Answer:
The scopes of both programs should be risk based and it’s more important to look at functions, transactions, processes, etc that could pose higher financial risk, in terms of restitution or civil money penalties, or compliance risk in the form of a regulatory action. If your bank conducted a periodic (likely annual) compliance management program self-assessment look there first to determine the highest residual risks in the bank and make sure they are covered in both your audit and monitoring program. If a self-assessment is not conducted, review the previous compliance examination report and the past compliance audit report for recently identified violations that still should be on the high-risk list. You will also need to include any of the bank’s new products or services in the scope of both the monitoring and auditing programs and finally you will need to review recent regulatory enforcement actions to determine what issues have surfaced among your peers.
-----------------------------
Learn more about Don Blaine and Matt Evan’s webinar
Deposit Compliance Auditing and Monitoring Programs
print
share