Institute of International Bankers Annual Seminar on Regulatory Examination, Risk Management and Compliance Issues: Examination Perspectives October 29-30,

Institute of International Bankers Annual Seminar on Regulatory Examination, Risk Management and Compliance Issues: Examination Perspectives

October 29-30, 2007ADVISORY

Hugh C. Kelly

Partner, National Lead Bank Regulatory Advisory

KPMG LLP

Washington, DC

2© 2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A

Lesson from the sub-prime crisis – Lesson from the sub-prime crisis – Don’t forget how quickly contagion can threaten enterprise solvency Don’t forget how quickly contagion can threaten enterprise solvency and increase systemic risk and increase systemic risk

3© 2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A

It is important to understand your exposure to regulatory risk….and proactively manage it

Warning from Home//Host regulators

Continued weaknesses

Regulatory fines/ consumer litigation

Failure to understand impact of regulation and determine risk appetite

Weak/inadequate risk management processes to manage regulatory risks

and detect failures

Increased capital requirements imposed

by regulators

Loss of license/Close down of business by

parent

Loss of confidence from consumers/rating

agencies/regulators

4© 2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A

Evolution of U.S. Bank Examinations –Current themes

1. Risk-Based Supervision

– More dynamic than ever before

– Supervisory strategy includes both on-site exams and off-site analysis

2. Increased focus on the Bank’s formal Risk Assessment process, including:

– Safety & Soundness risks – Credit, Market, Liquidity, Operational Risks

– AML / BSA / OFAC compliance

– Other Compliance areas

3. Examiners are benchmarking ERM, Operational Risk Management and Internal Audit processes

4. Must assume your U.S. regulators have close communication and information-sharing arrangement with your Home Country regulators

5. Watch Basel II’s Pillar 2 --- it will be challenging for both banks and banking supervisors …

5© 2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A

• Bridge gap between capital requirement and remaining risks

• Focus on adequacy of risk management and capital planning process

• Direct regulatory assessment of risk not discretely measured in Pillar 1: Interest Rate, Liquidity, Concentration, Reputation, Strategic Risks

Consequence 1 Consequence 3Consequence 2

Bank and regulator dialogue

Quantitative, as well as existing qualitative

assessment

Regulatory discretion over

capital level

Pillar 2 Main Goals

Basel II: Pillar 2Supervisory Review -- Role of The Supervisors

6© 2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A

Evolution of U.S. bank examination expectations – Evolution of U.S. bank examination expectations – Risk-Based Supervision, Basel II, ERM and Operational Risk Risk-Based Supervision, Basel II, ERM and Operational Risk ManagementManagement

Financial Reporting

Operational Risk

Credit Risk

Compliance

Liquidity Risk

Market Risk

•Board Oversight•Enterprise Risk

Management, Monitoring &

Control•Transparency

“Large banks assume varied and complex risks that warrant a risk-oriented supervisory approach. Under this approach, examiners do not attempt to restrict risk-taking but rather determine whether banks identify, understand, and control the risks they assume.”

Large Bank Supervision, Comptroller’s Handbook

“Large banks assume varied and complex risks that warrant a risk-oriented supervisory approach. Under this approach, examiners do not attempt to restrict risk-taking but rather determine whether banks identify, understand, and control the risks they assume.”

Large Bank Supervision, Comptroller’s Handbook

7© 2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A

Other Examination Themes:The “three lines of defence" principle as a cornerstone of ERM

1st line1st line 2nd line2nd line 3rd line3rd line

Role:Daily Risk Manageme

nt,Execution, Monitoring,

& Correction

Role:Indpt

Oversight,Analysis,

Monitoring, &

Reporting

Role:Testing,

Validating &

Reporting

Line Management Risk Management &

Compliance

(Internal) Audit

Audit Committee

8© 2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A

Other Examination Themes:Operational Risk Management

• The Basel II regulatory definition of Operational Risk is: “The risk of loss resulting from inadequate or failed people, processes, systems or external events”

• Thus, Operational Risk implicitly includes the risk of loss associated with:

– Failures in compliance processes (the consumer, AML/BSA, PATRIOT Act, fiduciary, broker-dealer compliance overlap)

– Information security failures (the GLBA overlap)

– Financial reporting errors or failures (the SOX overlap)

– Lapses in overall internal control systems (the FDICIA overlap)

• Traditionally, banks have managed these operational and compliance risks in silos

• Today, spurred by Basel II, banks and their examiners are focusing on a more enterprise-wide approach to operational risk management leading to:

– More convergence of risk & control assessments, reviews and reporting processes

– Better identification of “horizontal risks” and “emerging risks”

– More holistic focus on new products, activities and business strategies

9© 2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A

Operational

Risk Management

Compliance

SOX

New Product assessment &

approval

Change RiskManagement

AML**

Business Continuity

Other Examination Themes:Integrated Operational Risk Management

Event/Issue

Management

VendorManagement

InformationSecurity

Model Validation

Systems External Events

People ProcessesKey Elements:

• Enterprise OpR vision and policy

• Executive champion

• Consistent methodology for risk identification, assessment, measurement & reporting

• Clarity of roles, responsibilities, key interfaces and reporting infrastructure for the “three lines of defense”

10© 2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A

U.S. Bank Examinations –How to be Proactive

1. Identify a branch “point of contact” for all examination logistical issues and requests

2. Have substantive and frequent communications with your examination team and their bosses

3. Keep records of all contacts with the examiners

4. Maintain an “Examination Issues Tracking” process

5. Consistently adhere to a “no surprises” doctrine with respect to the regulators

• Emerging problems

• New products, activities and strategies

• Change in key staff or management

6. Regularly introduce visiting Head Office managers to the regulators

7. Keep up with changing U.S. regulatory developments and issues

• Industry meetings

• Fed / NY State / OCC works-shops

• 3rd party regulatory summaries (e.g., KPMG’s The Washington Report)

8. Maintain current Policies and Procedures – “do not let them collect dust”

11© 2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A

Final Words….Final Words….

"All of life is the management of risk, not its elimination."

Walter Wriston *

* Soon after assuming the presidency, Walter Wriston built Citibank into the U.S.’s second largest bank in terms of total assets. His willingness to pioneer by pursuing and investing in new technologies and going into areas where others wouldn't tread -- or had tread and faltered -- was how this man truly revolutionized American and global banking. It was under his watch that Citibank became an innovator in technology by introducing some of the first automatic teller machines in the nation. He also pursued the credit card business in a way that no other bank was doing at the time.

12© 2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A

KPMG Knowledge Leadership and ContactKPMG Knowledge Leadership and Contact

Basel Briefing – Aimed at risk management professionals, this 11th edition of the Basel Briefing covers a range of topics relevant to Basel II preparations, from expected losses in operational risk to data reporting protocols for banks

The Washington Report -- This weekly federal regulatory and legislative newsletter provides updates on current issues impacting the U.S. financial services industry

Hugh Kelly, Partner

National Lead for Bank Regulatory Advisory Services – Safety & Soundness

KPMG LLP

202-533-5200

[email protected]