BID® Daily Newsletter
Nov 6, 2019

BID® Daily Newsletter

Nov 6, 2019

Best Practices For Audit Fundamentals

Summary: Today, we offer some thoughts around best practices to ensure your bank is not only following regulations--but also minimizing risk.

Scientific researchers have developed a small nanolaser that is capable of functioning inside living tissue. The laser could be used to sense disease biomarkers or treat neurological disorders deep within the brain such as epilepsy.
As your team maintains a laser focus on compliance, we offer some thoughts around best practices to better ensure your bank is not only following regulations--but also minimizing risk.
First, conducting compliance audits during times when there will be no other reviews, including examinations from bank regulators, can not only prepare you, but also reduce team stress. How often audits are conducted depends on the risk profile of each business line; so lines that carry more risk or have a heavy amount of transactions should be audited multiple times a year. This compares to business lines that pose less risk that might only need to be audited every 2Ys. Of course, audit remediation plans should be scheduled immediately, if issues are discovered.
Many community banks struggle with how to approach compliance audits. They ask whether they should review customer files by function or product, or first consider each regulation that must be followed and review all files that pertain to each particular regulation. Most experts say it's more efficient to review files by either function or product to eliminate redundant file opening and viewing. Of course, that assumes there is no issue with following a particular regulation.
Within each business line, auditors should determine whether there are gaps in compliance, created when managers or line staff develops their own cheat sheets, guidelines or other shortcuts to perform their respective duties. Auditors should compare materials against the compliance department's official policies to determine if anything needs to be rewritten.
Auditors should test whether business line procedures are following not only all applicable laws and regulations, but also take into account where each business line has customers. Indeed, online-only operations might conceivably have customers anywhere in the country. Business lines also have to make sure they are following all of the various state rules on how to collect debts, send out deficiency letters and send out notices.
When determining sample sizes of customer files to review, the granularity will depend on the volume of the portfolio, the geographic and demographic mix, and the level of risk within each product line. Regulators are happy to provide guidelines on how a community bank can best develop sample sizes, depending on their particular portfolio mix and risk profile.
If your in-house team is conducting compliance audits on their own, there are many resources to help. These include: the ABA's Compliance Audit Manual, and the ICBA's Bank Compliance Checkup Program.
You might also consider outsourcing audits to third-party compliance professionals who have specialized expertise reviewing numerous types of bank portfolios and risk profiles. Either way, there are best practices to help you succeed!
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

How CFIs Can Maintain Adequate Capital in a Downturn
The Federal Reserve just concluded its annual capital adequacy annual stress test with 33 participating banks. While regulators don’t require CFIs to run stress tests to assess their capital adequacy, the federal banking supervisory agencies indicate that they should have the capacity to analyze the potential impact of adverse outcomes, and particularly encourage this for CFIs with CRE portfolios. We provide four steps to help form the foundation of an effective capital planning process.
Serious Hack-Attack-You Have 36 Hours to Report It
CFIs and other banks now have 36 hours to report serious hacks, including those that may disrupt operations, cause material losses or even threaten the stability of the entire financial system. Is 36 hours enough time for CFIs?