CMS

Question 1

What are the “three lines of defense” for managing risk on an enterprise-wide basis?

Answer 1

1) business unit
2) governance oversight
3) internal or external audit

Question 2

What lines of defense collaboratively manage regulatory compliance risk?

Answer 2

1) business unit
2) governance oversight

Question 3

What is the purpose of the Compliance Management System (CMS)?

Answer 3

* manage regulatory compliance responsibilities

* help the bank make risk-based decisions

* help the bank correlate risk across the enterprise

Question 4

What is the high-level purpose of an effective CMS framework?

Answer 4

Ensure management understands the bank’s level of compliance risks and any steps to mitigate them.

Question 5

Name the 6 primary risk management roles compliance professionals fill.

Answer 5

* provide regulatory advice to help business units mitigate risks

* regulatory change management

* compliance monitoring

* coordinate regulatory exams

* oversee compliance training

* review policies, procedures, and marketing materials

Question 6

How can compliance professionals formalize their risk mitigation system?

Answer 6

Risk Assessments

Question 7

Explain the responsibilities of a compliance professional.

Answer 7

* understand operating environment and risk tolerance

* perform risk assessments (including recommendations for mitigants)

* elevate unmitigated risk areas

* provide reporting

* review and revise policies and procedures

* assist in correcting errors and providing training

Question 8

What are the basic elements of a CMS?

Answer 8

written program that addresses

• structure
• change management
• monitoring (testing)
• regulatory examinations
• compliance training
• reviews
• risk assessment

Question 9

Outline the structure elements of the CMS.

Answer 9

* mission statement

* roles and responsibilities

* compliance policies and procedures

Question 10

Outline the change management elements of the CMS.

Answer 10

* consultation

* regulatory proposal impact

* change implementation

Question 11

Outline the monitoring elements of the CMS.

Answer 11

* compliance testing

* remediation

Question 12

Outline the regulatory examination elements of the CMS.

Answer 12

* exam liaison

* review findings

* exam responses

* remediation

Question 13

Outline the compliance training elements of the CMS.

Answer 13

* needs

* timing

* applicability

Question 14

Outline the review elements of the CMS.

Answer 14

* marketing materials

* policies and procedures

* disclosures

* products and services

* third party relationships

Question 15

Outline the risk assessment element of the CMS.

Answer 15

* risk review areas

* risk ratings

* key risk indicators

* controls

* key performance indicators

Question 16

What are the two types of controls?

Answer 16

1) preventative controls
2) detective controls

Question 17

What are the elements of risk identification?

Answer 17

* Inherent Risk (before controls)

• exposure
• likelihood

* Residual Risk (after controls)

Question 18

What is risk exposure?

Answer 18

the extent of potential damage (severity)

Question 19

What is risk likelihood?

Answer 19

the probability that an event will occur

Question 20

What are risk dependencies?

Answer 20

dependencies on other areas of the bank or third parties for controls

Question 21

When evaluating a regulatory proposal, what are the first 3 steps?

Answer 21

1) analyze the proposal’s effect on the bank
2) provide a summary to the affected business unit
3) establish a task force to study the proposal

Question 22

Once a regulatory proposal becomes final, what is the first step to implement the rule?

Answer 22

establish a task force (Note: the question askes about ‘implementing’ the rule, not ‘analyzing’ the final rule)

Question 23

Once an exam finding is validated, what is the next step?

Answer 23

review policies and procedures to determine where failure occurred (root cause)

Question 24

Once an exam finding root cause is determined, what is the next step?

Answer 24

determine the extent of the problem (scope)

Question 25

Once an exam finding has been analyzed to determine root cause and scope, what is the next step?

Answer 25

write an analysis for management explaining the situation

Question 26

If the business unit has decided on a plan of action to mitigate risk that the compliance officer feels is inadequate, what should be done?

Answer 26

nothing yet

The business unit can decide what level of risk to accept. If the high risk continues after mitigation, the problem can be escalated to senior management. The job of the compliance officer is to assess the risks and inform management of those risks.

Question 27

What is the compliance officer’s most important role on a task force?

Answer 27

provide knowledge about compliance risk, such as whether a system is in compliance with relevant laws and regulations

Question 28

What is the first step a compliance officer should do when a new product is launching?

Answer 28

perform a risk assessment to determine the bank’s level of risk in offering the new product

Question 29

Once the bank is citied in an exam finding, what is the next step?

Answer 29

validate the finding

Question 30

What is the best reporting structure for the bank’s compliance officer?

Answer 30

depends on the bank

many banks have the compliance officer position report directly to the president in order to give the position sufficient authority within the organization

Question 31

What is the first step for correcting an issue identified by the regulators?

Answer 31

identify the weaknesses in the identified area

Question 32

An effective compliance management program should monitor customer complaints received by the bank for the purpose of _______.

Answer 32

identifying regulatory compliance problems in bank operations

Question 33

One of the basic elements of a CMS is ongoing monitoring to _____________.

Answer 33

evaluate the program’s adherence to compliance policies and procedures