PCBB
BID Daily Newsletter
November 06, 2019

BID Daily Newsletter

November 06, 2019

Best Practices For Audit Fundamentals

Summary: Today, we offer some thoughts around best practices to ensure your bank is not only following regulations--but also minimizing risk.
Scientific researchers have developed a small nanolaser that is capable of functioning inside living tissue. The laser could be used to sense disease biomarkers or treat neurological disorders deep within the brain such as epilepsy.
As your team maintains a laser focus on compliance, we offer some thoughts around best practices to better ensure your bank is not only following regulations--but also minimizing risk.
First, conducting compliance audits during times when there will be no other reviews, including examinations from bank regulators, can not only prepare you, but also reduce team stress. How often audits are conducted depends on the risk profile of each business line; so lines that carry more risk or have a heavy amount of transactions should be audited multiple times a year. This compares to business lines that pose less risk that might only need to be audited every 2Ys. Of course, audit remediation plans should be scheduled immediately, if issues are discovered.
Many community banks struggle with how to approach compliance audits. They ask whether they should review customer files by function or product, or first consider each regulation that must be followed and review all files that pertain to each particular regulation. Most experts say it's more efficient to review files by either function or product to eliminate redundant file opening and viewing. Of course, that assumes there is no issue with following a particular regulation.
Within each business line, auditors should determine whether there are gaps in compliance, created when managers or line staff develops their own cheat sheets, guidelines or other shortcuts to perform their respective duties. Auditors should compare materials against the compliance department's official policies to determine if anything needs to be rewritten.
Auditors should test whether business line procedures are following not only all applicable laws and regulations, but also take into account where each business line has customers. Indeed, online-only operations might conceivably have customers anywhere in the country. Business lines also have to make sure they are following all of the various state rules on how to collect debts, send out deficiency letters and send out notices.
When determining sample sizes of customer files to review, the granularity will depend on the volume of the portfolio, the geographic and demographic mix, and the level of risk within each product line. Regulators are happy to provide guidelines on how a community bank can best develop sample sizes, depending on their particular portfolio mix and risk profile.
If your in-house team is conducting compliance audits on their own, there are many resources to help. These include: the ABA's Compliance Audit Manual, and the ICBA's Bank Compliance Checkup Program.
You might also consider outsourcing audits to third-party compliance professionals who have specialized expertise reviewing numerous types of bank portfolios and risk profiles. Either way, there are best practices to help you succeed!