CMS Flashcards
Outline the monitoring elements of the CMS.
- compliance testing
* remediation
Once an exam finding root cause is determined, what is the next step?
determine the extent of the problem (scope)
What is purpose of the Compliance Management System (CMS)?
- manage regulatory compliance responsibilities
- help the bank may risk-based decisions
- help the bank correlate risk across the enterprise
Once an exam finding has been analyzed to determine root cause and scope, what is the next step?
write an analysis for management explaining the situation
What lines of defense collaboratively manage regulatory compliance risk?
1) business unit
2) governance oversight
Outline the structure elements of the CMS.
- mission statement
- roles and responsibilities
- compliance policies and procedures
Once the bank is citied in an exam finding, what is the next step?
validate the finding
What are the elements of risk identification?
- Inherent Risk (before controls)
- exposure
- likelihood
- Residual Risk (after controls)
Explain the responsibilities of a compliance professional.
- understand operating environment and risk tolerance
- perform risk assessments (including recommendations for mitigants)
- elevate unmitigated risk areas
- provide reporting
- review and revise policies and procedures
- assist in correcting errors and providing training
What are the “three lines of defense” for managing risk on an enterprise-wide basis?
1) business unit
2) governance oversight
3) internal or external audit
Name the 6 primary risk management roles compliance professionals fill.
- provide regulatory advice to help business units mitigate risks
- regulatory change management
- compliance monitoring
- coordinate regulatory exams
- oversee compliance training
- review policies, procedures, and marketing materials
What is the first step a compliance officer should do when a new product is launching?
perform a risk assessment to determine the bank’s level of risk in offering the new product
What is the high-level purpose of an effective CMS framework?
Ensure management understands the bank’s level of compliance risks and any steps to mitigate them.
How can compliance professionals formalize their risk mitigation system?
Risk Assessments
Outline the compliance training elements of the CMS.
- needs
- timing
- applicability
What are the two types of controls?
1) preventative controls
2) detective controls
If the business unit has decided on a plan of action to mitigate risk that the compliance officer feels is inadequate, what should be done?
nothing yet
The business unit can decide what level of risk to accept. If the high risk continues after mitigation, the problem can be escalated to senior management.
The job of the compliance officer is to assess the risks and inform management of those risks.
Once a regulatory proposal becomes final, what are the first step to implement the rule?
establish a task force
Note: the question askes about ‘implementing’ the rule, not ‘analyzing’ the final rule
What is risk likelihood?
the probability that an event will occur
What are the basic elements of a CMS?
- written program that addresses
- structure
- change management
- monitoring (testing)
- regulatory examinations
- compliance training
- reviews
- risk assessment
Outline the review elements of the CMS.
- marketing materials
- policies and procedures
- disclosures
- products and services
- third party relationships
Outline the change management elements of the CMS.
- consultation
- regulatory proposal impact
- change implementation
When evaluating a regulatory proposal, what are the first 3 steps?
1) analyze the proposal’s effect on the bank
2) provide a summary to the affected business unit
3) establish a task force to study the proposal
What is risk exposure?
the extent of potential damage (severity)
What are risk dependencies?
dependencies on other areas of the bank or third parties for controls
Outline the regulatory examination elements of the CMS.
- exam liaison
- review findings
- exam responses
- remediation
Once an exam finding is validated, what is the next step?
review policies and procedures to determine where failure occurred (root cause)
What is the compliance officers most important role on a task force?
provide knowledge about compliance risk, such as whether a system is in compliance with relevant laws and regulations
