Western Independent Banker - January/February 2008 - (Page 23)

By Len Filppu and Kevin K. Watson Top 10 Compliance Fitness Steps for De Novo Banks DE NOVO BANKS, like all banks, are under increasing scrutiny to comply with complex and shifting regulatory expectations regarding a variety of compliance and operational risks. Applying ice to the latest hot topic flare-up or ignoring the pain of developing long-term solutions is not an effective strategy for maintaining ongoing compliance fitness. De novo banks need a sensible, cost-effective routine to follow to get into compliance shape. Here are 10 steps de novo banks can take to increase compliance fitness, avoid potential compliance pain, utilize valuable resources and earn good marks at regulatory examination time. 10. Hire veterans of de novo banks, and make sure finance and accounting management are experienced with financial reporting. It’s worth reminding that the unique problems facing de novo banks are best solved by those with prior de novo bank experience. And because the crush of financial reporting can sometimes overwhelm even banks with established systems in place, make sure the finance and accounting team has financial reporting expertise. 9. Formalize and document internal controls in written procedures, including approval and exception guidelines. This documentation helps ensure employees are working in lock step with management and the board, it reinforces accountability by providing a benchmark against which actions and performance can be judged, and it can serve as training material for the many new employees hired during the start-up process. 8. Assign one person to be the internal audit and examination liaison. A single point of contact with a wide overview helps ensure the successful meeting of critical deadlines, and can prevent small examination bumps and bruises from becoming chronic, crippling injuries. When examiners or auditors have questions, they’ll know who to contact. 7. Prepare an enterprise-wide risk assessment and related audit plan during the first six months. Regulators like to see this. It’s the basis for the internal audit strategy and calendar, and is the best way to ensure that appropriate risk management and audit resources are directed toward high risk areas. 6. Implement an audit/exam tracking system with realistic due dates for Board review. The key here is to be realistic. If you give too tight a deadline, the regulators may ding you if it’s not accomplished on time. On the other hand, too lax and you can get dinged. Most important is to set up a system to avoid the deadly “repeat finding.” 5. Implement an Information Security Program (Gramm-Leach-Bliley Act) and Business Continuity Plan (BCP). Information technology supports every bank department. With increasing online and website transactions, everevolving hacker ingenuity, and the bank’s reputation at risk, data must be secure and systems reliable. The Information Security Program and BCP are similar in that both require a risk assessment, ongoing training and education, and a status report to the board. The Information Security Program requires testing of key controls through annual audits and network penetration tests. The BCP requires testing of disaster recovery plans for critical bank-wide functions. 4. Pay attention to compliance, especially lobby posters, flood insurance, Bank Secrecy Act (BSA), Regulation O and consumer products. These are areas that continue to draw regulatory attention. It’s fairly easy to comply with lobby poster and flood insurance requirements. Regulation Z disclosures for consumer loans require extra attention even if you will be originating only one owner occupied residential loan. Undergoing an independent BSA audit prior to your first examination will ensure you don’t have major problems in that area. Finally, be sure to obtain independent board approval prior to making any insider transactions. It’s worth reminding that the unique problems facing de novo banks are best solved by those with prior de novo bank experience. And because the crush of financial reporting can sometimes overwhelm even banks with established systems in place, make sure the finance and accounting team has financial reporting expertise. Western Independent Banker January/February 2008 23

Table of Contents for the Digital Edition of Western Independent Banker - January/February 2008

Western Independent Banker - January/February 2008
A Message from the President
Compliance Administration
Four Realities of Data Security Policy, Enforcement
Managing Internet Banking Risks
Understanding Data Breach Notification Laws
The Effect of Business Continuity Management on Compliance Programs
Bridging the GAAP
Top 10 Compliance Fitness Steps for De Novo Banks
Common OFAC Errors and How to Avoid Them
The Intersection of Equal Credit Opportunity and Sub-Prime Loans
Location-Based Tax Credits for Banks
Protect Your Bank and Your Customers
WIB Calendar
Welcome New Members
Index to Advertisers

Western Independent Banker - January/February 2008