- "To assist you in your efforts to fine-tune your compliance-risk management programs, I'd like to give you a sense of what Federal Reserve examiners look for when they conduct examinations....I will also take a few minutes to address our more focused work in two particularly important areas of regulatory compliance: compliance with BSA [Bank Secrecy Act] requirements and Home Mortgage Disclosure Act (HMDA) data reporting requirements."
- " Overall, a banking organization's compliance-risk management program should enable it to adequately identify, measure, monitor, and control the compliance risks involved in its various products and lines of business. These are fundamental principles not only for compliance-risk management, but also for sound management of credit, market, liquidity, and operational risk.
"It's worth taking a moment to define compliance risk. It is the risk of legal or regulatory sanctions, financial loss, or damage to reputation and franchise value that may arise when an organization fails to comply with laws, regulations, or standards or codes of conduct of self-regulatory organizations applicable to the business activities and functions of the banking organization."
- "Generally, a Federal Reserve examination team begins by defining the scope of the examination; this is when examiners determine the areas of focus and level of scrutiny."
- "Federal Reserve examinations for compliance-risk management are not designed to be gotcha games in which examiners look for one-time breaches of specific regulations or laws. Rather, these examinations are designed to assess the adequacy of the structure and processes the institution uses for managing compliance risk. Examiners are expected to look for the bigger picture and to look at the effectiveness of the program (including policies and processes) for managing the organization's compliance risk."
- "As with all areas of risk management, our expectations--and therefore the scope of many examinations in this area--are framed by an emphasis on board and senior management oversight, policies and procedures, internal controls, monitoring and reporting, and training."
- " Internal controls are a particularly crucial element of a compliance-risk management program. Examiners will verify whether the organization has established and implemented an effective system of internal controls, including appropriate reporting lines and separation of duties, as well as positive and negative incentives."
- " The level of sophistication of banking organizations' monitoring activities generally varies according to the size and complexity of the organization, and examiners' expectations will vary accordingly."