top
#298079 - 01/25/05 02:47 PM Re: Compliance Officer vs. Internal Auditor
Anonymous
Unregistered

We are a $270 million bank with 11 branches. Our bank has 1 Compliance Officer, 1 Internal Audit and 1 Security Officer. CO is responsible for Deposit and Lending Compliance and is also the BSA officer. The Compliance Officer has been working with a retired employee to begin conducting compliance audits. I/A performs all other audits, including BSA, NDIP, Deposits, Loans, Maintenance Changes, Funds Transfer, Asset Liability Management, Safeguarding Customer Info, Investments, etc..

Return to Top
#298080 - 01/26/05 04:27 PM Re: Compliance Officer vs. Internal Auditor
Some Days You Just Can't Win Offline
Gold Star
Some Days You Just Can't Win
Joined: Feb 2002
Posts: 461
Mississippi River Valley
We have a BHC that owns 5-chartered banks, for a total of 18-branches and 350+ employees. In the BHC we have both a compliance dept and an internal audit dept and each dept is staffed with three persons. I am one of the BHC compliance staff. About 90% of the compliance reviews are done by the BHC compliance staff, the other 10% is outsourced. The audit reviews are about 75% done by BHC audit staff with the remaining 25% outsourced.

Within each of the bank charters is a CO, but most of them are in name only....... we are still trying to get them to be more involved within the compliance aspect, but that is an ongoing struggle since that is not their "main job". Each charter also has a CRA Officer, BSA Officer, etc. They may or may not be the same person.
_________________________
How long a minute is depends on what side of the bathroom door you're on.

Return to Top
#298081 - 02/03/05 05:08 PM Re: Compliance Officer vs. Internal Auditor
Anonymous
Unregistered

I just currently took the job as compliance officer and internal auditor. We have not had this position before. Our compliance was divided out amongst different officers and out audits were outsourced. We are a $50 million bank and we have 2 branches and 35 employees. Do we need to do two risk assessments? One for compliance and one for audit? I would love any input.

Return to Top
Page 1 of 2 1 2

Moderator:  Andy_Z